CN111049853A - Security authentication system based on computer network - Google Patents
Security authentication system based on computer network Download PDFInfo
- Publication number
- CN111049853A CN111049853A CN201911354579.0A CN201911354579A CN111049853A CN 111049853 A CN111049853 A CN 111049853A CN 201911354579 A CN201911354579 A CN 201911354579A CN 111049853 A CN111049853 A CN 111049853A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- data
- authentication system
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims abstract description 11
- 238000007405 data analysis Methods 0.000 claims abstract description 10
- 238000004891 communication Methods 0.000 claims abstract description 7
- 238000000034 method Methods 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims abstract description 7
- 230000006399 behavior Effects 0.000 claims abstract description 5
- 238000001514 detection method Methods 0.000 claims abstract description 5
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 4
- 238000007726 management method Methods 0.000 claims description 14
- 238000005259 measurement Methods 0.000 claims description 6
- 238000007619 statistical method Methods 0.000 claims description 6
- 238000011217 control strategy Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 230000007547 defect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of computer networks and discloses a security authentication system based on a computer network, which comprises a security system, an authentication system and a database, wherein the security system and the authentication system are in communication connection with the database; the safety system comprises a data packet capturing module, a data analysis module and an alarm processing module; the data packet capturing module collects and analyzes data packets of the whole network to judge whether the data packets are abnormal behaviors or not. The security authentication system based on the computer network collects various data packets in the computer through a security system, and state and behavior information related to system, network, data and user activities, which is collected by a data analysis module, is sent to a detection engine for analysis and comparison, and when data abnormity is detected, an alarm processing module reconfigures a router or a firewall, terminates a process, cuts off a connection, changes file attributes and gives an alarm, so that personal information security is protected.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a security authentication system based on a computer network.
Background
With the rapid development of computer networks, the big data era is fortuitous, and under the circumstances, big data is widely applied to the production and life of people, so as to provide strong technical support for the prosperity and development of various industries, and while providing convenient and efficient network service for the development of computers, big data also poses potential threats to network systems, thus initiating the wide discussion of computer network security, and analyzing and making precautionary measures for potential threats to computer network security are urgent.
Big data are applied to various industries, and a plurality of actual network security problems are faced in the using process of the big data, the phenomena of data theft and website attack are endless, the situation is not optimistic, in addition, because human factors also generate a plurality of system bugs in the using process of a program, the defects and the bugs have strong destructiveness, lawless persons often steal user information by utilizing the defects and the bugs to cause a larger security problem, and therefore a security authentication system based on a computer network is provided.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a security authentication system based on a computer network.
The invention provides the following technical scheme: a security authentication system based on a computer network comprises a security system, an authentication system and a database, wherein the security system and the authentication system are in communication connection with the database;
the safety system comprises a data packet capturing module, a data analysis module and an alarm processing module;
the data packet capturing module collects and analyzes data packets of the whole network to judge whether the data packets are abnormal behaviors, and the IDS uses the original network packets as an information source to monitor and analyze all network cards working in a hybrid mode in real time and transmit the network cards through a shared network;
the data analysis module comprises a pattern matching module, a statistical analysis unit and an integrity analysis unit, wherein the pattern matching module compares the collected information with a known network intrusion and system misuse pattern database, the statistical analysis unit creates a statistical table according to a system object and counts a plurality of measurement attributes in normal use, the average value of the measurement attributes is used for comparing with the behaviors of a network and a system, and the integrity analysis unit pays attention to whether the content and the attribute of a certain file and a directory are changed;
the alarm processing module records the analysis result in a log file, generates a corresponding report and triggers an alarm;
the authentication system comprises a system management module, a grouping module, an auditing control module and a width management module, wherein the system management module automatically searches IP addresses and machine names in a local area network, the grouping module groups machines and formulates different control strategies according to working requirements, the auditing control module audits and controls network users according to MAC addresses and account passwords, the width management module groups the users and the users or sets the bandwidth of the network access according to application categories, and the bandwidth is preferentially used by high-priority personnel or application when the network is congested.
Preferably, a network adapter is arranged in the data packet capturing module and is used for monitoring and analyzing all communication transmitted through the network in real time.
Preferably, the alarm processing module triggers an alarm and sends a page or email to a system administrator and modifies the intrusion detection system or target system, such as terminating a process, disconnecting an attacker's network connection, or changing a firewall configuration.
Preferably, the data packet capturing module mainly captures data of a host operating system layer, network data, application data and data sent by the target machine.
Preferably, the database is internally divided into two parts, one part is used for the security system to store the detected abnormal data, and the other part is used for the authentication system to collect the IP address and the machine name in the local area network.
Preferably, the authentication system further comprises an encryption module, which encrypts data of information transmitted in the network to protect security of the information.
Preferably, the grouping module is divided into an IP control unit, an MAC control unit, an account control unit and a hybrid control unit, the IP control unit performs network control in a machine IP address mode, the MAC control unit performs network control in a machine MAC address mode, the account control unit performs network control in an internet access account mode, and the hybrid control unit performs network control in an IP control mode and an account control mode.
Compared with the prior art, the invention has the following beneficial effects:
the security authentication system based on the computer network collects various data packets in the computer through a security system, and state and behavior information related to system, network, data and user activities, which is collected by a data analysis module, is sent to a detection engine for analysis and comparison, and when data abnormity is detected, an alarm processing module reconfigures a router or a firewall, terminates a process, cuts off connection, changes file attributes and gives an alarm, so that personal information security is protected;
the system management module in the authentication system automatically searches IP addresses and machine names in a local area network, and meanwhile, system management personnel can manually maintain and manage the searched machine information, so that the information security of users is protected, and under the action of the grouping module, machines are grouped to formulate different control strategies according to working requirements, so that the machines of the users can be flexibly controlled to surf the internet in the local area network, and the network is controlled through four auditing modes in the auditing control module, so that gaps exposed by personal information are reduced, finally, the encryption module is utilized to carry out data encryption on the transmitted information and protect the security of the information, and the security authentication capability of the network is further improved.
Drawings
FIG. 1 is a schematic structural view of the present invention;
FIG. 2 is a schematic diagram of a data analysis module according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described below clearly and completely with reference to the accompanying drawings of the embodiments of the present disclosure. It is to be understood that the described embodiments are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the described embodiments of the disclosure without any inventive step, are within the scope of protection of the disclosure.
To maintain the following description of the embodiments of the present disclosure clear and concise, detailed descriptions of known functions and known components are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
Referring to fig. 1-2, a security authentication system based on a computer network includes a security system, an authentication system and a database, wherein the security system and the authentication system are both connected to the database in a communication manner.
The safety system comprises a data packet capturing module, a data analysis module and an alarm processing module.
The data packet capturing module collects and analyzes data packets of the whole network to judge whether the data packets are abnormal behaviors, and the IDS uses the original network packets as an information source to monitor and analyze all network cards working in a hybrid mode in real time and transmit the network cards through a shared network.
The data analysis module comprises a pattern matching module, a statistical analysis unit and an integrity analysis unit, wherein the pattern matching module compares the collected information with a known network intrusion and system misuse pattern database, the statistical analysis unit creates a statistical table according to a system object and counts a plurality of measurement attributes in normal use, the average value of the measurement attributes is used for comparing with the behaviors of a network and a system, and the integrity analysis unit pays attention to whether the content and the attribute of a certain file and a certain directory are changed.
And the alarm processing module records the analysis result in a log file, generates a corresponding report and triggers an alarm.
The authentication system comprises a system management module, a grouping module, an auditing control module and a width management module, wherein the system management module automatically searches IP addresses and machine names in a local area network, the grouping module groups machines and formulates different control strategies according to working requirements, the auditing control module audits and controls network users according to MAC addresses and account passwords, the width management module groups the users and the users or sets the bandwidth of the network access according to application categories, and the bandwidth is preferentially used by high-priority personnel or application when the network is congested.
In an alternative embodiment, a network adapter is provided within the packet capture module for real-time monitoring and analysis of all communications transmitted over the network.
In an alternative embodiment, the alarm handling module triggers an alarm and sends a page or email to the system administrator and modifies the intrusion detection system or target system, such as terminating the process, disconnecting the network connection of the attacker, or changing the firewall configuration.
In an alternative embodiment, the data packet capturing module mainly captures data of a host operating system layer, network data, application data and data sent by a target machine.
In an alternative embodiment, the database is internally divided into two parts, one part is used for storing the detected abnormal data by the security system, and the other part is used for authenticating IP addresses and machine names in the local area network collected by the system.
In an optional embodiment, the authentication system further comprises an encryption module, which performs data encryption on the information transmitted in the network to protect the security of the information.
In an optional embodiment, the packet module is divided into an IP control unit, an MAC control unit, an account control unit, and a hybrid control unit, where the IP control unit performs network control in a machine IP address manner, the MAC control unit performs network control in a machine MAC address manner, the account control unit performs network control in an internet account manner, and the hybrid control unit performs network control in two manners, i.e., IP control and account control.
The above embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and the scope of the present invention is defined by the claims. Various modifications and substitutions may be made by those skilled in the art within the spirit and scope of the invention, and such modifications and substitutions should also be considered to be within the scope of the invention.
Claims (7)
1. A security authentication system based on a computer network, characterized by: the system comprises a safety system, an authentication system and a database, wherein the safety system and the authentication system are in communication connection with the database;
the safety system comprises a data packet capturing module, a data analysis module and an alarm processing module;
the data packet capturing module collects and analyzes data packets of the whole network to judge whether the data packets are abnormal behaviors, and the IDS uses the original network packets as an information source to monitor and analyze all network cards working in a hybrid mode in real time and transmit the network cards through a shared network;
the data analysis module comprises a pattern matching module, a statistical analysis unit and an integrity analysis unit, wherein the pattern matching module compares the collected information with a known network intrusion and system misuse pattern database, the statistical analysis unit creates a statistical table according to a system object and counts a plurality of measurement attributes in normal use, the average value of the measurement attributes is used for comparing with the behaviors of a network and a system, and the integrity analysis unit pays attention to whether the content and the attribute of a certain file and a directory are changed;
the alarm processing module records the analysis result in a log file, generates a corresponding report and triggers an alarm;
the authentication system comprises a system management module, a grouping module, an auditing control module and a width management module, wherein the system management module automatically searches IP addresses and machine names in a local area network, the grouping module groups machines and formulates different control strategies according to working requirements, the auditing control module audits and controls network users according to MAC addresses and account passwords, the width management module groups the users and the users or sets the bandwidth of the network access according to application categories, and the bandwidth is preferentially used by high-priority personnel or application when the network is congested.
2. The computer network-based security authentication system of claim 1, wherein: and a network adapter is arranged in the data packet capturing module and is used for monitoring and analyzing all communication transmitted through the network in real time.
3. The computer network-based security authentication system of claim 1, wherein: the alarm processing module triggers an alarm and then sends a page or email to a system administrator and modifies the intrusion detection system or target system, such as terminating the process, cutting off the network connection of an attacker, or changing the firewall configuration.
4. The computer network-based security authentication system of claim 1, wherein: the data packet capturing module is mainly used for capturing data, network data, application program data and data sent by the target machine in the host operating system layer.
5. The computer network-based security authentication system of claim 1, wherein: the database is internally divided into two parts, one part is used for storing the detected abnormal data by the security system, and the other part is used for authenticating IP addresses and machine names in the local area network collected by the system.
6. The computer network-based security authentication system of claim 1, wherein: the authentication system also comprises an encryption module which encrypts data of the information transmitted in the network to protect the security of the information.
7. The computer network-based security authentication system of claim 1, wherein: the packet module is divided into an IP control unit, an MAC control unit, an account control unit and a hybrid control unit, wherein the IP control unit carries out network control in a machine IP address mode, the MAC control unit carries out network control in a machine MAC address mode, the account control unit carries out network control in an internet account mode, and the hybrid control unit carries out network control in two modes of IP control and account control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911354579.0A CN111049853A (en) | 2019-12-24 | 2019-12-24 | Security authentication system based on computer network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911354579.0A CN111049853A (en) | 2019-12-24 | 2019-12-24 | Security authentication system based on computer network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111049853A true CN111049853A (en) | 2020-04-21 |
Family
ID=70239834
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911354579.0A Pending CN111049853A (en) | 2019-12-24 | 2019-12-24 | Security authentication system based on computer network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111049853A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711640A (en) * | 2020-06-30 | 2020-09-25 | 郑州工业应用技术学院 | Safe computer network communication system |
CN111818048A (en) * | 2020-07-08 | 2020-10-23 | 珠海市鸿瑞信息技术股份有限公司 | Safety protection authentication system and method based on distribution network automation |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
CN103001891A (en) * | 2012-11-16 | 2013-03-27 | 杭州顺网科技股份有限公司 | Method for promoting integral service quality of local area network |
CN103281213A (en) * | 2013-04-18 | 2013-09-04 | 西安交通大学 | Method for extracting, analyzing and searching network flow and content |
CN104796261A (en) * | 2015-04-16 | 2015-07-22 | 长安大学 | Secure access control system and method for network terminal nodes |
CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
CN108600166A (en) * | 2018-03-16 | 2018-09-28 | 济宁医学院 | A kind of network security detection method and system |
CN108833425A (en) * | 2018-06-26 | 2018-11-16 | 九江职业技术学院 | A kind of network safety system and method based on big data |
-
2019
- 2019-12-24 CN CN201911354579.0A patent/CN111049853A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
CN103001891A (en) * | 2012-11-16 | 2013-03-27 | 杭州顺网科技股份有限公司 | Method for promoting integral service quality of local area network |
CN103281213A (en) * | 2013-04-18 | 2013-09-04 | 西安交通大学 | Method for extracting, analyzing and searching network flow and content |
CN104796261A (en) * | 2015-04-16 | 2015-07-22 | 长安大学 | Secure access control system and method for network terminal nodes |
CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
CN108600166A (en) * | 2018-03-16 | 2018-09-28 | 济宁医学院 | A kind of network security detection method and system |
CN108833425A (en) * | 2018-06-26 | 2018-11-16 | 九江职业技术学院 | A kind of network safety system and method based on big data |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711640A (en) * | 2020-06-30 | 2020-09-25 | 郑州工业应用技术学院 | Safe computer network communication system |
CN111818048A (en) * | 2020-07-08 | 2020-10-23 | 珠海市鸿瑞信息技术股份有限公司 | Safety protection authentication system and method based on distribution network automation |
CN111818048B (en) * | 2020-07-08 | 2022-05-27 | 珠海市鸿瑞信息技术股份有限公司 | Safety protection authentication system and method based on distribution network automation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110149350B (en) | Network attack event analysis method and device associated with alarm log | |
CN107395570B (en) | Cloud platform auditing system based on big data management analysis | |
US9438616B2 (en) | Network asset information management | |
Montesino et al. | Information security automation: how far can we go? | |
CN107172022B (en) | APT threat detection method and system based on intrusion path | |
KR102033169B1 (en) | intelligence type security log analysis method | |
US20160164893A1 (en) | Event management systems | |
US20190044961A1 (en) | System and methods for computer network security involving user confirmation of network connections | |
JP2008541273A5 (en) | ||
CN111628981B (en) | Network security system and method capable of being linked with application system | |
CN109922048B (en) | Method and system for detecting serial scattered hidden threat intrusion attacks | |
CN111510463B (en) | Abnormal behavior recognition system | |
JP2016508353A (en) | Improved streaming method and system for processing network metadata | |
CN114826880A (en) | Method and system for online monitoring of data safe operation | |
CN117240526A (en) | Network attack automatic defending system based on artificial intelligence | |
CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
CN111049853A (en) | Security authentication system based on computer network | |
CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
Skendžić et al. | Management and monitoring security events in a business organization-siem system | |
CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
KR100607110B1 (en) | Security information management and vulnerability analysis system | |
JP2006295232A (en) | Security monitoring apparatus, and security monitoring method and program | |
CN106878338B (en) | Telecontrol equipment gateway firewall integrated machine system | |
CN112350864B (en) | Protection method, device, equipment and computer readable storage medium for domain control terminal | |
CN115208690A (en) | Screening processing system based on data classification and classification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200421 |