CN111385309B - Security detection method, system and terminal for online office equipment - Google Patents

Security detection method, system and terminal for online office equipment Download PDF

Info

Publication number
CN111385309B
CN111385309B CN202010203292.4A CN202010203292A CN111385309B CN 111385309 B CN111385309 B CN 111385309B CN 202010203292 A CN202010203292 A CN 202010203292A CN 111385309 B CN111385309 B CN 111385309B
Authority
CN
China
Prior art keywords
office
data
office equipment
determining
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010203292.4A
Other languages
Chinese (zh)
Other versions
CN111385309A (en
Inventor
薛爱君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dianke Zhisheng Technology Co., Ltd
Original Assignee
Zhejiang Dianke Zhisheng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dianke Zhisheng Technology Co Ltd filed Critical Zhejiang Dianke Zhisheng Technology Co Ltd
Priority to CN202011066570.2A priority Critical patent/CN112187812A/en
Priority to CN202011066572.1A priority patent/CN112187813A/en
Priority to CN202010203292.4A priority patent/CN111385309B/en
Publication of CN111385309A publication Critical patent/CN111385309A/en
Application granted granted Critical
Publication of CN111385309B publication Critical patent/CN111385309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The application relates to a security detection method, a system and a terminal of online office equipment. By applying the scheme, on one hand, whether the office equipment has the security risk of an input response layer can be determined by combining the network state parameters of the online office network and the input response consistency weight values of the office equipment, and on the other hand, the security risk of the office equipment can be determined from the equipment interaction layer through office data interaction records corresponding to the office equipment. So, can combine input response aspect and the mutual aspect of equipment to realize the security detection to office equipment to carry out comprehensive and reliable security detection to office equipment. And when the office equipment is determined to have the security risk, the office equipment is removed from the online office network and an access interception mechanism is set for the office equipment. In this way, the security of data within the office network can be ensured to avoid loss of office data and malicious theft.

Description

Security detection method, system and terminal for online office equipment
Technical Field
The application relates to the technical field of online office, in particular to a security detection method, a system and a terminal for online office equipment.
Background
With the popularization of online office technology, more and more enterprises improve office efficiency and reduce office cost through the flexible and convenient cloud office mode. With the increasing number and types of enterprises working online, security of online office networks is receiving more and more attention. That is, how to ensure the security of office data in the increasingly large and complex online office environment to avoid the office data from being lost and maliciously stolen is a technical problem to be solved urgently at present.
Disclosure of Invention
The application provides a security detection method, a system and a terminal of online office equipment, which aim to solve the problems in the prior art.
According to a first aspect of the embodiments of the present application, there is provided a security detection method for online office equipment, which is applied to a security detection terminal in a security detection system, where the security detection system further includes a plurality of office equipment, and the security detection terminal and the plurality of office equipment are in communication connection with each other, the method includes:
acquiring a data packet which is uploaded by each office device in real time and comprises user behavior data and an operation instruction set; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
when the input response consistency weight value is lower than a set weight value, determining that a first input response behavior exists in the office equipment; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
when the input response consistency weight value is larger than or equal to the set weight value, determining that a second input response behavior exists in the office equipment; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
Preferably, the determining a comparison result of consistency between the user behavior data and the operation instruction set in the data packet corresponding to each office device specifically includes:
determining part of target user behavior data from the user behavior data of each office device; the part of target user behavior data refers to user behavior data which triggers an action response thread of the office equipment in the user behavior data, wherein the action response thread is a thread which is used by the office equipment for generating the first action data;
adding first identification information corresponding to the target user behavior data to a target operation instruction corresponding to the target user behavior data in the operation instruction set, and adding second identification information to other operation instructions except the target operation instruction in the operation instruction set; wherein the first identification information and the second identification information are different;
determining a conversion evaluation factor between target user behavior data corresponding to each office device and a target operation instruction corresponding to the office device according to the user behavior data, the operation instruction set, the first identification information and the second identification information corresponding to each office device; the conversion evaluation factor is used for representing the time-consuming duration required by each office device for converting the target operation instruction into the target user behavior data corresponding to the target operation instruction;
determining the response rate between the target user behavior data and other operation instructions corresponding to each office device according to the conversion evaluation factor corresponding to each office device; the response rate is used for representing the probability of converting other operation instructions corresponding to the office equipment into the target user behavior data;
determining a conversion distortion rate between user behavior data corresponding to each office device and an operation instruction set corresponding to the office device based on the response rate and the conversion evaluation factor corresponding to each office device; and determining a consistency comparison result between the user behavior data and the operation instruction set corresponding to each office device according to the conversion distortion rate, the response rate and the conversion evaluation factor corresponding to each office device.
Preferably, the determining an input response consistency weight value of each office device according to the consistency comparison result specifically includes:
generating an action data acquisition request corresponding to each office device according to the consistency comparison result corresponding to each office device; the action data acquisition request is a request which is sent to the office equipment by the security detection terminal and is used for acquiring first action data of the office equipment;
sending a corresponding action data acquisition request to each office device to acquire first action data fed back by each office device based on the action data acquisition request;
starting an action data determining thread of the safety detection terminal according to the operation instruction set of each office device, and determining second action data corresponding to the operation instruction set of each office device; the action data determining thread is a thread used by the safety detection terminal for analyzing operation instruction sets corresponding to different office equipment;
determining a first data characteristic of first action data corresponding to each office device and a second data characteristic of second action data corresponding to each office device; wherein the first data characteristic is a data characteristic of data in the first motion data except for first structure data, the second data characteristic is a data characteristic of data in the second motion data except for second structure data, the first structure data is used for concatenating the data in the first motion data except for the first structure data, and the second structure data is used for concatenating the data in the second motion data except for the second structure data;
determining a cosine similarity value between a first data feature and a second data feature corresponding to each office device, determining a matching degree between the first data feature and the second data feature corresponding to each office device according to the cosine similarity value, and determining an input response consistency weight value corresponding to each office device according to the matching degree; the matching degree is obtained by performing normalization processing on the cosine similarity value, and the input response consistency weight value is obtained by weighting the matching degree.
Preferably, the acquiring a network state parameter of an online office network built according to all office equipment in the security detection system, and determining whether a difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameter specifically includes:
determining a network operational data stream extracted based on the online office network; wherein the network operation data stream is used for representing the real-time operation state of the online office network;
for a current network operation data flow in the network operation data flows, determining a data flow update weight of the current network operation data flow in the security detection system based on a first update frequency of the current network operation data flow in the security detection system and a second update frequency of each network operation data flow in the security detection system;
determining operation parameters from each network operation data flow according to the data flow updating weight, and integrating the operation parameters corresponding to each network operation data flow to obtain network state parameters of the online office network;
obtaining a correction coefficient corresponding to the network state parameter according to a preset mapping relation, weighting the input response consistency weight value according to the correction coefficient to obtain a target weight value, and determining whether the difference value between the target weight value and the set weight value is within the set interval range; and the mapping relation is used for recording correction coefficients corresponding to different network state parameters.
Preferably, the setting of the access interception mechanism for the office device specifically includes:
extracting a plurality of resolvable protocol fields and field identification of each protocol field from a communication protocol corresponding to the office equipment; wherein, the corresponding field identifications of different protocol fields are different;
determining a target identifier corresponding to a preset identifier from a plurality of field identifiers, and extracting field information in a protocol field corresponding to the target identifier; determining a communication frequency band of the office equipment from the field information;
generating a shielding network for shielding the office equipment according to the communication frequency band; the shielding network is used for intercepting data sent or received by the office equipment.
Preferably, the acquiring the office data interaction record between the office device and the other office devices in the online office network specifically includes:
determining first timeline information of a target office device and second timeline information of the office device aiming at any one target office device in other office devices in the online office network; the first time line information comprises first time information that the target office equipment has data interaction behavior, and the second time line information comprises second time information that the office equipment has data interaction behavior;
according to first time information and second time information with the same data interaction behavior parameters, determining interaction information corresponding to the data interaction behavior parameters, and according to the interaction information, obtaining office data interaction records between the target office equipment and the office equipment; wherein, the data interaction record comprises interaction list information.
According to a second aspect of the embodiments of the present application, there is provided a security detection system for online office equipment, including a security detection terminal and a plurality of office equipment, where the security detection terminal and the plurality of office equipment are in communication connection with each other;
the office equipment is used for uploading a data packet comprising user behavior data and an operation instruction set to the safety detection terminal in real time; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
the safety detection terminal is used for determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
the safety detection terminal is used for determining that the office equipment has a first input response behavior when the input response consistency weight value is lower than a set weight value; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
the safety detection terminal is used for determining that a second input response behavior exists in the office equipment when the input response consistency weight value is greater than or equal to the set weight value; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
According to a third aspect of the embodiments of the present application, there is provided a security detection terminal, where the security detection terminal and a plurality of office devices form a security detection system of online office devices, and the security detection terminal and the plurality of office devices are communicatively connected to each other, and the security detection terminal includes:
the real-time acquisition module is used for acquiring a data packet which is uploaded by each office device in real time and comprises user behavior data and an operation instruction set; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
the weight determining module is used for determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
the state detection module is used for determining that the office equipment has a first input response behavior when the input response consistency weight value is lower than a set weight value; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
the interaction detection module is used for determining that a second input response behavior exists in the office equipment when the input response consistency weight value is greater than or equal to the set weight value; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
According to a fourth aspect of the embodiments of the present application, there is provided a security detection terminal, including:
the system comprises a processor, a memory and a network interface, wherein the memory and the network interface are connected with the processor; the network interface is connected with a nonvolatile memory in the access right verification device; when the processor is operated, the computer program is called from the nonvolatile memory through the network interface, and the computer program is operated through the memory so as to execute the method.
According to a fifth aspect of the embodiments of the present application, a readable storage medium applied to a computer is provided, where a computer program is burned in the readable storage medium, and the computer program implements the method when running in a memory of a security detection terminal.
When the method, the system and the terminal for detecting the safety of the online office equipment are applied, on one hand, consistency comparison is carried out on user behavior data and an operation instruction set in a data packet corresponding to each office equipment to determine the input response consistency weight value of each office equipment, so that whether the office equipment has the safety risk of an input response level or not can be determined by combining network state parameters of an online office network and the input response consistency weight value of the office equipment. On the other hand, when the office equipment does not have the security risk of the input response layer, the security risk of the office equipment can be determined from the equipment interaction layer through the office data interaction records corresponding to the office equipment.
Like this, can combine input response aspect and equipment interaction aspect to realize the security detection to office equipment to carry out comprehensive and reliable security detection to office equipment. And when the office equipment is determined to have the security risk, the office equipment is removed from the online office network and an access interception mechanism is set for the office equipment. In this way, the security of data within the office network can be ensured to avoid loss of office data and malicious theft.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a communication interaction diagram of a security detection system of an online office device according to an exemplary embodiment of the present application.
Fig. 2 is a flowchart illustrating a security detection method for an online office device according to an exemplary embodiment of the present application.
Fig. 3 is a block diagram of one embodiment of a security detection terminal according to an exemplary embodiment of the present application.
Fig. 4 is a hardware structure diagram of the security detection terminal of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to ensure the security of office data to avoid the loss and malicious theft of the office data, embodiments of the present invention provide a security detection method, system and terminal for online office equipment, which can periodically perform reliability and intrusion detection analysis on user behavior data of the office equipment and a network state of the entire office network, so as to cut off communication between the office equipment and the entire office network in time when it is determined that the office equipment has abnormal user behavior data, and set a data transceiving interception mechanism for the office equipment having the abnormal user behavior data. In this way, the security of data within the office network can be ensured to avoid loss of office data and malicious theft.
In order to better understand the method, system and terminal for detecting the security of the online office device disclosed in the present application, a security detection system of the online office device used in the embodiment of the present application is first described, as shown in fig. 1, fig. 1 is a schematic communication interaction diagram of a security detection system 10 of the online office device shown in the present application according to an exemplary embodiment.
As seen in fig. 1, the security detection system 10 may include a security detection terminal 20 and a plurality of office equipment 30 in communication with each other. In the security detection system 10 shown in fig. 1, a plurality of office devices 30 communicate with each other to form an online office network. The security detection terminal 20 is configured to obtain user behavior data of each office device 30 and network status parameters of the entire online office network in real time, so as to implement security detection on each office device 30, and ensure security of office data to avoid loss and malicious theft of office data.
Referring to fig. 2, a flowchart of a security detection method for an online office device according to the present invention is shown, where the method can be applied to the security detection terminal 20 shown in fig. 1, and can be implemented by the method described in the following steps.
And step S21, acquiring a data packet which is uploaded by each office device in real time and comprises user behavior data and an operation instruction set.
In step S21, the operation instruction set is input by the user through an office device, and when the office device converts the operation instruction set into user behavior data, the office device encapsulates the user behavior data and the operation instruction set corresponding to the user behavior data to obtain a data packet, and uploads the data packet to the security detection terminal in real time.
Step S22, determining the consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office equipment; and determining the input response consistency weight value of each office equipment according to the consistency comparison result.
In step S22, the input response consistency weight value is used to represent a matching degree between first action data generated by the office device acting according to the operation instruction set and second action data determined by the security detection terminal based on the operation instruction set corresponding to the office device, where the first action data is actual action data generated by the office device acting according to the user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the security detection terminal.
Step S23, when the input response consistency weight value is lower than a set weight value, determining that a first input response behavior exists in the office equipment; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
In step S23, the first input response behavior is used to indicate that the first action data corresponding to the office equipment does not match the second action data determined by the security detection terminal.
Step S24, when the input response consistency weight value is larger than or equal to the set weight value, determining that a second input response behavior exists in the office equipment; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
When the method described in the above-described step S21-step S24 is applied, the following advantageous technical effects can be achieved.
On one hand, consistency comparison is carried out on the user behavior data and the operation instruction set in the data packet corresponding to each office device so as to determine the input response consistency weight value of each office device, and therefore whether the office devices have security risks of an input response layer or not can be determined by combining the network state parameters of the online office network and the input response consistency weight values of the office devices.
On the other hand, when the office equipment does not have the security risk of the input response layer, the security risk of the office equipment can be determined from the equipment interaction layer through the office data interaction records corresponding to the office equipment.
Like this, can combine input response aspect and equipment interaction aspect to realize the security detection to office equipment to carry out comprehensive and reliable security detection to office equipment. And when the office equipment is determined to have the security risk, the office equipment is removed from the online office network and an access interception mechanism is set for the office equipment. In this way, the security of data within the office network can be ensured to avoid loss of office data and malicious theft.
In one possible example, in order to ensure the accuracy of the comparison result, the conversion distortion rate between the user behavior data and the operation instruction set corresponding to each office equipment needs to be considered. For this reason, in the step S22, the determining of the result of the consistency comparison between the user behavior data and the operation instruction set in the data packet corresponding to each office device may specifically include the following steps.
Determining part of target user behavior data from the user behavior data of each office device; the part of target user behavior data refers to user behavior data which triggers an action response thread of the office equipment in the user behavior data, and the action response thread is a thread which is used by the office equipment to generate the first action data.
In the next step, adding first identification information corresponding to the target user behavior data to a target operation instruction corresponding to the target user behavior data in the operation instruction set, and adding second identification information to other operation instructions except the target operation instruction in the operation instruction set; wherein the first identification information and the second identification information are different.
In the next step, determining a conversion evaluation factor between target user behavior data corresponding to each office device and a target operation instruction corresponding to the office device according to the user behavior data corresponding to each office device, the operation instruction set, the first identification information and the second identification information; the conversion evaluation factor is used for representing the time consumption for each office device to convert the target operation instruction into the target user behavior data corresponding to the target operation instruction.
In the next step, according to the conversion evaluation factor corresponding to each office device, determining the response rate between the target user behavior data and other operation instructions corresponding to the office device; and the response rate is used for representing the probability of converting other operation instructions corresponding to the office equipment into the target user behavior data.
In the next step, based on the response rate and the conversion evaluation factor corresponding to each office device, determining a conversion distortion rate between the user behavior data corresponding to each office device and the operation instruction set corresponding to the office device; and determining a consistency comparison result between the user behavior data and the operation instruction set corresponding to each office device according to the conversion distortion rate, the response rate and the conversion evaluation factor corresponding to each office device.
When the method is applied to the method described in the above steps, the conversion distortion rate between the user behavior data and the operation instruction set corresponding to each office device can be taken into account, so that the consistency comparison result between the user behavior data and the operation instruction set corresponding to each office device can be accurately determined according to the conversion distortion rate, the response rate and the conversion evaluation factor corresponding to each office device.
After determining the consistency comparison result between the user behavior data corresponding to each office device and the operation instruction set, determining an input response consistency weight value of each office device according to the consistency comparison result, which may specifically include the following substeps.
Generating an action data acquisition request corresponding to each office device according to the consistency comparison result corresponding to each office device; the action data acquisition request is a request which is sent to the office equipment by the security detection terminal and is used for acquiring first action data of the office equipment.
In the next step, a corresponding action data acquisition request is sent to each office device to acquire first action data fed back by each office device based on the action data acquisition request.
In the next step, starting an action data determining thread of the safety detection terminal according to the operation instruction set of each office device, and determining second action data corresponding to the operation instruction set of each office device; the action data determining thread is a thread used by the safety detection terminal for analyzing operation instruction sets corresponding to different office equipment.
In the next step, determining a first data characteristic of the first action data corresponding to each office device and a second data characteristic of the second action data corresponding to each office device; the first data characteristic is a data characteristic of data in the first action data except for first structure data, the second data characteristic is a data characteristic of data in the second action data except for second structure data, the first structure data is used for cascading the data in the first action data except for the first structure data, and the second structure data is used for cascading the data in the second action data except for the second structure data.
In the next step, determining a cosine similarity value between the first data characteristic and the second data characteristic corresponding to each office device, determining a matching degree between the first data characteristic and the second data characteristic corresponding to each office device according to the cosine similarity value, and determining an input response consistency weight value corresponding to each office device according to the matching degree; the matching degree is obtained by performing normalization processing on the cosine similarity value, and the input response consistency weight value is obtained by weighting the matching degree.
In the present embodiment, with the contents described in the above steps, the input response consistency weight value of each office device can be accurately determined.
In an alternative embodiment, the step of obtaining a network state parameter of an online office network built according to all office devices in the security detection system in step S23, and determining whether a difference between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameter may further include the following steps.
Determining a network operational data stream extracted based on the online office network; wherein the network operation data stream is used to characterize a real-time operation state of the online office network.
In a next step, for a current network operation data flow in the network operation data flows, a data flow update weight of the current network operation data flow in the security detection system is determined based on a first update frequency of the current network operation data flow in the security detection system and a second update frequency of each network operation data flow in the security detection system.
In the next step, determining operation parameters from each network operation data flow according to the data flow updating weight, and integrating the operation parameters corresponding to each network operation data flow to obtain the network state parameters of the online office network.
In the next step, a correction coefficient corresponding to the network state parameter is obtained according to a preset mapping relation, the input response consistency weight value is weighted according to the correction coefficient to obtain a target weight value, and whether the difference value between the target weight value and the set weight value is within the set interval range is determined; and the mapping relation is used for recording correction coefficients corresponding to different network state parameters.
It can be understood that based on the content described in the above steps, the network operation data streams corresponding to the online office network can be analyzed, so as to accurately determine the operation parameters corresponding to the network operation data streams, and thus, the global performance of the integrated network state parameters can be ensured. Further, the correction coefficient determined through the preset mapping relation can correct the input response consistency weight value, so that the accuracy and the confidence degree of subsequent judgment are ensured.
In a possible implementation manner, the step of setting the access intercepting mechanism for the office device in step S24 may further include the following sub-steps.
Extracting a plurality of resolvable protocol fields and field identification of each protocol field from a communication protocol corresponding to the office equipment; wherein, the corresponding field identifications of different protocol fields are different.
In the next step, determining a target identifier corresponding to a preset identifier from a plurality of field identifiers, and extracting field information in a protocol field corresponding to the target identifier; and determining the communication frequency band of the office equipment from the field information.
In the next step, a shielding network for shielding the office equipment is generated according to the communication frequency band; the shielding network is used for intercepting data sent or received by the office equipment.
When the method described in the above steps is executed, the shielding network can be generated based on the communication frequency band corresponding to the office equipment. Thus, targeted shielding of office equipment can be achieved.
In another example, in step S24, the step of obtaining the office data interaction record between the office device and other office devices in the online office network may specifically include what is described in the following substeps.
Determining first timeline information of a target office device and second timeline information of the office device aiming at any one target office device in other office devices in the online office network; the first timeline information comprises first moment information that the target office equipment has data interaction behavior, and the second timeline information comprises second moment information that the office equipment has data interaction behavior.
In the next step, according to the first time information and the second time information with the same data interaction behavior parameters, determining interaction information corresponding to the data interaction behavior parameters, and according to the interaction information, obtaining office data interaction records between the target office equipment and the office equipment; wherein, the data interaction record comprises interaction list information.
In specific implementation, through the content, office data interaction records among different office equipment can be determined, and an accurate and comprehensive data basis is provided for subsequent security detection.
In practical applications, the step of determining the associated security level of the office device according to the plurality of office data interaction records corresponding to the office device, which is described in step S24, may specifically include the content described in the following steps.
Acquiring list structure parameters of each office data interaction record and each communication verification result; and under the condition that each office data interaction record contains a communication white list according to the list structure parameters, determining the confidence weight between each communication verification result of the communication black list of each office data interaction record and each communication verification result of each office data interaction record under the communication white list corresponding to the office data interaction record according to the communication verification result and the confidence degree of each office data interaction record under the communication white list corresponding to the office data interaction record, and adjusting the communication verification result with the maximum confidence weight between each communication verification result of each office data interaction record under the communication black list corresponding to the office data interaction record and each communication verification result under the communication white list corresponding to the office data interaction record to the communication white list corresponding to the office data interaction record.
Further, under the condition that the communication blacklist corresponding to each office data interaction record contains a plurality of communication verification results, determining the confidence weight between the communication verification results of each office data interaction record in the communication blacklist corresponding to the office data interaction record according to the communication verification result of each office data interaction record in the communication whitelist corresponding to the office data interaction record and the confidence degree of the communication verification result, and performing relevance detection on the communication verification results of the communication blacklist according to the confidence weight between the communication verification results to obtain a corresponding relevance detection result.
Further, determining a target security level corresponding to each office data interaction record according to a communication verification result in a communication white list corresponding to each office data interaction record and a correlation detection result corresponding to each office data interaction record; and weighting the target security level based on the list structure parameters corresponding to each office data interaction record to obtain the associated security level of the office equipment.
It can be understood that the confidence and accuracy of the associated security level can be ensured through the content described in the above steps.
The various technical features in the above embodiments can be arbitrarily combined, so long as there is no conflict or contradiction between the combinations of the features, but the combination is limited by the space and is not described one by one, and therefore, any combination of the various technical features in the above embodiments also belongs to the scope disclosed in the present specification.
Corresponding to the embodiment of the safety detection method, the application also provides a functional module and a hardware structure embodiment of the safety detection terminal.
Please refer to fig. 3, which is a schematic diagram of a functional module of the security inspection terminal 20 provided in the present application. In detail, the security detection terminal 20 may specifically include the following functional modules.
The real-time acquisition module 21 is configured to acquire a data packet which is uploaded by each office device in real time and includes user behavior data and an operation instruction set; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time.
The weight determining module 22 is used for determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing a matching degree between first action data generated when office equipment acts according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office equipment, the first action data is actual action data generated when the office equipment acts according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal.
The state detection module 23 is configured to determine that a first input response behavior exists in the office device when the input response consistency weight value is lower than a set weight value; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal.
The interaction detection module 24 is configured to determine that a second input response behavior exists in the office device when the input response consistency weight value is greater than or equal to the set weight value; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
The embodiment of the functional module of the safety detection terminal can be applied to hardware equipment of the safety detection terminal. The functional module embodiment may be implemented by software, or by hardware, or by a combination of hardware and software. Taking software implementation as an example, as a device in a logical sense, the device is formed by reading corresponding computer program instructions in the non-volatile memory into the memory for operation through the processor of the security detection terminal where the device is located.
In terms of hardware, as shown in fig. 4, the hardware structure of the security detection terminal corresponding to the functional module of the security detection terminal in this application is a hardware structure diagram, except for the processor 2021, the memory 2023, the network interface 2024, and the nonvolatile memory 2022 shown in fig. 4, in an embodiment, a device where the functional module of the security detection terminal is located may also include other hardware according to an actual function of the device, and is not shown in fig. 4 one by one.
The implementation process of the functions and actions of the modules is specifically described in the implementation process of the corresponding steps in the method, and is not described herein again.
On the basis, the application also provides a readable storage medium applied to a computer, wherein a computer program is burned in the readable storage medium, and the method is realized when the computer program runs in the memory of the security detection terminal.
For the functional module embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described functional module embodiments are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A safety detection method of online office equipment is characterized in that the method is applied to a safety detection terminal in a safety detection system, the safety detection system further comprises a plurality of office equipment, and the safety detection terminal is in communication connection with the office equipment, and the method comprises the following steps:
acquiring a data packet which is uploaded by each office device in real time and comprises user behavior data and an operation instruction set; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
when the input response consistency weight value is lower than a set weight value, determining that a first input response behavior exists in the office equipment; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
when the input response consistency weight value is larger than or equal to the set weight value, determining that a second input response behavior exists in the office equipment; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
2. The security detection method according to claim 1, wherein the determining a comparison result of the consistency between the user behavior data and the operation instruction set in the data packet corresponding to each office device specifically includes:
determining part of target user behavior data from the user behavior data of each office device; the part of target user behavior data refers to user behavior data which triggers an action response thread of the office equipment in the user behavior data, wherein the action response thread is a thread which is used by the office equipment for generating the first action data;
adding first identification information corresponding to the target user behavior data to a target operation instruction corresponding to the target user behavior data in the operation instruction set, and adding second identification information to other operation instructions except the target operation instruction in the operation instruction set; wherein the first identification information and the second identification information are different;
determining a conversion evaluation factor between target user behavior data corresponding to each office device and a target operation instruction corresponding to the office device according to the user behavior data, the operation instruction set, the first identification information and the second identification information corresponding to each office device; the conversion evaluation factor is used for representing the time-consuming duration required by each office device for converting the target operation instruction into the target user behavior data corresponding to the target operation instruction;
determining the response rate between the target user behavior data and other operation instructions corresponding to each office device according to the conversion evaluation factor corresponding to each office device; the response rate is used for representing the probability of converting other operation instructions corresponding to the office equipment into the target user behavior data;
determining a conversion distortion rate between user behavior data corresponding to each office device and an operation instruction set corresponding to the office device based on the response rate and the conversion evaluation factor corresponding to each office device; and determining a consistency comparison result between the user behavior data and the operation instruction set corresponding to each office device according to the conversion distortion rate, the response rate and the conversion evaluation factor corresponding to each office device.
3. The security detection method according to claim 2, wherein the determining an input response consistency weight value for each office device according to the consistency comparison result specifically includes:
generating an action data acquisition request corresponding to each office device according to the consistency comparison result corresponding to each office device; the action data acquisition request is a request which is sent to the office equipment by the security detection terminal and is used for acquiring first action data of the office equipment;
sending a corresponding action data acquisition request to each office device to acquire first action data fed back by each office device based on the action data acquisition request;
starting an action data determining thread of the safety detection terminal according to the operation instruction set of each office device, and determining second action data corresponding to the operation instruction set of each office device; the action data determining thread is a thread used by the safety detection terminal for analyzing operation instruction sets corresponding to different office equipment;
determining a first data characteristic of first action data corresponding to each office device and a second data characteristic of second action data corresponding to each office device; wherein the first data characteristic is a data characteristic of data in the first motion data except for first structure data, the second data characteristic is a data characteristic of data in the second motion data except for second structure data, the first structure data is used for concatenating the data in the first motion data except for the first structure data, and the second structure data is used for concatenating the data in the second motion data except for the second structure data;
determining a cosine similarity value between a first data feature and a second data feature corresponding to each office device, determining a matching degree between the first data feature and the second data feature corresponding to each office device according to the cosine similarity value, and determining an input response consistency weight value corresponding to each office device according to the matching degree; the matching degree is obtained by performing normalization processing on the cosine similarity value, and the input response consistency weight value is obtained by weighting the matching degree.
4. The safety detection method according to any one of claims 1 to 3, wherein obtaining a network state parameter of an online office network built according to all office equipment in the safety detection system, and determining whether a difference between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameter specifically includes:
determining a network operational data stream extracted based on the online office network; wherein the network operation data stream is used for representing the real-time operation state of the online office network;
for a current network operation data flow in the network operation data flows, determining a data flow update weight of the current network operation data flow in the security detection system based on a first update frequency of the current network operation data flow in the security detection system and a second update frequency of each network operation data flow in the security detection system;
determining operation parameters from each network operation data flow according to the data flow updating weight, and integrating the operation parameters corresponding to each network operation data flow to obtain network state parameters of the online office network;
obtaining a correction coefficient corresponding to the network state parameter according to a preset mapping relation, weighting the input response consistency weight value according to the correction coefficient to obtain a target weight value, and determining whether the difference value between the target weight value and the set weight value is within the set interval range; and the mapping relation is used for recording correction coefficients corresponding to different network state parameters.
5. The security detection method according to claim 1, wherein the setting of the access interception mechanism for the office device specifically includes:
extracting a plurality of resolvable protocol fields and field identification of each protocol field from a communication protocol corresponding to the office equipment; wherein, the corresponding field identifications of different protocol fields are different;
determining a target identifier corresponding to a preset identifier from a plurality of field identifiers, and extracting field information in a protocol field corresponding to the target identifier; determining a communication frequency band of the office equipment from the field information;
generating a shielding network for shielding the office equipment according to the communication frequency band; the shielding network is used for intercepting data sent or received by the office equipment.
6. The security detection method according to claim 1, wherein the acquiring of the office data interaction record between the office device and the other office devices in the online office network specifically includes:
determining first timeline information of a target office device and second timeline information of the office device aiming at any one target office device in other office devices in the online office network; the first time line information comprises first time information that the target office equipment has data interaction behavior, and the second time line information comprises second time information that the office equipment has data interaction behavior;
according to first time information and second time information with the same data interaction behavior parameters, determining interaction information corresponding to the data interaction behavior parameters, and according to the interaction information, obtaining office data interaction records between the target office equipment and the office equipment; wherein, the data interaction record comprises interaction list information.
7. The safety detection system of the on-line office equipment is characterized by comprising a safety detection terminal and a plurality of office equipment, wherein the safety detection terminal is in communication connection with the office equipment;
the office equipment is used for uploading a data packet comprising user behavior data and an operation instruction set to the safety detection terminal in real time; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
the safety detection terminal is used for determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
the safety detection terminal is used for determining that the office equipment has a first input response behavior when the input response consistency weight value is lower than a set weight value; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
the safety detection terminal is used for determining that a second input response behavior exists in the office equipment when the input response consistency weight value is greater than or equal to the set weight value; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
8. A safety detection terminal is characterized in that the safety detection terminal and a plurality of office equipment form a safety detection system of online office equipment, the safety detection terminal and the office equipment are in communication connection with each other, and the safety detection terminal comprises:
the real-time acquisition module is used for acquiring a data packet which is uploaded by each office device in real time and comprises user behavior data and an operation instruction set; the operation instruction set is input by a user through office equipment, and when the office equipment converts the operation instruction set into user behavior data, the user behavior data and the corresponding operation instruction set are packaged to obtain a data packet, and the data packet is uploaded to a safety detection terminal in real time;
the weight determining module is used for determining a consistency comparison result between the user behavior data and the operation instruction set in the data packet corresponding to each office device; determining an input response consistency weight value of each office equipment according to the consistency comparison result; the input response consistency weight value is used for representing the matching degree between first action data generated by an office device acting according to an operation instruction set and second action data determined by the safety detection terminal based on the operation instruction set corresponding to the office device, the first action data is actual action data generated by the office device acting according to user behavior data corresponding to the operation instruction set, and the second action data is expected action data determined by the safety detection terminal;
the state detection module is used for determining that the office equipment has a first input response behavior when the input response consistency weight value is lower than a set weight value; acquiring network state parameters of an online office network built according to all office equipment in the safety detection system, and determining whether the difference value between the input response consistency weight value and the set weight value is within a set interval range according to the network state parameters; if not, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment; the first input response behavior is used for representing that first action data corresponding to the office equipment are not matched with second action data determined by the safety detection terminal;
the interaction detection module is used for determining that a second input response behavior exists in the office equipment when the input response consistency weight value is greater than or equal to the set weight value; acquiring office data interaction records between the office equipment and other office equipment in the online office network; determining the associated security level of the office equipment according to a plurality of office data interaction records corresponding to the office equipment; and when the associated security level is lower than a set level, removing the office equipment from the online office network and setting an access interception mechanism for the office equipment.
9. A security detection terminal, comprising:
a processor, and
a memory and a network interface connected with the processor;
the network interface is connected with a nonvolatile memory in the access right verification device;
the processor, when running, retrieves a computer program from the non-volatile memory via the network interface and runs the computer program via the memory to perform the method of any of claims 1-6 above.
10. A readable storage medium applied to a computer, wherein the readable storage medium is burned with a computer program, and the computer program implements the method of any one of claims 1 to 6 when running in a memory of a security detection terminal.
CN202010203292.4A 2020-03-21 2020-03-21 Security detection method, system and terminal for online office equipment Active CN111385309B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202011066570.2A CN112187812A (en) 2020-03-21 2020-03-21 Data security detection method and system applied to online office network
CN202011066572.1A CN112187813A (en) 2020-03-21 2020-03-21 Data processing method and system based on online office environment
CN202010203292.4A CN111385309B (en) 2020-03-21 2020-03-21 Security detection method, system and terminal for online office equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010203292.4A CN111385309B (en) 2020-03-21 2020-03-21 Security detection method, system and terminal for online office equipment

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN202011066570.2A Division CN112187812A (en) 2020-03-21 2020-03-21 Data security detection method and system applied to online office network
CN202011066572.1A Division CN112187813A (en) 2020-03-21 2020-03-21 Data processing method and system based on online office environment

Publications (2)

Publication Number Publication Date
CN111385309A CN111385309A (en) 2020-07-07
CN111385309B true CN111385309B (en) 2020-12-08

Family

ID=71218789

Family Applications (3)

Application Number Title Priority Date Filing Date
CN202011066570.2A Withdrawn CN112187812A (en) 2020-03-21 2020-03-21 Data security detection method and system applied to online office network
CN202011066572.1A Withdrawn CN112187813A (en) 2020-03-21 2020-03-21 Data processing method and system based on online office environment
CN202010203292.4A Active CN111385309B (en) 2020-03-21 2020-03-21 Security detection method, system and terminal for online office equipment

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN202011066570.2A Withdrawn CN112187812A (en) 2020-03-21 2020-03-21 Data security detection method and system applied to online office network
CN202011066572.1A Withdrawn CN112187813A (en) 2020-03-21 2020-03-21 Data processing method and system based on online office environment

Country Status (1)

Country Link
CN (3) CN112187812A (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112860511A (en) * 2020-08-13 2021-05-28 孙小丽 Information generation method, system and platform based on intelligent online communication and big data
CN113065152A (en) * 2020-09-07 2021-07-02 沈建锋 Cloud service interaction method and system based on cloud computing and information digitization
CN112163225A (en) * 2020-10-23 2021-01-01 苏州聚慧邦信息科技有限公司 Information security detection method and device based on office equipment and computer equipment
CN113271232B (en) * 2020-10-27 2022-01-11 苏州铁头电子信息科技有限公司 Online office network disturbance processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954342A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Security estimation method and device
CN108133139A (en) * 2017-11-28 2018-06-08 西安交通大学 A kind of Android malicious application detecting system compared based on more running environment behaviors
CN107302520B (en) * 2017-05-15 2019-01-22 北京明朝万达科技股份有限公司 A kind of data dynamic anti-leak and method for early warning and system
CN110719274A (en) * 2019-09-29 2020-01-21 武汉极意网络科技有限公司 Network security control method, device, equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685176B (en) * 2012-09-11 2017-03-22 联想(北京)有限公司 Terminal equipment, equipment management server and connection establishment method
CN105187394B (en) * 2015-08-10 2018-01-12 济南大学 Proxy server and method with mobile terminal from malicious software action detectability
US10318729B2 (en) * 2017-07-26 2019-06-11 Forcepoint, LLC Privacy protection during insider threat monitoring

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954342A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Security estimation method and device
CN107302520B (en) * 2017-05-15 2019-01-22 北京明朝万达科技股份有限公司 A kind of data dynamic anti-leak and method for early warning and system
CN108133139A (en) * 2017-11-28 2018-06-08 西安交通大学 A kind of Android malicious application detecting system compared based on more running environment behaviors
CN110719274A (en) * 2019-09-29 2020-01-21 武汉极意网络科技有限公司 Network security control method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN111385309A (en) 2020-07-07
CN112187813A (en) 2021-01-05
CN112187812A (en) 2021-01-05

Similar Documents

Publication Publication Date Title
CN111385309B (en) Security detection method, system and terminal for online office equipment
IL275042A (en) Self-adaptive application programming interface level security monitoring
CN108200068B (en) Port monitoring method and device, computer equipment and storage medium
CN111274583A (en) Big data computer network safety protection device and control method thereof
CN112003870A (en) Network encryption traffic identification method and device based on deep learning
CN111092852A (en) Network security monitoring method, device, equipment and storage medium based on big data
CN111565205A (en) Network attack identification method and device, computer equipment and storage medium
CN105022960A (en) Multi-feature mobile terminal malicious software detecting method based on network flow and multi-feature mobile terminal malicious software detecting system based on network flow
CN105187392A (en) Mobile terminal malicious software detection method based on network access point and system thereof
CN113949577A (en) Data attack analysis method applied to cloud service and server
CN113225339B (en) Network security monitoring method and device, computer equipment and storage medium
CN111953665B (en) Server attack access identification method and system, computer equipment and storage medium
CN111935185B (en) Method and system for constructing large-scale trapping scene based on cloud computing
CN111464513A (en) Data detection method, device, server and storage medium
CN113610157A (en) Service big data characteristic acquisition method based on artificial intelligence and server
Wu et al. Bayesian model updating method based android malware detection for IoT services
CN112165484A (en) Network encryption traffic identification method and device based on deep learning and side channel analysis
CN114785567A (en) Traffic identification method, device, equipment and medium
CN104639387A (en) Users' network behavior tracking method and equipment
CN110020665A (en) A kind of microbial biomass modal data analysis method being compatible with different flight mass spectrometers
CN110909380B (en) Abnormal file access behavior monitoring method and device
CN112100604B (en) Terminal equipment information processing method and device
CN108650274B (en) Network intrusion detection method and system
CN115834231A (en) Honeypot system identification method and device, terminal equipment and storage medium
CN110401639B (en) Method and device for judging abnormality of network access, server and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 6 / F, block B, Huidu international, 131 Baita Road, Panlong District, Kunming City, Yunnan Province 650011

Applicant after: Xue Aijun

Address before: Room 602, building 3, software park, 999 Wanshou South Road, Rucheng Town, Rugao City, Nantong City, Jiangsu Province

Applicant before: Xue Aijun

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201123

Address after: Room 206 West, building 3, No. 288, Qinjiang East Road, Kecheng District, Quzhou City, Zhejiang Province

Applicant after: Zhejiang Dianke Zhisheng Technology Co., Ltd

Address before: 6 / F, block B, Huidu international, 131 Baita Road, Panlong District, Kunming City, Yunnan Province 650011

Applicant before: Xue Aijun

GR01 Patent grant
GR01 Patent grant