CN111934906B - Artificial intelligence assessment method, client and system for grade protection - Google Patents

Artificial intelligence assessment method, client and system for grade protection Download PDF

Info

Publication number
CN111934906B
CN111934906B CN202010637553.3A CN202010637553A CN111934906B CN 111934906 B CN111934906 B CN 111934906B CN 202010637553 A CN202010637553 A CN 202010637553A CN 111934906 B CN111934906 B CN 111934906B
Authority
CN
China
Prior art keywords
network
information
operation state
equipment
evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010637553.3A
Other languages
Chinese (zh)
Other versions
CN111934906A (en
Inventor
杨腾霄
崔政强
马宇尘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Niudun Technology Co ltd
Original Assignee
Shanghai Niudun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Niudun Technology Co ltd filed Critical Shanghai Niudun Technology Co ltd
Priority to CN202010637553.3A priority Critical patent/CN111934906B/en
Publication of CN111934906A publication Critical patent/CN111934906A/en
Application granted granted Critical
Publication of CN111934906B publication Critical patent/CN111934906B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/026Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using e-messaging for transporting management information, e.g. email, instant messaging or chat
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Abstract

The invention discloses an artificial intelligence evaluation method, a client and a system for level protection, and relates to the technical field of network information security. The artificial intelligent evaluation method for the level protection comprises the steps of obtaining image data of network equipment in a network information system through an instant messaging tool, obtaining equipment information of the network equipment after carrying out image identification on the image data, obtaining operation state information of the network equipment through an operation state identification terminal and judging whether the network equipment accords with a normal operation state; and when the network equipment is judged to accord with the normal operation state, performing evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade. The invention improves the reliability of the evaluation data acquired during the automatic evaluation of the equi-protection, and the whole process does not need manual operation and verification, thereby improving the accuracy of the equi-protection evaluation.

Description

Artificial intelligence assessment method, client and system for grade protection
Technical Field
The invention relates to the technical field of network information security, in particular to an artificial intelligence assessment method, a client and a system for level protection.
Background
In the industries of network security and application security, security evaluation methods are endless, and commonly used methods such as level protection (abbreviated as equi-protection), penetration test, vulnerability scanning, baseline checking, risk evaluation and the like are provided, wherein each method has the characteristics of each method. The level protection refers to the hierarchical implementation of security protection on information systems (network devices) for storing, transmitting and processing national important information, legal persons, private information of other organizations and citizens, public information and the like, the hierarchical management on information security products used in the information systems, and the hierarchical response and treatment on information security events occurring in the information systems. Therefore, the country formulates corresponding management standards and technical standards such as 'information system security level protection evaluation requirement'. The equal-protection assessment (fully called as information system security level protection assessment) refers to technical data in the information system security level protection assessment requirement, and performs assessment work on network equipment used by an information system. The conventional equivalent security evaluation work of the corresponding network equipment is generally based on manual operation: firstly, manually judging the type of network equipment, and then carrying out corresponding evaluation on the network equipment according to each evaluation index under the corresponding grade required by the grade protection technical standard; and then, manually calculating the data obtained by the evaluation, and writing and the like to ensure an evaluation report. However, the above-mentioned evaluation process has a great limitation due to the diversity of the model and brand of the enterprise purchasing network devices in different industries and the variation of personnel quality and professional level of the evaluation technicians, and mainly has the following defects: 1) The inspection means is too simple, the operation standardization is difficult to ensure, and the evaluation result is incomplete; 2) The time consumption is long, and the evaluation efficiency is low; 3) The human evaluation error easily brings about the risk of the evaluation error.
Aiming at the technical problems, various automatic evaluation methods suitable for the equal-protection evaluation are proposed in the prior art. Taking the chinese application CN201811184819.2 as an example, it discloses an automatic evaluation method and system for iso-security evaluation, which can obtain the evaluation instruction information sent by the user (the party to be evaluated), where the evaluation instruction information includes the type of the network device to be evaluated and the login information of the network device to be evaluated; then selecting a corresponding evaluation script from a preset evaluation script library according to the type of the network equipment to be tested, logging in the network equipment to be tested to execute the evaluation script, and obtaining the returned evaluation data after the execution of the evaluation script; and then analyzing the evaluation data to obtain an evaluation result value, comparing the evaluation result value with a preset evaluation value in a preset evaluation index library to obtain an evaluation result, acquiring a difference value between the evaluation result value and the preset evaluation value, judging whether the difference value meets the requirement, if so, judging that the evaluation is qualified, and otherwise, judging that the evaluation is unqualified.
However, the above scheme has the following drawbacks: the monitoring of the operation state of the network equipment is lacking in the evaluation process, and if the tested network equipment is in an abnormal operation state, the returned evaluation data of the network equipment cannot embody the real evaluation data of the network equipment.
The network devices (including components in the network devices) are physical entities connected to the network, and the common network devices are of a wide variety and typically may include: computers (whether they are personal computers or servers), hubs, switches, bridges, routers, gateways, network Interface Cards (NICs), wireless Access Points (WAPs), printers and modems, fiber optic transceivers, and the like. The temperature of the network device can prompt the running state of the network device, and when the network device runs abnormally, the temperature of main running components such as a CPU often appears abnormally, so that in the monitoring of the network device, the temperature monitoring of the CPU, a magnetic disk, a display card and the like is generally further included, so that whether the corresponding network device runs normally or not is judged in an auxiliary mode.
Disclosure of Invention
The invention aims to provide an artificial intelligence evaluation method, a client and a system for level protection, which have the advantages that: and acquiring the operation state information of each network device by setting an operation state identification terminal so as to verify whether the network device to be evaluated operates normally, and performing equal-protection automatic evaluation through a preset network security level evaluation model under the condition that the network device accords with the normal operation state. The invention improves the reliability of the evaluation data acquired during the automatic evaluation of the equi-protection, does not need manual operation and verification in the whole process, saves a great deal of labor cost and time cost, and improves the accuracy of the equi-protection evaluation.
In order to achieve the above object, the present invention provides the following technical solutions:
an artificial intelligence evaluation method of level protection (comprising the steps of:
acquiring image data of network equipment in a network information system through an instant messaging tool, acquiring equipment information of the network equipment after carrying out image identification on the image data, acquiring operation state information of the network equipment through an operation state identification terminal, and judging whether the network equipment accords with a normal operation state according to the operation state information;
and when the network equipment is judged to accord with the normal operation state, performing evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade.
And further, when the network equipment is judged to be not in accordance with the normal operation state according to the operation state information, sending out warning information through a warning module.
Further, the operation state identification terminal comprises a camera shooting structure and an image identification module, wherein the camera shooting structure is arranged corresponding to the equipment monitoring display screen and can acquire an image of the output content of the equipment monitoring display screen, and the image identification module is used for identifying the image so as to judge whether related network equipment accords with the normal operation state.
Further, the operation state identification terminal is a thermal sensor set, the thermal sensor set comprises a thermal sensor and a communication device, the thermal sensor is arranged on the main structure of each network device to detect temperature data and space data of each network device, and the communication device is used for communication interaction with a system or an associated external system.
Further, a machine-readable code is arranged corresponding to the thermal sensor package as a user interface, and the machine-readable code is associated with the thermal sensing device of the thermal sensor package and network equipment corresponding to the thermal sensing device;
and acquiring the read operation of the machine-readable code by the user terminal through the instant messaging tool, judging whether the corresponding instant messaging user has the administrator authority of the network information system, and acquiring the detection data of the associated heat sensing device and outputting the network equipment information when judging that the corresponding instant messaging user has the administrator authority.
Further, a plurality of heat induction devices are arranged corresponding to the plurality of network devices, the network devices and the heat induction devices are arranged in a one-to-one correspondence manner, and each heat induction device is provided with a number; and outputting the numbers of the network devices and the heat sensing devices on the network devices through a user interface of the instant messaging tool, collecting operation information of the numbers of the network devices and/or the heat sensing devices triggered by a user, and outputting temperature layout data of the network devices, wherein the temperature layout data comprises temperature values and space coordinates.
Further, the thermal sensor set further comprises a positioning device, positioning information of the positioning device is obtained, and the positioning information of each network device in a network information system is combined to form a device distribution diagram;
acquiring a real-time equipment distribution diagram of a network information system, comparing the real-time equipment distribution diagram with a pre-stored standard equipment distribution diagram, and judging whether the real-time equipment distribution diagram is consistent with the pre-stored standard equipment distribution diagram; and when the network security level assessment model is judged to be required to trigger re-scoring, re-assessing based on the network security level assessment model to obtain a new scoring value.
Further, after the position information of the network equipment and/or the thermal induction device of the thermal induction instrument set is obtained, an equipment distribution diagram of a network information system is generated, and the equipment distribution diagram is output through a user interface of an instant messaging tool; and acquiring a drag operation of a user for adjusting the position of the target network equipment in the equipment distribution diagram, triggering equipment distribution diagram adjustment when the user has the authority of the network information system administrator, simultaneously converting the position adjustment information into voice, text and/or image information, transmitting the voice, text and/or image information to the administrator of the network information system, and generating a shift guide map of the target network equipment to guide the administrator to carry out actual position adjustment of the target network equipment.
The invention also provides an instant messaging client, which comprises an instant messaging module for instant messaging, and further comprises:
the device information acquisition module is used for acquiring image data of network devices in the network information system, and acquiring device information of the network devices after carrying out image recognition on the image data;
the equipment operation state acquisition module is connected with the operation state identification terminal and is used for receiving the operation state information of the network equipment acquired by the operation state identification terminal;
the information processing module is used for judging whether the network equipment accords with a normal operation state according to the operation state information; and when the network equipment is judged to accord with the normal operation state, performing evaluation and scoring according to the equipment information of the network equipment and a preset network security grade evaluation model, and obtaining a grade value corresponding to the network information system to obtain a corresponding grade protection grade.
The invention also provides an artificial intelligence evaluation system for the level protection, which comprises a user client, a system server and an operation state identification terminal;
the user client is provided with an instant messaging tool for a user to set a security level assessment model, acquire image data of network equipment in a network information system and transmit the image data to a system server;
the operation state identification terminal is used for acquiring operation state information of the network equipment and transmitting the operation state information to the system server;
the system server is configured to:
acquiring equipment information of the network equipment after carrying out image recognition on the image data, and judging whether the network equipment accords with a normal operation state according to the operation state information; and when the network equipment accords with the normal operation state, performing evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade.
Compared with the prior art, the invention has the following advantages and positive effects by taking the technical scheme as an example: the operation state identification terminal is arranged to acquire the operation state information of each network device so as to verify whether the network device to be evaluated operates normally, and under the condition that the network device accords with the normal operation state, the equal-protection automatic evaluation is performed through the preset network security level evaluation model, so that the reliability of the evaluation data acquired during the equal-protection automatic evaluation is improved, manual operation and verification are not needed in the whole process, a great amount of labor cost and time cost are saved, and the accuracy of the equal-protection evaluation is improved.
Drawings
Fig. 1 is a flowchart of an artificial intelligence evaluation method for level protection according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a thermal sensor package according to an embodiment of the present invention.
Fig. 3 is an information transmission diagram of a plurality of thermal sensor packages in a network information system according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a client according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a system according to an embodiment of the present invention.
Reference numerals illustrate:
the client 100, the device information acquisition module 110, the device operation state acquisition module 120, the information processing module 130;
system 200, user client 210, system server 220, and operational status identifying terminal 230.
Detailed Description
The artificial intelligence assessment method, the client and the system for the level protection disclosed by the invention are further described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the technical features or combinations of technical features described in the following embodiments should not be regarded as being isolated, and they may be combined with each other to achieve a better technical effect. In the drawings of the embodiments described below, like reference numerals appearing in the various drawings represent like features or components and are applicable to the various embodiments. Thus, once an item is defined in one drawing, no further discussion thereof is required in subsequent drawings.
It should be noted that the structures, proportions, sizes, etc. shown in the drawings are merely used in conjunction with the disclosure of the present specification, and are not intended to limit the applicable scope of the present invention, but rather to limit the scope of the present invention. The scope of the preferred embodiments of the present invention includes additional implementations in which functions may be performed out of the order described or discussed, including in a substantially simultaneous manner or in an order that is reverse, depending on the function involved, as would be understood by those of skill in the art to which embodiments of the present invention pertain.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate. In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
Examples
Referring to fig. 1, an artificial intelligence evaluation method for level protection according to an embodiment of the present invention includes the following steps:
s100, acquiring image data of network equipment in a network information system through an instant messaging tool, and acquiring equipment information of the network equipment after carrying out image recognition on the image data; and acquiring operation state information of the network equipment through the operation state identification terminal, and judging whether the network equipment accords with a normal operation state according to the operation state information.
The instant messaging tool (IM: instant Messaging, which may also be referred to as an instant messaging tool), is commonly referred to in the art as a client having instant messaging functionality. By way of example and not limitation, the instant messaging tool may be a web-based application, a PC-based application, or a handheld terminal APP application.
The device information of the network device includes self attribute information of the network device and login information of the network device. The self attribute information may include basic information such as device name information, device image information, device model information, device service life information, and maintenance history information. The login information is identity verification information of the login network equipment, and may include a login user name and a login password.
In this embodiment, the device information of the network device is acquired by means of image recognition. Specifically, the instant messaging tool is used for acquiring the image data of the network equipment in the network information system, and the equipment information of the network equipment is acquired after the image data is subjected to image recognition. The image data may include image data of a specification of the network device, and image data of an introduction document of the network information system.
And S200, when the network equipment accords with the normal operation state, performing evaluation and scoring according to the equipment information of the network equipment and a preset network security grade evaluation model, and obtaining a grade value corresponding to the network information system to obtain a corresponding grade protection grade.
And judging whether the network equipment accords with the normal operation state according to the operation state information. And under the condition that the equipment accords with the normal operation state, performing evaluation and scoring by a scoring mechanism of the departure grade protection. Specifically, according to the device information of the network device, a corresponding evaluation score is performed corresponding to a preset network security level evaluation model, and a corresponding grading value of the network information system is obtained to obtain a corresponding level protection level.
The network security level may be divided into five levels, namely a first level (user-independent protection level), a second level (system audit protection level), a third level (security mark protection level), a fourth level (structured protection level) and a fifth level (access verification protection level). Different levels correspond to different assessment indexes and assessment index values. By way of example and not limitation, for example, the second level corresponds to 10 evaluation indexes, each of which is provided with a second standard value, and when the second standard value is reached, the second level condition is considered to be met; and 5 evaluation indexes are added to the third level relative to the second level, wherein the 15 evaluation indexes comprise a third level standard value, and the 12 th evaluation index is set to be in accordance with the third level condition when reaching the third level standard value.
And the security level determining model is provided with a mapping relation between the network security level and the network equipment information. Corresponding network equipment information can be obtained according to the network security level, and corresponding network security level can be obtained according to the existing network equipment information.
Specifically, the security level determination model is provided with an evaluation script database, an evaluation index database, a test data analysis unit and a level calculation unit.
And a plurality of evaluation scripts are arranged in the evaluation script database, the evaluation scripts are correspondingly arranged with the types of the network equipment, and the network equipment with different types corresponds to different evaluation scripts. By way of example and not limitation, the types of network devices can be broadly divided into: different types of routers, switches, firewalls, computers, and other network devices, and further, may be subdivided into major classes, such as subclasses according to the type of network device and the system used. According to the network device type information (including major and/or minor types of information) in the provided network device information, a matched test script can be acquired in a security level determination model, and then the test script is run on the network device to acquire test data.
The evaluation index database is provided with a plurality of evaluation indexes and standard values of the evaluation indexes, and different network security levels at different levels correspond to different test indexes and test index standard values.
The test data analysis unit is capable of analyzing the test data and obtaining an evaluation value corresponding to the evaluation data according to a preset evaluation rule. Specifically, the test data analysis unit may determine the coincidence degree of the related information and the test index after acquiring the information related to each evaluation index from the test data based on the preset evaluation index, and score the test data according to the coincidence degree. By way of example and not limitation, such as compliance is divided into full compliance, majority compliance, substantial compliance, minor compliance, and full non-compliance, with corresponding scores of 5 points, 4 points, 3 points, 2 points, and 0 points, respectively. The test data involves 15 relevant information of the test indexes, wherein 10 test indexes are judged to be basically consistent, the 10 indexes are scored as 3 points, 2 indexes are judged to be completely consistent with the score as 5 points, 3 indexes are mostly consistent with the score as 4 points, and the evaluation value of the evaluation data is 30+10+12 to 52 points.
The grade calculating unit can compare the evaluation value and the related evaluation index with standard values in an evaluation index database to judge the corresponding network security grade. By way of example, and not limitation, a score of 52 may be provided, involving 15 test metrics, where the score and the score meet a third level network security level criterion, and determining that the network security level corresponding to the network information system to which the contact belongs is the third level.
In this embodiment, an alarm module is further provided, and when it is determined that the network device does not conform to the normal operation state according to the operation state information, alarm information may be sent out through the alarm module.
In one embodiment, the operation state identification terminal includes a camera shooting structure and an image identification module, the camera shooting structure is set corresponding to the device monitoring display screen and can acquire an image of output content of the device monitoring display screen, and the image identification module is used for identifying the image so as to judge whether related network devices accord with a normal operation state.
In another embodiment, the operation state identification terminal is a thermal sensor package.
Referring to fig. 2, the thermal sensor package may include a thermal sensing device installed on a main structure of each network device to detect temperature data and space data of each network device, and a communication device for communication interaction with a system or an associated external system.
Preferably, the heat sensing means may include an infrared heat sensing device, a data recording device, and a temperature analyzing device. In practical applications, the material of the main structure of the network device may be plastic or metal, and the infrared thermal sensing device may be an infrared thermal sensor. And scanning the network equipment through one or more infrared thermal sensing equipment to acquire temperature data and space data of the network equipment.
For example, one infrared thermal sensing device can acquire temperature data and space data of elements of the network device on the same plane, two infrared thermal sensing devices can acquire temperature data and space data of elements of the network device on the same line, and three infrared thermal sensing devices can acquire temperature data and space data of one fixed point of the network device. In this embodiment, the number of the infrared heat sensing devices is at least 3. Of course, in order to increase the measurement accuracy, the number of infrared heat sensing devices installed on one network device may increase with actual demands.
The infrared thermal induction equipment sends the collected data to the data recording equipment, and the data recording equipment sorts the data and sends the sorted data to the temperature analysis equipment. The temperature analysis equipment analyzes the received temperature data of the monitoring points to obtain temperature rise data of each monitoring point and can form temperature layout data comprising temperature values and space coordinates of the monitoring points.
The heat sensing device may be located near a heat generating component of the network device, such as near a CPU; the communication device can be arranged in the case of the network equipment or outside the case, and can communicate and interact with the outside to send and receive signals.
Corresponding to the thermal sensor suit, the warning module may include a thermal sensor pre-warning mode, compare thermal sensor data to determine whether the temperature is abnormal, if the temperature is abnormal, which indicates that the working state of the device is unstable or unsafe, the thermal sensor pre-warning mode may be triggered, and send a warning message to a corresponding user, such as a webmaster, through an associated instant messaging system.
In this embodiment, a machine-readable code may be further provided corresponding to the thermal sensor package as a user interface, where the machine-readable code is associated with the thermal sensing device of the thermal sensor package and the network device corresponding to the thermal sensing device.
And acquiring the read operation of the machine-readable code by the user terminal through the instant messaging tool, judging whether the corresponding instant messaging user has the administrator authority of the network information system, and acquiring the detection data of the associated heat sensing device and outputting the network equipment information when judging that the corresponding instant messaging user has the administrator authority.
The machine readable code is preferably a two-dimensional code or a bar code.
Preferably, the user interface is implemented by a two-dimensional code. In use, the instant messaging user with the authority of the unit manager can acquire the detection data and the network equipment information of the associated heat sensing device after triggering the code scanning function of the instant messaging tool on the user terminal.
Further, the acquired information, including the related thermal sensor package information, specific thermal sensor information, network equipment information corresponding to the thermal sensor, detection data of the thermal sensor, and the like, may be stored in the instant messaging tool and toolbar trigger items corresponding to the information may be established. For example, a toolbar trigger item 'my network device' can be added in the instant messaging tool, and when the user clicks to trigger the toolbar trigger item, the acquired information can be popped up. By adopting the technical scheme, a user can establish the triggering item of the concerned thermal sensor set by using the instant messaging tool according to the requirement, and the user can check the related information of the thermal sensor set through the instant messaging tool at any time.
In this embodiment, preferably, a network information system includes a plurality of network devices, a plurality of heat sensing apparatuses are provided corresponding to the plurality of network devices, the network devices are provided in one-to-one correspondence with the heat sensing apparatuses, and a number may be provided for each of the heat sensing apparatuses for user management and inquiry. When in use, the numbers of each network device and the heat sensing device on the network device can be output through the user interface of the instant messaging tool. When the operation information of the user triggering the numbering of the network equipment and/or the heat sensing device is acquired, the temperature layout data of the network equipment can be output, wherein the temperature layout data comprises a temperature value and space coordinates.
With continued reference to FIG. 2, the thermal sensor package may also include a positioning device. After the system server or the associated server of the network information system acquires the positioning information of the positioning device, the positioning information of each network device in one network information system can be combined to form a device distribution diagram.
Thus, the location information of each thermal sensor package in a unit network information system is combined to form the equipment distribution diagram of the network information system.
In this embodiment, after the standard device distribution diagram of the network information system is established, if the acquired thermal sensor package and the corresponding network device are changed, an audit may be performed to determine whether the device score in the level protection needs to be adjusted.
Specifically, a real-time equipment distribution diagram of the network information system can be obtained, and the real-time equipment distribution diagram is compared with a pre-stored standard equipment distribution diagram to judge whether the real-time equipment distribution diagram and the pre-stored standard equipment distribution diagram are consistent. And when the network equipment is inconsistent, acquiring equipment information of the network equipment with changed position, and judging whether the position change of the network equipment needs triggering rescaling or not. And when the triggering of the re-scoring is judged to be needed, re-scoring is carried out based on the network security rating model so as to obtain a new scoring value.
Preferably, the real-time working state of each network device can be judged according to the information acquired by the thermal sensor suit, so that the real-time scoring is carried out on the whole network security device of the network information system.
In another implementation manner of this embodiment, the device profile of the network information system may be generated after the location information of the network device and/or the thermal sensing device of the thermal sensor package is obtained, as shown in fig. 3, and the device profile may be output through the user interface of the instant messaging tool. When the system is used, the dragging operation of a user for adjusting the position of the target network equipment in the equipment distribution diagram can be collected, when the user is judged to have the administrator right of the network information system, the equipment distribution diagram adjustment is triggered, the position adjustment information is converted into voice, text and/or image information and then is sent to the administrator of the network information system, and the shift guide map of the target network equipment is generated to guide the administrator to carry out the actual position adjustment of the target network equipment.
Referring to fig. 4, an instant messaging client is provided according to another embodiment of the present invention. The client 100 includes an instant communication module for performing instant communication, and a device information acquisition module 110, a device operation status acquisition module 120, and an information processing module 130.
The device information collection module 110 is configured to obtain image data of a network device in the network information system, and obtain device information of the network device after performing image recognition on the image data.
The device information of the network device includes self attribute information of the network device and login information of the network device. The self attribute information may include basic information such as device name information, device image information, device model information, device service life information, and maintenance history information. The login information is identity verification information of the login network equipment, and may include a login user name and a login password.
In this embodiment, the device information of the network device is acquired by means of image recognition. Specifically, the instant messaging tool is used for acquiring the image data of the network equipment in the network information system, and the equipment information of the network equipment is acquired after the image data is subjected to image recognition. The image data may include image data of a specification of the network device, and image data of an introduction document of the network information system.
The device operation state collection module 120 is connected to the operation state identification terminal, and is configured to receive operation state information of the network device acquired by the operation state identification terminal.
In one embodiment, the operation state identification terminal includes a camera shooting structure and an image identification module, the camera shooting structure is set corresponding to the device monitoring display screen and can acquire an image of output content of the device monitoring display screen, and the image identification module is used for identifying the image so as to judge whether related network devices accord with a normal operation state.
In another embodiment, the operation state identification terminal is a thermal sensor package.
The thermal sensor package may include a thermal sensing device mounted on the main structure of each network device to detect temperature data and space data of each network device, and a communication device for communicating with a system or an associated external system.
The corresponding thermal sensor package may be disposed near a heat generating component of the network device, such as near a CPU; the communication device can be arranged in the case of the network equipment or outside the case, and can communicate and interact with the outside to send and receive signals.
Corresponding to the thermal sensor suit, the warning module may include a thermal sensor pre-warning mode, compare thermal sensor data to determine whether the temperature is abnormal, if the temperature is abnormal, which indicates that the working state of the device is unstable or unsafe, the thermal sensor pre-warning mode may be triggered, and send a warning message to a corresponding user, such as a webmaster, through an associated instant messaging system.
In this embodiment, a machine-readable code may be further provided corresponding to the thermal sensor package as a user interface, where the machine-readable code is associated with the thermal sensing device of the thermal sensor package and the network device corresponding to the thermal sensing device.
And acquiring the read operation of the machine-readable code by the user terminal through the instant messaging tool, judging whether the corresponding instant messaging user has the administrator authority of the network information system, and acquiring the detection data of the associated heat sensing device and outputting the network equipment information when judging that the corresponding instant messaging user has the administrator authority. The machine readable code is preferably a two-dimensional code or a bar code.
The information processing module 130 is configured to determine whether the network device accords with a normal operation state according to the operation state information; and when the network equipment is judged to accord with the normal operation state, performing evaluation and scoring according to the equipment information of the network equipment and a preset network security grade evaluation model, and obtaining a grade value corresponding to the network information system to obtain a corresponding grade protection grade.
And judging whether the network equipment accords with the normal operation state according to the operation state information. And under the condition that the equipment accords with the normal operation state, performing evaluation and scoring by a scoring mechanism of the departure grade protection. Specifically, according to the device information of the network device, a corresponding evaluation score is performed corresponding to a preset network security level evaluation model, and a corresponding grading value of the network information system is obtained to obtain a corresponding level protection level.
The network security level may be divided into five levels, namely a first level (user-independent protection level), a second level (system audit protection level), a third level (security mark protection level), a fourth level (structured protection level) and a fifth level (access verification protection level). Different levels correspond to different assessment indexes and assessment index values. By way of example and not limitation, for example, the second level corresponds to 10 evaluation indexes, each of which is provided with a second standard value, and when the second standard value is reached, the second level condition is considered to be met; and 5 evaluation indexes are added to the third level relative to the second level, wherein the 15 evaluation indexes comprise a third level standard value, and the 12 th evaluation index is set to be in accordance with the third level condition when reaching the third level standard value.
And the security level determining model is provided with a mapping relation between the network security level and the network equipment information. Corresponding network equipment information can be obtained according to the network security level, and corresponding network security level can be obtained according to the existing network equipment information.
Specifically, the security level determination model is provided with an evaluation script database, an evaluation index database, a test data analysis unit and a level calculation unit.
And a plurality of evaluation scripts are arranged in the evaluation script database, the evaluation scripts are correspondingly arranged with the types of the network equipment, and the network equipment with different types corresponds to different evaluation scripts. By way of example and not limitation, the types of network devices can be broadly divided into: different types of routers, switches, firewalls, computers, and other network devices, and further, may be subdivided into major classes, such as subclasses according to the type of network device and the system used. According to the network device type information (including major and/or minor types of information) in the provided network device information, a matched test script can be acquired in a security level determination model, and then the test script is run on the network device to acquire test data.
The evaluation index database is provided with a plurality of evaluation indexes and standard values of the evaluation indexes, and different network security levels at different levels correspond to different test indexes and test index standard values.
The test data analysis unit is capable of analyzing the test data and obtaining an evaluation value corresponding to the evaluation data according to a preset evaluation rule. Specifically, the test data analysis unit may determine the coincidence degree of the related information and the test index after acquiring the information related to each evaluation index from the test data based on the preset evaluation index, and score the test data according to the coincidence degree. By way of example and not limitation, such as compliance is divided into full compliance, majority compliance, substantial compliance, minor compliance, and full non-compliance, with corresponding scores of 5 points, 4 points, 3 points, 2 points, and 0 points, respectively. The test data involves 15 relevant information of the test indexes, wherein 10 test indexes are judged to be basically consistent, the 10 indexes are scored as 3 points, 2 indexes are judged to be completely consistent with the score as 5 points, 3 indexes are mostly consistent with the score as 4 points, and the evaluation value of the evaluation data is 30+10+12 to 52 points.
The grade calculating unit can compare the evaluation value and the related evaluation index with standard values in an evaluation index database to judge the corresponding network security grade. By way of example, and not limitation, a score of 52 may be provided, involving 15 test metrics, where the score and the score meet a third level network security level criterion, and determining that the network security level corresponding to the network information system to which the contact belongs is the third level.
In this embodiment, an alarm module may be further configured, and when it is determined that the network device does not conform to the normal operation state according to the operation state information, the alarm module may send out alarm information.
Other technical features are referred to the previous embodiments and will not be described here again.
Referring to FIG. 5, an artificial intelligence evaluation system for level protection is provided in accordance with another embodiment of the present invention.
The system 200 includes a user client 210, a system server 220, and an operation state identification terminal 230 that are communicatively connected, and the user client 210 and the operation state identification terminal 230 are connected to the system server 220.
The user client 210 is provided with an instant messaging tool for a user to set a security rating model, and obtains image data of network devices in the network information system and transmits the image data to a system server.
The operation status identifying terminal 230 is configured to obtain operation status information of the network device and transmit the operation status information to the system server.
The system server 220 is configured to: acquiring equipment information of the network equipment after carrying out image recognition on the image data, and judging whether the network equipment accords with a normal operation state according to the operation state information; and when the network equipment accords with the normal operation state, performing evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade.
Other technical features are referred to the previous embodiments and will not be described here again.
In the above description, the disclosure of the present invention is not intended to limit itself to these aspects. Rather, the components may be selectively and operatively combined in any number within the scope of the present disclosure. In addition, terms like "comprising," "including," and "having" should be construed by default as inclusive or open-ended, rather than exclusive or closed-ended, unless expressly defined to the contrary. All technical, scientific, or other terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Common terms found in dictionaries should not be too idealized or too unrealistically interpreted in the context of the relevant technical document unless the present disclosure explicitly defines them as such. Any alterations and modifications of the present invention, which are made by those of ordinary skill in the art based on the above disclosure, are intended to be within the scope of the appended claims.

Claims (7)

1. An artificial intelligence evaluation method for grade protection is characterized by comprising the following steps:
acquiring image data of network equipment in a network information system through an instant messaging tool, acquiring equipment information of the network equipment after carrying out image identification on the image data, acquiring operation state information of the network equipment through an operation state identification terminal, and judging whether the network equipment accords with a normal operation state according to the operation state information;
when the network equipment is judged to accord with the normal operation state, carrying out evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade;
the operation state identification terminal is a thermal sensor set, the thermal sensor set comprises a thermal sensor device, a communication device and a positioning device, the thermal sensor device is arranged on a main body structure of each network device to detect temperature data and space data of each network device, and the communication device is used for communication interaction with a system or an associated external system;
the positioning information of the positioning device is obtained, and the positioning information of all network devices in a network information system is combined to form a device distribution diagram; outputting the device distribution map through a user interface of the instant messaging tool; the drag operation of the user for adjusting the position of the target network equipment in the equipment distribution diagram is collected, when the user has the right of the network information system manager, the equipment distribution diagram adjustment is triggered, and the position adjustment information is converted into voice, text and/or image information and then is sent to the manager of the network information system in an instant communication message mode; and generating a shift guiding map of the target network equipment to guide a manager to adjust the actual position of the target network equipment.
2. The method according to claim 1, characterized in that: and when the network equipment is judged to be not in accordance with the normal operation state according to the operation state information, sending out warning information through a warning module.
3. The method according to claim 1, characterized in that: a machine-readable code is arranged corresponding to the thermal sensor set and is used as a user interface, and the machine-readable code is associated with the thermal sensing device of the thermal sensor set and network equipment corresponding to the thermal sensing device;
and acquiring the read operation of the machine-readable code by the user terminal through the instant messaging tool, judging whether the corresponding instant messaging user has the administrator authority of the network information system, and acquiring the detection data of the associated heat sensing device and outputting the network equipment information when judging that the corresponding instant messaging user has the administrator authority.
4. A method according to claim 3, characterized in that: a plurality of heat induction devices are arranged corresponding to the plurality of network devices, the network devices are arranged in one-to-one correspondence with the heat induction devices, and each heat induction device is provided with a number; and outputting the numbers of the network devices and the heat sensing devices on the network devices through a user interface of the instant messaging tool, collecting operation information of the numbers of the network devices and/or the heat sensing devices triggered by a user, and outputting temperature layout data of the network devices, wherein the temperature layout data comprises temperature values and space coordinates.
5. A method according to claim 3, characterized in that: acquiring a real-time equipment distribution diagram of a network information system, comparing the real-time equipment distribution diagram with a pre-stored standard equipment distribution diagram, and judging whether the real-time equipment distribution diagram is consistent with the pre-stored standard equipment distribution diagram; and when the network security level assessment model is judged to be required to trigger re-scoring, re-assessing based on the network security level assessment model to obtain a new scoring value.
6. An instant messaging client according to the method of claim 1, comprising an instant messaging module for instant messaging, further comprising:
the device information acquisition module is used for acquiring image data of network devices in the network information system, and acquiring device information of the network devices after carrying out image recognition on the image data;
the equipment operation state acquisition module is connected with the operation state identification terminal and is used for receiving the operation state information of the network equipment acquired by the operation state identification terminal;
the information processing module is used for judging whether the network equipment accords with a normal operation state according to the operation state information; and when the network equipment is judged to accord with the normal operation state, performing evaluation and scoring according to the equipment information of the network equipment and a preset network security grade evaluation model, and obtaining a grade value corresponding to the network information system to obtain a corresponding grade protection grade.
7. An artificial intelligence evaluation system for level protection according to the method of claim 1, characterized in that: the system comprises a user client, a system server and an operation state identification terminal;
the user client is provided with an instant messaging tool for a user to set a security level assessment model, acquire image data of network equipment in a network information system and transmit the image data to a system server;
the operation state identification terminal is used for acquiring operation state information of the network equipment and transmitting the operation state information to the system server;
the system server is configured to be configured to,
acquiring equipment information of the network equipment after carrying out image recognition on the image data, and judging whether the network equipment accords with a normal operation state according to the operation state information; and when the network equipment accords with the normal operation state, performing evaluation scoring corresponding to a preset network security grade evaluation model according to equipment information of the network equipment, and obtaining a scoring value corresponding to the network information system to obtain a corresponding grade protection grade.
CN202010637553.3A 2020-07-05 2020-07-05 Artificial intelligence assessment method, client and system for grade protection Active CN111934906B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010637553.3A CN111934906B (en) 2020-07-05 2020-07-05 Artificial intelligence assessment method, client and system for grade protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010637553.3A CN111934906B (en) 2020-07-05 2020-07-05 Artificial intelligence assessment method, client and system for grade protection

Publications (2)

Publication Number Publication Date
CN111934906A CN111934906A (en) 2020-11-13
CN111934906B true CN111934906B (en) 2023-05-02

Family

ID=73312356

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010637553.3A Active CN111934906B (en) 2020-07-05 2020-07-05 Artificial intelligence assessment method, client and system for grade protection

Country Status (1)

Country Link
CN (1) CN111934906B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491621A (en) * 2020-11-30 2021-03-12 郑州轻工业大学 Network security evaluation method and system
CN112968827B (en) * 2021-03-23 2022-12-23 上海纽盾科技股份有限公司 Intelligent communication method and client in network security level protection
CN113055390B (en) * 2021-03-23 2022-10-14 上海纽盾科技股份有限公司 Intelligent processing method and device for information in network security level protection
CN113923055B (en) * 2021-12-14 2022-03-04 四川赛闯检测股份有限公司 Network security interface fuzzy detection system based on dynamic strategy

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453343A (en) * 2016-10-21 2017-02-22 过冬 An IOT safety evaluation method
CN106685926A (en) * 2016-11-30 2017-05-17 北京瑞卓喜投科技发展有限公司 Information system security level evaluation method and system
CN108007601A (en) * 2016-10-31 2018-05-08 中国移动通信集团设计院有限公司 The optical fiber grating temperature-measuring system of communications equipment room, communication machine room temperature detection method
CN109193594A (en) * 2018-11-12 2019-01-11 上海科梁信息工程股份有限公司 Determine method, apparatus, server and the storage medium of electric power safety protection class
CN111131338A (en) * 2020-04-01 2020-05-08 深圳市云盾科技有限公司 Method and system for detecting safety of Internet of things at perception situation and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL243426A0 (en) * 2015-12-31 2016-04-21 Asaf Shabtai Platform for protecting small and medium enterprises from cyber security threats

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453343A (en) * 2016-10-21 2017-02-22 过冬 An IOT safety evaluation method
CN108007601A (en) * 2016-10-31 2018-05-08 中国移动通信集团设计院有限公司 The optical fiber grating temperature-measuring system of communications equipment room, communication machine room temperature detection method
CN106685926A (en) * 2016-11-30 2017-05-17 北京瑞卓喜投科技发展有限公司 Information system security level evaluation method and system
CN109193594A (en) * 2018-11-12 2019-01-11 上海科梁信息工程股份有限公司 Determine method, apparatus, server and the storage medium of electric power safety protection class
CN111131338A (en) * 2020-04-01 2020-05-08 深圳市云盾科技有限公司 Method and system for detecting safety of Internet of things at perception situation and storage medium

Also Published As

Publication number Publication date
CN111934906A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN111934906B (en) Artificial intelligence assessment method, client and system for grade protection
JP5260504B2 (en) Verification engine, method, data processing system (validation engine)
CN106327605B (en) A kind of method for inspecting
KR101239401B1 (en) Log analysys system of the security system and method thereof
CN108009199A (en) A kind of search method and system of measurement and calibration calibration certificate
CN101339593B (en) Software security evaluation system, user capability and confidence level evaluation system and method
CN111917707B (en) Grading method, client and system in network security level protection
CN111783663A (en) Algorithm evaluation system and detection method for performance detection of human evidence verification equipment
CN109361660B (en) Abnormal behavior analysis method, system, server and storage medium
CN108073517B (en) Management method, device, medium and computer equipment for third-party software test
CN113032792A (en) System service vulnerability detection method, system, equipment and storage medium
CN116861446A (en) Data security assessment method and system
CN111707377B (en) Body temperature detection cloud platform system
CN113822781A (en) Ecological environment supervision method and system based on block chain
CN116319081B (en) Electronic signature security management system based on big data cloud platform
CN115913349B (en) Optical cable equipment abnormality positioning method and device, storage medium and terminal
CN115618427B (en) Data chaining method, device and data platform
CN106685926A (en) Information system security level evaluation method and system
CN116308366A (en) Payment security monitoring processing method, system and storage medium
CN110445790A (en) A kind of account method for detecting abnormality logging in behavior based on user
KR102304231B1 (en) compliance management support system using hierarchical structure and method therefor
CN113807723A (en) Risk identification method for knowledge graph
CN113689073A (en) Metering information management system based on data security
CN115643106B (en) Agricultural product quality data transmission method based on artificial intelligence and cloud platform
CN117272386B (en) Internet big data information security encryption method, device, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 200441 floor 11, No. 2, Lane 99, Changjiang South Road, Baoshan District, Shanghai

Applicant after: SHANGHAI NIUDUN TECHNOLOGY Co.,Ltd.

Address before: 200433 floor 11, building A5, Lane 1688, Guoquan North Road, Yangpu District, Shanghai

Applicant before: SHANGHAI NIUDUN TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant