CN112100662A - Regional data safety monitoring system - Google Patents

Regional data safety monitoring system Download PDF

Info

Publication number
CN112100662A
CN112100662A CN202010981605.9A CN202010981605A CN112100662A CN 112100662 A CN112100662 A CN 112100662A CN 202010981605 A CN202010981605 A CN 202010981605A CN 112100662 A CN112100662 A CN 112100662A
Authority
CN
China
Prior art keywords
module
data
information
monitoring
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010981605.9A
Other languages
Chinese (zh)
Inventor
周小娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Haopin Technology Co ltd
Original Assignee
Guangzhou Haopin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Haopin Technology Co ltd filed Critical Guangzhou Haopin Technology Co ltd
Priority to CN202010981605.9A priority Critical patent/CN112100662A/en
Publication of CN112100662A publication Critical patent/CN112100662A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B7/00Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00
    • G08B7/06Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00 using electric transmission, e.g. involving audible and visible signalling through the use of sound and light sources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The invention relates to the technical field of data security, and discloses a regional data security monitoring system which comprises an access module, an external module, a data module, a management module, an alarm module, a monitoring module, a display module and a log module, wherein the access module is connected with the management module, the external module is connected with the management module, and the management module is connected with the data module. This regional data security monitoring system, verify remote network access through the access module, carry out dual verification to hardware and account number, the security of the long-range network access in-process data of effectual assurance, then protect remote command through the access module, reduce the possibility that data is attacked by long-range, the effectual protection effect of system to data of having guaranteed, on the other hand passes through the encryption of communication module to data, the effectual possibility that data was stolen among the reduction transmission process, the effectual security of guaranteeing data.

Description

Regional data safety monitoring system
Technical Field
The invention relates to the technical field of data security, in particular to a regional data security monitoring system.
Background
The region refers to a space of a specific range, in the computer field, the region generally refers to a storage space of a certain size or range, the data is the result of facts or observation, is a logical summary of objective things, is raw material for representing objective things, the data can be continuous values, such as sound and images, is called analog data, can also be discrete values, such as symbols and characters, is called digital data, in the computer system, the data is represented in the form of binary information units 0 and 1, the data refers to symbols for recording objective events and identifying, is a physical symbol or a combination of physical symbols for recording the properties, states, interrelations and the like of objective things, and is a recognizable and abstract symbol which refers to not only a number in a narrow sense, but also characters, images and the like with certain meanings, The combination of letters and numerical symbols, graphics, images, videos, audios, etc., are also abstract representations of attributes, quantity, positions and their interrelations of objective things, for example, "0, 1, 2.", "yin, rain, decline, temperature", "archives of students, transportation conditions of goods", etc., are data, which become information after being processed, in computer science, data is a general term of all media of symbols which can be input to a computer and processed by a computer program, which are used for inputting to an electronic computer for processing, and has a certain meaning of numbers, letters, symbols, analog quantities, etc., objects stored and processed by the computer are very wide, and data representing the objects also become more and more complex, and the definition of the computer system security by the international organization is: technical and administrative security protection established and employed for data processing systems protects computer hardware, software and data from being damaged, altered and revealed by casual and malicious causes, whereby the security of a computer network can be understood as: by adopting various technologies and management measures, the network system can normally operate, thereby ensuring the availability, integrity and confidentiality of network data, therefore, the purpose of establishing network security protection measures is to ensure that data transmitted and exchanged through a network cannot be increased, modified, lost or leaked, and the information security or data security has two opposite meanings: firstly, the safety of data is mainly characterized in that a modern cryptographic algorithm is adopted to carry out active protection on the data, such as data confidentiality, data integrity, bidirectional identity authentication and the like, secondly, the safety of data protection is mainly characterized in that a modern information storage means is adopted to carry out active protection on the data, such as the safety of the data is ensured through means of a disk array, data backup, remote disaster tolerance and the like, the data safety is an active contained measure, the safety of the data is required to be based on a reliable encryption algorithm and a safety system, mainly comprises a symmetric algorithm and a public key cryptographic system, the safety of data processing is how to effectively prevent database damage or data loss caused by hardware faults, power failure, crash, man-made misoperation, program defects, viruses or hackers and the like in the process of recording, processing, counting or printing, and some sensitive or confidential data can not be read by persons or operators with qualification, the security of data storage refers to the readability of the database outside the system operation, once the database is stolen, even if the original system program is not available, the stolen database can be checked or modified by additionally programming a program, from the viewpoint, the unencrypted database is not safe and is easy to cause commercial leakage, so that the concept of data leakage prevention is derived, and the problems of confidentiality, security, software protection and the like of computer network communication are involved; the data security monitoring system used at present has a simple monitoring and protecting layer, is easy to break and steal, and generates a certain degree of potential danger to data security.
Therefore, the inventor provides a regional data security monitoring system by taking the experience of design development and actual manufacturing abundant in the related industry for years and researching and improving the existing structure and deficiency.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a regional data security monitoring system, which solves the problems in the background technology.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: the utility model provides a regional data safety monitoring system, includes access module, external module, data module, management module, alarm module, monitoring module, display module and log module, access module and management module are connected, external module is connected with management module, management module and data module are connected, monitoring module and management module are connected, monitoring module and alarm module are connected, monitoring module and management module are connected, management module and log module are connected, access module and alarm module are connected, external module and alarm module are connected, management module and display module are connected.
Preferably, the access module comprises a connection application module, a hardware information acquisition module, a hardware information verification module, an authority password verification module, a command analysis module, a firewall module and a communication module, the connection application module is connected with the hardware information acquisition module, the hardware information acquisition module is connected with the hardware information verification module, the hardware information verification module is connected with the authority password verification module, the authority password verification module is connected with the command analysis module, the command analysis module is connected with the firewall module, and the firewall module is connected with the communication module.
Further, the external module comprises an interface module, a conversion module, an isolation module, a virus protection module, a biological information acquisition module, a biological information verification module, a data registration module and a data transmission module, the interface module is connected with the conversion module, the conversion module is connected with the isolation module, the isolation module is connected with the virus protection module, the virus protection module is connected with the biological information acquisition module, the biological information acquisition module is connected with the biological information verification module, the biological information verification module is connected with the data registration module, and the data registration module is connected with the data transmission module.
Furthermore, the monitoring module comprises a data security detection module, a data integrity detection module, a storage space detection module, a data information acquisition module, a data information analysis module, a data information storage module and a data information comparison module, wherein the data security detection module is connected with the data information comparison module, the data integrity detection module is connected with the data information storage module, the storage space detection module is connected with the data information storage module, the data information analysis module is connected with the data information storage module, and the data information analysis module is connected with the data information comparison module.
Furthermore, the data information analysis module comprises a data preprocessing module and a data analysis module, and the preprocessing module for preprocessing data comprises the following steps: :
step A1, converting the data of the data information acquisition module into a data matrix X, wherein the data matrix X is m rows and n columns, and solving the data value after dimension reduction of the data matrix X according to the following formula:
USV=svd(X)
svd represents singular value decomposition, U represents an orthogonal matrix, S represents a covariance matrix, V represents a data matrix subjected to dimensionality reduction through svd, V is m rows and k columns, and is reduced from n columns to k columns, and k is less than or equal to n;
step A2, obtaining the data value preprocessed in step A1 according to the following formula:
Figure BDA0002687721260000041
wherein the content of the first and second substances,
Figure BDA0002687721260000042
represents the preprocessed data matrix, max represents the maximum value, and min represents the minimum value.
On the basis of the scheme, the biological information acquired by the biological information acquisition module comprises personal fingerprint and iris data of an operator, and the biological information verification module compares and verifies the fingerprint and iris data.
As a further scheme of the present invention, the alarm module includes a monitoring information receiving module, a monitoring information analyzing module and an audible and visual alarm module, the monitoring information receiving module is connected to the monitoring information analyzing module, and the monitoring information analyzing module is connected to the audible and visual alarm module.
Preferably, the management module comprises a command receiving module, a command analysis module, a data operation module and a resource management module, the command receiving module is connected with the command analysis module, the command analysis module is connected with the data operation module, the data operation module is connected with the resource management module, and the data operation module is connected with the log module.
Furthermore, the hardware information acquired by the hardware information acquisition module includes an SN number of the motherboard of the access device and an MAC value of the network card, and the hardware information comparison module compares and searches the SN number of the motherboard of the device and the MAC value of the network card.
As a further scheme of the present invention, the data module includes a data retrieval module, a data indexing module, a data adjustment module, a data protection module, and a data backup module, the data retrieval module is connected to the data indexing module, the data indexing module is connected to the data protection module, the data adjustment module is connected to the data protection module, and the data protection module is connected to the data backup module.
On the basis of the scheme, the data backup module is connected with the data module relatively independently, other modules and the data backup module have one-way access authority, and the data backup module does not have the authority of accessing other storage positions.
Drawings
FIG. 1 is a system diagram of the present invention;
FIG. 2 is a system diagram of the access module concept of the present invention;
FIG. 3 is a schematic system diagram of an external module according to the present invention;
FIG. 4 is a data module schematic system diagram of the present invention;
FIG. 5 is a system diagram of the management module concept of the present invention;
FIG. 6 is a schematic system diagram of an alarm module of the present invention;
FIG. 7 is a schematic system diagram of a monitoring module of the present invention.
(III) advantageous effects
Compared with the prior art, the invention provides a regional data safety monitoring system, which has the following beneficial effects:
1. this regional data security monitoring system, verify remote network access through the access module, carry out dual verification to hardware and account number, the security of the long-range network access in-process data of effectual assurance, then protect remote command through the access module, reduce the possibility that data is attacked by long-range, the effectual protection effect of system to data of having guaranteed, on the other hand passes through the encryption of communication module to data, the effectual possibility that data was stolen among the reduction transmission process, the effectual security of guaranteeing data.
2. This regional data safety monitoring system monitors data through monitoring module, has guaranteed the integrality and the security of data, and the security of data has been stored to effectual assurance, then monitoring module scans the data of preparing to deposit, reduces the possibility that harmful data got into data module, has improved the security of data, and on the other hand monitoring module arranges in order the data that have been stored, reduces the data and blocks up the possibility that causes the data damage, the effectual security of guaranteeing the data.
3. This regional data security monitoring system, through the inspection and the audit of external module to external device, reduced the possibility that harmful data got into the data module, the effectual security of guaranteeing data, then through the verification of external module to operating personnel, reduced the possibility that data was maliciously stolen, and then guaranteed the security of data, on the other hand through the conversion of external module to data, reduce the possibility of data cross infection, the effectual security that improves data.
4. This regional data security monitored control system sends timely alarm to the abnormal conditions of data through alarm module, and the possibility that unmanned when reducing data security and receiving the threat perceived, the effectual monitoring effect of system to data security that has improved, on the other hand passes through alarm module and display module's cooperation, has realized the corresponding alarm when threatening different safety, and for the safety threat classification of quick judgement facilitates, the safety monitoring effect of effectual system to data.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-4, the present invention provides a technical solution: a regional data security monitoring system comprises an access module, an external module, a data module, a management module, an alarm module, a monitoring module, a display module and a log module, wherein remote network access is verified through the access module, hardware and account numbers are verified doubly, the security of data in the remote network access process is effectively guaranteed, then a remote command is protected through the access module, the possibility that the data is attacked remotely is reduced, the protection effect of the system on the data is effectively guaranteed, on the other hand, the possibility that the data is stolen in the transmission process is effectively reduced through the encryption of the data through a communication module, the security of the data is effectively guaranteed, the access module is connected with the management module, the external module checks and audits external equipment, and the possibility that harmful data enter the data module is reduced, the safety of the data is effectively ensured, then the possibility of malicious stealing of the data is reduced through the verification of the external module to the operator, and the safety of the data is further ensured, on the other hand, the possibility of mutual infection of the data is reduced through the conversion of the external module to the data, the safety of the data is effectively improved, the management module is connected with the data module, the monitoring module is connected with the data module, the data is monitored through the monitoring module, the integrity and the safety of the data are ensured, the safety of the stored data is effectively ensured, then the monitoring module scans the data to be stored, the possibility of harmful data entering the data module is reduced, the safety of the data is improved, on the other hand, the monitoring module sorts the stored data, the possibility of data damage caused by data congestion is reduced, and the safety of the data is effectively ensured, the monitoring module is connected with the management module, the monitoring module is connected with the alarm module, the monitoring module is connected with the management module, the management module is connected with the log module, the access module is connected with the alarm module, the external module is connected with the alarm module, the management module is connected with the display module, the alarm module sends timely alarm to the abnormal condition of the data, the possibility that no one perceives when the data security is threatened is reduced, the monitoring effect of the system on the data security is effectively improved, on the other hand, the corresponding alarm when different security threats are realized through the cooperation of the alarm module and the display module, convenience is provided for rapidly judging the security threat category, and the safety monitoring effect of the effective system on the data is achieved.
In order to ensure the security of the system, the access module comprises a connection application module, a hardware information acquisition module, a hardware information verification module, an authority password verification module, a command analysis module, a firewall module and a communication module, wherein the connection application module is connected with the hardware information acquisition module which is connected with the hardware information verification module, the hardware information verification module is connected with the authority password verification module which is connected with the command analysis module, the command analysis module is connected with the firewall module, the firewall module is connected with the communication module, the cooperation of the connection application module, the hardware information acquisition module, the hardware information verification module, the authority password verification module, the command analysis module, the firewall module and the communication module is used for carrying out remote access verification and limitation, thereby reducing the possibility of data damage or stealing caused by remote access, the stability of the system is effectively ensured.
In order to ensure the safety of the system, the external module comprises an interface module, a conversion module, an isolation module, a virus protection module, a biological information acquisition module, a biological information verification module, a data storage module and a data transmission module, wherein the interface module is connected with the conversion module, the conversion module is connected with the isolation module, the isolation module is connected with the virus protection module, the virus protection module is connected with the biological information acquisition module, the biological information acquisition module is connected with the biological information verification module, the biological information verification module is connected with the data storage module, the data storage module is connected with the data transmission module, the interface module, the conversion module, the isolation module, the virus protection module, the biological information acquisition module, the biological information verification module, the data storage module and the data transmission module effectively improve the protection effect of the external module on external equipment, thereby ensuring the safety of the system.
In order to ensure the practicability of the system, the monitoring module comprises a data security detection module, a data integrity detection module, a storage space detection module, a data information acquisition module, a data information analysis module, a data information storage module and a data information comparison module, wherein the data security detection module is connected with the data information comparison module, the data integrity detection module is connected with the data information storage module, the storage space detection module is connected with the data information storage module, the data information analysis module is connected with the data information comparison module, and the data security detection module, the data integrity detection module, the storage space detection module, the data information acquisition module, the data information analysis module, the data information storage module and the data information comparison module are matched to ensure the comprehensiveness and accuracy of the monitoring module in monitoring the data condition, the practicability of the system is effectively guaranteed.
In order to guarantee the practicability of the external module, the biological information acquired by the biological information acquisition module is set to comprise the personal fingerprint and iris data of an operator, the biological information verification module compares and verifies the fingerprint and iris data, the verification accuracy is guaranteed through the double verification of the fingerprint and iris of the operator, and the practicability of the external module is effectively guaranteed.
In order to guarantee the practicality of the alarm module, the alarm module is arranged to comprise a monitoring information receiving module, a monitoring information analysis module and an acousto-optic alarm module, the monitoring information receiving module is connected with the monitoring information analysis module, the monitoring information analysis module is connected with the acousto-optic alarm module, the alarm device judges signals of the monitoring module, alarms of different acousto-optic combinations are carried out according to the difference of data security threats, convenience is provided for judging security threats, and the practicability of the alarm module is effectively guaranteed.
In order to manage the stability of the module, the management module comprises a command receiving module, a command analysis module, a data operation module and a resource management module, wherein the command receiving module is connected with the command analysis module, the command analysis module is connected with the data operation module, the data operation module is connected with the resource management module, and the data operation module is connected with the log module, so that the unified execution of commands and the unified allocation of resources are ensured, the ordered and smooth operation of the commands is ensured, and the stability of the management module is effectively ensured.
In order to ensure the stability of the external module, the hardware information acquired by the hardware information acquisition module is set to comprise an SN (serial number) of a mainboard of the access device and an MAC (media access control) value of a network card, the SN of the mainboard of the access device and the MAC value of the network card are compared and searched by the hardware information comparison module, and the verification of the main hardware information of the external device and the hardware information comparison module improves the compatibility of the verification and effectively ensures the stability of the external module on the premise of ensuring the safety.
In order to ensure the safety protection effect of the data module on data, the data module comprises a data retrieval module, a data index module, a data adjustment module, a data protection module and a data backup module, wherein the data retrieval module is connected with the data index module, the data index module is connected with the data protection module, the data adjustment module is connected with the data protection module, the data protection module is connected with the data backup module, the data retrieval and data index module is convenient for the management module to position target data, the scanning time of the management module on the data module is reduced, the possibility of data damage is reduced, the stability of the data module is improved, the safety protection effect of the data module on data is ensured, and the data adjustment module is matched with the data protection module, the data is protected, the possibility that the data is damaged or distorted is reduced, and the safety protection effect of the data module on the data is effectively ensured.
In order to ensure the stability of the data module, the data backup module is set to be relatively independent from the data module, other modules and the data backup module have one-way access permission, and the data backup module does not have permission to access other storage positions, so that the possibility of damage caused by data loss or damage is reduced, the safety of backup data is ensured, and the stability of the data module is effectively improved.
When the data access management system is used, when the data is connected by network access, the access module verifies the access equipment, compares the hardware information of the access equipment with the hardware information prestored in the access module to ensure the source reliability of the access equipment, if the comparison is passed, the password authority is verified, then the security detection of an access command is carried out, finally encrypted communication is carried out to ensure the security of remote access, when the data receives the connection request of the external equipment, the external module integrates and analyzes the request of the external equipment and prevents viruses from entering the external equipment, the external module isolates the external equipment, the external module verifies operators, the damage of the external equipment to the data is reduced, the management module receives the commands of the monitoring module, the access module and the external module to operate the data, and the monitoring module monitors the integrity and the security of the data, in addition, the monitoring module compares data and monitors storage conditions, the possibility of data abnormity and storage abnormity is reduced, the abnormity or security threat of the data is transmitted to the management module and the alarm module, the alarm gives an alarm for the security threat of the data, the management module transmits the relevant conditions to the display module, the security threat of the data is visually displayed through the display module, and the log module records the operation of the management module.
In summary, the regional data security monitoring system verifies remote network access through the access module, performs double verification on hardware and an account number, effectively ensures the security of data in the remote network access process, then protects a remote command through the access module, reduces the possibility of remote attack of data, effectively ensures the protection effect of the system on data, and on the other hand, encrypts the data through the communication module, effectively reduces the possibility of stealing the data in the transmission process, and effectively ensures the security of the data.
This regional data safety monitoring system monitors data through monitoring module, has guaranteed the integrality and the security of data, and the security of data has been stored to effectual assurance, then monitoring module scans the data of preparing to deposit, reduces the possibility that harmful data got into data module, has improved the security of data, and on the other hand monitoring module arranges in order the data that have been stored, reduces the data and blocks up the possibility that causes the data damage, the effectual security of guaranteeing the data.
This regional data security monitoring system, through the inspection and the audit of external module to external device, reduced the possibility that harmful data got into the data module, the effectual security of guaranteeing data, then through the verification of external module to operating personnel, reduced the possibility that data was maliciously stolen, and then guaranteed the security of data, on the other hand through the conversion of external module to data, reduce the possibility of data cross infection, the effectual security that improves data.
This regional data security monitored control system sends timely alarm to the abnormal conditions of data through alarm module, and the possibility that unmanned when reducing data security and receiving the threat perceived, the effectual monitoring effect of system to data security that has improved, on the other hand passes through alarm module and display module's cooperation, has realized the corresponding alarm when threatening different safety, and for the safety threat classification of quick judgement facilitates, the safety monitoring effect of effectual system to data.
The data information analysis module comprises a data preprocessing module and a data analysis module, and the preprocessing module carries out data preprocessing and comprises the following steps: :
step A1, converting the data of the data information acquisition module into a data matrix X, wherein the data matrix X is m rows and n columns, and solving the data value after dimension reduction of the data matrix X according to the following formula:
USV=svd(X)
svd represents singular value decomposition, U represents an orthogonal matrix, S represents a covariance matrix, V represents a data matrix subjected to dimensionality reduction through svd, V is m rows and k columns, and is reduced from n columns to k columns, and k is less than or equal to n;
step A2, obtaining the data value preprocessed in step A1 according to the following formula:
Figure BDA0002687721260000111
wherein the content of the first and second substances,
Figure BDA0002687721260000112
represents the preprocessed data matrix, max represents the maximum value, and min represents the minimum value.
Has the advantages that: the processing of data has been accomplished through above algorithm, through reducing the dimension to data, calculation speed has been accelerated, some redundant data have been got rid of, reduce overfitting, be convenient for excavate data, data after will reducing the dimension carry out the preliminary treatment operation, the precision at the input data in the later stage has been improved, the processing speed of data processing module has been promoted, in the real world, almost all data all are dirty data, through above algorithm, the washing to dirty data has been solved, the purification to data has been reached, and then carry out the storage of data with data transmission to data information storage module, and then reached the arrangement to data, reduce the possibility that data jam caused the data damage, the effectual security that has guaranteed data.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Also in the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", and the like, indicate orientations and positional relationships based on those shown in the drawings, and are used only for convenience of description and simplicity of description, and do not indicate or imply that the equipment or element so referred to must have a particular orientation, be constructed and operated in a particular orientation, and therefore, should not be considered as limiting the present invention. In the drawings of the present invention, the filling pattern is only for distinguishing the layers, and is not limited to any other way.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. The utility model provides a regional data security monitoring system, includes access module, external module, data module, management module, alarm module, monitoring module, display module and log module, its characterized in that, access module is connected with management module, external module is connected with management module, management module is connected with data module, monitoring module is connected with management module, monitoring module is connected with alarm module, monitoring module is connected with management module, management module is connected with log module, access module is connected with alarm module, external module is connected with alarm module, management module is connected with display module.
2. The system for monitoring regional data security as claimed in claim 1, wherein the access module comprises a connection application module, a hardware information acquisition module, a hardware information verification module, a permission password verification module, a command analysis module, a firewall module and a communication module, the connection application module is connected with the hardware information acquisition module, the hardware information acquisition module is connected with the hardware information verification module, the hardware information verification module is connected with the permission password verification module, the permission password verification module is connected with the command analysis module, the command analysis module is connected with the firewall module, and the firewall module is connected with the communication module.
3. The system according to claim 1, wherein the external module comprises an interface module, a conversion module, an isolation module, a virus protection module, a biological information acquisition module, a biological information verification module, a data registration module and a data transmission module, the interface module is connected with the conversion module, the conversion module is connected with the isolation module, the isolation module is connected with the virus protection module, the virus protection module is connected with the biological information acquisition module, the biological information acquisition module is connected with the biological information verification module, the biological information verification module is connected with the data registration module, and the data registration module is connected with the data transmission module.
4. The system according to claim 1, wherein the monitoring module comprises a data security detection module, a data integrity detection module, a storage space detection module, a data information acquisition module, a data information analysis module, a data information storage module and a data information comparison module, the data security detection module is connected with the data information comparison module, the data integrity detection module is connected with the data information storage module, the storage space detection module is connected with the data information storage module, the data information analysis module is connected with the data information storage module, and the data information analysis module is connected with the data information comparison module.
5. The system according to claim 3, wherein the biological information obtained by the biological information obtaining module includes fingerprint and iris data of the individual operator, and the biological information verifying module compares and verifies the fingerprint and iris data.
6. The system according to claim 1, wherein the alarm module comprises a monitoring information receiving module, a monitoring information analyzing module and an audible and visual alarm module, the monitoring information receiving module is connected with the monitoring information analyzing module, and the monitoring information analyzing module is connected with the audible and visual alarm module.
7. The system according to claim 1, wherein the management module comprises a command receiving module, a command analyzing module, a data operating module and a resource management module, the command receiving module is connected to the command analyzing module, the command analyzing module is connected to the data operating module, the data operating module is connected to the resource management module, and the data operating module is connected to the log module.
8. The system according to claim 2, wherein the hardware information acquired by the hardware information acquiring module includes an SN number of a motherboard of the access device and an MAC value of the network card, and the hardware information comparing module compares and searches the SN number of the motherboard of the access device and the MAC value of the network card.
9. The system according to claim 1, wherein the data module comprises a data retrieving module, a data indexing module, a data adjusting module, a data protecting module and a data backup module, the data retrieving module is connected to the data indexing module, the data indexing module is connected to the data protecting module, the data adjusting module is connected to the data protecting module, the data protecting module is connected to the data backup module, the data backup module is connected to the data module independently, other modules and the data backup module have one-way access rights, and the data backup module does not have a right to access other storage locations.
10. The system for monitoring regional data safety according to claim 4, wherein the data information analysis module comprises a data preprocessing module and a data analysis module, and the preprocessing module for preprocessing data comprises the following steps:
step A1, converting the data of the data information acquisition module into a data matrix X, wherein the data matrix X is m rows and n columns, and solving the data value after dimension reduction of the data matrix X according to the following formula:
USV=svd(X)
svd represents singular value decomposition, U represents an orthogonal matrix, S represents a covariance matrix, V represents a data matrix subjected to dimensionality reduction through svd, V is m rows and k columns, and is reduced from n columns to k columns, and k is less than or equal to n;
step A2, obtaining the data value preprocessed in step A1 according to the following formula:
Figure FDA0002687721250000031
wherein the content of the first and second substances,
Figure FDA0002687721250000032
represents the preprocessed data matrix, max represents the maximum value, and min represents the minimum value.
CN202010981605.9A 2020-09-17 2020-09-17 Regional data safety monitoring system Withdrawn CN112100662A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010981605.9A CN112100662A (en) 2020-09-17 2020-09-17 Regional data safety monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010981605.9A CN112100662A (en) 2020-09-17 2020-09-17 Regional data safety monitoring system

Publications (1)

Publication Number Publication Date
CN112100662A true CN112100662A (en) 2020-12-18

Family

ID=73759477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010981605.9A Withdrawn CN112100662A (en) 2020-09-17 2020-09-17 Regional data safety monitoring system

Country Status (1)

Country Link
CN (1) CN112100662A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312233A (en) * 2021-04-30 2021-08-27 上海英众信息科技有限公司 Computer state monitoring system
CN115331359A (en) * 2022-07-28 2022-11-11 四川东创融合信息技术有限公司 Monitoring system for financial transaction service
CN116627358A (en) * 2023-07-24 2023-08-22 南充职业技术学院 System and method for detecting external equipment of computer based on big data

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312233A (en) * 2021-04-30 2021-08-27 上海英众信息科技有限公司 Computer state monitoring system
CN115331359A (en) * 2022-07-28 2022-11-11 四川东创融合信息技术有限公司 Monitoring system for financial transaction service
CN116627358A (en) * 2023-07-24 2023-08-22 南充职业技术学院 System and method for detecting external equipment of computer based on big data
CN116627358B (en) * 2023-07-24 2023-09-22 南充职业技术学院 System and method for detecting external equipment of computer based on big data

Similar Documents

Publication Publication Date Title
CN112100662A (en) Regional data safety monitoring system
Sandhu et al. Authentication, access control, and audit
CN110049021A (en) Data of information system safety protecting method and system
CN110543761A (en) big data analysis method applied to information security field
CN106982204A (en) Credible and secure platform
CN113852633A (en) Method for generating implementation case for information security assessment
CN116962076A (en) Zero trust system of internet of things based on block chain
CN111970498A (en) Public safety video monitoring networking information safety system
CN112417391A (en) Information data security processing method, device, equipment and storage medium
CN110826094A (en) Information leakage monitoring method and device
CN112434270B (en) Method and system for enhancing data security of computer system
CN112637172A (en) Novel data security and confidentiality method
CN116248406B (en) Information security storage method and information security device thereof
CN112199700A (en) Safety management method and system for MES data system
CN107273725A (en) A kind of data back up method and system for classified information
CN114499926A (en) Dynamic protection method of intelligent WEB protection system
CN110750795B (en) Information security risk processing method and device
CN112000953A (en) Big data terminal safety protection system
CN101227281A (en) Dynamic anti stealing information and identification authenticating method
CN114024705A (en) Trust architecture aiming at node dynamics
CN112380544A (en) Data security protection method of software system
Thapliyal et al. Security Threats in Healthcare Big Data: A Comparative Study
Yang et al. Analysis of Computer Network Security and Prevention Technology
CN116843484B (en) Financial insurance data security management method based on Internet of things
CN116541815B (en) Computer equipment operation and maintenance data safety management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201218