CN112235802A - Information environment security analysis method and system for mobile internet - Google Patents
Information environment security analysis method and system for mobile internet Download PDFInfo
- Publication number
- CN112235802A CN112235802A CN202011095762.6A CN202011095762A CN112235802A CN 112235802 A CN112235802 A CN 112235802A CN 202011095762 A CN202011095762 A CN 202011095762A CN 112235802 A CN112235802 A CN 112235802A
- Authority
- CN
- China
- Prior art keywords
- verification
- result
- node
- network node
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 26
- 238000012544 monitoring process Methods 0.000 claims abstract description 90
- 238000004364 calculation method Methods 0.000 claims abstract description 87
- 230000004927 fusion Effects 0.000 claims description 105
- 238000012795 verification Methods 0.000 claims description 96
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000003780 insertion Methods 0.000 claims description 11
- 230000037431 insertion Effects 0.000 claims description 11
- 230000011218 segmentation Effects 0.000 claims description 6
- 238000013316 zoning Methods 0.000 claims 2
- 238000005265 energy consumption Methods 0.000 abstract description 8
- 238000011156 evaluation Methods 0.000 abstract description 7
- 238000000034 method Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000008054 signal transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The embodiment of the application provides a method and a system for analyzing information environment security of a mobile internet. The method can insert a virtual verification node into any network node in the mobile internet architecture, particularly a wireless access point, realize information environment safety monitoring evaluation facing the network node through the virtual verification node, and set the information safety strategy of the network node according to the result of the information environment safety monitoring evaluation. The monitoring analysis mechanism capable of being inserted and withdrawn instantly is realized, negative influences on the calculation amount and the energy consumption caused by monitoring analysis of the information security environment are reduced, the characteristics of various changes of the mobile internet network architecture are met, monitoring and analysis of the mobile internet information security environment can be achieved, and necessary flexibility and economization are kept.
Description
Technical Field
The application relates to the technical field of mobile internet, in particular to an information environment security analysis method and system for the mobile internet.
Background
The mobile internet is a new form of deep integration of mobile digital communication technology and internet service, and has been changing the information dissemination mode and business service mode of human society through the rapid development in recent years.
Information security issues are issues that any network and communication system must face and address. With the deepening popularization of the mobile internet, the network scale is continuously enlarged, the number of users is increasing day by day, and the reliability of the information security aspect is concerned more and more.
Compared with the traditional internet, the mobile internet shows uniqueness in the aspects of terminals, network structures and signal transmission modes, and brings new problems to information security. From the aspect of terminals, most of terminals adopted by the mobile internet are mobile terminals such as smart phones and tablet computers, and the terminals have limited arithmetic processing capability, so that the terminals cannot support an information encryption and decryption algorithm which is good in safety and very complex, and can cause unacceptable communication delay; in addition, since the mobile terminal is powered by a battery, power consumption is also a factor in information security, and it is desirable to reduce the amount of data calculation for information security as much as possible and to reduce the number of times the mobile terminal performs authentication in terms of information security as much as possible. From the aspect of network structure, a large number of access point devices, such as WIFI routers, wireless gateways, base stations, and the like, exist in the network structure of the mobile internet, and these access point devices are located at the position of an information center in a certain local area, and uplink and downlink data are all collected and transmitted in the access point devices, so the access point devices have become a weak link of the mobile internet. From the perspective of a signal transmission mode, the mobile internet adopts wireless communication, so that the channel risk is high, on one hand, the access of other devices, including some malicious devices or devices with obvious security risks, cannot be really limited, and on the other hand, the probability of illegal monitoring, interception and tampering of information is obviously increased.
Therefore, in view of the above factors, it is necessary to adapt to the particularity of the mobile internet in terms of terminals, network structures, wireless transmission, etc., keep a normalized monitoring and analysis on the information security environment of the mobile internet, and timely discover a mobile internet node that has a high risk or is already in a state of being attacked by the network.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method and a system for analyzing security of information environment of a mobile internet. The method can insert a virtual verification node into any network node in the mobile internet architecture, particularly a wireless access point, realize information environment safety monitoring evaluation facing the network node through the virtual verification node, and set the information safety strategy of the network node according to the result of the information environment safety monitoring evaluation.
The application provides an information environment security analysis method for mobile internet, which is characterized by comprising the following steps: inserting a virtual verification node into an object network node formed by any network node in a mobile internet architecture; other network nodes which have data transmission relation with the object network node send own data to the object network node and also send the data to a virtual verification node facing the object network node;
the object network node performs data fusion calculation on the received data and sends the fusion result of the object network node to the virtual verification node;
the virtual verification node performs data fusion calculation on the received data; the virtual verification node executes verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result; the virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a second verification result;
the virtual verification node compares the first verification result with the second verification result, judges whether the first verification result and the second verification result are consistent, and records the first-time monitoring exception if the first verification result and the second verification result are inconsistent;
and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
Preferably, the target network node performs data fusion calculation on data sent to other network nodes by itself to obtain a data fusion result, and sends the fusion result of itself to the virtual verification node;
the virtual verification node performs data fusion calculation on data received from other network nodes having a data transmission relationship with the target network node; and on the basis of the data fusion calculation, performing verification calculation on the fusion result of the data fusion calculation to obtain a third verification result. The virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result; the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the first-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent; and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
Preferably, the fusion calculation of the virtual authentication node and the object network node includes: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
Preferably, after the monitoring window time is over, the virtual authentication node that has been inserted can be selected to be withdrawn.
Preferably, the virtual verification node implements regional or hierarchical information environment security analysis on the mobile internet according to the insertion positions and the insertion number of the mobile internet.
The present application also provides an information environment security system for a mobile internet, including: the system comprises an object network node formed by any network node in the mobile internet and a virtual verification node inserted aiming at the object network node;
the object network node is used for receiving data sent by other network nodes which have data transmission relations with the object network node, performing data fusion calculation on the received data, and sending the fusion result of the object network node to the virtual verification node;
the virtual verification node is used for receiving data sent to the object network node by other network nodes which have data transmission relation with the object network node; and executing data fusion calculation on the received data, and executing verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result. Receiving the fusion result of the object network node, and executing check calculation according to the fusion result of the object network node to obtain a second check result; comparing the first check result with the second check result, judging whether the first check result and the second check result are consistent, and recording as a primary monitoring abnormity if the first check result and the second check result are inconsistent; and setting monitoring window time with preset length, counting the times of monitoring abnormity in the monitoring window time, and determining the information environment safety score of the object network node according to the times of monitoring abnormity.
The target network node performs data fusion calculation on the data sent to other network nodes by the target network node to obtain a data fusion result, and sends the fusion result of the target network node to the virtual verification node;
the virtual verification node performs data fusion calculation on data received from other network nodes having a data transmission relationship with the target network node; and on the basis of the data fusion calculation, performing verification calculation on the fusion result of the data fusion calculation to obtain a third verification result. The virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result; the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the first-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent; and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
The fusion calculation of the virtual verification node and the object network node comprises the following steps: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
After the monitoring window time is over, the virtual verification node which is inserted in the revocation mode can be selected.
The virtual verification nodes realize regional or hierarchical information environment security analysis of the mobile internet according to the insertion positions and the insertion quantity of the mobile internet.
Therefore, the monitoring and analyzing mechanism capable of being inserted and withdrawn instantly is realized, negative influences on the operation amount and the energy consumption caused by monitoring and analyzing of the information security environment are reduced, the characteristics of various changes of the network architecture of the mobile internet are met, the monitoring and analyzing of the information security environment of the mobile internet can be realized, and necessary flexibility and economization are kept.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
fig. 1 is a schematic network structure diagram of a mobile internet according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a security environment evaluation of data link information received by a target network node according to an embodiment of the present disclosure;
fig. 3 is a flowchart for implementing security environment evaluation of data link information sent by an object network node in the embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 is a schematic diagram of a network structure of a mobile internet according to a first embodiment of the present application. As shown, the network structure of the mobile internet is divided into a mobile terminal, an access point device and a network side. The mobile terminal is located at the last stage of the whole network structure, and is generally a hardware device such as a smart phone and a tablet personal computer held by an end user. The access point equipment can be a WIFI router, a wireless gateway or a base station and the like, and provides a local wireless network covering a certain space local area, so that an access channel of the mobile internet is provided; the mobile terminal is connected to the access point equipment through a local wireless network covering a certain spatial local area, and then is accessed to a backbone network of the mobile internet. The network end can be a server of various mobile internet services and the like, is connected to the access point equipment through a backbone network of the mobile internet, and is connected with each mobile terminal through the summary and the relay of the access point equipment. Based on the network structure, uplink and downlink data communication can be carried out among the mobile terminal, the access point equipment and the network terminal.
As described above, the mobile internet has a risk in information security due to factors such as its own device form, energy consumption, network architecture, and wireless channel, and thus, the monitoring and analysis of the information security environment need to be performed in a normalized manner, and the monitoring and analysis of the information security environment need to be adapted to the overall condition and its own characteristics of the mobile internet. Particularly, the terminals adopted by the mobile internet are mostly mobile terminals such as smart phones and tablet computers, and the operation processing capability of the terminals is limited, so that the terminals cannot support a high-security but very complex information encryption and decryption algorithm, and unacceptable communication delay can be caused; in addition, since the mobile terminal is powered by a battery, power consumption is also a factor in information security, and it is desirable to reduce the amount of data calculation for information security as much as possible and to reduce the number of times the mobile terminal performs authentication in terms of information security as much as possible; in addition, a large number of access points exist in the mobile internet, the network architecture has a large change degree, the mobile terminal can be connected or disconnected with the network at any time, and the network transmission path is also in a dynamic adjustment state. In conclusion, flexibility and economy need to be kept for monitoring and analyzing the mobile internet information security environment, a monitoring and analyzing mechanism capable of being inserted and withdrawn in real time is adopted, negative influences on calculation amount and energy consumption caused by monitoring and analyzing the information security environment are reduced, and the characteristics of various changes of a mobile internet network architecture are met.
In order to achieve the above object, as shown in fig. 1, the present application provides an information environment security analysis method for mobile internet, where a virtual authentication node may be inserted into any network node in a mobile internet architecture. The mobile internet network node herein mainly faces the terminal side and the access side, including the mobile terminal, the access point device, and especially for the wireless access point. The idea of the virtual verification node is that the virtual verification node is inserted to enable the virtual verification node to be in the same mobile internet information environment as the network node, and then the virtual verification node realizes monitoring and evaluation of information environment safety. After a virtual authentication node is inserted for any network node, the network node is referred to as the "subject network node".
As shown in fig. 2, other network nodes having a data transmission relationship with the target network node transmit their own data to the target network node, and also transmit the data to a virtual authentication node facing the target network node. And the object network node and the virtual verification node respectively perform data fusion calculation on the received data. And the virtual verification node executes verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result. Further, the object network node sends the fusion result of the object network node to the virtual verification node; and the virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a second verification result. And the virtual verification node compares the first verification result with the second verification result, judges whether the first verification result and the second verification result are consistent, and records the first-time monitoring exception if the first verification result and the second verification result are inconsistent. And setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times. Therefore, the virtual verification node evaluates the information security environment of the link by analyzing the data consistency degree of the link of receiving the data by the object network node. After the monitoring window time is over, the virtual verification node which is inserted in the revocation mode can be selected.
As shown in fig. 3, for other network nodes in a data transmission relationship with the object network node, the received data is also sent to the virtual authentication node facing the object network node while receiving the data from the object network node. And the object network node performs data fusion calculation on the data sent to other network nodes by the object network node to obtain a data fusion result. And the virtual verification node performs data fusion calculation on the data received from other network nodes. And the virtual verification node executes verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a third verification result. Further, the object network node sends the fusion result of the object network node to the virtual verification node; and the virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result. And the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the one-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent. And setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times. Therefore, the virtual verification node evaluates the information security environment of the link by analyzing the data consistency degree of the link of sending data by the object network node. After the monitoring window time is over, the virtual verification node which is inserted in the revocation mode can be selected.
In the data transmission between the object network node and other network nodes, the calculation load of directly performing check calculation on the transmitted data is large due to the large amount of transmitted data, and the energy consumption of the equipment is increased. Therefore, both the object network node and the virtual validation node perform the data fusion calculation first, thereby reducing the calculation load and energy consumption for performing the check calculation. The fusion calculation adopted by the application comprises the following steps: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
In order to keep flexibility and economy, the virtual verification node is adopted, namely the virtual verification node can be inserted into any position of the mobile internet network architecture in a virtual mode, information environment safety analysis is started, and the virtual verification node can be cancelled in real time after the analysis is completed, so that the quitting monitoring and analyzing mechanism is adopted, negative influences on calculation amount and energy consumption caused by the information safety environment monitoring and analyzing are reduced, and the characteristics of various changes of the mobile internet network architecture are met. The following describes a specific mechanism for inserting a virtual authentication node in a mobile internet network structure. When the access point device is used as the object network node, one or more other access point devices adjacent to the access point device, which are referred to as adjacent access point devices in the following, can be selected, and the virtual authentication node is opened up on the adjacent access point device; the access point equipment serving as the object network node and the mobile terminal in the common coverage range of the adjacent access point equipment, and the equipment of the network end connected with the access point equipment and the mobile terminal can simultaneously send data sent to the object network node to the virtual verification node of the adjacent access point; meanwhile, the data sent by the object network node can be simultaneously sent to the virtual verification node located in the adjacent access point through the network terminal. Alternatively, when the mobile terminal is the target network node, it may be relatively simple to tunnel the virtual authentication node on the access point device to which the mobile terminal is connected.
For the whole mobile internet, the system comprises a large number of access point devices and more mobile terminals, so that the regional or hierarchical information environment security analysis of the mobile internet can be realized by allocating the insertion positions and the insertion number of the virtual verification nodes in the mobile internet. For example, for a plurality of access point devices in fig. 1, a polling information environment security analysis mechanism may be adopted, and the virtual authentication node is inserted into one access point device or a plurality of access point devices covering adjacent local areas at a time so as to perform security analysis of the information environment.
Accordingly, the present application also provides an information environment security system for mobile internet, comprising: the system comprises an object network node formed by any network node in the mobile internet and a virtual verification node inserted aiming at the object network node;
the object network node is used for receiving data sent by other network nodes which have data transmission relations with the object network node, performing data fusion calculation on the received data, and sending the fusion result of the object network node to the virtual verification node;
the virtual verification node is used for receiving data sent to the object network node by other network nodes which have data transmission relation with the object network node; and executing data fusion calculation on the received data, and executing verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result. Receiving the fusion result of the object network node, and executing check calculation according to the fusion result of the object network node to obtain a second check result; comparing the first check result with the second check result, judging whether the first check result and the second check result are consistent, and recording as a primary monitoring abnormity if the first check result and the second check result are inconsistent; and setting monitoring window time with preset length, counting the times of monitoring abnormity in the monitoring window time, and determining the information environment safety score of the object network node according to the times of monitoring abnormity.
The target network node performs data fusion calculation on the data sent to other network nodes by the target network node to obtain a data fusion result, and sends the fusion result of the target network node to the virtual verification node;
the virtual verification node performs data fusion calculation on data received from other network nodes having a data transmission relationship with the target network node; and on the basis of the data fusion calculation, performing verification calculation on the fusion result of the data fusion calculation to obtain a third verification result. The virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result; the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the first-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent; and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
The fusion calculation of the virtual verification node and the object network node comprises the following steps: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
After the monitoring window time is over, the virtual verification node which is inserted in the revocation mode can be selected.
The virtual verification nodes realize regional or hierarchical information environment security analysis of the mobile internet according to the insertion positions and the insertion quantity of the mobile internet.
Therefore, the monitoring and analyzing mechanism capable of being inserted and withdrawn instantly is realized, negative influences on the operation amount and the energy consumption caused by monitoring and analyzing of the information security environment are reduced, the characteristics of various changes of the network architecture of the mobile internet are met, the monitoring and analyzing of the information security environment of the mobile internet can be realized, and necessary flexibility and economization are kept.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. An information environment security analysis method for mobile internet is characterized by comprising the following steps: inserting a virtual verification node into an object network node formed by any network node in a mobile internet architecture; other network nodes which have data transmission relation with the object network node send own data to the object network node and also send the data to a virtual verification node facing the object network node;
the object network node performs data fusion calculation on the received data and sends the fusion result of the object network node to the virtual verification node;
the virtual verification node performs data fusion calculation on the received data; the virtual verification node executes verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result; the virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a second verification result;
the virtual verification node compares the first verification result with the second verification result, judges whether the first verification result and the second verification result are consistent, and records the first-time monitoring exception if the first verification result and the second verification result are inconsistent;
and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
2. The information environment security analysis method of the mobile internet as claimed in claim 1, wherein the object network node performs data fusion calculation on data transmitted to other network nodes by itself, obtains a data fusion result, and transmits the fusion result of itself to the virtual authentication node;
the virtual verification node performs data fusion calculation on data received from other network nodes having a data transmission relationship with the target network node; and on the basis of the data fusion calculation, performing verification calculation on the fusion result of the data fusion calculation to obtain a third verification result. The virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result; the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the first-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent; and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
3. The information environment security analysis method of the mobile internet as claimed in claim 2, wherein the fusion calculation of the virtual authentication node and the object network node comprises: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
4. The information environment security analysis method of mobile internet as claimed in claim 3, wherein the virtual authentication node can be selected to be withdrawn after the monitoring window time is over.
5. The information environment security analysis method of mobile internet according to claim 4, wherein the virtual authentication node implements zoning or hierarchical information environment security analysis of the mobile internet according to the number of inserted sites and inserted quantity in the mobile internet.
6. An information environment security system for mobile internet, comprising: the system comprises an object network node formed by any network node in the mobile internet and a virtual verification node inserted aiming at the object network node;
the object network node is used for receiving data sent by other network nodes which have data transmission relations with the object network node, performing data fusion calculation on the received data, and sending the fusion result of the object network node to the virtual verification node;
the virtual verification node is used for receiving data sent to the object network node by other network nodes which have data transmission relation with the object network node; and executing data fusion calculation on the received data, and executing verification calculation on the fusion result of the data fusion calculation on the basis of the data fusion calculation to obtain a first verification result. Receiving the fusion result of the object network node, and executing check calculation according to the fusion result of the object network node to obtain a second check result; comparing the first check result with the second check result, judging whether the first check result and the second check result are consistent, and recording as a primary monitoring abnormity if the first check result and the second check result are inconsistent; and setting monitoring window time with preset length, counting the times of monitoring abnormity in the monitoring window time, and determining the information environment safety score of the object network node according to the times of monitoring abnormity.
7. The information environment security system for mobile internet as set forth in claim 6, wherein said object network node performs data fusion calculation on data transmitted from itself to other network nodes, obtains a data fusion result, and transmits the fusion result of itself to the virtual authentication node;
the virtual verification node performs data fusion calculation on data received from other network nodes having a data transmission relationship with the target network node; and on the basis of the data fusion calculation, performing verification calculation on the fusion result of the data fusion calculation to obtain a third verification result. The virtual verification node executes verification calculation according to the fusion result of the object network node to obtain a fourth verification result; the virtual verification node compares the third verification result with the fourth verification result, judges whether the third verification result and the fourth verification result are consistent, and records the first-time monitoring abnormity if the third verification result and the fourth verification result are inconsistent; and setting monitoring window time with preset length, counting the abnormal monitoring times of the virtual verification node in the monitoring window time, and determining the information environment safety score of the object network node according to the abnormal monitoring times.
8. The information environment security system for mobile internet as set forth in claim 7, wherein said fusion calculation of said virtual authentication node and said object network node comprises: for initial data, firstly carrying out data segmentation, and segmenting the initial data into segments; then, for each segment, a feature value is extracted, for example, by a hash operation, so that the feature value corresponds to the initial data value of each segment one by one, and further, the feature values of the segments may be integrated as the fusion result.
9. The information environment security system for mobile internet as claimed in claim 8, wherein the virtual authentication node can be selected to be withdrawn from the insertion after the monitoring window time is over.
10. The information environment security system for mobile internet as claimed in claim 9, wherein the virtual authentication node implements a zoning or ranking of information environment security analysis of the mobile internet according to an insertion position and an insertion number in the mobile internet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011095762.6A CN112235802A (en) | 2020-10-14 | 2020-10-14 | Information environment security analysis method and system for mobile internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011095762.6A CN112235802A (en) | 2020-10-14 | 2020-10-14 | Information environment security analysis method and system for mobile internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112235802A true CN112235802A (en) | 2021-01-15 |
Family
ID=74112813
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011095762.6A Pending CN112235802A (en) | 2020-10-14 | 2020-10-14 | Information environment security analysis method and system for mobile internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112235802A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888295A (en) * | 2009-05-15 | 2010-11-17 | 南京理工大学 | Distributed multi-term safety certification method |
| CN102075925A (en) * | 2010-12-17 | 2011-05-25 | 重庆邮电大学 | Method for safeguarding data fusion information security of Internet of Things |
| CN104955069A (en) * | 2015-07-28 | 2015-09-30 | 北京邮电大学 | SDN-based different channel deployment WLAN system and seamless switching method thereof |
| CN108063492A (en) * | 2017-12-07 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of integrated system and application process of anti-work of combating typhoon of power grid |
| CN108615153A (en) * | 2018-04-28 | 2018-10-02 | 百度在线网络技术(北京)有限公司 | Processing method, device, system, equipment and the storage medium of block chain data |
| CN108921556A (en) * | 2018-07-02 | 2018-11-30 | 上海达家迎信息科技有限公司 | A kind of verification method, device, equipment and the storage medium of block chain |
| CN110768845A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司电力科学研究院 | Intelligent substation process level virtual connection fault positioning system |
-
2020
- 2020-10-14 CN CN202011095762.6A patent/CN112235802A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888295A (en) * | 2009-05-15 | 2010-11-17 | 南京理工大学 | Distributed multi-term safety certification method |
| CN102075925A (en) * | 2010-12-17 | 2011-05-25 | 重庆邮电大学 | Method for safeguarding data fusion information security of Internet of Things |
| CN104955069A (en) * | 2015-07-28 | 2015-09-30 | 北京邮电大学 | SDN-based different channel deployment WLAN system and seamless switching method thereof |
| CN108063492A (en) * | 2017-12-07 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of integrated system and application process of anti-work of combating typhoon of power grid |
| CN108615153A (en) * | 2018-04-28 | 2018-10-02 | 百度在线网络技术(北京)有限公司 | Processing method, device, system, equipment and the storage medium of block chain data |
| CN108921556A (en) * | 2018-07-02 | 2018-11-30 | 上海达家迎信息科技有限公司 | A kind of verification method, device, equipment and the storage medium of block chain |
| CN110768845A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司电力科学研究院 | Intelligent substation process level virtual connection fault positioning system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11347833B2 (en) | Method and apparatus for optimized access of security credentials via mobile edge-computing systems | |
| Atkinson et al. | Your WiFi is leaking: What do your mobile apps gossip about you? | |
| Guimaraes et al. | Evaluation of security mechanisms in wireless sensor networks | |
| KR101361161B1 (en) | System and method for reinforcing authentication using context information for mobile cloud | |
| CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
| CN106817671A (en) | A kind of networked information sharing method, first terminal and system | |
| CN105933888B (en) | A kind of eSIM card method for burn-recording and device based on NFC | |
| US20070049323A1 (en) | Rogue access point detection and restriction | |
| EP1758303B1 (en) | Rogue access point detection and restriction | |
| WO2022062639A1 (en) | Data transmission method and apparatus, and electronic device and storage medium | |
| Ma et al. | Fast and efficient physical layer authentication for 5G HetNet handover | |
| GB2393073A (en) | Certification scheme for hotspot services | |
| CN111865731A (en) | Intelligent equipment adding method and device, intelligent household control panel and storage medium | |
| CN108055692A (en) | A kind of radio network extending method and wearable device | |
| Torkamandi et al. | An online method for estimating the wireless device count via privacy-preserving wi-fi fingerprinting | |
| CN105101476A (en) | Wireless local area network system applicable to rail trains | |
| CN104703183A (en) | Special line APN (Access Point Name) security-enhanced access method and device | |
| CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium | |
| CN110536304B (en) | Internet of things communication attack test platform for environment detection | |
| CN116806038A (en) | Decentralizing computer data sharing method and device | |
| CN112235802A (en) | Information environment security analysis method and system for mobile internet | |
| CN105681352A (en) | Wi-Fi access security control method and system | |
| Dagelić et al. | SSID oracle attack on undisclosed Wi-Fi preferred network lists | |
| CN115544324A (en) | User data analysis method and device and storage medium | |
| KR100463999B1 (en) | Method for accomplish data communication in the wlan environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |