CN112464235A - Computer network safety control system and control method - Google Patents
Computer network safety control system and control method Download PDFInfo
- Publication number
- CN112464235A CN112464235A CN202011349433.XA CN202011349433A CN112464235A CN 112464235 A CN112464235 A CN 112464235A CN 202011349433 A CN202011349433 A CN 202011349433A CN 112464235 A CN112464235 A CN 112464235A
- Authority
- CN
- China
- Prior art keywords
- virus
- module
- data
- program
- family
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention belongs to the technical field of computers, and discloses a computer network security control system and a control method, wherein the computer network security control system comprises: the system comprises a virus evidence obtaining module, a data processing module, a data analysis module, a central control module, a virus judgment module, a storage module, an abnormality detection module, an abnormality information acquisition module, an event reconstruction module, a comparison module, a network defense module, a data encryption module, an identity verification module and a decryption module. According to the invention, the virus judgment result, namely the information of the existing virus, is obtained through the evidence obtaining, processing and analysis of the virus, so that the network event can be conveniently restored; detecting network abnormality, determining information of viruses causing the network abnormality and performing targeted defense; the network defense is carried out, meanwhile, the internal information of the computer is encrypted, and the encrypted information is decrypted by verifying the identity information, so that the internal data of the computer can be protected, and the real-time protection of the computer is realized.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a computer network security control system and a control method.
Background
At present: with the advance of technology, computers are an indispensable part of people's lives, and with the increase of utilization rate, the frequency of attacks on computer networks is gradually increasing, and the computers connected to the networks are often subjected to operation commands and programs from the networks, or receive network data containing viruses, or suffer from illegal intrusion, so that the system is interfered, and even the system is broken down. The main stream mode of computer network attack is to transmit the external database to the protection host to destroy the system of the protection host, and then to attack the protection host by destroying the hardware device of the protection host. However, currently, there is no method for performing system analysis on viruses and implementing virus defense, and effective protection on computer network security cannot be implemented.
Through the above analysis, the problems and defects of the prior art are as follows: at present, a method for carrying out system analysis on viruses and realizing virus defense is unavailable, and effective protection on computer network safety cannot be realized.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a computer network security control system and a control method.
The present invention is achieved as described above, and a computer network security control system includes:
the system comprises a virus evidence obtaining module, a data processing module, a data analysis module, a central control module, a virus judgment module, a storage module, an abnormality detection module, an abnormality information acquisition module, an event reconstruction module, a comparison module, a network defense module, a data encryption module, an identity verification module and a decryption module;
the virus forensics module is connected with the central control module and is used for acquiring virus information through a virus forensics program;
the data processing module is connected with the central control module and used for processing the acquired virus data through a data processing program;
the data analysis module is connected with the central control module and is used for analyzing the processed virus data through a data analysis program;
the central control module is connected with the virus evidence obtaining module, the data processing module, the data analysis module, the virus judgment module, the storage module, the abnormality detection module, the abnormality information acquisition module, the event reconstruction module, the comparison module, the network defense module, the data encryption module, the identity verification module and the decryption module and is used for controlling the normal operation of each module through the main control computer;
the virus judging module is connected with the central control module and used for judging viruses according to the virus data analysis result through a virus judging program to obtain virus malicious behaviors;
the storage module is connected with the central control module and used for storing the virus judgment result through the memory;
the abnormality detection module is connected with the central control module and is used for detecting network safety abnormality through an abnormality detection program;
the abnormal information acquisition module is connected with the central control module and is used for acquiring abnormal information through an abnormal information acquisition program;
the event reconstruction module is connected with the central control module and is used for reconstructing the virus event according to the virus judgment result through an event reconstruction program;
the comparison module is connected with the central control module and is used for comparing the abnormal information with the reconstructed virus event through a comparison program to obtain a virus comparison result;
the network defense module is connected with the central control module and is used for performing network defense according to the virus comparison result through a network defense program;
the data encryption module is connected with the central control module and is used for encrypting the internal data of the computer through a data encryption program;
the identity authentication module is connected with the central control module and is used for carrying out user identity authentication through an identity authentication program;
and the decryption module is connected with the central control module and is used for decrypting the encrypted data after the authentication passes through the decryption program.
Another object of the present invention is to provide a computer network security control method, including the steps of:
acquiring virus information by using a virus forensics program through a virus forensics module; processing the acquired virus data by a data processing program through a data processing module; analyzing the processed virus data by using a data analysis program through a data analysis module;
when the data analysis program analyzes the virus data, the data analysis program specifically comprises:
storing the processed virus data as a data set, and acquiring a first data characteristic of the data set and a second data characteristic preset in a virus library, wherein the first data characteristic comprises a first number of first sub-characteristics, and the second data characteristic comprises a second number of second sub-characteristics;
judging whether the ratio of the first quantity to the second quantity meets a preset ratio or not;
determining that the similarity of the two data features to be identified is not greater than a preset threshold value under the condition that the ratio of the first quantity to the second quantity does not accord with a preset ratio;
under the condition that the ratio of the first quantity to the second quantity accords with a preset ratio, calculating the similarity of the first data to be identified and the second data to be identified, and judging whether the similarity is greater than a preset threshold value or not;
step two, the processing results of each module are sorted through a central control module, the sorted data are transmitted to another module for further processing, and a main control computer is used for controlling each controlled module to normally operate;
thirdly, judging the virus by a virus judging module according to the virus data analysis result by using a virus judging program to obtain virus malicious behaviors; storing the virus judgment result by using a memory through a storage module;
fourthly, detecting network security abnormity by utilizing an abnormity detection program through an abnormity detection module; acquiring abnormal information by using an abnormal information acquisition program through an abnormal information acquisition module;
reconstructing the virus event according to the virus judgment result by using an event reconstruction program through an event reconstruction module; comparing the abnormal information with the reconstructed virus event by using a comparison program through a comparison module to obtain a virus comparison result; performing network defense by using a network defense program through a network defense module according to the virus comparison result;
the network defense includes: grading the danger degree of the data, wherein the danger degree is divided into slight danger, moderate danger and severe danger, antivirus software is started for the slight danger and the moderate danger for searching and killing, when the antivirus software is started for searching and killing for the severe danger, file access and network connection are terminated firstly, a danger prompt box is skipped out, whether the network connection is closed or not is manually selected for carrying out network breaking processing and damaging suspicious files, and a virus database records detected virus data for improving the detection success rate and the accuracy rate of a detection program and reducing the detection error of the detection program;
step six, encrypting the internal data of the computer by using a data encryption program through a data encryption module; carrying out user identity authentication by an identity authentication module by using an identity authentication program; and decrypting the encrypted data after the authentication is passed by using a decryption program through the decryption module.
Further, in the first step, the obtaining of the virus information by the virus forensics module using the virus forensics program includes: and acquiring the known viruses and the information of the viruses from the database.
Further, in the third step, the determining the virus by the virus determining module using the virus determining program according to the virus data analysis result to obtain the malicious behavior of the virus includes:
(1) searching and obtaining virus information from a preset virus analysis website according to a preset annotation of a virus classification keyword;
(2) acquiring characteristic parameters in the virus information;
(3) and according to the characteristic parameters, carrying out qualitative analysis on the virus malicious behaviors.
Further, in the fourth step, the detecting the network security abnormality by the abnormality detecting module using the abnormality detecting program includes: by means of an application program interface tracker; or an antivirus software trap mode; or a login trap mode of electronic banking and games; or a file and registry monitoring mode; or in a network environment.
Further, in the fifth step, the comparing module compares the abnormal information with the reconstructed virus event by using the comparison program to obtain a virus comparison result, and the method includes:
(1) obtaining a virus family set, wherein the virus family set comprises at least one virus family; constructing a corresponding family model for each virus family to obtain a family model set corresponding to the virus family set;
(2) acquiring newly increased viruses, and acquiring a target virus family according to the newly increased viruses;
(3) extracting a first virus family model corresponding to the target virus family from the family model set;
(4) acquiring a logic relationship between the newly added virus and each family member in the target virus family, and adding the newly added virus to the first virus family model according to the logic relationship to obtain a second virus family model;
(5) generating an analysis result of the newly added virus according to the second virus family model;
(6) and comparing the analysis result of the newly added virus with the reconstructed virus event to obtain a virus comparison result.
Further, in step (1), the constructing a corresponding family model for each virus family includes: acquiring a logical relationship among all family members of the virus family, wherein the family members comprise virus files and association domains; constructing a virus family directed graph according to the logical relationship among all family members; traversing the virus family directed graph to obtain at least one target set to be merged, wherein elements in the target set to be merged have the same topology; and clustering each element in each target set to be merged, and merging according to clustering results to obtain a virus family model corresponding to the virus family directed graph.
Further, the clustering each element in each target set to be merged and merging according to the clustering result to obtain a virus family model corresponding to the virus family directed graph includes:
judging whether elements in each target set to be merged are similar, and clustering according to the judgment result to obtain a clustering result; merging the elements which are clustered into one class in the clustering result into a comprehensive node so as to obtain a virus family model topology corresponding to the virus family directed graph; and sequencing the family members included in each comprehensive node according to the generation sequence of the family members to obtain a virus family model.
Further, in the sixth step, the encrypting internal data of the computer by the data encryption module using the data encryption program includes:
(1) receiving a data encryption request;
(2) selecting a key and a key label for identifying the key in a preset mode;
(3) encrypting the data carried by the encryption request by using the secret key;
(4) and outputting the encrypted data and the key label to finish encryption.
Further, in step (2), the key is obtained from a key pool of a key sequence generated for performing a quantum key distribution operation.
By combining all the technical schemes, the invention has the advantages and positive effects that: according to the invention, the virus judgment result, namely the information of the existing virus, is obtained through the evidence obtaining, processing and analysis of the virus, so that the network event can be conveniently restored; detecting network abnormality, comparing the abnormal information with known virus information, determining information of the virus causing the network abnormality and performing targeted defense; the network defense is carried out, meanwhile, the internal information of the computer is encrypted, and the encrypted information is decrypted by verifying the identity information, so that the internal data of the computer can be protected, and the real-time protection of the computer is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of a computer network security control method according to an embodiment of the present invention.
Fig. 2 is a flowchart of an embodiment of the present invention for determining a virus by a virus determination module according to a virus data analysis result by using a virus determination program to obtain a virus malicious behavior.
Fig. 3 is a flowchart for comparing the abnormal information with the reconstructed virus event by using the comparison module to obtain a virus comparison result according to the embodiment of the present invention.
Fig. 4 is a flowchart of encrypting internal data of a computer by a data encryption module using a data encryption program according to an embodiment of the present invention.
Fig. 5 is a flowchart of a method for analyzing virus data by a data analysis program according to an embodiment of the present invention.
Fig. 6 is a block diagram of a computer network security control system according to an embodiment of the present invention;
in fig. 1: 1. a virus forensics module; 2. a data processing module; 3. a data analysis module; 4. a central control module; 5. a virus determination module; 6. a storage module; 7. an anomaly detection module; 8. an abnormal information acquisition module; 9. an event reconstruction module; 10. a comparison module; 11. a network defense module; 12. a data encryption module; 13. an identity verification module; 14. and a decryption module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides a computer network security control system and a control method thereof, which will be described in detail with reference to the accompanying drawings.
As shown in fig. 1, the computer network security control method provided by the embodiment of the present invention includes the following steps:
s101, acquiring virus information by using a virus forensics program through a virus forensics module; processing the acquired virus data by a data processing program through a data processing module; analyzing the processed virus data by using a data analysis program through a data analysis module;
s102, the processing results of each module are sorted through a central control module, the sorted data are transmitted to another module for further processing, and a main control computer is used for controlling each controlled module to normally operate;
s103, virus judgment is carried out by a virus judgment module according to the virus data analysis result by using a virus judgment program, and virus malicious behaviors are obtained; storing the virus judgment result by using a memory through a storage module;
s104, detecting network security abnormity by using an abnormity detection program through an abnormity detection module; acquiring abnormal information by using an abnormal information acquisition program through an abnormal information acquisition module;
s105, utilizing an event reconstruction program to reconstruct the virus event according to the virus judgment result through an event reconstruction module; comparing the abnormal information with the reconstructed virus event by using a comparison program through a comparison module to obtain a virus comparison result; performing network defense by using a network defense program through a network defense module according to the virus comparison result;
s106, encrypting the internal data of the computer by using a data encryption program through a data encryption module; carrying out user identity authentication by an identity authentication module by using an identity authentication program; and decrypting the encrypted data after the authentication is passed by using a decryption program through the decryption module.
In step S101 in the embodiment of the present invention, acquiring virus information by using a virus forensics program through a virus forensics module includes: and acquiring the known viruses and the information of the viruses from the database.
As shown in fig. 2, in step S103 in the embodiment of the present invention, the virus determining module performs virus determination according to the virus data analysis result by using a virus determining program, so as to obtain a virus malicious behavior, including:
s201, searching and obtaining virus information from a preset virus analysis website according to a preset annotation of a virus classification keyword;
s202, acquiring characteristic parameters in the virus information;
and S203, according to the characteristic parameters, carrying out qualitative analysis on the virus malicious behaviors.
In step S104, the detecting network security abnormality by the abnormality detecting module using the abnormality detecting program according to the embodiment of the present invention includes: by means of an application program interface tracker; or an antivirus software trap mode; or a login trap mode of electronic banking and games; or a file and registry monitoring mode; or in a network environment.
As shown in fig. 3, in step S105 in the embodiment of the present invention, the comparing module performs comparison between the abnormal information and the reconstructed virus event by using the comparison program, so as to obtain a virus comparison result, where the comparing module includes:
s301, acquiring a virus family set, wherein the virus family set comprises at least one virus family; constructing a corresponding family model for each virus family to obtain a family model set corresponding to the virus family set;
s302, acquiring newly added viruses, and acquiring a target virus family according to the newly added viruses;
s303, extracting a first virus family model corresponding to the target virus family from the family model set;
s304, acquiring a logical relationship between the newly added virus and each family member in the target virus family, and adding the newly added virus to the first virus family model according to the logical relationship to obtain a second virus family model;
s305, generating an analysis result of the newly added virus according to the second virus family model;
s306, comparing the analysis result of the newly added virus with the reconstructed virus event to obtain a virus comparison result.
In step S301 in the embodiment of the present invention, the constructing a corresponding family model for each virus family includes: acquiring a logical relationship among all family members of the virus family, wherein the family members comprise virus files and association domains; constructing a virus family directed graph according to the logical relationship among all family members; traversing the virus family directed graph to obtain at least one target set to be merged, wherein elements in the target set to be merged have the same topology; and clustering each element in each target set to be merged, and merging according to clustering results to obtain a virus family model corresponding to the virus family directed graph.
In step S105 in the embodiment of the present invention, the network defense includes: the method comprises the steps of grading the danger degree of data, wherein the danger degree of the data is divided into slight danger, moderate danger and severe danger, enabling antivirus software to check and kill the slight danger and the moderate danger, when the antivirus software is enabled to check and kill the severe danger, stopping file access and network connection, jumping out of a danger prompt box, manually selecting whether to close the network connection to conduct network breaking processing and damage suspicious files, and recording detected virus data by a virus database to improve the detection success rate and the accuracy of a detection program and reduce the detection error of the detection program.
The embodiment of the present invention provides a method for clustering elements in each target set to be merged and merging the elements according to a clustering result to obtain a virus family model corresponding to a virus family digraph, including:
judging whether elements in each target set to be merged are similar, and clustering according to the judgment result to obtain a clustering result; merging the elements which are clustered into one class in the clustering result into a comprehensive node so as to obtain a virus family model topology corresponding to the virus family directed graph; and sequencing the family members included in each comprehensive node according to the generation sequence of the family members to obtain a virus family model.
As shown in fig. 4, in step S106, the encrypting the internal data of the computer by the data encryption module using the data encryption program according to the embodiment of the present invention includes:
s401, receiving a data encryption request;
s402, selecting a secret key and a secret key label for identifying the secret key in a preset mode;
s403, encrypting the data carried by the encryption request by using the key;
s404, outputting the encrypted data and the key label to finish encryption.
In step S402, the key provided by the embodiment of the present invention is obtained from the key pool of the key sequence generated by executing the quantum key distribution operation.
As shown in fig. 5, when the data analysis program in the embodiment of the present invention analyzes virus data, the data analysis program specifically includes:
s501, storing the processed virus data into a data set, and acquiring first data characteristics of the data set and second data characteristics preset in a virus library, wherein the first data characteristics comprise first sub-characteristics with a first quantity, and the second data characteristics comprise second sub-characteristics with a second quantity;
s502, judging whether the ratio of the first quantity to the second quantity meets a preset ratio or not;
s503, determining that the similarity of the two data features to be identified is not greater than a preset threshold value under the condition that the ratio of the first number to the second number does not accord with a preset ratio;
s504, under the condition that the ratio of the first quantity to the second quantity accords with a preset ratio, calculating the similarity between the first data to be identified and the second data to be identified, and judging whether the similarity is larger than a preset threshold value or not;
as shown in fig. 6, the computer network security control system provided in the embodiment of the present invention includes:
the system comprises a virus evidence obtaining module 1, a data processing module 2, a data analysis module 3, a central control module 4, a virus judgment module 5, a storage module 6, an abnormality detection module 7, an abnormal information acquisition module 8, an event reconstruction module 9, a comparison module 10, a network defense module 11, a data encryption module 12, an identity verification module 13 and a decryption module 14;
the virus evidence obtaining module 1 is connected with the central control module 4 and is used for obtaining virus information through a virus evidence obtaining program;
the data processing module 2 is connected with the central control module 4 and is used for processing the acquired virus data through a data processing program;
the data analysis module 3 is connected with the central control module 4 and is used for analyzing the processed virus data through a data analysis program;
the central control module 4 is connected with the virus evidence obtaining module 1, the data processing module 2, the data analysis module 3, the virus judgment module 5, the storage module 6, the abnormality detection module 7, the abnormal information acquisition module 8, the event reconstruction module 9, the comparison module 10, the network defense module 11, the data encryption module 12, the identity verification module 13 and the decryption module 14, and is used for controlling the normal operation of each module through a main control computer;
the virus judging module 5 is connected with the central control module 4 and used for judging viruses according to the virus data analysis result through a virus judging program to obtain virus malicious behaviors;
the storage module 6 is connected with the central control module 4 and used for storing virus judgment results through a memory;
the abnormality detection module 7 is connected with the central control module 4 and is used for detecting network security abnormality through an abnormality detection program;
an abnormal information acquisition module 8 connected with the central control module 4 and used for acquiring abnormal information through an abnormal information acquisition program;
the event reconstruction module 9 is connected with the central control module 4 and is used for reconstructing the virus event according to the virus judgment result through an event reconstruction program;
the comparison module 10 is connected with the central control module 4 and used for comparing the abnormal information with the reconstructed virus event through a comparison program to obtain a virus comparison result;
the network defense module 11 is connected with the central control module 4 and used for performing network defense according to the virus comparison result through a network defense program;
the data encryption module 12 is connected with the central control module 4 and used for encrypting the internal data of the computer through a data encryption program;
the identity authentication module 13 is connected with the central control module 4 and is used for carrying out user identity authentication through an identity authentication program;
and the decryption module 14 is connected with the central control module 4 and is used for decrypting the encrypted data after the authentication is passed through a decryption program.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, and any modification, equivalent replacement, and improvement made by those skilled in the art within the technical scope of the present invention disclosed herein, which is within the spirit and principle of the present invention, should be covered by the present invention.
Claims (10)
1. A computer network security control method applying the computer network security control system according to claim 1, wherein the computer network security control method comprises the steps of:
acquiring virus information by using a virus forensics program through a virus forensics module; processing the acquired virus data by a data processing program through a data processing module; analyzing the processed virus data by using a data analysis program through a data analysis module;
when the data analysis program analyzes the virus data, the data analysis program specifically comprises:
storing the processed virus data as a data set, and acquiring a first data characteristic of the data set and a second data characteristic preset in a virus library, wherein the first data characteristic comprises a first number of first sub-characteristics, and the second data characteristic comprises a second number of second sub-characteristics;
judging whether the ratio of the first quantity to the second quantity meets a preset ratio or not;
determining that the similarity of the two data features to be identified is not greater than a preset threshold value under the condition that the ratio of the first quantity to the second quantity does not accord with a preset ratio;
under the condition that the ratio of the first quantity to the second quantity accords with a preset ratio, calculating the similarity of the first data to be identified and the second data to be identified, and judging whether the similarity is greater than a preset threshold value or not;
step two, the processing results of each module are sorted through a central control module, the sorted data are transmitted to another module for further processing, and a main control computer is used for controlling each controlled module to normally operate;
thirdly, judging the virus by a virus judging module according to the virus data analysis result by using a virus judging program to obtain virus malicious behaviors; storing the virus judgment result by using a memory through a storage module;
fourthly, detecting network security abnormity by utilizing an abnormity detection program through an abnormity detection module; acquiring abnormal information by using an abnormal information acquisition program through an abnormal information acquisition module;
reconstructing the virus event according to the virus judgment result by using an event reconstruction program through an event reconstruction module; comparing the abnormal information with the reconstructed virus event by using a comparison program through a comparison module to obtain a virus comparison result; performing network defense by using a network defense program through a network defense module according to the virus comparison result;
the network defense includes: grading the danger degree of the data, wherein the danger degree is divided into slight danger, moderate danger and severe danger, antivirus software is started for the slight danger and the moderate danger for searching and killing, when the antivirus software is started for searching and killing for the severe danger, file access and network connection are terminated firstly, a danger prompt box is skipped out, whether the network connection is closed or not is manually selected for carrying out network breaking processing and damaging suspicious files, and a virus database records detected virus data for improving the detection success rate and the accuracy rate of a detection program and reducing the detection error of the detection program;
step six, encrypting the internal data of the computer by using a data encryption program through a data encryption module; carrying out user identity authentication by an identity authentication module by using an identity authentication program; and decrypting the encrypted data after the authentication is passed by using a decryption program through the decryption module.
2. The computer network security control method of claim 1, wherein in step one, the obtaining of the virus information by the virus forensics module using the virus forensics program comprises: and acquiring the known viruses and the information of the viruses from the database.
3. The computer network security control method of claim 1, wherein in step three, the determining the virus by the virus determination module using the virus determination program according to the virus data analysis result to obtain the virus malicious behavior comprises:
(1) searching and obtaining virus information from a preset virus analysis website according to a preset annotation of a virus classification keyword;
(2) acquiring characteristic parameters in the virus information;
(3) and according to the characteristic parameters, carrying out qualitative analysis on the virus malicious behaviors.
4. The computer network security control method of claim 1, wherein the step four, the detecting the network security anomaly by the anomaly detection module using the anomaly detection program, comprises: by means of an application program interface tracker; or an antivirus software trap mode; or a login trap mode of electronic banking and games; or a file and registry monitoring mode; or in a network environment.
5. The computer network security control method of claim 1, wherein in step five, the comparing module performs a comparison between the abnormal information and the reconstructed virus event by using a comparison program to obtain a virus comparison result, and the method comprises:
(1) obtaining a virus family set, wherein the virus family set comprises at least one virus family; constructing a corresponding family model for each virus family to obtain a family model set corresponding to the virus family set;
(2) acquiring newly increased viruses, and acquiring a target virus family according to the newly increased viruses;
(3) extracting a first virus family model corresponding to the target virus family from the family model set;
(4) acquiring a logic relationship between the newly added virus and each family member in the target virus family, and adding the newly added virus to the first virus family model according to the logic relationship to obtain a second virus family model;
(5) generating an analysis result of the newly added virus according to the second virus family model;
(6) and comparing the analysis result of the newly added virus with the reconstructed virus event to obtain a virus comparison result.
6. The computer network security control method of claim 5, wherein in step (1), the constructing a corresponding family model for each virus family comprises: acquiring a logical relationship among all family members of the virus family, wherein the family members comprise virus files and association domains; constructing a virus family directed graph according to the logical relationship among all family members; traversing the virus family directed graph to obtain at least one target set to be merged, wherein elements in the target set to be merged have the same topology; and clustering each element in each target set to be merged, and merging according to clustering results to obtain a virus family model corresponding to the virus family directed graph.
7. The computer network security control method of claim 6, wherein the clustering the elements in each target set to be merged and merging the elements according to the clustering result to obtain the virus family model corresponding to the virus family directed graph comprises:
judging whether elements in each target set to be merged are similar, and clustering according to the judgment result to obtain a clustering result; merging the elements which are clustered into one class in the clustering result into a comprehensive node so as to obtain a virus family model topology corresponding to the virus family directed graph; and sequencing the family members included in each comprehensive node according to the generation sequence of the family members to obtain a virus family model.
8. The computer network security control method of claim 1, wherein in step six, the encrypting the internal data of the computer by the data encryption module using the data encryption program comprises:
(1) receiving a data encryption request;
(2) selecting a key and a key label for identifying the key in a preset mode;
(3) encrypting the data carried by the encryption request by using the secret key;
(4) and outputting the encrypted data and the key label to finish encryption.
9. The computer network security control method of claim 8, wherein in step (2), the key is obtained from a key pool of a key sequence generated by performing a quantum key distribution operation.
10. A computer network security control system for use in the computer network security control method according to any one of claims 1 to 9, the computer network security control system comprising:
the virus forensics module is connected with the central control module and is used for acquiring virus information through a virus forensics program;
the data processing module is connected with the central control module and used for processing the acquired virus data through a data processing program;
the data analysis module is connected with the central control module and is used for analyzing the processed virus data through a data analysis program;
the central control module is connected with the virus evidence obtaining module, the data processing module, the data analysis module, the virus judgment module, the storage module, the abnormality detection module, the abnormality information acquisition module, the event reconstruction module, the comparison module, the network defense module, the data encryption module, the identity verification module and the decryption module and is used for controlling the normal operation of each module through the main control computer;
the virus judging module is connected with the central control module and used for judging viruses according to the virus data analysis result through a virus judging program to obtain virus malicious behaviors;
the storage module is connected with the central control module and used for storing the virus judgment result through the memory;
the abnormality detection module is connected with the central control module and is used for detecting network safety abnormality through an abnormality detection program;
the abnormal information acquisition module is connected with the central control module and is used for acquiring abnormal information through an abnormal information acquisition program;
the event reconstruction module is connected with the central control module and is used for reconstructing the virus event according to the virus judgment result through an event reconstruction program;
the comparison module is connected with the central control module and is used for comparing the abnormal information with the reconstructed virus event through a comparison program to obtain a virus comparison result;
the network defense module is connected with the central control module and is used for performing network defense according to the virus comparison result through a network defense program;
the data encryption module is connected with the central control module and is used for encrypting the internal data of the computer through a data encryption program;
the identity authentication module is connected with the central control module and is used for carrying out user identity authentication through an identity authentication program;
and the decryption module is connected with the central control module and is used for decrypting the encrypted data after the authentication passes through the decryption program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011349433.XA CN112464235A (en) | 2020-11-26 | 2020-11-26 | Computer network safety control system and control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011349433.XA CN112464235A (en) | 2020-11-26 | 2020-11-26 | Computer network safety control system and control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112464235A true CN112464235A (en) | 2021-03-09 |
Family
ID=74808819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011349433.XA Pending CN112464235A (en) | 2020-11-26 | 2020-11-26 | Computer network safety control system and control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112464235A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395694A (en) * | 2021-06-23 | 2021-09-14 | 深圳市凯莱特科技股份有限公司 | Intelligent security defense system and defense method based on 5G and local area base station |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098226A (en) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | Online real-time virus processing system and method |
| CN105095752A (en) * | 2014-05-07 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Identification method, apparatus and system of virus packet |
| CN107347058A (en) * | 2016-05-06 | 2017-11-14 | 阿里巴巴集团控股有限公司 | Data ciphering method, data decryption method, apparatus and system |
| CN107818261A (en) * | 2017-09-12 | 2018-03-20 | 王振铎 | A kind of computer information safe stocking system |
| CN109829304A (en) * | 2018-12-29 | 2019-05-31 | 北京奇安信科技有限公司 | A kind of method for detecting virus and device |
| CN110311913A (en) * | 2019-07-03 | 2019-10-08 | 上海应用技术大学 | Computer Network Security System, application method, equipment and storage medium |
| CN110321704A (en) * | 2019-07-08 | 2019-10-11 | 温州中壹技术研究院有限公司 | A kind of computer information safe stocking system |
| CN110457903A (en) * | 2019-07-24 | 2019-11-15 | 腾讯科技(深圳)有限公司 | A kind of virus analysis method, apparatus, equipment and medium |
| CN111404948A (en) * | 2020-03-22 | 2020-07-10 | 云南电网有限责任公司信息中心 | Security system and method based on computer network monitoring |
| CN111865974A (en) * | 2020-07-17 | 2020-10-30 | 上海国际技贸联合有限公司 | Network security defense system and method |
-
2020
- 2020-11-26 CN CN202011349433.XA patent/CN112464235A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098226A (en) * | 2006-06-27 | 2008-01-02 | 飞塔信息科技(北京)有限公司 | Online real-time virus processing system and method |
| CN105095752A (en) * | 2014-05-07 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Identification method, apparatus and system of virus packet |
| CN107347058A (en) * | 2016-05-06 | 2017-11-14 | 阿里巴巴集团控股有限公司 | Data ciphering method, data decryption method, apparatus and system |
| CN107818261A (en) * | 2017-09-12 | 2018-03-20 | 王振铎 | A kind of computer information safe stocking system |
| CN109829304A (en) * | 2018-12-29 | 2019-05-31 | 北京奇安信科技有限公司 | A kind of method for detecting virus and device |
| CN110311913A (en) * | 2019-07-03 | 2019-10-08 | 上海应用技术大学 | Computer Network Security System, application method, equipment and storage medium |
| CN110321704A (en) * | 2019-07-08 | 2019-10-11 | 温州中壹技术研究院有限公司 | A kind of computer information safe stocking system |
| CN110457903A (en) * | 2019-07-24 | 2019-11-15 | 腾讯科技(深圳)有限公司 | A kind of virus analysis method, apparatus, equipment and medium |
| CN111404948A (en) * | 2020-03-22 | 2020-07-10 | 云南电网有限责任公司信息中心 | Security system and method based on computer network monitoring |
| CN111865974A (en) * | 2020-07-17 | 2020-10-30 | 上海国际技贸联合有限公司 | Network security defense system and method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395694A (en) * | 2021-06-23 | 2021-09-14 | 深圳市凯莱特科技股份有限公司 | Intelligent security defense system and defense method based on 5G and local area base station |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bridges et al. | A survey of intrusion detection systems leveraging host data | |
| Biggio et al. | Poisoning behavioral malware clustering | |
| Shu et al. | Unearthing stealthy program attacks buried in extremely long execution paths | |
| RU2680736C1 (en) | Malware files in network traffic detection server and method | |
| Liang et al. | Automatic generation of buffer overflow attack signatures: An approach based on program behavior models | |
| WO2011018271A1 (en) | Malware detection | |
| CN112487383A (en) | Computer system for ensuring information safety and control method thereof | |
| Aslan et al. | Using a subtractive center behavioral model to detect malware | |
| CN111800405A (en) | Detection method, detection device and storage medium | |
| Belal et al. | Comprehensive review on intelligent security defences in cloud: Taxonomy, security issues, ML/DL techniques, challenges and future trends | |
| CN115758355A (en) | Lesojous software defense method and system based on fine-grained access control | |
| JP7470116B2 (en) | Secure communication method and system thereof | |
| Rosli et al. | Clustering analysis for malware behavior detection using registry data | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| US11349855B1 (en) | System and method for detecting encrypted ransom-type attacks | |
| Rani | A review of intrusion detection system in cloud computing | |
| CN112464235A (en) | Computer network safety control system and control method | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| CN112417473A (en) | Big data security management system | |
| Borhan et al. | A framework of TPM, SVM and boot control for securing forensic logs | |
| KR20210025448A (en) | Apparatus and method for endpoint detection and response terminal based on artificial intelligence behavior analysis | |
| Weng et al. | TLSmell: Direct Identification on Malicious HTTPs Encryption Traffic with Simple Connection-Specific Indicators. | |
| CN115085956A (en) | Intrusion detection method and device, electronic equipment and storage medium | |
| Samantray et al. | A theoretical feature-wise study of malware detection techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |