CN112866278B - Computer network information safety protection system based on big data - Google Patents

Abstract

The invention discloses a computer network information safety protection system based on big data, relating to the technical field of computer network information safety control; the information integration module is arranged, scores are carried out on the information data packets, the information data packets are preliminarily screened, a foundation is laid for subsequent evaluation work, and the workload of the method is reduced; the invention is provided with the model evaluation module which classifies the suspicious information through the artificial intelligence model and adds the classification label to the characterization information corresponding to the suspicious information, thereby being beneficial to improving the identification degree of the suspicious information; the attack detection module is arranged, and the attack detection module is used for detecting the information data packet and the network node and giving early warning in time, so that the safety of the information data packet and the communication network is ensured; the invention is provided with the path storage module, and the sending path for storing the safety information by using the block chain is arranged, so that the traceability of the information data packet is improved, and the quantity of malicious information can be reduced.

Description

Computer network information safety protection system based on big data

Technical Field

The invention belongs to the field of computer network information security control, relates to a big data technology, and particularly relates to a computer network information security protection system based on big data.

Background

The network information resource is a sum of various information resources in which various types of information such as text, image, sound, and animation are stored in a non-printing medium such as optical and magnetic media in the form of electronic resource data and are distributed, transmitted, and stored via a network by a computer. However, in the communication process of the existing network information, the information source and the related information of the receiving party and the receiving party in the transmission process are lost, so that the opposite party user cannot know the source of the information and cannot discriminate the network information, thereby promoting the propagation of rumors and causing great troubles for the user.

The invention patent with publication number CN109873809A discloses a computer network information security control system and method, the computer network information security control system comprises: the system comprises a network information acquisition system, a network information transmission system, a main control module, a network information identification module, an encryption module, an intrusion detection module, an alarm module, a cloud storage module and a display module; after receiving the information to be forwarded through a network information transmission module, the information to be forwarded is forwarded to a next-level information receiver; therefore, in the process of multi-stage transmission of information, each stage of information receiver can acquire the source of the information, the transmission path of the information and the relationship between the information sender and the information receiver in each stage; meanwhile, whether the network information to be identified is credible can be determined through the background of the network information identification module, namely whether the network information to be identified is credible is determined by utilizing the similarity.

The scheme solves the problem that the existing information transmission technology cannot select the optimal receiver, determines whether the network information to be identified is credible by utilizing the similarity, and can automatically and effectively identify rumors; however, in the above scheme, the network information is not discriminated from the network information itself, and the transmission path of the network information is not effectively stored, so that the security of the network information is not guaranteed, and the transmission is also not controlled; therefore, the above solution still needs further improvement.

Disclosure of Invention

In order to solve the problems existing in the scheme, the invention provides a computer network information security protection system based on big data.

The purpose of the invention can be realized by the following technical scheme: a computer network information security protection system based on big data comprises a processor, an information integration module, a model evaluation module, an attack detection module, a path storage module, an early warning management module and a data storage module;

the information integration module acquires an information data packet of the network node and integrates and analyzes the information data packet;

the model evaluation module is used for judging the authenticity of suspicious information and comprises the following steps:

when the model evaluation module receives the suspicious information, the classification model is obtained through the data storage module;

after being processed, the suspicious information is input into a classification model to obtain an output result; the output result is a classification label corresponding to the information;

when the output result is any one of A, B and C, the output result is added to the characterization information corresponding to the suspicious information, and the suspicious information is marked as primary screening information; when the output result is D, adding the output result to the characterization information corresponding to the suspicious information, and marking the suspicious information as malicious information;

sending the primary screening information to a virus detection unit;

the path saving module is used for generating and saving a sending path of communication information, and comprises:

the path saving module sends the safety information after receiving the safety information and records the sending path of the safety information; the sending path comprises the network nodes passing by and the stay time of the network nodes;

the transmit path is stored into the blockchain.

Preferably, the attack detection module includes a virus detection unit and an intrusion detection unit, and the virus detection unit is used for detecting viruses in the preliminary screening information, and includes:

calculating a digital abstract of the primary screening information through a HASH algorithm;

comparing and analyzing the digital abstract obtained by calculation with a digital abstract corresponding to the primary screening information in a digital abstract database; when the two are consistent, judging that the primary screening information does not contain virus files, and marking the primary screening information as safety information;

and sending the safety information to a path saving module.

Preferably, the intrusion detection unit is configured to perform intrusion detection on the network node, and includes:

establishing a hacker intrusion characteristic library by analyzing a hacker intrusion mode;

analyzing the information data packet received by the network node to obtain an analysis result; comparing and matching the analysis result with the attack mode of the hacker invading the feature library, when the two are successfully matched, sending a hacker attack signal to the early warning management module, and sending the corresponding hacker attack mode to the early warning management module;

and sending the hacker intrusion feature library and the sending record of the hacker attack signal to a data storage module through a processor for storage.

Preferably, the specific obtaining step of the classification model includes:

acquiring a data packet training set through the Internet; the data packet training set comprises a plurality of information data packets;

setting classification labels for information data packets in a data packet training set; the classification labels include A, B, C and D;

constructing a fusion model; the fusion model is constructed by combining three baseline models of SVM, LR and GBDT with a fusion mode, wherein the fusion mode comprises a linear weighted fusion method, a cross fusion method, a waterfall fusion method, a characteristic fusion method and a prediction fusion method;

dividing information data packets and classification labels in a data packet training set into a training set and a test set according to a set proportion after processing; the set ratios include 4:1, 3:2 and 2:1;

inputting the training set and the test set into the fusion model to train, test and verify the fusion model, and marking the trained fusion model as a classification model;

and sending the classification model to a data storage module for storage through the processor.

Preferably, the specific steps of performing the integration analysis on the information data packet include:

acquiring an information data packet of a network node in a communication network;

extracting the representation information in the information data packet; the representation information comprises a unique identification code of a sender, a unique identification code of a receiver and the size of an information data packet;

obtaining a credit score corresponding to the sender according to the unique identification code of the sender and marking the credit score as XP;

setting an integrity label for the information data packet and marking the information data packet as WQ; the value of the integrity label is 0 and 1, when the value of the integrity label is 0, the representation information of the information data packet is incomplete, and when the value of the integrity label is 1, the representation information of the information data packet is complete;

acquiring a primary screening coefficient SCX of the data packet through a formula SCX = alpha 3 multiplied by WQ multiplied by XP; wherein α 3 is a proportionality coefficient and α 3 is a real number greater than 0;

when the data packet primary screening coefficient SCX meets the condition that SCX is more than or equal to 0 and less than L1, marking the corresponding information data packet as malicious information; when the primary screening coefficient SCX of the data packet meets the condition that the SCX is more than or equal to L1 and less than L2, marking the corresponding information data packet as suspicious information; when the primary screening coefficient SCX of the data packet meets the condition that L2 is not less than SCX not more than 1, marking the corresponding information data packet as safety information; wherein, L1 and L2 are data packet primary screening coefficients, the value range of L1 is [0,0.3], and the value range of L2 is [0.8,1];

sending the suspicious information and the corresponding characterization information to a model evaluation module;

the safety information sending path storage module is used for preventing the sending of the malicious information and sending the safety information through the processor;

and sending the data packet primary screening coefficient and the representation information to a data storage module through a processor.

Preferably, the step of specifically acquiring the reputation score of the sender includes:

acquiring the total sending times of the network information sent by the sender to the network node corresponding to the information data packet and marking the total sending times as ZC; the network information comprises sound, characters, videos and animations;

acquiring the total sending times of sending malicious information to the network node corresponding to the information data packet by the sender and marking the times as EC;

by the formula

Obtaining a reputation evaluation coefficient XPX; wherein alpha 1 and alpha 2 are proportionality coefficients, and both alpha 1 and alpha 2 are real numbers greater than 0;

taking the reciprocal of the reputation evaluation coefficient, and marking the reciprocal of the reputation evaluation coefficient as a reputation score after data normalization processing;

and sending the reputation score of the sender to a data storage module for storage through a processor.

Preferably, the processor is respectively in communication connection with the information integration module, the model evaluation module, the attack detection module, the path storage module, the early warning management module and the data storage module; the early warning management module is respectively in communication connection with the data storage module and the path storage module, the model evaluation module is respectively in communication connection with the information integration module and the attack detection module, and the attack detection module is in communication connection with the path storage module.

Preferably, the integrity of the representation information of the information data packet means that the unique identification code of the sender, the unique identification code of the receiver and the size of the information data packet all exist in the representation information, and the size of the information data packet is larger than 0.

Preferably, when the classification label is A, the corresponding information data packet is safe; when the classification label is B, the corresponding information data packet contains false information; when the classification label is C, the corresponding information data packet contains limiting information, and the limiting information comprises violence, bloody smell and loan; and when the classification label is D, the corresponding information data packet contains illegal information, and the illegal information comprises yellow-related information, toxic-related information and information related to evil education.

Compared with the prior art, the invention has the beneficial effects that:

1. the invention is provided with an information integration module, which is used for acquiring an information data packet of a network node and performing integration analysis on the information data packet; acquiring an information data packet of a network node in a communication network; extracting the representation information in the information data packet; obtaining a credit score corresponding to the sender according to the unique identification code of the sender and marking the credit score as XP; setting an integrity label for the information data packet and marking the information data packet as WQ; acquiring a primary screening coefficient SCX of the data packet through a formula SCX = alpha 3 multiplied by WQ multiplied by XP; when the data packet primary screening coefficient SCX meets the condition that SCX is more than or equal to 0 and less than L1, marking the corresponding information data packet as malicious information; when the primary screening coefficient SCX of the data packet meets the condition that the SCX is more than or equal to L1 and less than L2, marking the corresponding information data packet as suspicious information; when the primary screening coefficient SCX of the data packet meets the condition that the L2 is not more than SCX and less than 1, marking the corresponding information data packet as safety information; sending the suspicious information and the corresponding characterization information to a model evaluation module; the safety information sending path storage module is used for preventing the sending of the malicious information and sending the safety information through the processor; the information integration module scores the information data packets and preliminarily screens the information data packets, so that a foundation is laid for subsequent evaluation work, and the workload of the method is reduced;

2. the invention is provided with a model evaluation module, which is used for judging the authenticity of suspicious information; when the model evaluation module receives the suspicious information, the classification model is obtained through the data storage module; after being processed, the suspicious information is input into a classification model to obtain an output result; the output result is a classification label corresponding to the information; when the output result is any one of A, B and C, the output result is added to the characterization information corresponding to the suspicious information, and the suspicious information is marked as primary screening information; when the output result is D, adding the output result to the characterization information corresponding to the suspicious information, and marking the suspicious information as malicious information; sending the primary screening information to a virus detection unit; the model evaluation module classifies the suspicious information through the artificial intelligence model, and adds the classification label to the characterization information corresponding to the suspicious information, which is helpful for improving the identification degree of the suspicious information;

3. the invention sets up the attack detection module, this arrangement is used for detecting virus and hacker invasion; calculating a digital abstract of the primary screening information through a HASH algorithm; comparing and analyzing the digital abstract obtained by calculation with a digital abstract corresponding to the primary screening information in a digital abstract database; when the two are consistent, judging that the primary screening information does not contain virus files, and marking the primary screening information as safety information; establishing a hacker intrusion characteristic library by analyzing a hacker intrusion mode; analyzing the information data packet received by the network node to obtain an analysis result; comparing and matching the analysis result with an attack mode of a hacker invading the feature library, and when the analysis result and the attack mode are successfully matched, sending a hacker attack signal to the early warning management module and sending the corresponding hacker attack mode to the early warning management module; the attack detection module detects the information data packet and the network node and gives early warning in time, which is helpful for ensuring the safety of the information data packet and the communication network;

4. the invention sets a path storage module, which is used for storing the sending path of the safety information; the path saving module sends the safety information after receiving the safety information and records the sending path of the safety information; storing the transmission path into a block chain; the path saving module saves the sending path of the safety information by using the block chain, thereby improving the traceability of the information data packet and reducing the amount of malicious information.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic diagram of the principle of the present invention.

Detailed Description

The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, a big data-based computer network information security protection system includes a processor, an information integration module, a model evaluation module, an attack detection module, a path storage module, an early warning management module, and a data storage module;

the information integration module acquires an information data packet of the network node and performs integration analysis on the information data packet;

the model evaluation module is used for judging the authenticity of the suspicious information and comprises the following steps:

when the model evaluation module receives the suspicious information, the classification model is obtained through the data storage module;

after being processed, the suspicious information is input into a classification model to obtain an output result; the output result is a classification label corresponding to the available information;

when the output result is any one of A, B and C, the output result is added to the characterization information corresponding to the suspicious information, and the suspicious information is marked as primary screening information; when the output result is D, adding the output result to the characterization information corresponding to the suspicious information, and marking the suspicious information as malicious information;

sending the primary screening information to a virus detection unit;

the path saving module is used for generating and saving a sending path of the communication information, and comprises:

the path saving module sends the safety information after receiving the safety information and records the sending path of the safety information; the sending path comprises the network nodes passing by and the stay time of the network nodes;

the transmit path is stored into the blockchain.

Further, attack detection module includes virus detecting element and intrusion detection unit, and virus detecting element is used for detecting the virus in the preliminary screening information, includes:

calculating a digital abstract of the primary screening information through a HASH algorithm;

comparing and analyzing the digital abstract obtained by calculation with a digital abstract corresponding to the primary screening information in a digital abstract database; when the two are consistent, judging that the primary screening information does not contain virus files, and marking the primary screening information as safety information;

and sending the safety information to a path saving module.

Further, the intrusion detection unit is configured to perform intrusion detection on the network node, and includes:

establishing a hacker intrusion characteristic library by analyzing a hacker intrusion mode;

analyzing an information data packet received by a network node to obtain an analysis result; comparing and matching the analysis result with an attack mode of a hacker invading the feature library, and when the analysis result and the attack mode are successfully matched, sending a hacker attack signal to the early warning management module and sending the corresponding hacker attack mode to the early warning management module;

and sending the hacker intrusion feature library and the sending record of the hacker attack signal to a data storage module through a processor for storage.

Further, the specific obtaining step of the classification model comprises:

acquiring a data packet training set through the Internet; the data packet training set comprises a plurality of information data packets;

setting classification labels for information data packets in a data packet training set; the category labels include A, B, C and D;

constructing a fusion model; the fusion model is constructed by combining three baseline models of SVM, LR and GBDT with a fusion mode, wherein the fusion mode comprises a linear weighted fusion method, a cross fusion method, a waterfall fusion method, a characteristic fusion method and a prediction fusion method;

dividing information data packets and classification labels in a data packet training set into a training set and a test set according to a set proportion after processing; the set ratios include 4:1, 3:2 and 2:1;

inputting the training set and the test set into the fusion model to train, test and verify the fusion model, and marking the trained fusion model as a classification model;

and sending the classification model to a data storage module for storage through the processor.

Further, the specific steps of performing the integration analysis on the information data packet include:

acquiring an information data packet of a network node in a communication network;

extracting the representation information in the information data packet; the representation information comprises a unique identification code of a sender, a unique identification code of a receiver and the size of an information data packet;

obtaining a credit score corresponding to the sender according to the unique identification code of the sender and marking the credit score as XP;

setting an integrity label for the information data packet and marking the information data packet as WQ; the value of the integrity label is 0 and 1, when the value of the integrity label is 0, the representation information of the information data packet is incomplete, and when the value of the integrity label is 1, the representation information of the information data packet is complete;

acquiring a primary screening coefficient SCX of the data packet through a formula SCX = alpha 3 multiplied by WQ multiplied by XP; wherein α 3 is a proportionality coefficient and α 3 is a real number greater than 0;

when the data packet primary screening coefficient SCX meets the condition that SCX is more than or equal to 0 and less than L1, marking the corresponding information data packet as malicious information; when the primary screening coefficient SCX of the data packet meets the condition that the SCX is more than or equal to L1 and less than L2, marking the corresponding information data packet as suspicious information; when the primary screening coefficient SCX of the data packet meets the condition that L2 is not less than SCX not more than 1, marking the corresponding information data packet as safety information; wherein, L1 and L2 are data packet primary screening coefficients, the value range of L1 is [0,0.3], and the value range of L2 is [0.8,1];

sending the suspicious information and the corresponding characterization information to a model evaluation module;

the safety information sending path storage module is used for preventing the sending of the malicious information and sending the safety information through the processor;

and sending the data packet primary screening coefficient and the representation information to a data storage module through a processor.

Further, the specific obtaining step of the reputation score of the sender comprises:

acquiring the total sending times of the network information sent by the sender to the network node corresponding to the information data packet and marking the total sending times as ZC; the network information comprises sound, characters, video and animation;

acquiring the total sending times of sending malicious information to the network node corresponding to the information data packet by the sender and marking the times as EC;

by the formula

Obtaining a reputation evaluation coefficient XPX; wherein alpha 1 and alpha 2 are proportionality coefficients, and both alpha 1 and alpha 2 are real numbers greater than 0;

taking the reciprocal of the reputation evaluation coefficient, and marking the reciprocal of the reputation evaluation coefficient as a reputation score after data normalization processing;

and sending the reputation score of the sender to a data storage module for storage through a processor.

Further, the processor is respectively in communication connection with the information integration module, the model evaluation module, the attack detection module, the path storage module, the early warning management module and the data storage module; the early warning management module is respectively in communication connection with the data storage module and the path storage module, the model evaluation module is respectively in communication connection with the information integration module and the attack detection module, and the attack detection module is in communication connection with the path storage module.

Furthermore, the completeness of the characterization information of the information data packet means that the unique identification code of the sender, the unique identification code of the receiver and the size of the information data packet all exist in the characterization information, and the size of the information data packet is larger than 0.

Further, when the classification label is A, the corresponding information data packet is safe; when the classification label is B, the corresponding information data packet contains false information; when the classification label is C, the corresponding information data packet contains limiting information, and the limiting information comprises violence, bloody smell and loan; and when the classification label is D, the corresponding information data packet contains illegal information, wherein the illegal information comprises yellow-related information, toxic-related information and information related to pathogen education.

Further, the hacker intrusion mode includes Land attack, TCP SYN attack, ping Of Death attack, winNuke attack, teardrop attack, and TCP/UDP port scanning attack, and the specific determination step Of the hacker intrusion mode is:

when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack and marking as L;

when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack and marking as S;

when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack and marking as D;

when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking as W;

when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack and marking the Teardrop attack as T;

when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack and marked as U.

The above formulas are all calculated by removing dimensions and taking numerical values thereof, the formula is a formula which is obtained by acquiring a large amount of data and performing software simulation to obtain the closest real situation, and the preset parameters and the preset threshold value in the formula are set by the technical personnel in the field according to the actual situation or obtained by simulating a large amount of data.

The working principle of the invention is as follows:

acquiring an information data packet of a network node in a communication network; extracting the representation information in the information data packet; obtaining a credit score corresponding to the sender according to the unique identification code of the sender and marking the credit score as XP; setting an integrity label for the information data packet and marking the information data packet as WQ; acquiring a primary screening coefficient SCX of the data packet through a formula SCX = alpha 3 multiplied by WQ multiplied by XP; when the data packet primary screening coefficient SCX meets the condition that SCX is more than or equal to 0 and less than L1, marking the corresponding information data packet as malicious information; when the primary screening coefficient SCX of the data packet meets the condition that the SCX is more than or equal to L1 and less than L2, marking the corresponding information data packet as suspicious information; when the primary screening coefficient SCX of the data packet meets the condition that L2 is not less than SCX not more than 1, marking the corresponding information data packet as safety information; sending the suspicious information and the corresponding characterization information to a model evaluation module; the safety information sending path storage module is used for preventing the sending of the malicious information and sending the safety information through the processor;

when the model evaluation module receives the suspicious information, the classification model is obtained through the data storage module; after being processed, the suspicious information is input into a classification model to obtain an output result; the output result is a classification label corresponding to the information; when the output result is any one of A, B and C, the output result is added to the characterization information corresponding to the suspicious information, and the suspicious information is marked as primary screening information; when the output result is D, adding the output result to the characterization information corresponding to the suspicious information, and marking the suspicious information as malicious information; sending the primary screening information to a virus detection unit;

calculating a digital abstract of the primary screening information through a HASH algorithm; comparing and analyzing the digital abstract obtained by calculation with a digital abstract corresponding to the primary screening information in a digital abstract database; when the two are consistent, judging that the primary screening information does not contain virus files, and marking the primary screening information as safety information; establishing a hacker intrusion characteristic library by analyzing a hacker intrusion mode; analyzing an information data packet received by a network node to obtain an analysis result; comparing and matching the analysis result with the attack mode of the hacker invading the feature library, when the two are successfully matched, sending a hacker attack signal to the early warning management module, and sending the corresponding hacker attack mode to the early warning management module; the path saving module sends the safety information after receiving the safety information and records the sending path of the safety information; the transmit path is stored into the blockchain.

In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.

Claims (5)

1. A big data-based computer network information security protection system is characterized by comprising a processor, an information integration module, a model evaluation module, an attack detection module, a path storage module, an early warning management module and a data storage module;

the information integration module acquires an information data packet of the network node and integrates and analyzes the information data packet;

the model evaluation module is used for judging the authenticity of suspicious information and comprises the following steps:

when the model evaluation module receives the suspicious information, the classification model is obtained through the data storage module;

after being processed, the suspicious information is input into a classification model to obtain an output result; the output result is a classification label corresponding to the information;

when the output result is any one of A, B and C, the output result is added to the characterization information corresponding to the suspicious information, and the suspicious information is marked as primary screening information; when the output result is D, adding the output result to the characterization information corresponding to the suspicious information, and marking the suspicious information as malicious information;

sending the primary screening information to a virus detection unit;

the path saving module is used for generating and saving a sending path of the safety information, and comprises:

the path saving module sends the safety information after receiving the safety information and records the sending path of the safety information; the sending path comprises the network nodes passing by and the stay time of the network nodes;

storing the transmission path into a block chain;

the specific steps of the information data packet for integration analysis comprise:

acquiring an information data packet of a network node in a communication network;

extracting the representation information in the information data packet; the representation information comprises a unique identification code of a sender, a unique identification code of a receiver and the size of an information data packet;

obtaining a credit score corresponding to the sender according to the unique identification code of the sender and marking the credit score as XP;

setting an integrity label for the information data packet and marking the information data packet as WQ; the value of the integrity label is 0 and 1, when the value of the integrity label is 0, the representation information of the information data packet is incomplete, and when the value of the integrity label is 1, the representation information of the information data packet is complete;

acquiring a primary screening coefficient SCX of the data packet through a formula SCX = alpha 3 multiplied by WQ multiplied by XP; wherein α 3 is a proportionality coefficient and α 3 is a real number greater than 0;

when the data packet primary screening coefficient SCX satisfies that the SCX is more than or equal to 0 and less than L1, marking the corresponding information data packet as malicious information; when the primary screening coefficient SCX of the data packet meets the condition that the L1 is not more than SCX and less than L2, marking the corresponding information data packet as suspicious information; when the primary screening coefficient SCX of the data packet meets the condition that L2 is not less than SCX not more than 1, marking the corresponding information data packet as safety information; wherein, L1 and L2 are data packet primary screening coefficients, the value range of L1 is [0,0.3], and the value range of L2 is [0.8,1];

sending the suspicious information and the corresponding characterization information to a model evaluation module;

the safety information sending path storage module is used for preventing the sending of the malicious information and sending the safety information through the processor;

sending the preliminary screening coefficient and the representation information of the data packet to a data storage module through a processor;

the specific acquisition step of the reputation score of the sender comprises the following steps:

acquiring the total sending times of the network information sent by the sender to the network node corresponding to the information data packet and marking the total sending times as ZC; the network information comprises sound, characters and video;

acquiring the total sending times of sending malicious information to the network node corresponding to the information data packet by the sender and marking the times as EC;

by the formula

Obtaining a reputation evaluation coefficient XPX; wherein alpha 1 and alpha 2 are proportionality coefficients, and both alpha 1 and alpha 2 are real numbers greater than 0; />

Taking the reciprocal of the reputation evaluation coefficient, and marking the reciprocal of the reputation evaluation coefficient as a reputation score after data normalization processing;

the credit score of the sender is sent to a data storage module through a processor for storage;

when the classification label is A, the corresponding information data packet is safe; when the classification label is B, the corresponding information data packet contains false information; when the classification label is C, the corresponding information data packet contains limiting information, and the limiting information comprises violence, bloody smell and loan; and when the classification label is D, the corresponding information data packet contains illegal information, and the illegal information comprises yellow-related information, toxic-related information and information related to evil education.

2. The big data-based computer network information security protection system according to claim 1, wherein the attack detection module includes a virus detection unit and an intrusion detection unit, the virus detection unit is configured to detect a virus in the prescreened information, and the system includes:

calculating a digital abstract of the primary screening information through a HASH algorithm;

comparing and analyzing the digital abstract obtained by calculation with a digital abstract corresponding to the primary screening information in a digital abstract database; when the two are consistent, judging that the primary screening information does not contain virus files, and marking the primary screening information as safety information;

and sending the safety information to a path saving module.

3. The big data-based computer network information security protection system according to claim 2, wherein the intrusion detection unit is configured to perform intrusion detection on the network node, and comprises:

establishing a hacker intrusion characteristic library by analyzing a hacker intrusion mode;

analyzing an information data packet received by a network node to obtain an analysis result; comparing and matching the analysis result with the attack mode of the hacker invading the feature library, when the two are successfully matched, sending a hacker attack signal to the early warning management module, and sending the corresponding hacker attack mode to the early warning management module;

and sending the transmission records of the hacker intrusion feature library and the hacker attack signals to a data storage module through a processor for storage.

4. The big data-based computer network information security protection system according to claim 1, wherein the processor is in communication connection with the information integration module, the model evaluation module, the attack detection module, the path storage module, the early warning management module and the data storage module, respectively; the early warning management module is respectively in communication connection with the data storage module and the path storage module, the model evaluation module is respectively in communication connection with the information integration module and the attack detection module, and the attack detection module is in communication connection with the path storage module.

5. The big data-based computer network information security protection system according to claim 1, wherein the specific obtaining step of the classification model comprises:

acquiring a data packet training set through the Internet; the data packet training set comprises a plurality of information data packets;

setting classification labels for information data packets in a data packet training set; the classification labels include A, B, C and D;

constructing a fusion model; the fusion model is formed by fusing three baseline models of SVM, LR and GBDT, and the fusion mode comprises a linear weighted fusion method, a cross fusion method, a waterfall fusion method, a characteristic fusion method and a prediction fusion method;

dividing information data packets and classification labels in a data packet training set into a training set and a test set according to a set proportion after processing; the set ratios include 4:1, 3:2 and 2:1;

inputting the training set and the test set into the fusion model to train, test and verify the fusion model, and marking the trained fusion model as a classification model;

and sending the classification model to a data storage module for storage through the processor.

Images