CN112907321A - Big data-based information security anomaly sensing platform for data mining and analysis - Google Patents

Big data-based information security anomaly sensing platform for data mining and analysis Download PDF

Info

Publication number
CN112907321A
CN112907321A CN202110152158.0A CN202110152158A CN112907321A CN 112907321 A CN112907321 A CN 112907321A CN 202110152158 A CN202110152158 A CN 202110152158A CN 112907321 A CN112907321 A CN 112907321A
Authority
CN
China
Prior art keywords
transaction
unit
data
information
data flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110152158.0A
Other languages
Chinese (zh)
Other versions
CN112907321B (en
Inventor
刘智勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Hongrui Information Technology Co Ltd
Original Assignee
Zhuhai Hongrui Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Hongrui Information Technology Co Ltd filed Critical Zhuhai Hongrui Information Technology Co Ltd
Priority to CN202110152158.0A priority Critical patent/CN112907321B/en
Publication of CN112907321A publication Critical patent/CN112907321A/en
Application granted granted Critical
Publication of CN112907321B publication Critical patent/CN112907321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Abstract

The invention discloses an information security abnormity perception platform based on data mining and analysis of big data, which comprises: an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, a database, a data retrieval unit, a transaction environment simulation test unit, a transaction channel establishment unit, an information source and information sink positioning unit, a transmission deviation analysis unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and an abnormity processing unit, the information transmission flow direction and flow are called through big data, and the information transmission flow direction and flow in the transaction simulation test are compared and analyzed with the information transmission flow direction and flow in the transaction simulation test to sense the deviation of the data flow direction and flow when the information transmission safety is abnormal, by analyzing the direction of data stream transmission and the change of data flow in the electronic commerce transaction process, the attack mode suffered in the transaction process is predicted, and protective measures are taken against attacks in different modes, so that the information safety in the electronic commerce transaction process is guaranteed to the greatest extent, and the value of the information is maintained.

Description

Big data-based information security anomaly sensing platform for data mining and analysis
Technical Field
The invention relates to the technical field of big data, in particular to an information security abnormity perception platform based on data mining and analysis of big data.
Background
Along with the development of science and technology, the information security problem is more and more prominent, and is particularly embodied in the process of electronic commerce transaction, the main problems faced by the electronic commerce transaction are that transaction information is attacked by unknown factors in the transmission process, the information is maliciously tampered, replaced and leaked, along with the popularization of the electronic transaction, unsafe factors in the transaction process increase day by day, when the information security is abnormal, the information security needs to be sensed in time, however, the reason that the information security is abnormal is sensed only and cannot be confirmed or the attack mode suffered in the transaction information transmission process cannot be confirmed is not effective, technicians cannot be helped to solve the information security problem in time, the final purpose of sensing the information security abnormality is to fundamentally solve the information security problem, the security is precious, and the attack mode suffered in the transaction process is analyzed and confirmed in advance when the information security is abnormal in the transaction process, and the attack on different modes can be favorably and pertinently realized And the protection is avoided, in addition, the information safety can be effectively ensured by synchronously processing the abnormity after the safety abnormity is sensed, and various safety attributes and values of information transmission are kept.
Therefore, an information security anomaly awareness platform based on data mining and analysis of big data is needed to solve the above problems.
Disclosure of Invention
The invention aims to provide an information security abnormity perception platform based on data mining and analysis of big data, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: the utility model provides an information security anomaly perception platform based on data mining and analysis of big data which characterized in that: the platform includes: the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, a database, a data retrieval unit, a transaction environment simulation test unit, a transaction channel establishment unit, an information source and information sink positioning unit, a transmission deviation analysis unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and an abnormity processing unit;
the input end of the database is connected with the output ends of the information transmission flow direction acquisition unit and the information transmission flow acquisition unit, the output end of the database is connected with the input end of the data retrieval unit, the output end of the data retrieval unit is connected with the input end of the transaction environment simulation test unit, the output end of the information source and information sink positioning unit is connected with the input end of the transaction channel establishing unit, the output end of the transaction channel establishing unit is connected with the input end of the transaction environment simulation test unit, the output end of the transaction environment simulation test unit is connected with the input end of the transmission deviation analysis unit, the output end of the transmission deviation analysis unit is connected with the input end of the abnormal equipment sensing unit, and the output end of the abnormal equipment sensing unit is connected with the input end of the information security abnormality analysis unit, the output end of the information security abnormity analysis unit is connected with the input end of the abnormity processing unit;
the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, an information source and information sink positioning unit, a transaction channel establishment unit, a transaction environment simulation test unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and a data security abnormity analysis unit, wherein the information transmission flow direction acquisition unit is used for acquiring a data flow direction in the electronic commerce transaction process to the database, the information transmission flow acquisition unit is used for acquiring a data flow in the electronic commerce transaction process to the database, the information source and information sink positioning unit is used for positioning signal positions of two transaction parties in the electronic commerce transaction process, the transaction channel establishment unit and the transaction environment simulation test unit are used for establishing a transaction channel after confirming the signal positions of the two transaction parties and simulating and testing whether the transaction process is attacked or not, the transmission deviation analysis unit is used for analyzing the data flow and the direction deviation according to a test result, the abnormal equipment sensing unit is used, the exception handling unit is used for taking different protective measures for different attack modes.
Further, the information transmission flow direction acquisition unit and the information transmission flow acquisition unit acquire the data flow direction and the data flow in the transaction process to the database for the data retrieval unit to retrieve, the data retrieval unit transmits the retrieved data to the transaction environment simulation test unit, the information source and information sink positioning unit confirms the signal positions of both transaction parties tested in the transaction process, the position information is transmitted to the transaction channel establishment unit, the transaction channel establishment unit establishes a virtual transaction channel confirmation signal coordinate after receiving the signal position information of both transaction parties, the coordinate information is transmitted to the transaction environment simulation test unit, the transaction environment simulation test unit establishes a simulated transaction environment, and the direction and the data flow of the transaction data are tested through the received coordinate information, and transmitting and scanning the test data into the transmission deviation analysis unit.
Further, after receiving the test data, the transmission deviation analysis unit analyzes the data flow direction and flow deviation in the transaction process by comparing the test data with the retrieved data, and transmits the analysis result to the abnormal device sensing unit, the abnormal device sensing unit senses the abnormal device around the transaction channel according to the data flow direction change after receiving the deviation data in the analysis result, and transmits the sensed position information of the abnormal device to the information security abnormality analysis unit, the information security abnormality analysis unit judges the attack mode received in the transaction process after receiving the position information of the abnormal device, and transmits the analysis result to the abnormality processing unit, the abnormality processing unit takes different protection measures according to the analysis result aiming at different attacks received in the transaction process, and rapidly obtains the attack mode of the intrusion device to the transaction process and takes different protection measures when sensing the intrusion of the abnormal device, the safety of information transmission in the electronic commerce transaction process is guaranteed to the greatest extent.
Further, the attack mode suffered in the transaction process comprises: the method comprises the steps of interrupting, intercepting and modifying, wherein the interrupting means that transaction information transmission is blocked in a transaction process, the intercepting means that an attacker acquires transaction data or identity information of two transaction parties in the transaction information transmission process, the modifying means that the transaction data is transmitted to an information sink after being maliciously modified by the attacker, different attack modes destroy the authenticity of the transaction information, the confirmation of the attack modes is beneficial to quickly searching for an attack source and protecting, and the safety of information transmitted in the transaction is protected.
Further, the information transmission flow direction acquisition unit acquires the transaction processThe data flow direction set is theta ═ theta1,θ2,...,θnAnd the information transmission flow acquisition unit acquires data flow set b ═ b in the corresponding transaction process1,b2,...,bnAnd n represents the total transaction times, the acquired data flow direction and data flow are transmitted to the database for storage, the data flow direction and data flow in different transaction processes in the database are called by the data calling unit to the transaction environment simulation test unit, and the data flow direction and flow transmitted in the big data calling transaction process provide basis for the change of the data flow direction and flow when the abnormality is sensed by subsequent analysis, so that the attack mode of the transaction can be predicted through the change.
Furthermore, a two-dimensional coordinate system is established by the information source information sink positioning unit by using the position of the transaction information sending end, namely the information source, as the origin, the positions of the information sources are different in different transaction processes, and the point set of the information source is A ═ A { (A) }1,A2,...,AnThe point set of the transaction information receiving end, namely the information sink is B ═ B1,B2,...,BnAnd the information source information sink positioning unit positions the coordinate set of the data stream transmission vector in the point confirmation transaction process of the corresponding information sink as (x, y) { (x)1,y1),(x2,y2),...,(xn,yn) Is corresponding to the data stream transmission vector of
Figure BDA0002932402090000031
Wherein n represents the total times of the transaction, and transmits a data flow vector to the transaction environment simulation test unit, the transaction environment simulation test unit establishes a simulated transaction environment, and the direction and the data flow of the transaction data are tested through the received coordinate information: calculating the tested data flow direction theta according to the following formulai’:
Figure BDA0002932402090000032
Is testedData flow to the collection during the transaction: theta ═ theta1’,θ2’,...,θn' }, calculating the tested data flow b according to the following formulai’:
Figure BDA0002932402090000033
Obtaining a set of data traffic during the tested transaction: b' ═ b1’,b2’,...,bn' }, in which, xiAnd yiThe method comprises the steps of respectively representing the horizontal and vertical coordinates of a data flow transmission vector in the random one-time test transaction process, transmitting tested data and called data to a transmission deviation analysis unit, calculating the data flow direction by using an arctan function after confirming the data flow vector coordinates, aiming at confirming the accurate direction of data transmission in the test environment, being beneficial to sensing the abnormity of information safety by analyzing the change of the data flow direction, confirming the transaction information transmission flow in a vector length calculation mode, aiming at comparing the transaction information transmission flow with the data flow in the called normal transaction process to judge the deviation of data, and comprehensively analyzing the data flow direction and the flow deviation, being beneficial to more accurately predicting whether the transaction process is attacked or not and the attacking mode.
Further, the transmission deviation analysis unit is used for comparing the tested data flow b' in the transaction process with the called data flow b in the corresponding transaction process: if b' is b, the data flow is not changed in the transaction process, and the transaction data can be transmitted from the information source to the information sink; if b '≠ b, it is indicated that data traffic changes in the transaction process, and there is a possibility that the transaction data cannot be transmitted to the sink, the transmission deviation analysis unit is used for comparing the data flow direction theta' in the tested transaction process with the data flow direction theta in the called corresponding transaction process: if theta' is theta, the data flow direction is not changed in the transaction process; if the theta' ≠ theta, the data flow direction is changed in the transaction process, the transaction data has the possibility of being attacked and acquired by abnormal equipment, and the analysis result is transmitted to the abnormal equipment sensing unit.
Further, the abnormal device sensing unit senses the transaction process of the change of the data flow direction and the data flow, senses whether the signal of the abnormal device exists around the transaction channel, and transmits the sensed position information of the signal of the abnormal device to the information security abnormity analysis unit.
Further, the information security abnormity analysis unit judges the attack mode suffered in the transaction process: if the data flow is changed, the data flow direction is not changed, and abnormal equipment is not sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interruption; if the data flow is not changed, the data flow direction is changed, and abnormal equipment is sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interception; if the data flow and the data flow are changed and abnormal equipment is sensed around the transaction channel, the attack mode received in the corresponding transaction process is judged to be modified, the judgment result is transmitted to the abnormal processing unit, the abnormal equipment around the transaction environment is sensed after the attack mode is confirmed, so that the abnormal equipment is favorable for carrying out back tracking on the abnormal equipment, the attack source is estimated, and the risk of transaction information transmission is further reduced.
Further, the exception handling unit takes different protective measures according to the judgment result aiming at different attacks suffered in the transaction process: if the transaction process is attacked by interruption, a plurality of virtual transaction channels are additionally arranged to complete the transaction; if the transaction process is intercepted and attacked, the data encryption degree is enhanced, and the positioned signal source of the abnormal equipment is searched; and if the transaction process is attacked by modification, increasing the data modification authority and searching the positioned signal source of the abnormal equipment.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention calls the data transmission flow direction and flow in the normal transaction process in the information transmission flow direction acquisition unit and the information transmission flow acquisition unit through the data calling unit, establishes a simulated transaction test environment, models by taking the position of the information sending end, namely the information source, in the transaction process as an original point, confirms the data stream transmission vector coordinate in the transaction process by positioning the information receiving end, namely the information sink, through the information source and information sink positioning unit, the data transmission has the existing size and direction and is most suitable for vector representation, confirms the data transmission flow direction and flow through the data transmission vector, compares the tested data flow direction and flow with the called data through the transmission deviation analysis unit, and is favorable for predicting the attack mode suffered by the transaction process by judging the change and difference of transaction data;
2. the invention senses the transaction process of the change of the data flow direction and the data flow through the abnormal equipment sensing unit, transmits the sensed position information of the abnormal equipment signal to the information security abnormity analysis unit, and the information security abnormity analysis unit comprehensively analyzes the attack mode suffered in the transaction process according to the change of the data flow and the flow direction and the sensed abnormal equipment in each transaction process: and interrupting, modifying or intercepting, adopting different protective measures aiming at attacks in different modes through the exception handling unit, and meanwhile, carrying out back tracking on the exception equipment to estimate an attack source, thereby further reducing the risk of transaction information transmission and ensuring the safety of the transaction information.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a block diagram of an information security anomaly awareness platform based on big data mining and analysis according to the present invention;
fig. 2 is a schematic diagram of a transaction process attack mode of the invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Referring to fig. 1-2, the present invention provides the following technical solutions: the utility model provides an information security anomaly perception platform based on data mining and analysis of big data which characterized in that: the platform includes: the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, a database, a data retrieval unit, a transaction environment simulation test unit, a transaction channel establishment unit, an information source and information sink positioning unit, a transmission deviation analysis unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and an abnormity processing unit;
the input end of the database is connected with the output ends of the information transmission flow direction acquisition unit and the information transmission flow acquisition unit, the output end of the database is connected with the input end of the data calling unit, the output end of the data calling unit is connected with the input end of the transaction environment simulation test unit, the output end of the information source sink positioning unit is connected with the input end of the transaction channel establishing unit, the output end of the transaction channel establishing unit is connected with the input end of the transaction environment simulation test unit, the output end of the transaction environment simulation test unit is connected with the input end of the transmission deviation analysis unit, the output end of the transmission deviation analysis unit is connected with the input end of the abnormal equipment sensing unit, the output end of the abnormal equipment sensing unit is connected with the input end of the information safety abnormal analysis unit, and the;
the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, an information source and information sink positioning unit, a transaction channel establishment unit, a transaction environment simulation test unit, a transmission deviation analysis unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and an information security abnormity analysis unit, wherein the information transmission flow direction acquisition unit is used for acquiring the data flow direction in the electronic commerce transaction process to a database, the information transmission flow acquisition unit is used for acquiring the data flow in the electronic commerce transaction process to the database, the information source and information sink positioning unit is used for positioning the signal positions of two transaction parties in the electronic commerce transaction process, the transaction channel establishment unit and the transaction environment simulation test unit are used for establishing a transaction channel after confirming the signal positions of the two transaction parties and simulating and testing whether the transaction process is attacked or not, the transmission deviation analysis unit is used for analyzing the data flow, and the exception handling unit is used for taking different protective measures for different attack modes.
The information transmission flow direction acquisition unit and the information transmission flow acquisition unit acquire data flow direction and data flow in a transaction process to a database for the data retrieval unit to retrieve, the data retrieval unit transmits retrieved data to the transaction environment simulation test unit, the information source and information sink positioning unit confirms the signal positions of both transaction parties tested in the transaction process, the position information is transmitted to the transaction channel establishment unit, the transaction channel establishment unit establishes a virtual transaction channel after receiving the signal position information of both transaction parties and confirms the signal coordinates, the coordinate information is transmitted to the transaction environment simulation test unit, the transaction environment simulation test unit establishes a simulated transaction environment, the direction and the data flow of transaction data are tested through the received coordinate information, and the test data is transmitted to the transmission deviation analysis unit.
After receiving the test data, the transmission deviation analysis unit analyzes the data flow direction and flow deviation in the transaction process by comparing the test data with the called data, transmits the analysis result to the abnormal equipment sensing unit, senses abnormal equipment around the transaction channel according to the change of the data flow direction after receiving the deviation data in the analysis result, transmits the sensed position information of the abnormal equipment to the information security abnormality analysis unit, judges the attack mode suffered in the transaction process after the information security abnormality analysis unit receives the position information of the abnormal equipment, transmits the analysis result to the abnormality processing unit, adopts different protection measures according to the analysis result aiming at different attacks suffered in the transaction process, quickly obtains the attack mode of the intrusion equipment to the transaction process when sensing the intrusion of the abnormal equipment and adopts different protection measures, the safety of information transmission in the electronic commerce transaction process can be guaranteed to the greatest extent.
The attack mode in the transaction process comprises the following steps: the method comprises the steps of interrupting, intercepting and modifying, wherein the interrupting means that transaction information transmission is blocked in a transaction process, the intercepting means that an attacker acquires transaction data or identity information of two transaction parties in the transaction information transmission process, the modifying means that the transaction data is transmitted to an information sink after being maliciously modified by the attacker, different attack modes destroy the authenticity of the transaction information, and the confirmation of the attack modes is convenient for quickly finding an attack source and protecting so as to protect the information transmitted in the transaction.
The information transmission flow direction acquisition unit acquires data flow direction set in the transaction process as theta ═ theta1,θ2,...,θnAnd the information transmission flow acquisition unit acquires data flow set b ═ b in the corresponding transaction process1,b2,...,bnAnd n represents the total transaction times, the acquired data flow direction and data flow are transmitted to a database for storage, the data flow direction and data flow in different transaction processes in the database are called by a data calling unit to a transaction environment simulation testing unit, and the data flow direction and flow transmitted in the big data calling transaction process provide basis for the change of the data flow direction and flow when the abnormality is sensed by subsequent analysis, so that the attack mode of the transaction can be conveniently predicted through the change.
A two-dimensional coordinate system is established by using a signal source and signal sink positioning unit by taking the position of a transaction information transmitting end, namely a signal source as an origin, the positions of the signal sources are different in different transaction processes, and the point set of the signal source is A ═ A { (A) }1,A2,...,AnThe point set of the transaction information receiving end, namely the information sink is B ═ B1,B2,...,BnAnd the information source and information sink positioning unit positions the coordinate set of the data stream transmission vector in the point confirmation transaction process of the corresponding information sink as (x, y) { (x)1,y1),(x2,y2),...,(xn,yn) Is corresponding to the data stream transmission vector of
Figure BDA0002932402090000071
Wherein n represents the total times of the transaction, and transmits the data flow vector to the transaction environment simulation test unit, the transaction environment simulation test unit establishes a simulated transaction environment, and the direction and the data flow of the transaction data are tested through the received coordinate information: calculating the tested data flow direction theta according to the following formulai’:
Figure BDA0002932402090000072
And obtaining a tested data flow set in the transaction process: theta ═ theta1’,θ2’,...,θn' }, calculating the tested data flow b according to the following formulai’:
Figure BDA0002932402090000073
Obtaining a set of data traffic during the tested transaction: b' ═ b1’,b2’,...,bn' }, in which, xiAnd yiThe method comprises the steps of respectively representing horizontal and vertical coordinates of a data flow transmission vector in a random one-time test transaction process, transmitting tested data and called data to a transmission deviation analysis unit, calculating the data flow direction by using an arctan function after confirming the data flow vector coordinates, aiming at confirming the accurate direction of data transmission in a test environment, sensing the abnormity of information safety by analyzing the change of the data flow direction, confirming the transaction information transmission flow in a vector length calculation mode, aiming at comparing the transaction information transmission flow with the data flow in a called normal transaction process to judge the deviation of data, and comprehensively analyzing the data flow direction and the flow deviation to more accurately predict whether the transaction process is attacked or not and the attacking mode.
Comparing the tested data flow b' in the transaction process with the called data flow b in the corresponding transaction process by using a transmission deviation analysis unit: if b' is b, the data flow is not changed in the transaction process, and the transaction data can be transmitted from the information source to the information sink; if b '≠ b, it is indicated that data traffic changes in the transaction process, and there is a possibility that the transaction data cannot be transmitted to the sink, and the transmission deviation analysis unit is used for comparing the data flow direction theta' in the tested transaction process with the data flow direction theta in the called corresponding transaction process: if theta' is theta, the data flow direction is not changed in the transaction process; if the theta' ≠ theta, the data flow direction is changed in the transaction process, the transaction data has the possibility of being attacked and acquired by abnormal equipment, and the analysis result is transmitted to the abnormal equipment sensing unit.
The abnormal equipment sensing unit senses the transaction process of the change of the data flow direction and the data flow, senses whether signals of abnormal equipment exist around a transaction channel, and transmits the sensed position information of the abnormal equipment signals to the information security abnormity analysis unit.
The information security abnormity analysis unit is used for judging the attack mode in the transaction process: if the data flow is changed, the data flow direction is not changed, and abnormal equipment is not sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interruption; if the data flow is not changed, the data flow direction is changed, and abnormal equipment is sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interception; if the data flow and the data flow are changed and abnormal equipment is sensed around the transaction channel, the attack mode received in the corresponding transaction process is judged to be modified, the judgment result is transmitted to the abnormal processing unit, the abnormal equipment around the transaction environment is sensed after the attack mode is confirmed, so that the abnormal equipment can be conveniently tracked reversely, the attack source is estimated, and the risk of transaction information transmission can be further reduced.
And the exception handling unit takes different protective measures according to the judgment result aiming at different attacks suffered in the transaction process: if the transaction process is attacked by interruption, a plurality of virtual transaction channels are additionally arranged to complete the transaction; if the transaction process is intercepted and attacked, the data encryption degree is enhanced, and the positioned signal source of the abnormal equipment is searched; and if the transaction process is attacked by modification, increasing the data modification authority and searching the positioned signal source of the abnormal equipment.
The first embodiment is as follows: the data flow direction set in the transaction process is collected to be theta ═ theta1,θ2,θ3,θ4,θ5The data flow in the corresponding transaction process is set as 30 degrees, 53 degrees, 45 degrees, 60 degrees and 63 degrees
Figure BDA0002932402090000081
Figure BDA0002932402090000082
The data calling unit calls a data flow direction and a data flow to the transaction environment simulation test unit, and the information source and information sink positioning unit confirms that the point set of the information source is A ═ A1,A2,A3,A4,A5The point set where the signal sink is located is B ═ B1,B2,B3,B4,B5Establishing a two-dimensional coordinate system by taking the position of the information source as an origin, and confirming that a data stream transmission vector coordinate set in the transaction process is
Figure BDA0002932402090000083
Figure BDA0002932402090000084
The corresponding data stream transmission vector is
Figure BDA0002932402090000085
According to the formula
Figure BDA0002932402090000086
And obtaining a tested data flow set in the transaction process: theta ═ theta1’,θ2’,θ3’,θ4’,θ5' } {30 °, 53 °, 45 °, 30 °, 63 °, according to the formula
Figure BDA0002932402090000087
Obtaining a set of data traffic during the tested transaction:
Figure BDA0002932402090000088
Figure BDA0002932402090000089
comparing theta 'with theta, b' and b by the transmission deviation analysis unit, the data flow of the transaction process 3 changes, no abnormal signal is sensed, the data flow and the data flow of the transaction process 4 change, the abnormal signal is sensed, and the transaction process 3 is judged to be affectedThe attack mode of (1) is interruption, the attack mode of the transaction process 4 is modification, and the processing is carried out through the exception processing unit.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. The utility model provides an information security anomaly perception platform based on data mining and analysis of big data which characterized in that: the platform includes: the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, a database, a data retrieval unit, a transaction environment simulation test unit, a transaction channel establishment unit, an information source and information sink positioning unit, a transmission deviation analysis unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and an abnormity processing unit;
the input end of the database is connected with the output ends of the information transmission flow direction acquisition unit and the information transmission flow acquisition unit, the output end of the database is connected with the input end of the data retrieval unit, the output end of the data retrieval unit is connected with the input end of the transaction environment simulation test unit, the output end of the information source and information sink positioning unit is connected with the input end of the transaction channel establishing unit, the output end of the transaction channel establishing unit is connected with the input end of the transaction environment simulation test unit, the output end of the transaction environment simulation test unit is connected with the input end of the transmission deviation analysis unit, the output end of the transmission deviation analysis unit is connected with the input end of the abnormal equipment sensing unit, and the output end of the abnormal equipment sensing unit is connected with the input end of the information security abnormality analysis unit, the output end of the information security abnormity analysis unit is connected with the input end of the abnormity processing unit;
the system comprises an information transmission flow direction acquisition unit, an information transmission flow acquisition unit, an information source and information sink positioning unit, a transaction channel establishment unit, a transaction environment simulation test unit, an abnormal equipment sensing unit, an information security abnormity analysis unit and a data security abnormity analysis unit, wherein the information transmission flow direction acquisition unit is used for acquiring a data flow direction in the electronic commerce transaction process to the database, the information transmission flow acquisition unit is used for acquiring a data flow in the electronic commerce transaction process to the database, the information source and information sink positioning unit is used for positioning signal positions of two transaction parties in the electronic commerce transaction process, the transaction channel establishment unit and the transaction environment simulation test unit are used for establishing a transaction channel after confirming the signal positions of the two transaction parties and simulating and testing whether the transaction process is attacked or not, the transmission deviation analysis unit is used for analyzing the data flow and the direction deviation according to a test result, the abnormal equipment sensing unit is used, the exception handling unit is used for taking different protective measures for different attack modes.
2. The big data-based data mining and analyzing information security anomaly-aware platform according to claim 1, wherein: the information transmission flow direction acquisition unit and the information transmission flow acquisition unit acquire data flow direction and data flow in the transaction process and transmit the data flow direction and the data flow to the database for the data retrieval unit to retrieve, the data retrieval unit transmits the retrieved data to the transaction environment simulation test unit, the signal source and the signal sink positioning unit confirm the signal positions of both transaction parties tested in the transaction process, transmit the position information to the transaction channel establishing unit, the transaction channel establishing unit establishes a virtual transaction channel to confirm signal coordinates after receiving the signal position information of both transaction parties, transmits the coordinate information to the transaction environment simulation testing unit, the transaction environment simulation testing unit establishes a simulated transaction environment, and testing the direction and the data flow of the transaction data through the received coordinate information, and transmitting and scanning the test data into the transmission deviation analysis unit.
3. The big data-based data mining and analyzing information security anomaly-aware platform according to claim 2, wherein: the system comprises a transmission deviation analysis unit, an abnormal equipment sensing unit, an information safety abnormality analysis unit, an abnormal processing unit and a data processing unit, wherein the transmission deviation analysis unit is used for analyzing data flow direction and flow deviation in the transaction process by comparing test data with called data and transmitting an analysis result to the abnormal equipment sensing unit, the abnormal equipment sensing unit is used for sensing abnormal equipment around a transaction channel according to the change of the data flow direction after receiving the deviation data in the analysis result and transmitting the sensed position information of the abnormal equipment to the information safety abnormality analysis unit, the information safety abnormality analysis unit is used for judging the attack mode in the transaction process after receiving the position information of the abnormal equipment and transmitting the analysis result to the abnormal processing unit, and the abnormal processing unit is used for taking different protective measures according to the analysis result and aiming at different attacks in the transaction process.
4. The big data-based data mining and analyzing information security anomaly-aware platform according to claim 1, wherein: the attack mode suffered in the transaction process comprises the following steps: interrupting, intercepting and modifying, wherein the interrupting means blocking transaction information transmission in the transaction process, the intercepting means that an attacker acquires transaction data or identity information of both transaction parties in the transaction information transmission process, and the modifying means that the transaction data is transmitted to an information sink after being maliciously modified by the attacker.
5. The big data-based data mining and analyzing information security anomaly-aware platform according to claim 1, wherein: the information transmission flow direction acquisition unit acquires a data flow direction set in the transaction process as theta ═ theta1,θ2,...,θnAnd the information transmission flow acquisition unit acquires data flow set b ═ b in the corresponding transaction process1,b2,...,bnN represents the total times of transactions, the collected data flow direction and data flow are transmitted to the database for storage, and the data retrieval listAnd the meta-module calls data flow direction and data flow in different transaction processes in the database to the transaction environment simulation test unit.
6. The big data-based data mining and analyzing information security anomaly-aware platform according to claim 1, wherein: establishing a two-dimensional coordinate system by using the position of the information source as an origin point at a transaction information sending end through the information source information sink positioning unit, wherein the positions of the information sources are different in different transaction processes, and the point set of the information source is A ═ A { (A) }1,A2,...,AnThe point set of the transaction information receiving end, namely the information sink is B ═ B1,B2,...,BnAnd the information source information sink positioning unit positions the coordinate set of the data stream transmission vector in the point confirmation transaction process of the corresponding information sink as (x, y) { (x)1,y1),(x2,y2),...,(xn,yn) Is corresponding to the data stream transmission vector of
Figure FDA0002932402080000021
Wherein n represents the total times of the transaction, and transmits a data flow vector to the transaction environment simulation test unit, the transaction environment simulation test unit establishes a simulated transaction environment, and the direction and the data flow of the transaction data are tested through the received coordinate information: calculating the tested data flow direction theta according to the following formulai’:
Figure FDA0002932402080000031
And obtaining a tested data flow set in the transaction process: theta ═ theta1’,θ2’,...,θn' }, calculating the tested data flow b according to the following formulai’:
Figure FDA0002932402080000032
Obtaining a set of data traffic during the tested transaction: b' ═ b1’,b2’,...,bn' }, in which, xiAnd yiAnd respectively representing the horizontal and vertical coordinates of the data stream transmission vector in the random one-time test transaction process, and transmitting the tested data and the called data to the transmission deviation analysis unit.
7. The big data-based data mining and analyzing information security anomaly-aware platform of claim 6, wherein: comparing the tested data flow b' in the transaction process with the called data flow b in the corresponding transaction process by using the transmission deviation analysis unit: if b' is b, the data flow is not changed in the transaction process, and the transaction data can be transmitted from the information source to the information sink; if b '≠ b, it is indicated that data traffic changes in the transaction process, and there is a possibility that the transaction data cannot be transmitted to the sink, the transmission deviation analysis unit is used for comparing the data flow direction theta' in the tested transaction process with the data flow direction theta in the called corresponding transaction process: if theta' is theta, the data flow direction is not changed in the transaction process; if the theta' ≠ theta, the data flow direction is changed in the transaction process, the transaction data has the possibility of being attacked and acquired by abnormal equipment, and the analysis result is transmitted to the abnormal equipment sensing unit.
8. The big data-based data mining and analyzing information security anomaly-aware platform of claim 7, wherein: the abnormal equipment sensing unit senses the transaction process of the change of the data flow direction and the data flow, senses whether signals of abnormal equipment exist around a transaction channel, and transmits the sensed position information of the abnormal equipment signals to the information security abnormity analysis unit.
9. The big data-based data mining and analyzing information security anomaly-aware platform of claim 8, wherein: and judging the attack mode in the transaction process by the information security abnormity analysis unit: if the data flow is changed, the data flow direction is not changed, and abnormal equipment is not sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interruption; if the data flow is not changed, the data flow direction is changed, and abnormal equipment is sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is interception; if the data flow and the data flow are changed and abnormal equipment is sensed around the transaction channel, judging that the attack mode suffered in the corresponding transaction process is modification, and transmitting the judgment result to the abnormal processing unit.
10. The big data-based data mining and analyzing information security anomaly-aware platform of claim 9, wherein: the exception handling unit takes different protective measures according to the judgment result aiming at different attacks suffered in the transaction process: if the transaction process is attacked by interruption, a plurality of virtual transaction channels are additionally arranged to complete the transaction; if the transaction process is intercepted and attacked, the data encryption degree is enhanced, and the positioned signal source of the abnormal equipment is searched; and if the transaction process is attacked by modification, increasing the data modification authority and searching the positioned signal source of the abnormal equipment.
CN202110152158.0A 2021-02-03 2021-02-03 Big data-based information security anomaly sensing platform for data mining and analysis Active CN112907321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110152158.0A CN112907321B (en) 2021-02-03 2021-02-03 Big data-based information security anomaly sensing platform for data mining and analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110152158.0A CN112907321B (en) 2021-02-03 2021-02-03 Big data-based information security anomaly sensing platform for data mining and analysis

Publications (2)

Publication Number Publication Date
CN112907321A true CN112907321A (en) 2021-06-04
CN112907321B CN112907321B (en) 2021-08-27

Family

ID=76122053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110152158.0A Active CN112907321B (en) 2021-02-03 2021-02-03 Big data-based information security anomaly sensing platform for data mining and analysis

Country Status (1)

Country Link
CN (1) CN112907321B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688383A (en) * 2021-08-31 2021-11-23 林楠 Attack defense testing method based on artificial intelligence and artificial intelligence analysis system
CN115694846A (en) * 2021-07-22 2023-02-03 珠海市鸿瑞信息技术股份有限公司 Safety detection system and method based on industrial protocol
CN115797071A (en) * 2023-02-03 2023-03-14 上海特高信息技术有限公司 Macroscopic and microscopic level transaction anomaly detection method based on convolutional nerves
CN117217848A (en) * 2023-11-08 2023-12-12 深圳海辰储能科技有限公司 Energy storage transaction method, device and storage medium
CN117408787A (en) * 2023-12-15 2024-01-16 江西求是高等研究院 Root cause mining analysis method and system based on decision tree

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355463A (en) * 2008-08-27 2009-01-28 成都市华为赛门铁克科技有限公司 Method, system and equipment for judging network attack
CN102637332A (en) * 2012-04-27 2012-08-15 西安科技大学 Illegal invasion detection system and illegal invasion detection method
CN102821002A (en) * 2011-06-09 2012-12-12 中国移动通信集团河南有限公司信阳分公司 Method and system for network flow anomaly detection
CN103532940A (en) * 2013-09-30 2014-01-22 广东电网公司电力调度控制中心 Network security detection method and device
CN104822143A (en) * 2015-05-04 2015-08-05 东南大学 Source node position privacy protection method with anti-flow-analysis-attack function
CN111431939A (en) * 2020-04-24 2020-07-17 郑州大学体育学院 CTI-based SDN malicious traffic defense method and system
CN112256543A (en) * 2020-10-20 2021-01-22 福建奇点时空数字科技有限公司 Server abnormal behavior analysis and alarm method based on traffic data perception

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355463A (en) * 2008-08-27 2009-01-28 成都市华为赛门铁克科技有限公司 Method, system and equipment for judging network attack
CN102821002A (en) * 2011-06-09 2012-12-12 中国移动通信集团河南有限公司信阳分公司 Method and system for network flow anomaly detection
CN102637332A (en) * 2012-04-27 2012-08-15 西安科技大学 Illegal invasion detection system and illegal invasion detection method
CN103532940A (en) * 2013-09-30 2014-01-22 广东电网公司电力调度控制中心 Network security detection method and device
CN104822143A (en) * 2015-05-04 2015-08-05 东南大学 Source node position privacy protection method with anti-flow-analysis-attack function
CN111431939A (en) * 2020-04-24 2020-07-17 郑州大学体育学院 CTI-based SDN malicious traffic defense method and system
CN112256543A (en) * 2020-10-20 2021-01-22 福建奇点时空数字科技有限公司 Server abnormal behavior analysis and alarm method based on traffic data perception

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115694846A (en) * 2021-07-22 2023-02-03 珠海市鸿瑞信息技术股份有限公司 Safety detection system and method based on industrial protocol
CN115694846B (en) * 2021-07-22 2023-06-30 珠海市鸿瑞信息技术股份有限公司 Security detection system and method based on industrial protocol
CN113688383A (en) * 2021-08-31 2021-11-23 林楠 Attack defense testing method based on artificial intelligence and artificial intelligence analysis system
CN115797071A (en) * 2023-02-03 2023-03-14 上海特高信息技术有限公司 Macroscopic and microscopic level transaction anomaly detection method based on convolutional nerves
CN117217848A (en) * 2023-11-08 2023-12-12 深圳海辰储能科技有限公司 Energy storage transaction method, device and storage medium
CN117217848B (en) * 2023-11-08 2024-01-26 深圳海辰储能科技有限公司 Energy storage transaction method, device and storage medium
CN117408787A (en) * 2023-12-15 2024-01-16 江西求是高等研究院 Root cause mining analysis method and system based on decision tree
CN117408787B (en) * 2023-12-15 2024-03-05 江西求是高等研究院 Root cause mining analysis method and system based on decision tree

Also Published As

Publication number Publication date
CN112907321B (en) 2021-08-27

Similar Documents

Publication Publication Date Title
CN112907321B (en) Big data-based information security anomaly sensing platform for data mining and analysis
US9892259B2 (en) Security protection system and method
CN111984975B (en) Vulnerability attack detection system, method and medium based on mimicry defense mechanism
CN106685899B (en) Method and device for identifying malicious access
CN108491785A (en) A kind of artificial intelligence image identification attack defending system
CN112597462A (en) Industrial network safety system
CN106663176B (en) Detection device and detection method
CN113438249B (en) Attack tracing method based on strategy
CN110830441A (en) Information safety monitoring system based on big data
CN113852633A (en) Method for generating implementation case for information security assessment
CN114826880A (en) Method and system for online monitoring of data safe operation
CN104200162A (en) Computer program product for information security monitoring and defense and method thereof
KR100520687B1 (en) Apparatus and method for displaying states of the network
CN113094715B (en) Network security dynamic early warning system based on knowledge graph
CN116248406B (en) Information security storage method and information security device thereof
CN116707924A (en) Network security detection method and system based on big data analysis
KR102339826B1 (en) Cyber attack detection/blocking system and method through wireless communication in Linux network system environment
CN113923021A (en) Sandbox-based encrypted flow processing method, system, device and medium
CN115484172B (en) Management system and method of computer control terminal based on Internet of things
CN109150871A (en) Safety detection method, device, electronic equipment and computer readable storage medium
CN113239355B (en) Big data safety protection system based on trusted computing
CN112328652B (en) Method for mining toxic information based on mobile phone evidence obtaining electronic data
CN116915506B (en) Abnormal flow detection method and device, electronic equipment and storage medium
CN115065509B (en) Risk identification method and device for statistical inference attack based on deviation function
CN117938453A (en) Industrial Internet of things-oriented intrusion tracking detection and interception clearing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant