CN112953966A - Computer network safety intrusion detection system - Google Patents
Computer network safety intrusion detection system Download PDFInfo
- Publication number
- CN112953966A CN112953966A CN202110299038.3A CN202110299038A CN112953966A CN 112953966 A CN112953966 A CN 112953966A CN 202110299038 A CN202110299038 A CN 202110299038A CN 112953966 A CN112953966 A CN 112953966A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- user
- computer
- flow
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention relates to the field of network security supervision, in particular to a computer network security intrusion detection system, which comprises: the network flow monitoring module is used for monitoring the current network flow of the computer; the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow; the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user; and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result. The invention realizes the monitoring of the computer network safety based on the identification of the abnormal flow and the abnormal behavior of the computer, and can find the network intrusion danger existing in the running process of the system in time, thereby ensuring the safety of the computer internal data.
Description
Technical Field
The invention relates to the field of network security supervision, in particular to a computer network security intrusion detection system.
Background
With the rapid development of computer technology and Internet and the frequent occurrence of network information security events in recent years, the network information security problem gradually permeates into various industry fields and becomes the focus of people's attention. In order to prevent the occurrence of security events in advance and avoid loss, network security intrusion detection becomes a key link for knowing the network security performance. At present, the existing computer network security intrusion detection can only intercept specific or continuous intrusion behaviors, and has higher false alarm rate.
Disclosure of Invention
The invention aims to solve the technical problem of providing a computer network security intrusion detection system, which realizes the monitoring of computer network security based on the identification of abnormal flow and abnormal behavior of a computer and can find out the network intrusion danger existing in the running process of the system in time, thereby ensuring the security of the data loaded in the computer.
To solve the above technical problem, an embodiment of the present invention provides a computer network security intrusion detection system, including:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result.
Furthermore, the abnormal flow identification module records the user operation behavior based on a script recording mode, identifies the user operation behavior based on a fuzzy neural network algorithm, calculates the theoretically required flow based on an infinite deep neural network model according to the identification result of the user operation behavior, and finally identifies the abnormal flow through the operation of subtracting the monitoring value of the current network flow from the flow demand corresponding to the current operation.
Furthermore, each user operation behavior corresponds to a theoretical required flow interval value, and when the difference value between the required flow interval value and the monitoring value of the current flow is greater than a preset threshold, the current network safety is considered to have the risk of being invaded.
Further, the operation habit model is obtained by training based on data operation authority of the user, historical operation behaviors of the user and historical abnormal operation behaviors.
Furthermore, when the system is initialized, corresponding data operation authorities are configured for each identity verification model, when the system is closed, all the data operation authorities are in a locked state, and a user enters the corresponding identity verification model, so that unlocking of the data operation authorities in the authorities can be realized.
Further, still include:
and the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer.
Furthermore, the network traffic statistic module, the abnormal traffic identification module, the abnormal behavior identification module and the network security evaluation module are all deployed on a computer in a static jar packet mode.
The invention has the following beneficial effects:
the monitoring of computer network safety is realized based on the identification of abnormal flow and abnormal behavior of the computer, and the network intrusion danger existing in the running process of the system can be found in time, so that the safety of the computer internal data is ensured.
Drawings
Fig. 1 is a system block diagram of a computer network security intrusion detection system according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention provides a computer network security intrusion detection system, including:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result. In this embodiment, the computer network security is evaluated based on the LSTM-Attention classifier, and a corresponding computer security evaluation report is generated, so as to determine whether the computer network has an intrusion risk.
And the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer. Specifically, when the system detects that new script operation data are not generated within a preset time, the camera is started to acquire a user image in front of a current computer, then the face recognition model carried in the system is used for recognizing the face carried in the user image, if the face is not found, the user leaves, the system automatically locks the operation authority of all data based on the random encryption module until the user inputs a corresponding identity verification model to release the data operation authority in the authority; when face information is found, the identity recognition model is started to realize the recognition of the identity information corresponding to the current face, if the identity information of the current user is inconsistent with the identity information input during login, the system automatically locks the operation authority of all data based on the random encryption module until the user inputs the corresponding identity verification model to realize the release of the data operation authority in the authority.
In this embodiment, the abnormal traffic identification module records the user operation behavior based on a script recording mode, identifies the user operation behavior based on a fuzzy neural network algorithm, calculates theoretically required traffic based on an infinite deep neural network model according to the identification result of the user operation behavior, and identifies the abnormal traffic through a difference operation between a traffic demand corresponding to the current operation and a monitoring value of the current network traffic; each user operation behavior corresponds to a theoretical required flow interval value, and when the difference value between the required flow interval value and the monitoring value of the current flow is larger than a preset threshold, the current network safety is considered to have the risk of being invaded.
In this embodiment, the operation habit model is obtained by training based on data operation authority of a user, historical operation behavior of the user, and historical abnormal operation behavior (for example, continuously opening the same website, continuously opening the same document, etc.); specifically, the corresponding data operation authority is obtained based on the user identity authentication model, the recording of the user operation behavior is realized based on a script recording mode, and it is noted that the operation behavior script falling into the abnormal behavior threshold needs to be eliminated. Preferably, by configuring a user operation habit survey questionnaire, when a user logs in the system for the first time, calling of script data conforming to user operation habit is realized by filling in the survey questionnaire by the user, an operation habit model of the user is trained and constructed based on the user operation habit script data, when abnormal operation behavior is found each time, the system sends a corresponding abnormal behavior confirmation short message to a corresponding user mobile terminal through a short message automatic editing and sending module (when each user logs in for the first time, registration is required, a communication telephone of the user is a necessary item, and only the identity of an administrator can realize the modification of the communication telephone), the user enters a confirmation interface through a link carried in the short message received by the mobile terminal, if the user confirms that the operation behavior is the behavior conforming to self operation habit and safe, the generation of new operation script data can be realized through entering 'confirmation', and the system realizes the fine adjustment and updating of the operation habit model according to the new operation script data. In this embodiment, the operation habit model uses the LSTM-Attention classifier.
In this embodiment, when the system is initialized, a corresponding data operation authority is configured for each authentication model, when the system is closed, all the data operation authorities are in a locked state, and a user enters the corresponding authentication model, so that unlocking of the data operation authority in the authority can be realized. Specifically, when a system is initialized, a user needs to enter an administrator identity verification model to complete administrator identity authentication, then enters an identity verification model with the system operation authority and operation authorities corresponding to each identity verification model to realize initialization of the system operation authority, when the user needs to perform data operation authority in non-authority, a corresponding data operation request needs to be sent to an administrator terminal, and the administrator terminal can realize time-limited opening of corresponding data operation authority by sending a temporary permission notification.
In this embodiment, the network traffic statistic module, the abnormal traffic identification module, the abnormal behavior identification module, and the network security evaluation module are all deployed on the computer in the form of a static jar packet, so as to avoid computer resource consumption.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (7)
1. A computer network security intrusion detection system, comprising:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result.
2. The system according to claim 1, wherein the abnormal traffic recognition module records user operation behaviors based on a script recording mode, recognizes the user operation behaviors based on a fuzzy neural network algorithm, calculates theoretically required traffic based on an infinite deep neural network model according to recognition results of the user operation behaviors, and finally recognizes the abnormal traffic through a differencing operation between traffic demands corresponding to current operations and monitoring values of current network traffic.
3. The system of claim 1, wherein each user action corresponds to a theoretical required traffic interval value, and when the difference between the required traffic interval value and the monitored value of the current traffic is greater than a preset threshold, the current network security is considered to be at risk of being invaded.
4. The system of claim 1, wherein the operation habit model is trained based on user data operation authority, user historical operation behavior and historical abnormal operation behavior.
5. The system of claim 4, wherein when the system is initialized, corresponding data operation permissions are configured for each authentication model, when the system is closed, all the data operation permissions are in a locked state, and a user enters the corresponding authentication model, so that unlocking of the data operation permissions in the permissions can be realized.
6. The computer network security intrusion detection system of claim 1, further comprising:
and the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer.
7. The system of claim 1, wherein the network traffic statistics module, the abnormal traffic identification module, the abnormal behavior identification module, and the network security assessment module are deployed on the computer in the form of static jar packets.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110299038.3A CN112953966A (en) | 2021-03-20 | 2021-03-20 | Computer network safety intrusion detection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110299038.3A CN112953966A (en) | 2021-03-20 | 2021-03-20 | Computer network safety intrusion detection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112953966A true CN112953966A (en) | 2021-06-11 |
Family
ID=76227384
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110299038.3A Pending CN112953966A (en) | 2021-03-20 | 2021-03-20 | Computer network safety intrusion detection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112953966A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113572787A (en) * | 2021-08-05 | 2021-10-29 | 信阳农林学院 | Computer network intelligent monitoring system |
CN113824733A (en) * | 2021-10-16 | 2021-12-21 | 西安明德理工学院 | Computer network management system |
CN115001740A (en) * | 2022-04-20 | 2022-09-02 | 东北电力大学 | Attack path visualization system inside power system |
CN115296827A (en) * | 2022-01-24 | 2022-11-04 | 榆林学院 | Method for protecting computer network security |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140041032A1 (en) * | 2012-08-01 | 2014-02-06 | Opera Solutions, Llc | System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test |
CN107465559A (en) * | 2017-09-20 | 2017-12-12 | 河北师范大学 | A kind of network security supervising platform |
CN107493300A (en) * | 2017-09-20 | 2017-12-19 | 河北师范大学 | Network security protection system |
CN110597691A (en) * | 2019-09-24 | 2019-12-20 | 河北环境工程学院 | Computer monitoring system |
CN112153076A (en) * | 2020-10-20 | 2020-12-29 | 台州学院 | Computer network safety intrusion detection system |
-
2021
- 2021-03-20 CN CN202110299038.3A patent/CN112953966A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140041032A1 (en) * | 2012-08-01 | 2014-02-06 | Opera Solutions, Llc | System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test |
CN107465559A (en) * | 2017-09-20 | 2017-12-12 | 河北师范大学 | A kind of network security supervising platform |
CN107493300A (en) * | 2017-09-20 | 2017-12-19 | 河北师范大学 | Network security protection system |
CN110597691A (en) * | 2019-09-24 | 2019-12-20 | 河北环境工程学院 | Computer monitoring system |
CN112153076A (en) * | 2020-10-20 | 2020-12-29 | 台州学院 | Computer network safety intrusion detection system |
Non-Patent Citations (1)
Title |
---|
王振铎等: "一种计算机信息安全储存系统的设计", 《信息技术》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113572787A (en) * | 2021-08-05 | 2021-10-29 | 信阳农林学院 | Computer network intelligent monitoring system |
CN113824733A (en) * | 2021-10-16 | 2021-12-21 | 西安明德理工学院 | Computer network management system |
CN113824733B (en) * | 2021-10-16 | 2023-08-18 | 西安明德理工学院 | Computer network management system |
CN115296827A (en) * | 2022-01-24 | 2022-11-04 | 榆林学院 | Method for protecting computer network security |
CN115001740A (en) * | 2022-04-20 | 2022-09-02 | 东北电力大学 | Attack path visualization system inside power system |
CN115001740B (en) * | 2022-04-20 | 2023-08-15 | 东北电力大学 | Attack path visualization system in power system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112953966A (en) | Computer network safety intrusion detection system | |
CN109729180B (en) | Whole system intelligent community platform | |
CN109688105B (en) | Threat alarm information generation method and system | |
US20040215972A1 (en) | Computationally intelligent agents for distributed intrusion detection system and method of practicing same | |
US11902307B2 (en) | Method and apparatus for network fraud detection and remediation through analytics | |
CN115189927A (en) | Zero trust-based power network security protection method | |
CN112182519A (en) | Computer storage system security access method and access system | |
US7974602B2 (en) | Fraud detection techniques for wireless network operators | |
US20230109507A1 (en) | System and Method for Detecting Intrusion Into In-Vehicle Network | |
US11811812B1 (en) | Classification model to detect unauthorized network behavior | |
CN112466078B (en) | Intelligent security system | |
CN110543761A (en) | big data analysis method applied to information security field | |
CN111010384A (en) | Self-security defense system and security defense method for terminal of Internet of things | |
CN108833425A (en) | A kind of network safety system and method based on big data | |
CN116708210A (en) | Operation and maintenance processing method and terminal equipment | |
CN113572787A (en) | Computer network intelligent monitoring system | |
CN113382076A (en) | Internet of things terminal security threat analysis method and protection method | |
CN115314286A (en) | Safety guarantee system | |
CN114338105B (en) | Zero trust based system for creating fort | |
CN1567346A (en) | Flush bonding fingerprint gate inhibition system with infrared videotaping and wireless function | |
EP4106278A1 (en) | System and method for detecting intrusion into in-vehicle network | |
KR20040049714A (en) | System for a security using internet and method thereof | |
AT&T | behavior.dvi | |
CN111314911B (en) | WiFi terminal sniffing prevention method | |
CN108206826A (en) | A kind of lightweight intrusion detection method towards Integrated Electronic System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210611 |
|
RJ01 | Rejection of invention patent application after publication |