CN112953966A - Computer network safety intrusion detection system - Google Patents

Computer network safety intrusion detection system Download PDF

Info

Publication number
CN112953966A
CN112953966A CN202110299038.3A CN202110299038A CN112953966A CN 112953966 A CN112953966 A CN 112953966A CN 202110299038 A CN202110299038 A CN 202110299038A CN 112953966 A CN112953966 A CN 112953966A
Authority
CN
China
Prior art keywords
abnormal
user
computer
flow
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110299038.3A
Other languages
Chinese (zh)
Inventor
杨要科
王文奇
杨昌霖
邵奇峰
张俊宝
张茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongyuan University of Technology
Original Assignee
Zhongyuan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongyuan University of Technology filed Critical Zhongyuan University of Technology
Priority to CN202110299038.3A priority Critical patent/CN112953966A/en
Publication of CN112953966A publication Critical patent/CN112953966A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the field of network security supervision, in particular to a computer network security intrusion detection system, which comprises: the network flow monitoring module is used for monitoring the current network flow of the computer; the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow; the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user; and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result. The invention realizes the monitoring of the computer network safety based on the identification of the abnormal flow and the abnormal behavior of the computer, and can find the network intrusion danger existing in the running process of the system in time, thereby ensuring the safety of the computer internal data.

Description

Computer network safety intrusion detection system
Technical Field
The invention relates to the field of network security supervision, in particular to a computer network security intrusion detection system.
Background
With the rapid development of computer technology and Internet and the frequent occurrence of network information security events in recent years, the network information security problem gradually permeates into various industry fields and becomes the focus of people's attention. In order to prevent the occurrence of security events in advance and avoid loss, network security intrusion detection becomes a key link for knowing the network security performance. At present, the existing computer network security intrusion detection can only intercept specific or continuous intrusion behaviors, and has higher false alarm rate.
Disclosure of Invention
The invention aims to solve the technical problem of providing a computer network security intrusion detection system, which realizes the monitoring of computer network security based on the identification of abnormal flow and abnormal behavior of a computer and can find out the network intrusion danger existing in the running process of the system in time, thereby ensuring the security of the data loaded in the computer.
To solve the above technical problem, an embodiment of the present invention provides a computer network security intrusion detection system, including:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result.
Furthermore, the abnormal flow identification module records the user operation behavior based on a script recording mode, identifies the user operation behavior based on a fuzzy neural network algorithm, calculates the theoretically required flow based on an infinite deep neural network model according to the identification result of the user operation behavior, and finally identifies the abnormal flow through the operation of subtracting the monitoring value of the current network flow from the flow demand corresponding to the current operation.
Furthermore, each user operation behavior corresponds to a theoretical required flow interval value, and when the difference value between the required flow interval value and the monitoring value of the current flow is greater than a preset threshold, the current network safety is considered to have the risk of being invaded.
Further, the operation habit model is obtained by training based on data operation authority of the user, historical operation behaviors of the user and historical abnormal operation behaviors.
Furthermore, when the system is initialized, corresponding data operation authorities are configured for each identity verification model, when the system is closed, all the data operation authorities are in a locked state, and a user enters the corresponding identity verification model, so that unlocking of the data operation authorities in the authorities can be realized.
Further, still include:
and the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer.
Furthermore, the network traffic statistic module, the abnormal traffic identification module, the abnormal behavior identification module and the network security evaluation module are all deployed on a computer in a static jar packet mode.
The invention has the following beneficial effects:
the monitoring of computer network safety is realized based on the identification of abnormal flow and abnormal behavior of the computer, and the network intrusion danger existing in the running process of the system can be found in time, so that the safety of the computer internal data is ensured.
Drawings
Fig. 1 is a system block diagram of a computer network security intrusion detection system according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention provides a computer network security intrusion detection system, including:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result. In this embodiment, the computer network security is evaluated based on the LSTM-Attention classifier, and a corresponding computer security evaluation report is generated, so as to determine whether the computer network has an intrusion risk.
And the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer. Specifically, when the system detects that new script operation data are not generated within a preset time, the camera is started to acquire a user image in front of a current computer, then the face recognition model carried in the system is used for recognizing the face carried in the user image, if the face is not found, the user leaves, the system automatically locks the operation authority of all data based on the random encryption module until the user inputs a corresponding identity verification model to release the data operation authority in the authority; when face information is found, the identity recognition model is started to realize the recognition of the identity information corresponding to the current face, if the identity information of the current user is inconsistent with the identity information input during login, the system automatically locks the operation authority of all data based on the random encryption module until the user inputs the corresponding identity verification model to realize the release of the data operation authority in the authority.
In this embodiment, the abnormal traffic identification module records the user operation behavior based on a script recording mode, identifies the user operation behavior based on a fuzzy neural network algorithm, calculates theoretically required traffic based on an infinite deep neural network model according to the identification result of the user operation behavior, and identifies the abnormal traffic through a difference operation between a traffic demand corresponding to the current operation and a monitoring value of the current network traffic; each user operation behavior corresponds to a theoretical required flow interval value, and when the difference value between the required flow interval value and the monitoring value of the current flow is larger than a preset threshold, the current network safety is considered to have the risk of being invaded.
In this embodiment, the operation habit model is obtained by training based on data operation authority of a user, historical operation behavior of the user, and historical abnormal operation behavior (for example, continuously opening the same website, continuously opening the same document, etc.); specifically, the corresponding data operation authority is obtained based on the user identity authentication model, the recording of the user operation behavior is realized based on a script recording mode, and it is noted that the operation behavior script falling into the abnormal behavior threshold needs to be eliminated. Preferably, by configuring a user operation habit survey questionnaire, when a user logs in the system for the first time, calling of script data conforming to user operation habit is realized by filling in the survey questionnaire by the user, an operation habit model of the user is trained and constructed based on the user operation habit script data, when abnormal operation behavior is found each time, the system sends a corresponding abnormal behavior confirmation short message to a corresponding user mobile terminal through a short message automatic editing and sending module (when each user logs in for the first time, registration is required, a communication telephone of the user is a necessary item, and only the identity of an administrator can realize the modification of the communication telephone), the user enters a confirmation interface through a link carried in the short message received by the mobile terminal, if the user confirms that the operation behavior is the behavior conforming to self operation habit and safe, the generation of new operation script data can be realized through entering 'confirmation', and the system realizes the fine adjustment and updating of the operation habit model according to the new operation script data. In this embodiment, the operation habit model uses the LSTM-Attention classifier.
In this embodiment, when the system is initialized, a corresponding data operation authority is configured for each authentication model, when the system is closed, all the data operation authorities are in a locked state, and a user enters the corresponding authentication model, so that unlocking of the data operation authority in the authority can be realized. Specifically, when a system is initialized, a user needs to enter an administrator identity verification model to complete administrator identity authentication, then enters an identity verification model with the system operation authority and operation authorities corresponding to each identity verification model to realize initialization of the system operation authority, when the user needs to perform data operation authority in non-authority, a corresponding data operation request needs to be sent to an administrator terminal, and the administrator terminal can realize time-limited opening of corresponding data operation authority by sending a temporary permission notification.
In this embodiment, the network traffic statistic module, the abnormal traffic identification module, the abnormal behavior identification module, and the network security evaluation module are all deployed on the computer in the form of a static jar packet, so as to avoid computer resource consumption.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (7)

1. A computer network security intrusion detection system, comprising:
the network flow monitoring module is used for monitoring the current network flow of the computer;
the abnormal flow identification module is used for comparing the flow demand corresponding to the current operation with the monitoring value of the current network flow to realize the identification of the abnormal flow;
the abnormal behavior identification module is used for identifying and intercepting abnormal operation behaviors based on an operation habit model of a user;
and the network security evaluation module is used for realizing the evaluation of the computer network security based on the abnormal flow identification result and/or the abnormal behavior identification result.
2. The system according to claim 1, wherein the abnormal traffic recognition module records user operation behaviors based on a script recording mode, recognizes the user operation behaviors based on a fuzzy neural network algorithm, calculates theoretically required traffic based on an infinite deep neural network model according to recognition results of the user operation behaviors, and finally recognizes the abnormal traffic through a differencing operation between traffic demands corresponding to current operations and monitoring values of current network traffic.
3. The system of claim 1, wherein each user action corresponds to a theoretical required traffic interval value, and when the difference between the required traffic interval value and the monitored value of the current traffic is greater than a preset threshold, the current network security is considered to be at risk of being invaded.
4. The system of claim 1, wherein the operation habit model is trained based on user data operation authority, user historical operation behavior and historical abnormal operation behavior.
5. The system of claim 4, wherein when the system is initialized, corresponding data operation permissions are configured for each authentication model, when the system is closed, all the data operation permissions are in a locked state, and a user enters the corresponding authentication model, so that unlocking of the data operation permissions in the permissions can be realized.
6. The computer network security intrusion detection system of claim 1, further comprising:
and the dynamic monitoring module is started when the computer operation script is not updated within the preset time, and confirms whether the user leaves and/or the identity of the user in a mode that the camera collects the image of the user in front of the current computer.
7. The system of claim 1, wherein the network traffic statistics module, the abnormal traffic identification module, the abnormal behavior identification module, and the network security assessment module are deployed on the computer in the form of static jar packets.
CN202110299038.3A 2021-03-20 2021-03-20 Computer network safety intrusion detection system Pending CN112953966A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110299038.3A CN112953966A (en) 2021-03-20 2021-03-20 Computer network safety intrusion detection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110299038.3A CN112953966A (en) 2021-03-20 2021-03-20 Computer network safety intrusion detection system

Publications (1)

Publication Number Publication Date
CN112953966A true CN112953966A (en) 2021-06-11

Family

ID=76227384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110299038.3A Pending CN112953966A (en) 2021-03-20 2021-03-20 Computer network safety intrusion detection system

Country Status (1)

Country Link
CN (1) CN112953966A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572787A (en) * 2021-08-05 2021-10-29 信阳农林学院 Computer network intelligent monitoring system
CN113824733A (en) * 2021-10-16 2021-12-21 西安明德理工学院 Computer network management system
CN115001740A (en) * 2022-04-20 2022-09-02 东北电力大学 Attack path visualization system inside power system
CN115296827A (en) * 2022-01-24 2022-11-04 榆林学院 Method for protecting computer network security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140041032A1 (en) * 2012-08-01 2014-02-06 Opera Solutions, Llc System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test
CN107465559A (en) * 2017-09-20 2017-12-12 河北师范大学 A kind of network security supervising platform
CN107493300A (en) * 2017-09-20 2017-12-19 河北师范大学 Network security protection system
CN110597691A (en) * 2019-09-24 2019-12-20 河北环境工程学院 Computer monitoring system
CN112153076A (en) * 2020-10-20 2020-12-29 台州学院 Computer network safety intrusion detection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140041032A1 (en) * 2012-08-01 2014-02-06 Opera Solutions, Llc System and Method for Detecting Network Intrusions Using Statistical Models and a Generalized Likelihood Ratio Test
CN107465559A (en) * 2017-09-20 2017-12-12 河北师范大学 A kind of network security supervising platform
CN107493300A (en) * 2017-09-20 2017-12-19 河北师范大学 Network security protection system
CN110597691A (en) * 2019-09-24 2019-12-20 河北环境工程学院 Computer monitoring system
CN112153076A (en) * 2020-10-20 2020-12-29 台州学院 Computer network safety intrusion detection system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王振铎等: "一种计算机信息安全储存系统的设计", 《信息技术》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572787A (en) * 2021-08-05 2021-10-29 信阳农林学院 Computer network intelligent monitoring system
CN113824733A (en) * 2021-10-16 2021-12-21 西安明德理工学院 Computer network management system
CN113824733B (en) * 2021-10-16 2023-08-18 西安明德理工学院 Computer network management system
CN115296827A (en) * 2022-01-24 2022-11-04 榆林学院 Method for protecting computer network security
CN115001740A (en) * 2022-04-20 2022-09-02 东北电力大学 Attack path visualization system inside power system
CN115001740B (en) * 2022-04-20 2023-08-15 东北电力大学 Attack path visualization system in power system

Similar Documents

Publication Publication Date Title
CN112953966A (en) Computer network safety intrusion detection system
CN109729180B (en) Whole system intelligent community platform
CN109688105B (en) Threat alarm information generation method and system
US20040215972A1 (en) Computationally intelligent agents for distributed intrusion detection system and method of practicing same
US11902307B2 (en) Method and apparatus for network fraud detection and remediation through analytics
CN115189927A (en) Zero trust-based power network security protection method
CN112182519A (en) Computer storage system security access method and access system
US7974602B2 (en) Fraud detection techniques for wireless network operators
US20230109507A1 (en) System and Method for Detecting Intrusion Into In-Vehicle Network
US11811812B1 (en) Classification model to detect unauthorized network behavior
CN112466078B (en) Intelligent security system
CN110543761A (en) big data analysis method applied to information security field
CN111010384A (en) Self-security defense system and security defense method for terminal of Internet of things
CN108833425A (en) A kind of network safety system and method based on big data
CN116708210A (en) Operation and maintenance processing method and terminal equipment
CN113572787A (en) Computer network intelligent monitoring system
CN113382076A (en) Internet of things terminal security threat analysis method and protection method
CN115314286A (en) Safety guarantee system
CN114338105B (en) Zero trust based system for creating fort
CN1567346A (en) Flush bonding fingerprint gate inhibition system with infrared videotaping and wireless function
EP4106278A1 (en) System and method for detecting intrusion into in-vehicle network
KR20040049714A (en) System for a security using internet and method thereof
AT&T behavior.dvi
CN111314911B (en) WiFi terminal sniffing prevention method
CN108206826A (en) A kind of lightweight intrusion detection method towards Integrated Electronic System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210611

RJ01 Rejection of invention patent application after publication