CN113132408A - Network information security intrusion detection method - Google Patents

Network information security intrusion detection method Download PDF

Info

Publication number
CN113132408A
CN113132408A CN202110473553.9A CN202110473553A CN113132408A CN 113132408 A CN113132408 A CN 113132408A CN 202110473553 A CN202110473553 A CN 202110473553A CN 113132408 A CN113132408 A CN 113132408A
Authority
CN
China
Prior art keywords
mouse
control command
motion track
recognizing
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110473553.9A
Other languages
Chinese (zh)
Inventor
杨要科
李枫
潘惠勇
孔梦荣
王琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongyuan University of Technology
Original Assignee
Zhongyuan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongyuan University of Technology filed Critical Zhongyuan University of Technology
Priority to CN202110473553.9A priority Critical patent/CN113132408A/en
Priority to CN202211388294.0A priority patent/CN115766158A/en
Publication of CN113132408A publication Critical patent/CN113132408A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention relates to the field of network security supervision, in particular to a network information security intrusion detection method, which comprises the following steps: s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key; s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command; s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script; s4, recognizing abnormal flow based on a preset abnormal flow monitoring model; and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result. The invention can find the network intrusion danger existing in the system operation process in time, thereby ensuring the safety of the computer internal data.

Description

Network information security intrusion detection method
Technical Field
The invention relates to the field of network security supervision, in particular to a network information security intrusion detection method.
Background
With the rapid development of computer technology and Internet and the frequent occurrence of network information security events in recent years, the network information security problem gradually permeates into various industry fields and becomes the focus of people's attention. In order to prevent the occurrence of security events in advance and avoid loss, network security intrusion detection becomes a key link for knowing the network security performance. At present, the existing computer network security intrusion generally can only realize the identification and interception of specific or continuous intrusion behaviors, and has larger security loopholes.
Disclosure of Invention
In order to solve the technical problems, the invention provides a network information security intrusion detection method which can find network intrusion risks existing in the operation process of a system in time, thereby ensuring the security of computer internal data.
In order to solve the above technical problem, an embodiment of the present invention provides a method for detecting network information security intrusion, including the following steps:
s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s4, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
Further, in the step S1, the acquisition of the movement track of the mouse is realized based on a three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller.
Further, in the step S1, acquiring left and right key control commands based on the film type pressure sensor attached to the left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard.
Further, in step S2, the recognition of the mouse control command is realized according to the recognition of the mouse motion track, the mouse scroll motion track, and the left-right key control command based on the infinite deep neural network model.
Further, in the step S3, the similarity between the mouse control command, the shortcut key control command, and the computer operation script is compared based on the Bi-LSTM + Attention model, and if the similarity is lower than a preset threshold, it is determined that the abnormal behavior risk exists currently.
Furthermore, the computer operation script realizes the monitoring of the computer operation process in a script recording mode.
Further, still include: and identifying the access user based on a preset network access user table, and sending an identification result to the master user for confirmation.
Further, still include: the mouse pointer is reset, and the reset operation which can only be performed by the mouse is performed once each time the system is started and each time the control command is recorded.
The invention has the following beneficial effects:
1) the identification of the current actual operation behavior of the user is realized based on the acquisition of the mouse control command and the shortcut key control command, and then the identification of the abnormal behavior is realized by comparing the current actual operation behavior of the user with the operation behavior of the computer, and the network intrusion danger existing in the operation process of the system can be timely found in cooperation with the monitoring of the abnormal flow, so that the safety of the internal data of the computer is ensured.
2) Through the identification of the access user identity, the situations of network intrusion risk, network congestion and the like caused by the fact that the user not in the list accesses the network can be well avoided.
Drawings
Fig. 1 is a flowchart of a network information security intrusion detection method according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a method for detecting network information security intrusion, including the following steps:
s1, the operation of resetting the mouse pointer is realized, and the resetting operation of only one mouse is carried out every time the system is started and every time the control command is recorded; therefore, the accuracy of mouse control command identification corresponding to subsequent mouse motion estimation, mouse roller motion tracks and left and right key control commands is improved;
s2, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s3, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s4, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s5, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S6, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
In the embodiment, the acquisition of the motion track of the mouse is realized based on the three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller. Acquiring left and right key control commands based on film type pressure sensors attached to left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard. The three-dimensional attitude sensor, the high-precision gyroscope sensor and the thin film type pressure sensor are communicated with a control command recognition module loaded in a computer on the basis of the Bluetooth module.
In this embodiment, in step S2, the identification of the mouse control command is realized according to the identification of the mouse motion track, the mouse scroll motion track, and the left-right key control command based on the infinite deep neural network model. The infinite deep neural network model is obtained by training based on historical mouse motion tracks, mouse rolling motion tracks, left and right key control commands and control commands corresponding to the left and right key control commands.
In this embodiment, in the step S3, the similarity between the mouse control command, the shortcut key control command, and the computer operation script is compared based on the Bi-LSTM + Attention model, and if the similarity is lower than a preset threshold (95%), it is determined that the abnormal behavior risk exists currently.
In this embodiment, the computer operation script monitors the computer operation process in a script recording manner, and is implemented based on a static jar packet.
In this embodiment, the method further includes the steps of identifying the access user based on a preset network access user table, and sending the identification result to the master user for confirmation.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (8)

1. A network information security intrusion detection method is characterized by comprising the following steps:
s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s4, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
2. The method according to claim 1, wherein in step S1, the acquisition of the mouse motion trajectory is realized based on a three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller.
3. The method according to claim 1, wherein in step S1, the left and right key control commands are collected based on a film type pressure sensor attached to the left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard.
4. The method according to claim 1, wherein in step S2, the recognition of the mouse control command is implemented based on the infinite deep neural network model according to the recognition of the mouse motion track, the mouse scroll motion track, and the left-right key control command.
5. The method according to claim 1, wherein in step S3, the comparison between the similarity between the mouse control command, the shortcut control command and the computer operation script is implemented based on the Bi-LSTM + Attention model, and if the similarity is lower than a predetermined threshold, it is determined that the risk of abnormal behavior exists currently.
6. The method according to claim 1, wherein the computer operation script monitors the computer operation process by recording the script.
7. The method for detecting network information security intrusion of claim 1, further comprising: and identifying the access user based on a preset network access user table, and sending an identification result to the master user for confirmation.
8. The method for detecting network information security intrusion of claim 1, further comprising: the mouse pointer is reset, and the reset operation which can only be performed by the mouse is performed once each time the system is started and each time the control command is recorded.
CN202110473553.9A 2021-04-29 2021-04-29 Network information security intrusion detection method Pending CN113132408A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110473553.9A CN113132408A (en) 2021-04-29 2021-04-29 Network information security intrusion detection method
CN202211388294.0A CN115766158A (en) 2021-04-29 2021-04-29 Network information security intrusion detection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110473553.9A CN113132408A (en) 2021-04-29 2021-04-29 Network information security intrusion detection method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202211388294.0A Division CN115766158A (en) 2021-04-29 2021-04-29 Network information security intrusion detection system and method

Publications (1)

Publication Number Publication Date
CN113132408A true CN113132408A (en) 2021-07-16

Family

ID=76780951

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110473553.9A Pending CN113132408A (en) 2021-04-29 2021-04-29 Network information security intrusion detection method
CN202211388294.0A Pending CN115766158A (en) 2021-04-29 2021-04-29 Network information security intrusion detection system and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202211388294.0A Pending CN115766158A (en) 2021-04-29 2021-04-29 Network information security intrusion detection system and method

Country Status (1)

Country Link
CN (2) CN113132408A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572787A (en) * 2021-08-05 2021-10-29 信阳农林学院 Computer network intelligent monitoring system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116305105A (en) * 2023-05-25 2023-06-23 湖南警察学院 Information security monitoring method and system based on big data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5990893A (en) * 1996-09-13 1999-11-23 Kabushiki Kaisha Toshiba Data input device and method
CN107317682A (en) * 2017-05-10 2017-11-03 史展 A kind of identity identifying method and system
CN108063753A (en) * 2017-11-10 2018-05-22 全球能源互联网研究院有限公司 A kind of information safety monitoring method and system
CN108282440A (en) * 2017-01-05 2018-07-13 阿里巴巴集团控股有限公司 A kind of safety detection method, safety detection device and server
CN112487376A (en) * 2020-12-07 2021-03-12 北京明略昭辉科技有限公司 Man-machine verification method and device
CN112600805A (en) * 2020-12-03 2021-04-02 国家计算机网络与信息安全管理中心 Network security supervision platform

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5990893A (en) * 1996-09-13 1999-11-23 Kabushiki Kaisha Toshiba Data input device and method
CN108282440A (en) * 2017-01-05 2018-07-13 阿里巴巴集团控股有限公司 A kind of safety detection method, safety detection device and server
CN107317682A (en) * 2017-05-10 2017-11-03 史展 A kind of identity identifying method and system
CN108063753A (en) * 2017-11-10 2018-05-22 全球能源互联网研究院有限公司 A kind of information safety monitoring method and system
CN112600805A (en) * 2020-12-03 2021-04-02 国家计算机网络与信息安全管理中心 Network security supervision platform
CN112487376A (en) * 2020-12-07 2021-03-12 北京明略昭辉科技有限公司 Man-machine verification method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
申时凯,佘玉梅: "《我国现代化教育大数据应用技术与实践研究》", 31 March 2019 *
韩蕊: "《阿里巴巴B2B电商算法实战》", 31 July 2020, 机械工业出版社 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572787A (en) * 2021-08-05 2021-10-29 信阳农林学院 Computer network intelligent monitoring system

Also Published As

Publication number Publication date
CN115766158A (en) 2023-03-07

Similar Documents

Publication Publication Date Title
EP3949324B1 (en) Dynamic monitoring, detection of emerging computer events
CN103533546B (en) Implicit user verification and privacy protection method based on multi-dimensional behavior characteristics
WO2017065070A1 (en) Suspicious behavior detection system, information-processing device, method, and program
CN113132408A (en) Network information security intrusion detection method
US9414197B2 (en) Identifying personalized meaningful locations
CN111652290B (en) Method and device for detecting countermeasure sample
CN104598367A (en) System and method for automatically managing fault events of data center
CN107003992B (en) Perceptual associative memory for neural language behavior recognition systems
US20200167679A1 (en) Mapper component for a neuro-linguistic behavior recognition system
CN101359368A (en) Video image clustering method and system
US20220318118A1 (en) Detecting changes in application behavior using anomaly corroboration
US20240037665A1 (en) Systems and methods for identifying distracted driving events using common features
WO2016094625A1 (en) Lexical analyzer for a neuro-linguistic behavior recognition system
CN111291096A (en) Data set construction method and device, storage medium and abnormal index detection method
CN113674318A (en) Target tracking method, device and equipment
CN112487376A (en) Man-machine verification method and device
CN116501183A (en) Mouse displacement regulation and control method and system based on multi-sensor fusion
US11738759B2 (en) Systems and methods for identifying distracted driving events using unsupervised clustering
Truong et al. A data-driven approach for network intrusion detection and monitoring based on kernel null space
US11518391B1 (en) Systems and methods for identifying distracted driving events using semi-supervised clustering
CN111339829B (en) User identity authentication method, device, computer equipment and storage medium
US20170286856A1 (en) Trend analysis for a neuro-linguistic behavior recognition system
CN116521105B (en) Data management method and system based on big data equipment
Abin et al. Continuous User Authentication Using a Combination of Operation and Application-related Features
CN117527376A (en) Method for identifying whether active account number in application has vertical override based on flow data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210716