CN113132408A - Network information security intrusion detection method - Google Patents
Network information security intrusion detection method Download PDFInfo
- Publication number
- CN113132408A CN113132408A CN202110473553.9A CN202110473553A CN113132408A CN 113132408 A CN113132408 A CN 113132408A CN 202110473553 A CN202110473553 A CN 202110473553A CN 113132408 A CN113132408 A CN 113132408A
- Authority
- CN
- China
- Prior art keywords
- mouse
- control command
- motion track
- recognizing
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention relates to the field of network security supervision, in particular to a network information security intrusion detection method, which comprises the following steps: s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key; s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command; s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script; s4, recognizing abnormal flow based on a preset abnormal flow monitoring model; and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result. The invention can find the network intrusion danger existing in the system operation process in time, thereby ensuring the safety of the computer internal data.
Description
Technical Field
The invention relates to the field of network security supervision, in particular to a network information security intrusion detection method.
Background
With the rapid development of computer technology and Internet and the frequent occurrence of network information security events in recent years, the network information security problem gradually permeates into various industry fields and becomes the focus of people's attention. In order to prevent the occurrence of security events in advance and avoid loss, network security intrusion detection becomes a key link for knowing the network security performance. At present, the existing computer network security intrusion generally can only realize the identification and interception of specific or continuous intrusion behaviors, and has larger security loopholes.
Disclosure of Invention
In order to solve the technical problems, the invention provides a network information security intrusion detection method which can find network intrusion risks existing in the operation process of a system in time, thereby ensuring the security of computer internal data.
In order to solve the above technical problem, an embodiment of the present invention provides a method for detecting network information security intrusion, including the following steps:
s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s4, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
Further, in the step S1, the acquisition of the movement track of the mouse is realized based on a three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller.
Further, in the step S1, acquiring left and right key control commands based on the film type pressure sensor attached to the left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard.
Further, in step S2, the recognition of the mouse control command is realized according to the recognition of the mouse motion track, the mouse scroll motion track, and the left-right key control command based on the infinite deep neural network model.
Further, in the step S3, the similarity between the mouse control command, the shortcut key control command, and the computer operation script is compared based on the Bi-LSTM + Attention model, and if the similarity is lower than a preset threshold, it is determined that the abnormal behavior risk exists currently.
Furthermore, the computer operation script realizes the monitoring of the computer operation process in a script recording mode.
Further, still include: and identifying the access user based on a preset network access user table, and sending an identification result to the master user for confirmation.
Further, still include: the mouse pointer is reset, and the reset operation which can only be performed by the mouse is performed once each time the system is started and each time the control command is recorded.
The invention has the following beneficial effects:
1) the identification of the current actual operation behavior of the user is realized based on the acquisition of the mouse control command and the shortcut key control command, and then the identification of the abnormal behavior is realized by comparing the current actual operation behavior of the user with the operation behavior of the computer, and the network intrusion danger existing in the operation process of the system can be timely found in cooperation with the monitoring of the abnormal flow, so that the safety of the internal data of the computer is ensured.
2) Through the identification of the access user identity, the situations of network intrusion risk, network congestion and the like caused by the fact that the user not in the list accesses the network can be well avoided.
Drawings
Fig. 1 is a flowchart of a network information security intrusion detection method according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a method for detecting network information security intrusion, including the following steps:
s1, the operation of resetting the mouse pointer is realized, and the resetting operation of only one mouse is carried out every time the system is started and every time the control command is recorded; therefore, the accuracy of mouse control command identification corresponding to subsequent mouse motion estimation, mouse roller motion tracks and left and right key control commands is improved;
s2, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s3, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s4, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s5, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S6, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
In the embodiment, the acquisition of the motion track of the mouse is realized based on the three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller. Acquiring left and right key control commands based on film type pressure sensors attached to left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard. The three-dimensional attitude sensor, the high-precision gyroscope sensor and the thin film type pressure sensor are communicated with a control command recognition module loaded in a computer on the basis of the Bluetooth module.
In this embodiment, in step S2, the identification of the mouse control command is realized according to the identification of the mouse motion track, the mouse scroll motion track, and the left-right key control command based on the infinite deep neural network model. The infinite deep neural network model is obtained by training based on historical mouse motion tracks, mouse rolling motion tracks, left and right key control commands and control commands corresponding to the left and right key control commands.
In this embodiment, in the step S3, the similarity between the mouse control command, the shortcut key control command, and the computer operation script is compared based on the Bi-LSTM + Attention model, and if the similarity is lower than a preset threshold (95%), it is determined that the abnormal behavior risk exists currently.
In this embodiment, the computer operation script monitors the computer operation process in a script recording manner, and is implemented based on a static jar packet.
In this embodiment, the method further includes the steps of identifying the access user based on a preset network access user table, and sending the identification result to the master user for confirmation.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (8)
1. A network information security intrusion detection method is characterized by comprising the following steps:
s1, acquiring a mouse motion track, a mouse roller motion track and a left-right key control command, and acquiring a control command input by a shortcut key;
s2, recognizing the mouse control command through recognizing the mouse motion track, the mouse rolling motion track and the left and right key control command;
s3, recognizing and intercepting abnormal behaviors based on the comparison of the mouse control command, the shortcut key control command and the computer operation script;
s4, recognizing abnormal flow based on a preset abnormal flow monitoring model;
and S5, evaluating the security of the computer network based on the identification result of the abnormal behavior and/or the abnormal traffic identification result.
2. The method according to claim 1, wherein in step S1, the acquisition of the mouse motion trajectory is realized based on a three-dimensional attitude sensor internally loaded in the mouse; the acquisition of the movement track of the mouse roller is realized based on a high-precision gyroscope sensor internally loaded in the mouse roller.
3. The method according to claim 1, wherein in step S1, the left and right key control commands are collected based on a film type pressure sensor attached to the left and right keys of the mouse; the acquisition of the control command input by the shortcut key is realized based on the film type pressure sensor which is pasted on the shortcut key of the keyboard.
4. The method according to claim 1, wherein in step S2, the recognition of the mouse control command is implemented based on the infinite deep neural network model according to the recognition of the mouse motion track, the mouse scroll motion track, and the left-right key control command.
5. The method according to claim 1, wherein in step S3, the comparison between the similarity between the mouse control command, the shortcut control command and the computer operation script is implemented based on the Bi-LSTM + Attention model, and if the similarity is lower than a predetermined threshold, it is determined that the risk of abnormal behavior exists currently.
6. The method according to claim 1, wherein the computer operation script monitors the computer operation process by recording the script.
7. The method for detecting network information security intrusion of claim 1, further comprising: and identifying the access user based on a preset network access user table, and sending an identification result to the master user for confirmation.
8. The method for detecting network information security intrusion of claim 1, further comprising: the mouse pointer is reset, and the reset operation which can only be performed by the mouse is performed once each time the system is started and each time the control command is recorded.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110473553.9A CN113132408A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection method |
CN202211388294.0A CN115766158A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110473553.9A CN113132408A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection method |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211388294.0A Division CN115766158A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113132408A true CN113132408A (en) | 2021-07-16 |
Family
ID=76780951
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110473553.9A Pending CN113132408A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection method |
CN202211388294.0A Pending CN115766158A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection system and method |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211388294.0A Pending CN115766158A (en) | 2021-04-29 | 2021-04-29 | Network information security intrusion detection system and method |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN113132408A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113572787A (en) * | 2021-08-05 | 2021-10-29 | 信阳农林学院 | Computer network intelligent monitoring system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116305105A (en) * | 2023-05-25 | 2023-06-23 | 湖南警察学院 | Information security monitoring method and system based on big data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5990893A (en) * | 1996-09-13 | 1999-11-23 | Kabushiki Kaisha Toshiba | Data input device and method |
CN107317682A (en) * | 2017-05-10 | 2017-11-03 | 史展 | A kind of identity identifying method and system |
CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
CN108282440A (en) * | 2017-01-05 | 2018-07-13 | 阿里巴巴集团控股有限公司 | A kind of safety detection method, safety detection device and server |
CN112487376A (en) * | 2020-12-07 | 2021-03-12 | 北京明略昭辉科技有限公司 | Man-machine verification method and device |
CN112600805A (en) * | 2020-12-03 | 2021-04-02 | 国家计算机网络与信息安全管理中心 | Network security supervision platform |
-
2021
- 2021-04-29 CN CN202110473553.9A patent/CN113132408A/en active Pending
- 2021-04-29 CN CN202211388294.0A patent/CN115766158A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5990893A (en) * | 1996-09-13 | 1999-11-23 | Kabushiki Kaisha Toshiba | Data input device and method |
CN108282440A (en) * | 2017-01-05 | 2018-07-13 | 阿里巴巴集团控股有限公司 | A kind of safety detection method, safety detection device and server |
CN107317682A (en) * | 2017-05-10 | 2017-11-03 | 史展 | A kind of identity identifying method and system |
CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
CN112600805A (en) * | 2020-12-03 | 2021-04-02 | 国家计算机网络与信息安全管理中心 | Network security supervision platform |
CN112487376A (en) * | 2020-12-07 | 2021-03-12 | 北京明略昭辉科技有限公司 | Man-machine verification method and device |
Non-Patent Citations (2)
Title |
---|
申时凯,佘玉梅: "《我国现代化教育大数据应用技术与实践研究》", 31 March 2019 * |
韩蕊: "《阿里巴巴B2B电商算法实战》", 31 July 2020, 机械工业出版社 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113572787A (en) * | 2021-08-05 | 2021-10-29 | 信阳农林学院 | Computer network intelligent monitoring system |
Also Published As
Publication number | Publication date |
---|---|
CN115766158A (en) | 2023-03-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3949324B1 (en) | Dynamic monitoring, detection of emerging computer events | |
CN103533546B (en) | Implicit user verification and privacy protection method based on multi-dimensional behavior characteristics | |
WO2017065070A1 (en) | Suspicious behavior detection system, information-processing device, method, and program | |
CN113132408A (en) | Network information security intrusion detection method | |
US9414197B2 (en) | Identifying personalized meaningful locations | |
CN111652290B (en) | Method and device for detecting countermeasure sample | |
CN104598367A (en) | System and method for automatically managing fault events of data center | |
CN107003992B (en) | Perceptual associative memory for neural language behavior recognition systems | |
US20200167679A1 (en) | Mapper component for a neuro-linguistic behavior recognition system | |
CN101359368A (en) | Video image clustering method and system | |
US20220318118A1 (en) | Detecting changes in application behavior using anomaly corroboration | |
US20240037665A1 (en) | Systems and methods for identifying distracted driving events using common features | |
WO2016094625A1 (en) | Lexical analyzer for a neuro-linguistic behavior recognition system | |
CN111291096A (en) | Data set construction method and device, storage medium and abnormal index detection method | |
CN113674318A (en) | Target tracking method, device and equipment | |
CN112487376A (en) | Man-machine verification method and device | |
CN116501183A (en) | Mouse displacement regulation and control method and system based on multi-sensor fusion | |
US11738759B2 (en) | Systems and methods for identifying distracted driving events using unsupervised clustering | |
Truong et al. | A data-driven approach for network intrusion detection and monitoring based on kernel null space | |
US11518391B1 (en) | Systems and methods for identifying distracted driving events using semi-supervised clustering | |
CN111339829B (en) | User identity authentication method, device, computer equipment and storage medium | |
US20170286856A1 (en) | Trend analysis for a neuro-linguistic behavior recognition system | |
CN116521105B (en) | Data management method and system based on big data equipment | |
Abin et al. | Continuous User Authentication Using a Combination of Operation and Application-related Features | |
CN117527376A (en) | Method for identifying whether active account number in application has vertical override based on flow data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210716 |