CN113411353A - Network security protection method and system - Google Patents

Network security protection method and system Download PDF

Info

Publication number
CN113411353A
CN113411353A CN202110884873.3A CN202110884873A CN113411353A CN 113411353 A CN113411353 A CN 113411353A CN 202110884873 A CN202110884873 A CN 202110884873A CN 113411353 A CN113411353 A CN 113411353A
Authority
CN
China
Prior art keywords
network security
user
login information
preset
coefficient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110884873.3A
Other languages
Chinese (zh)
Other versions
CN113411353B (en
Inventor
彭译苇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qingruilin Technology Co ltd
Original Assignee
Guangzhou Huitu Computer Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huitu Computer Information Technology Co ltd filed Critical Guangzhou Huitu Computer Information Technology Co ltd
Priority to CN202110884873.3A priority Critical patent/CN113411353B/en
Publication of CN113411353A publication Critical patent/CN113411353A/en
Application granted granted Critical
Publication of CN113411353B publication Critical patent/CN113411353B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention relates to a network security protection method and a system, comprising a network security determining unit, a network security protection determining unit and a network security protection determining unit, wherein the network security determining unit is used for judging a user login information parameter according to the acquired security level of a current network and the login information of a current user, and preliminarily determining the network security protection level; the network security execution unit determines different levels of network security protection according to the login information parameters of the user, and the network security management unit adjusts the login information parameters of the user according to the actual behavior of the user within preset time; the network security adjusting unit adjusts the network security protection level according to the adjusted login information parameters of the user; the network security protection level is preliminarily determined by determining the login information parameters of the user, and the login information parameters of the user are adjusted according to the adjustment parameters determined by the behavior parameters of the user, so that the network security protection level is adjusted, the network security is improved, and the stability of normal operation of the user is guaranteed.

Description

Network security protection method and system
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a network security protection method and system.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. And (4) safety of information propagation consequences, including information filtering and the like. It focuses on preventing and controlling the consequences of illegal, harmful information dissemination and avoiding free information runaway on public networks.
In the prior art, the network security protection method still has the problem that the security is insufficient due to the fact that the network security protection level is difficult to adjust in real time according to the current network state and the actual operation behavior of a user.
Disclosure of Invention
Therefore, the invention provides a network security protection method, which is used for overcoming the problem of insufficient security caused by the fact that the network security protection level is difficult to adjust in real time according to the current network state and the actual operation behavior of a user in the network security protection method in the prior art.
In order to achieve the above object, the present invention provides a network security protection method, including,
step S1, the network security determining unit judges the user login information parameter according to the acquired security level of the current network and the login information of the current user, and preliminarily determines the network security protection level;
step S2, the network security execution unit determines different levels of network security protection according to the login information parameters of the user, and the network security management unit adjusts the login information parameters of the user according to the actual behavior of the user within the preset time;
step S3, the network security adjusting unit adjusts the network security protection level according to the adjusted login information parameter of the user;
in step S1, the network security determining unit determines the login information parameters of the user according to the login times of the user, the abnormal operation times of the user, and the remote login times of the user, and determines the coefficients in the login information parameters of the user in combination with the security level of the current network, the network security determining unit calculates the login information parameters of the user according to the coefficients in the determined login information parameters of the user, and the network security determining unit preliminarily determines the network security protection level according to the calculated login information parameters of the user;
in step S2, the network security executing unit receives and executes the network security level instruction transmitted by the network security determining unit, and when the network security executing unit operates according to the determined network security level, the network security managing unit calculates the behavior parameters of the user according to the login duration and the abnormal operation times of the user within the preset time, and determines the adjustment parameters of the login information parameters of the user according to the calculated behavior parameters;
in step S3, the network security adjusting unit adjusts the login information parameters of the user in real time according to the determined adjustment parameters, and adjusts the network security level in real time according to the adjusted login information parameters of the user.
Further, in step S1, the login information of the user includes the login times of the user, the abnormal operation times of the user, and the remote login times of the user, and the login information parameter of the user is set as c, then,
c=α×Fd/Fd0+β×Fy/Fy0+γ×Fx/Fd
wherein Fd denotes the number of user logins, Fd0 denotes the number of preset logins, Fy denotes the number of abnormal user operations, Fy0 denotes the number of preset abnormal user operations, Fx denotes the number of user foreign logins, α denotes a coefficient of the number of logins, β denotes a coefficient of the number of abnormal user operations, and γ denotes a coefficient of the number of foreign logins.
Further, security levels D1, D2, D3, …, and Dn of the network are preset in the network security determining unit, wherein D1 represents a first preset network security level, D2 represents a second preset network security level, D3 represents a third preset network security level, Dn represents an nth preset network security level, and n is a positive number;
the network security determining unit is internally preset with coefficients X1, X2, X3, … and Xn, wherein X1 represents a first preset coefficient, X2 represents a second preset coefficient, X3 represents a third preset coefficient, and Xn represents an nth preset coefficient;
for the ith preset coefficient Xi (α i, β i, γ i), i =1, 2, 3, …, n is set as a positive number, α i represents a coefficient of the ith preset number of times of login, β i represents a coefficient of the ith preset number of times of abnormal operation, and γ i represents a coefficient of the ith preset number of times of remote login.
Further, the network security determining unit determines a coefficient in the login information parameter of the user according to the security level of the current network, and sets the security level of the current network as Ds, then,
if Ds is less than or equal to D1, the network security determining unit determines that the coefficient in the login information parameters of the user is X1, determines alpha 1 as the coefficient of login times, determines beta 1 as the coefficient of abnormal operation times, and determines gamma 1 as the coefficient of remote login times;
if Ds is larger than D1 and is less than or equal to D2, the network security determining unit determines that the coefficient in the login information parameters of the user is X2, determines alpha 2 as the coefficient of login times, determines beta 2 as the coefficient of abnormal operation times and determines gamma 2 as the coefficient of different-place login times;
if Ds is larger than D2 and is less than or equal to D3, the network security determining unit determines that the coefficient in the login information parameters of the user is X3, determines alpha 3 as the coefficient of login times, determines beta 3 as the coefficient of abnormal operation times and determines gamma 3 as the coefficient of different-place login times;
if D (n-1) < Ds is less than or equal to Dn, the network security determining unit determines that a coefficient in login information parameters of a user is Xn, determines that alpha n is a coefficient of login times, determines that beta n is a coefficient of abnormal operation times, and determines that gamma n is a coefficient of different-place login times;
and the network security determining unit calculates the login information parameters of the user according to the coefficients in the determined login information parameters of the user.
Furthermore, login information parameters C1, C2, C3, …, and Cn of the user are preset in the network security determining unit, wherein C1 represents a first preset user login information parameter, C2 represents a second preset user login information parameter, C3 represents a third preset user login information parameter, and Cn represents an nth preset user login information parameter;
network security protection grades B1, B2, B3, … and Bn are preset in the network security determination unit, wherein B1 represents a first preset network security protection grade, B2 represents a second preset network security protection grade, B3 represents a third preset network security protection grade, and Bn represents an nth preset network security protection grade;
the network security determining unit determines the network security protection level according to the calculated login information parameter of the user, sets the real-time login information parameter of the user as cs, then,
if cs is less than or equal to C1, the network security determining unit determines that the network security protection level is B1;
if cs is greater than C1 and less than or equal to C2, the network security determination unit determines that the network security protection level is B2;
if cs is greater than C2 and less than or equal to C3, the network security determination unit determines that the network security protection level is B3;
if C (n-1) < cs is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
Further, when the network security execution unit operates according to the determined network security protection level, the network security management unit adjusts the login information parameters of the user according to the actual behavior of the user within the preset time, sets the behavior parameter z of the user,
z=L0/L+Y/Y0
wherein L represents a login time length, L0 represents a preset login time length, Y represents the number of abnormal operations, and Y0 represents the preset number of abnormal operations.
Further, behavior parameters z1, z2, z3, … and zn are preset in the network security management unit, wherein z1 represents a first preset behavior parameter, z2 represents a second preset behavior parameter, z3 represents a third preset behavior parameter, and zn represents an nth preset behavior parameter;
adjustment parameters x1, x2, x3, … and xn are preset in the network security management unit, wherein x1 represents a first preset adjustment parameter, x2 represents a second preset adjustment parameter, x3 represents a third preset adjustment parameter, and xn represents an nth preset adjustment parameter.
Furthermore, the network security management unit determines the login information parameter of the user according to the behavior parameter z of the user, sets the behavior parameter of the user determined in real time as zs, sets s =1, 2, 3, …, n, and n is a positive number,
if zs is less than or equal to z1, the network security management unit determines that the adjustment parameter is x1, and the adjusted user login information parameter is ct = x1 × cs;
if z1 is larger than zs and is not larger than z2, the network security management unit determines that the adjustment parameter is x2, and the adjusted user login information parameter is ct = x2 × cs;
if z2 is larger than zs and is not larger than z3, the network security management unit determines that the adjustment parameter is x3, and the adjusted user login information parameter is ct = x3 × cs;
if z (n-1) < zs ≤ zn, the network security management unit determines that the adjustment parameter is xn, and the adjusted user login information parameter is ct = xnxcs × cs.
Further, the network security adjusting unit adjusts the network security protection level according to the adjusted user login information parameter ct,
if ct is less than or equal to C1, the network security determination unit determines that the network security protection level is B1;
if the C1 is more than ct and less than or equal to C2, the network security determining unit determines that the network security protection level is B2;
if the C2 is more than ct and less than or equal to C3, the network security determining unit determines that the network security protection level is B3;
and if the C (n-1) < ct is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
Further, the present invention provides a network security protection system, comprising,
the network security determining unit is used for determining the user login information parameters according to the security level of the network and the login information of the user and determining the network security protection level according to the determined user login information parameters;
the network security execution unit is connected with the network security determination unit and is used for executing the network security protection level determined by the network security determination unit;
the network security management unit is used for adjusting the login information parameters of the user according to the actual behavior of the user within the preset time;
and the network security adjusting unit is used for adjusting the network security protection level according to the adjusted login information parameters of the user.
Compared with the prior art, the network security protection method has the advantages that the network security determination unit determines the login information parameters of the user according to the login times of the user, the abnormal operation times of the user and the remote login times of the user, determines the coefficients in the login information parameters of the user by combining the current network security level, calculates the login information parameters of the user, preliminarily determines the network security protection level according to the calculated login information parameters of the user, receives and executes the network security protection level instruction transmitted by the network security determination unit, when the network security execution unit operates according to the determined network security protection level, the network security management unit calculates the behavior parameters of the user according to the login duration and the abnormal operation times of the user within the preset time, and determining the adjustment parameters of the login information parameters of the user according to the calculated behavior parameters. The network security adjusting unit adjusts the login information parameters of the user in real time according to the determined adjusting parameters, and adjusts the network security protection level in real time according to the adjusted login information parameters of the user, so that the security of the network information is guaranteed, and the security of the account information is guaranteed.
Furthermore, the invention determines the coefficients in the login information parameters of the user through the security level of the network, thereby determining the coefficients in the login information parameters of the user which are adjusted in a differentiated mode in the security levels of different networks, reducing errors in the system, improving the accuracy of preliminary determination of the network security protection level, reducing the adjustment frequency, improving the security of the network and ensuring the stability of normal operation of the user.
Particularly, the invention introduces the setting of determining the adjustment parameters according to the behavior parameters of the user, evaluates the safe use of the user through the login duration and the abnormal operation times of the user in the preset time, calculates the behavior parameters of the user, and determines the adjustment parameters according to the calculated behavior parameters of the user. And then, the user login information parameters are adjusted according to the adjustment parameters, and closed-loop operation for adjusting the network security protection level is performed by taking the adjusted user login information parameters as the standard, so that the security of the network information is improved, and the stability of normal operation of the user is ensured.
Drawings
Fig. 1 is a schematic flow chart of a network security protection method according to the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described below with reference to examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
It should be noted that in the description of the present invention, the terms of direction or positional relationship indicated by the terms "upper", "lower", "left", "right", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, which are only for convenience of description, and do not indicate or imply that the device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Referring to fig. 1, the present invention provides a network security protection method, including,
step S1, the network security determining unit judges the user login information parameter according to the acquired security level of the current network and the login information of the current user, and preliminarily determines the network security protection level;
step S2, the network security execution unit determines different levels of network security protection according to the login information parameters of the user, and the network security management unit adjusts the login information parameters of the user according to the actual behavior of the user within the preset time;
and step S3, the network security adjusting unit adjusts the network security protection level according to the adjusted login information parameters of the user.
Specifically, in the embodiment of the present invention, in the step S1, the network security determining unit determines the login information parameters of the user according to the login times of the user, the abnormal operation times of the user, and the remote login times of the user, and determines the coefficients in the login information parameters of the user in combination with the security level of the current network, the network security determining unit calculates the login information parameters of the user according to the coefficients in the determined login information parameters of the user, and the network security determining unit preliminarily determines the network security protection level according to the calculated login information parameters of the user.
Specifically, in the embodiment of the present invention, in the step S2, the network security executing unit receives and executes the network security level instruction transmitted by the network security determining unit, and when the network security executing unit operates according to the determined network security level, the network security managing unit calculates the behavior parameters of the user according to the login duration and the number of abnormal operations of the user within the preset time, and determines the adjustment parameters of the login information parameters of the user according to the calculated behavior parameters.
Specifically, in the embodiment of the present invention, in the step S3, the network security adjusting unit adjusts the login information parameter of the user in real time according to the determined adjustment parameter, and adjusts the network security level in real time according to the adjusted login information parameter of the user.
Specifically, in the embodiment of the present invention, the login information of the user includes the login times of the user, the abnormal operation times of the user, and the remote login times of the user, and the login information parameter of the user is set to c, then,
c=α×Fd/Fd0+β×Fy/Fy0+γ×Fx/Fd
wherein Fd denotes the number of user logins, Fd0 denotes the number of preset logins, Fy denotes the number of abnormal user operations, Fy0 denotes the number of preset abnormal user operations, Fx denotes the number of user foreign logins, α denotes a coefficient of the number of logins, β denotes a coefficient of the number of abnormal user operations, and γ denotes a coefficient of the number of foreign logins.
Specifically, in the embodiment of the present invention, the more the user logs in is, the higher the trust level of the user is, the less the abnormal operation number of the user is, the higher the trust level of the user is, the different-place login number of the user indicates the stability level of the user at one location, and the different-place login number is compared with the login number, where the different-place login number may be understood as the different-place login that is less than twenty percent of the total login number, or may be a standard for customizing the different-place login, and the standard for the different-place login is smaller than the login number. If the user logs in without abnormal operation or abnormal land, the login information parameter of the user takes the login times of the user as reference. According to the method, the error of data statistics is reduced by setting the coefficient, if the misoperation of a user exists, the number of abnormal operation times is increased once occasionally, the error of data statistics is weakened, the coefficient is determined according to the security level of the current network, the value of Fd0 is 10 times, and the value of Fy0 is 3 times.
Specifically, in the embodiment of the present invention, security levels D1, D2, D3, …, and Dn of a network are preset in the network security determining unit, where D1 represents a first preset network security level, D2 represents a second preset network security level, D3 represents a third preset network security level, Dn represents an nth preset network security level, and n is a positive number.
Specifically, in the embodiment of the present invention, the security level of the network may be determined according to the network security level and classified into classification level levels of a level a, a level B3, a level B2, a level B1, a level C2, a level C1, and a level D1 from high to low, or the existing classification of other network security levels may be used as a standard, and the present invention does not limit a specific method for limiting the security level of the network, and is implemented as a standard.
Specifically, in the embodiment of the present invention, the network security determining unit is preset with coefficients X1, X2, X3, …, and Xn, where X1 represents a first preset coefficient, X2 represents a second preset coefficient, X3 represents a third preset coefficient, and Xn represents an nth preset coefficient. For the ith preset coefficient Xi (α i, β i, γ i), i =1, 2, 3, …, n is set as a positive number, α i represents a coefficient of the ith preset number of times of login, β i represents a coefficient of the ith preset number of times of abnormal operation, and γ i represents a coefficient of the ith preset number of times of remote login. In this embodiment, α i > β i > γ i is set, and if the current network security level is higher, it indicates that the current network condition is safer, the corresponding coefficients of the number of abnormal operations of the user and the number of remote login of the user may be set to be smaller correspondingly, so as to reduce the occupancy ratio, and the security of the network condition may disable many illegal operations of the user, so that the number of abnormal operations of the user under the network condition may be reduced correspondingly, or the user may be less induced under the network, and the probability of illegal operations may be much lower, at this time, the coefficient of the login number of the user is increased, the calculated login information parameter of the user is increased to match with the actual operation of the user, and the security of network security protection is increased.
Specifically, in the embodiment of the present invention, the network security determining unit determines the coefficient in the login information parameter of the user according to the security level of the current network, and sets the security level of the current network to be Ds, then,
if Ds is less than or equal to D1, the network security determining unit determines that the coefficient in the login information parameters of the user is X1, determines alpha 1 as the coefficient of login times, determines beta 1 as the coefficient of abnormal operation times, and determines gamma 1 as the coefficient of remote login times;
if Ds is larger than D1 and is less than or equal to D2, the network security determining unit determines that the coefficient in the login information parameters of the user is X2, determines alpha 2 as the coefficient of login times, determines beta 2 as the coefficient of abnormal operation times and determines gamma 2 as the coefficient of different-place login times;
if Ds is larger than D2 and is less than or equal to D3, the network security determining unit determines that the coefficient in the login information parameters of the user is X3, determines alpha 3 as the coefficient of login times, determines beta 3 as the coefficient of abnormal operation times and determines gamma 3 as the coefficient of different-place login times;
if D (n-1) < Ds is less than or equal to Dn, the network security determining unit determines that a coefficient in login information parameters of the user is Xn, determines that alpha n is a coefficient of login times, determines that beta n is a coefficient of abnormal operation times, and determines that gamma n is a coefficient of different-place login times.
Specifically, in the embodiment of the present invention, the network security determining unit calculates the login information parameter of the user according to a coefficient in the determined login information parameter of the user. And determining the coefficients of the login information parameters of the user through different network security levels, and calculating the login information parameters of the user.
Specifically, in the embodiment of the present invention, login information parameters C1, C2, C3, …, and Cn of a user are preset in the network security determining unit, where C1 represents a first preset user login information parameter, C2 represents a second preset user login information parameter, C3 represents a third preset user login information parameter, and Cn represents an nth preset user login information parameter.
Specifically, in the embodiment of the present invention, network security levels B1, B2, B3, …, and Bn are preset in the network security determining unit, where B1 represents a first preset network security level, B2 represents a second preset network security level, B3 represents a third preset network security level, and Bn represents an nth preset network security level.
Specifically, in the embodiment of the present invention, the network security determining unit determines the network security protection level according to the calculated login information parameter of the user, and sets the real-time login information parameter of the user to be cs, then,
if cs is less than or equal to C1, the network security determining unit determines that the network security protection level is B1;
if cs is greater than C1 and less than or equal to C2, the network security determination unit determines that the network security protection level is B2;
if cs is greater than C2 and less than or equal to C3, the network security determination unit determines that the network security protection level is B3;
if C (n-1) < cs is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
Specifically, in the embodiment of the present invention, when the login information parameter of the user is larger, the corresponding network security protection level is lower, which indicates that the user is safer for the system, and a lower network security protection level is enabled, and the network security protection level may also be understood as the right opened to the user, and the higher the trustworthiness of the user is, the higher the right that the user can obtain is, the fewer the rights are.
Specifically, in the embodiment of the present invention, when the network security execution unit operates according to the determined network security protection level, the network security management unit adjusts the login information parameter of the user according to the actual behavior of the user within the preset time, sets the behavior parameter z of the user,
z=L0/L+Y/Y0
wherein L represents a login time length, L0 represents a preset login time length, Y represents the number of abnormal operations, and Y0 represents the preset number of abnormal operations.
Specifically, the preset time in the embodiment of the present invention may be a set fixed time, or may be adjusted when the user touches a certain behavior, which is set to 10 minutes in this embodiment, the preset login time length L0 is set to 30 minutes in this embodiment, and the preset number of abnormal operations Y0 is set to 1 time in this embodiment, where the abnormal operation may be, for example, entering a certain restricted website, such as sending an illegal file, and may be specifically set according to an actual situation. In this embodiment, by presetting the login duration and the login duration, the longer the login duration is, the smaller the corresponding user behavior parameter is, the fewer the abnormal operation times is, or when the login duration is zero, the smaller the corresponding user behavior parameter is.
Specifically, in the embodiment of the present invention, behavior parameters z1, z2, z3, …, and zn are preset in the network security management unit, where z1 represents a first preset behavior parameter, z2 represents a second preset behavior parameter, z3 represents a third preset behavior parameter, and zn represents an nth preset behavior parameter.
Specifically, in the embodiment of the present invention, adjustment parameters x1, x2, x3, …, and xn are preset in the network security management unit, where x1 represents a first preset adjustment parameter, x2 represents a second preset adjustment parameter, x3 represents a third preset adjustment parameter, and xn represents an nth preset adjustment parameter.
Specifically, in the embodiment of the present invention, the network security management unit determines the login information parameter of the user according to the behavior parameter z of the user, sets the behavior parameter of the user determined in real time as zs, sets s =1, 2, 3, …, n, and n is a positive number,
if zs is less than or equal to z1, the network security management unit determines that the adjustment parameter is x1, and the adjusted user login information parameter is ct = x1 × cs;
if z1 is larger than zs and is not larger than z2, the network security management unit determines that the adjustment parameter is x2, and the adjusted user login information parameter is ct = x2 × cs;
if z2 is larger than zs and is not larger than z3, the network security management unit determines that the adjustment parameter is x3, and the adjusted user login information parameter is ct = x3 × cs;
if z (n-1) < zs ≤ zn, the network security management unit determines that the adjustment parameter is xn, and the adjusted user login information parameter is ct = xnxcs × cs.
Specifically, in the embodiment of the present invention, when the behavior parameter of the user is smaller, it indicates that the user is safe to use within the preset time, the larger the coefficient to be adjusted is, the larger the corresponding adjustment parameter is, the adjustment parameter is set to facilitate readjustment of the login information parameter of the user, so as to adjust the network security protection level within the next preset time. When the adjusted login information parameter of the user is larger, the abnormal operation used by the user in the last preset time is less, the adjustment of the network security protection level can be basically enhanced step by step or reduced step by step, the phenomenon of skip level adjustment is reduced, and the possibility of loopholes is reduced.
Specifically, in the embodiment of the present invention, the network security adjusting unit adjusts the network security protection level according to the adjusted user login information parameter ct,
if ct is less than or equal to C1, the network security determination unit determines that the network security protection level is B1;
if the C1 is more than ct and less than or equal to C2, the network security determining unit determines that the network security protection level is B2;
if the C2 is more than ct and less than or equal to C3, the network security determining unit determines that the network security protection level is B3;
and if the C (n-1) < ct is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
Specifically, in the embodiment of the present invention, after the network security determining unit preliminarily determines the network security protection level, the network security management unit adjusts the login information parameter of the user in real time according to the real-time behavior statistics of the user, and the network security adjusting unit adjusts and updates the network security protection level in real time, so as to complete the protection work of network security. The invention can meet the network in the current state by continuously adjusting the network security protection level, improve the security of the network information and simultaneously ensure the stability of the normal use of the user.
Specifically, in the embodiment of the present invention, a valve-off measure may be further set, when the number of times of abnormal operation of the user exceeds a preset value, the strongest network security protection level is directly started, and the user is suspended to ensure the security of the user, where the preset value may be based on an actual value, for example, may be set to 3 times, or may be set to 5 times.
The invention also provides a network security protection system, comprising,
the network security determining unit is used for determining the user login information parameters according to the security level of the network and the login information of the user and determining the network security protection level according to the determined user login information parameters;
the network security execution unit is connected with the network security determination unit and is used for executing the network security protection level determined by the network security determination unit;
the network security management unit is used for adjusting the login information parameters of the user according to the actual behavior of the user within the preset time;
and the network security adjusting unit is used for adjusting the network security protection level according to the adjusted login information parameters of the user.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.

Claims (10)

1. A network security protection method is characterized by comprising the following steps,
step S1, the network security determining unit judges the user login information parameter according to the acquired security level of the current network and the login information of the current user, and preliminarily determines the network security protection level;
step S2, the network security execution unit determines different levels of network security protection according to the login information parameters of the user, and the network security management unit adjusts the login information parameters of the user according to the actual behavior of the user within the preset time;
step S3, the network security adjusting unit adjusts the network security protection level according to the adjusted login information parameter of the user;
in step S1, the network security determining unit determines the login information parameters of the user according to the login times of the user, the abnormal operation times of the user, and the remote login times of the user, and determines the coefficients in the login information parameters of the user in combination with the security level of the current network, the network security determining unit calculates the login information parameters of the user according to the coefficients in the determined login information parameters of the user, and the network security determining unit preliminarily determines the network security protection level according to the calculated login information parameters of the user;
in step S2, the network security executing unit receives and executes the network security level instruction transmitted by the network security determining unit, and when the network security executing unit operates according to the determined network security level, the network security managing unit calculates the behavior parameters of the user according to the login duration and the abnormal operation times of the user within the preset time, and determines the adjustment parameters of the login information parameters of the user according to the calculated behavior parameters;
in step S3, the network security adjusting unit adjusts the login information parameters of the user in real time according to the determined adjustment parameters, and adjusts the network security level in real time according to the adjusted login information parameters of the user.
2. The method according to claim 1, wherein in step S1, the login information of the user includes login times of the user, abnormal operation times of the user, and different login times of the user, and the parameter of the login information of the user is set as c, then,
c=α×Fd/Fd0+β×Fy/Fy0+γ×Fx/Fd
wherein Fd denotes the number of user logins, Fd0 denotes the number of preset logins, Fy denotes the number of abnormal user operations, Fy0 denotes the number of preset abnormal user operations, Fx denotes the number of user foreign logins, α denotes a coefficient of the number of logins, β denotes a coefficient of the number of abnormal user operations, and γ denotes a coefficient of the number of foreign logins.
3. The network security protection method of claim 2, wherein the network security determining unit is preset with security levels D1, D2, D3, …, and Dn of the network, wherein D1 represents a first preset network security level, D2 represents a second preset network security level, D3 represents a third preset network security level, Dn represents an nth preset network security level, and n is a positive number;
the network security determining unit is internally preset with coefficients X1, X2, X3, … and Xn, wherein X1 represents a first preset coefficient, X2 represents a second preset coefficient, X3 represents a third preset coefficient, and Xn represents an nth preset coefficient;
for the ith preset coefficient Xi (α i, β i, γ i), i =1, 2, 3, …, n is set as a positive number, α i represents a coefficient of the ith preset number of times of login, β i represents a coefficient of the ith preset number of times of abnormal operation, and γ i represents a coefficient of the ith preset number of times of remote login.
4. The network security protection method according to claim 3, wherein the network security determining unit determines the coefficient in the login information parameter of the user according to the security level of the current network, and sets the security level of the current network as Ds, then,
if Ds is less than or equal to D1, the network security determining unit determines that the coefficient in the login information parameters of the user is X1, determines alpha 1 as the coefficient of login times, determines beta 1 as the coefficient of abnormal operation times, and determines gamma 1 as the coefficient of remote login times;
if Ds is larger than D1 and is less than or equal to D2, the network security determining unit determines that the coefficient in the login information parameters of the user is X2, determines alpha 2 as the coefficient of login times, determines beta 2 as the coefficient of abnormal operation times and determines gamma 2 as the coefficient of different-place login times;
if Ds is larger than D2 and is less than or equal to D3, the network security determining unit determines that the coefficient in the login information parameters of the user is X3, determines alpha 3 as the coefficient of login times, determines beta 3 as the coefficient of abnormal operation times and determines gamma 3 as the coefficient of different-place login times;
if D (n-1) < Ds is less than or equal to Dn, the network security determining unit determines that a coefficient in login information parameters of a user is Xn, determines that alpha n is a coefficient of login times, determines that beta n is a coefficient of abnormal operation times, and determines that gamma n is a coefficient of different-place login times;
and the network security determining unit calculates the login information parameters of the user according to the coefficients in the determined login information parameters of the user.
5. The network security protection method according to claim 4, wherein the network security determining unit is preset with login information parameters C1, C2, C3, …, Cn of the user, wherein C1 represents a first preset user login information parameter, C2 represents a second preset user login information parameter, C3 represents a third preset user login information parameter, and Cn represents an nth preset user login information parameter;
network security protection grades B1, B2, B3, … and Bn are preset in the network security determination unit, wherein B1 represents a first preset network security protection grade, B2 represents a second preset network security protection grade, B3 represents a third preset network security protection grade, and Bn represents an nth preset network security protection grade;
the network security determining unit determines the network security protection level according to the calculated login information parameter of the user, sets the real-time login information parameter of the user as cs, then,
if cs is less than or equal to C1, the network security determining unit determines that the network security protection level is B1;
if cs is greater than C1 and less than or equal to C2, the network security determination unit determines that the network security protection level is B2;
if cs is greater than C2 and less than or equal to C3, the network security determination unit determines that the network security protection level is B3;
if C (n-1) < cs is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
6. The network security protection method according to claim 5, wherein when the network security execution unit operates according to the determined network security protection level, the network security management unit adjusts the login information parameter of the user according to the actual behavior of the user within a preset time, sets the behavior parameter z of the user,
z=L0/L+Y/Y0
wherein L represents a login time length, L0 represents a preset login time length, Y represents the number of abnormal operations, and Y0 represents the preset number of abnormal operations.
7. The network security protection method according to claim 6, wherein the network security management unit has predefined behavior parameters z1, z2, z3, …, zn, wherein z1 represents a first predefined behavior parameter, z2 represents a second predefined behavior parameter, z3 represents a third predefined behavior parameter, and zn represents an nth predefined behavior parameter;
adjustment parameters x1, x2, x3, … and xn are preset in the network security management unit, wherein x1 represents a first preset adjustment parameter, x2 represents a second preset adjustment parameter, x3 represents a third preset adjustment parameter, and xn represents an nth preset adjustment parameter.
8. The network security protection method according to claim 7, wherein the network security management unit determines the login information parameter of the user according to the behavior parameter z of the user, sets the behavior parameter of the user determined in real time as zs, sets s =1, 2, 3, …, n is a positive number, then,
if zs is less than or equal to z1, the network security management unit determines that the adjustment parameter is x1, and the adjusted user login information parameter is ct = x1 × cs;
if z1 is larger than zs and is not larger than z2, the network security management unit determines that the adjustment parameter is x2, and the adjusted user login information parameter is ct = x2 × cs;
if z2 is larger than zs and is not larger than z3, the network security management unit determines that the adjustment parameter is x3, and the adjusted user login information parameter is ct = x3 × cs;
if z (n-1) < zs ≤ zn, the network security management unit determines that the adjustment parameter is xn, and the adjusted user login information parameter is ct = xnxcs × cs.
9. The network security protection method according to claim 8, wherein the network security adjustment unit adjusts the network security level according to the adjusted user login information parameter ct,
if ct is less than or equal to C1, the network security determination unit determines that the network security protection level is B1;
if the C1 is more than ct and less than or equal to C2, the network security determining unit determines that the network security protection level is B2;
if the C2 is more than ct and less than or equal to C3, the network security determining unit determines that the network security protection level is B3;
and if the C (n-1) < ct is less than or equal to Cn, the network security determining unit determines that the network security protection level is Bn.
10. A network security protection system using the network security protection method of any one of claims 1 to 9, comprising,
the network security determining unit is used for determining the user login information parameters according to the security level of the network and the login information of the user and determining the network security protection level according to the determined user login information parameters;
the network security execution unit is connected with the network security determination unit and is used for executing the network security protection level determined by the network security determination unit;
the network security management unit is used for adjusting the login information parameters of the user according to the actual behavior of the user within the preset time;
and the network security adjusting unit is used for adjusting the network security protection level according to the adjusted login information parameters of the user.
CN202110884873.3A 2021-08-03 2021-08-03 Network security protection method and system Active CN113411353B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110884873.3A CN113411353B (en) 2021-08-03 2021-08-03 Network security protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110884873.3A CN113411353B (en) 2021-08-03 2021-08-03 Network security protection method and system

Publications (2)

Publication Number Publication Date
CN113411353A true CN113411353A (en) 2021-09-17
CN113411353B CN113411353B (en) 2021-11-09

Family

ID=77688261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110884873.3A Active CN113411353B (en) 2021-08-03 2021-08-03 Network security protection method and system

Country Status (1)

Country Link
CN (1) CN113411353B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115484063A (en) * 2022-08-12 2022-12-16 国家管网集团北方管道有限责任公司 Network security prevention and control method and system for industrial control system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5317729A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Method for the storage of multi-versioned data with retrieval based on searched query
CN104796275A (en) * 2014-01-21 2015-07-22 腾讯科技(深圳)有限公司 Abnormal state processing method, system and device
CN104883363A (en) * 2015-05-11 2015-09-02 北京交通大学 Method and device for analyzing abnormal access behaviors
US20180004948A1 (en) * 2016-06-20 2018-01-04 Jask Labs Inc. Method for predicting and characterizing cyber attacks
CN109714324A (en) * 2018-12-18 2019-05-03 中电福富信息科技有限公司 User network abnormal behaviour based on machine learning algorithm finds method and system
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device
CN110912938A (en) * 2019-12-24 2020-03-24 医渡云(北京)技术有限公司 Access verification method and device for network access terminal, storage medium and electronic equipment
CN112187792A (en) * 2020-09-27 2021-01-05 安徽斯跑特科技有限公司 Network information safety protection system based on internet

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5317729A (en) * 1990-10-24 1994-05-31 International Business Machines Corporation Method for the storage of multi-versioned data with retrieval based on searched query
CN104796275A (en) * 2014-01-21 2015-07-22 腾讯科技(深圳)有限公司 Abnormal state processing method, system and device
CN104883363A (en) * 2015-05-11 2015-09-02 北京交通大学 Method and device for analyzing abnormal access behaviors
US20180004948A1 (en) * 2016-06-20 2018-01-04 Jask Labs Inc. Method for predicting and characterizing cyber attacks
CN109714324A (en) * 2018-12-18 2019-05-03 中电福富信息科技有限公司 User network abnormal behaviour based on machine learning algorithm finds method and system
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device
CN110912938A (en) * 2019-12-24 2020-03-24 医渡云(北京)技术有限公司 Access verification method and device for network access terminal, storage medium and electronic equipment
CN112187792A (en) * 2020-09-27 2021-01-05 安徽斯跑特科技有限公司 Network information safety protection system based on internet

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李云亚等: "基于网络安全法的等级保护工作开展研究", 《无线互联科技》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115484063A (en) * 2022-08-12 2022-12-16 国家管网集团北方管道有限责任公司 Network security prevention and control method and system for industrial control system
CN115484063B (en) * 2022-08-12 2023-05-30 国家管网集团北方管道有限责任公司 Network security prevention and control method and system for industrial control system

Also Published As

Publication number Publication date
CN113411353B (en) 2021-11-09

Similar Documents

Publication Publication Date Title
US7483993B2 (en) Temporal access control for computer virus prevention
US7065644B2 (en) System and method for protecting a security profile of a computer system
CN107911395B (en) Login verification method and system, computer storage medium and device
CN113411353B (en) Network security protection method and system
CN101350721B (en) Network system, network access method and network appliance
CA2526759A1 (en) Event monitoring and management
CN107508831B (en) Bus-based intrusion detection method
CN101902348A (en) Network security system and system load automatic adjusting method thereof
US11837372B2 (en) Methods for protection of nuclear reactors from thermal hydraulic/neutronic core instability
CN102143168A (en) Linux platform-based server safety performance real-time monitoring method and system
CN103150499A (en) Protection method for preventing file from being leaked in encrypted form
CN116992503B (en) Data security storage method and storage device
CN110716769B (en) Service wind control gateway and service wind control method
CN115987675B (en) Illegal external connection detection method and device, mobile terminal and storage medium
CN116344012A (en) Diagnosis and treatment log medical management system of (a)
JP2020135346A (en) Plant monitoring control system
CN110995840B (en) Remote terminal anti-dismantling control method suitable for excavator
CN114238967A (en) Security enhancement processing method for embedded security module
CN107347077A (en) A kind of Software security protection method and apparatus based on user right
CN110798425B (en) Method, system and related device for detecting hacker attack behavior
CN114978737B (en) Comprehensive management system for Doppler weather radar data
JPH10190730A (en) Traffic control method and traffic controller
CN115484063B (en) Network security prevention and control method and system for industrial control system
CN100411344C (en) Web server load control method for resisting rejection service attack
CN117118561B (en) Signal shielding device for information network security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240313

Address after: Room 403, Unit 1, 4th Floor, Building 1, No.1 Courtyard, Jinyuchi Middle Street, Dongcheng District, Beijing, 100050

Patentee after: Beijing Qingruilin Technology Co.,Ltd.

Country or region after: China

Address before: 510000 room 1202, 350 Tancun Road, Tianhe District, Guangzhou City, Guangdong Province

Patentee before: GUANGZHOU HUITU COMPUTER INFORMATION TECHNOLOGY CO.,LTD.

Country or region before: China