CN113467314B - Information security risk assessment system and method based on big data and edge calculation - Google Patents

Information security risk assessment system and method based on big data and edge calculation Download PDF

Info

Publication number
CN113467314B
CN113467314B CN202110803140.2A CN202110803140A CN113467314B CN 113467314 B CN113467314 B CN 113467314B CN 202110803140 A CN202110803140 A CN 202110803140A CN 113467314 B CN113467314 B CN 113467314B
Authority
CN
China
Prior art keywords
time
website
attack
client
client device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110803140.2A
Other languages
Chinese (zh)
Other versions
CN113467314A (en
Inventor
荆哲
谭祥明
叶婷
曾幸钦
孙培高
曾灶烟
曾炽强
李树湖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Saidu Detection Service Co ltd
Original Assignee
Guangzhou Saidu Detection Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Saidu Detection Service Co ltd filed Critical Guangzhou Saidu Detection Service Co ltd
Priority to CN202110803140.2A priority Critical patent/CN113467314B/en
Publication of CN113467314A publication Critical patent/CN113467314A/en
Application granted granted Critical
Publication of CN113467314B publication Critical patent/CN113467314B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0423Input/output
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25257Microcontroller

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an information security risk assessment method based on big data and edge calculation, which is characterized by comprising the following steps: and S1, the client device counts the number of times of attack per unit time, the time of each attack and the website record of the user' S recent visit on the device through the defense system of the network. The invention uses the technologies of big data, edge calculation and the like, so that the system is more accurate when evaluating and feeding back the information security risk, and when the equipment to be managed does not receive the control instruction sent by the management equipment for a long time, the data on the equipment is analyzed by using the edge calculation technology under the condition of not influencing the operation of the current equipment, and the equipment is controlled according to the analysis result, thereby not only saving the time for exchanging and feeding back the equipment, but also avoiding the equipment paralysis caused by the emergency.

Description

Information security risk assessment system and method based on big data and edge calculation
Technical Field
The invention relates to the technical field of risk assessment, in particular to an information security risk assessment system and method based on big data and edge calculation.
Background
With the rapid development of internet technology, people are increasingly popularized in the utilization of the internet, and people pay more and more attention to the management of information security risks while enjoying the convenience brought by the internet. Under the current situation, people only simply manage a plurality of devices through a host or a server, but may cause the device to be managed to receive the instruction sent by the management device in a non-timely manner or not due to the influence of factors such as device reasons or too long distance between the management device and the management device, so that the device to be managed is influenced or even paralyzed.
In view of the above, there is a need for an information security risk assessment system and method based on big data and edge calculation, where the big data and edge calculation are used to make the system more accurate when feeding back information security risk assessment, and when a device to be managed does not receive a control instruction sent by a management device for a long time, the edge calculation technology is used to analyze data on the device without affecting the operation of the current device, and the device is controlled according to an analysis result, so that the time for exchanging feedback between devices is saved, and device paralysis caused by an emergency is avoided.
Disclosure of Invention
The invention aims to provide an information security risk assessment system and method based on big data and edge calculation, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: an information security risk assessment method based on big data and edge calculation is characterized by comprising the following steps:
s1, the client device counts the number of times of attack in unit time, the time of attack each time and the website record of the user' S recent visit on the device through the network defense system;
s2, the client device uploads the information counted in the step S1 to the central processing device, and the central processing device collects and analyzes the information;
s3, the central processing device acquires the average attacked times of each client device every unit time according to the summarized data, records the average attacked times as a first attacked time, and screens the average attacked times of each client device every unit time and the time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client;
s4, when the number of times of attack of the defense system in the client device in unit time is more than or equal to the sum of the first number of times of attack and the first error floating value, the central processing device sends out an adjustment control instruction to the client device for adjustment control by analyzing the website record recently visited by the user on the client device;
when the number of times of attack of the defense system in the client equipment in unit time is counted to be less than the sum of the first number of times of attack and the first error floating value, the client equipment is judged to be normal;
and S5, when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, analyzing the website record recently visited by the user on the client device through the edge calculation module on the client device, and executing the corresponding adjustment control instruction.
The invention realizes the evaluation of information safety risk together through the cooperation among all the steps, normally processes the data through the central processing device, and sends the adjusting control instruction according to the processing result, but when the client does not receive the adjusting control instruction sent by the central processing device in the first unit time, the client device can use the edge computing module carried by the client device to process the data and execute the corresponding adjusting control instruction. The centralized trend of the client attacked time reflects the security degree of the client attacked time, the time point with the most trending centralized trend in the client attacked time is obtained through analyzing the centralized trend of the client attacked time to serve as an attacked event caused by external factors, namely, the attacked condition of the client at the time point with the most trending centralized trend in the client attacked time is ignored, the attacked time point is regarded as caused by the external factors, the client is not caused by manual operation, data corresponding to the time point is not analyzed, the workload of central processing equipment is reduced, and meanwhile, the accuracy of data analysis is improved.
Further, the central processing device and the client devices are in a one-to-many relationship, that is, one central processing device can control a plurality of client devices.
The relation between the central processing equipment and the client equipment is one-to-many, the central processing equipment manages the client equipment, the central processing equipment is equivalent to a control terminal, the data of the managed and controlled equipment is analyzed, effective management is carried out according to the analysis result, the data in the client equipment can be summarized and analyzed, the reference quantity of the analyzed data is increased, and the data analysis precision is improved.
Further, the first attacked number in step S3 is an integer, and when the calculated result is a decimal, rounding is performed.
The first attacked number is set to be an integer, so that data can be picked from the concentrated trend of the attacked time of each client quickly in step S3, but the number of picked data can only be an integer, so the first attacked number is set to be an integer, and the decimal part is rounded up.
Further, in step S3, the time corresponding to each time that the defense system is attacked, which is transmitted by each client, is first presented by using a histogram, the abscissa of the histogram represents the time, the time of an attacked represents a time point on the histogram, the ordinate of the histogram represents the number of times corresponding to the time point of the attacked, so as to obtain a number-time histogram,
analyzing the concentrated trend of the attacked time on the histogram according to the data information on the obtained histogram, recording the approaching time points of each concentrated trend in the histogram, sequencing the approaching time points according to the approaching degree of each concentrated trend from high to low of the attacked times in the time points, extracting the data in the sequence according to the value corresponding to the first attacked times from high to low in the ranking, and extracting the first names in the sequence according to the number of the values corresponding to the first attacked times and recording the corresponding time as the first time.
The invention adopts the mode of the histogram, because the histogram can well show the concentration trend of the data, whether the client equipment at the corresponding time point is attacked is judged by judging whether the corresponding time point in the histogram has the columnar bodies, the number of times of attacking the corresponding time point of the columnar bodies is shown by the height of the columnar bodies, and when the number of the columnar bodies in the specified time period is more and the height of the columnar bodies is higher, the data is more concentrated. The time points of the approach of the concentrated trend can be obtained according to the height of each column and the mutual security degree of the columns on the histogram, and the time points of the approach are ranked from high to low according to the attacked times in the time points, so that the attacked degrees of each client device are divided, the higher the ranking is, the more the attacked times in the time period of each client are, the greater the influence is, and the priority selection is needed when the first time is selected.
Further, the first error float value in said step S4 is pre-made,
when analyzing the website record recently accessed on the client device in the central processing device, the first time recorded in step S3 and the number of times of attacks per unit time, the time of each attack and the website record recently accessed on the device by the user are obtained by the client device through the defense system of the network,
respectively adding and subtracting a second error floating value to each obtained first time, respectively obtaining a corresponding time period, recording the time period as second time, judging whether the number of times of unit time attack counted by the client device and the time of each attack are overlapped with the second time, removing the overlapped part from the number of times of unit time attack counted by the client device and the time of each attack, and analyzing the number of times of the unit time attack of the client device and the time of each attack after the overlapping part is removed;
and respectively adding and subtracting a third error floating value to the time of each time of attack in unit time of the client device after elimination, respectively obtaining a corresponding time period, recording the time period as third time, screening website records according to the third time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each third time.
The invention firstly obtains the first time which is the time when all client devices are attacked regularly and has commonality, so the first time is caused by external factors, and not each client device is attacked due to misoperation, so the first time needs to be screened out separately so as to influence the analysis result of other data, and the second time is obtained so as to obtain the corresponding influence time range when the first time is represented on a certain client device, when the client device is attacked regularly, the time of each attack is not started at a time point, but has a sequential process and has a corresponding time range, so the second error floating value is calculated on the basis of the first time so as to obtain the specific error fluctuation range when the client device is attacked regularly, therefore, the obtained third time is data obtained after the time corresponding to the regular attack of the total equipment is eliminated, the data corresponds to the unique attacked time of the equipment, and represents that the client equipment is attacked due to the human misoperation factor, so that the website records in the time period are analyzed.
Further, when analyzing the website record recently visited by the user on the client device through the own edge computing module, the step S5 first obtains the number of times that the client device is attacked in unit time, the time that the client device is attacked each time, and the website record recently visited by the user on the device through the defense system of the network,
and respectively adding and subtracting a third error floating value to and from each time of attack in unit time of the client device, respectively obtaining a corresponding time period, recording the time period as fourth time, screening website records according to the fourth time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each fourth time.
The invention is characterized in that when the central processing device does not send out the instruction in time, in order to not influence the normal operation of the client device, analyzing all website records corresponding to the attacked time through an edge computing module carried by the client, the mode can judge the self data when the central processing equipment is abnormal or the instruction can not be transmitted in time, the edge calculation module can temporarily replace the central processing device to process the data, but has a slightly poorer effect than the central processing device, that is, more records are recorded for the website to be analyzed for each client device, and the accuracy of the analyzed result is slightly poor, but the acquisition and execution of the adjustment control instruction are more timely, the dependence on the central processing equipment is eliminated to a certain extent, and the normal operation of the client equipment is ensured under the condition that the central processing equipment has problems.
Further, no matter the website record of the access of the device in each third time is extracted, or the website record of the access of the device in each fourth time is extracted, the corresponding website record of the access needs to be analyzed, and the methods for analyzing the websites are the same, and the corresponding website record of the access is the website record to be analyzed.
Further, the central processing device and the edge computing module have the same website analysis method, and the specific analysis steps are as follows:
p1, acquiring a website record to be analyzed;
p2, extracting the corresponding website domain name information in the website record to be analyzed, inputting the extracted domain name information into a record information inquiry official website, and judging whether the website has record information and whether the record information is an enterprise or a person;
p3, when the corresponding record information of the website does not have record information or the corresponding record information is a person, determining that the website has risk,
when the record information corresponding to the website is an enterprise, judging that the website is normal;
p4, extracting website records corresponding to the websites with risks in the step P3, extracting access keywords from pages corresponding to the website records, uniformly classifying the access keywords extracted from each website record into the same set, respectively comparing each access keyword in each set with the first comparison database, and further judging the category corresponding to each website record;
p5, counting categories corresponding to the website records obtained in the step P4, marking the first ranking type, directly inquiring and judging the website record information of the marked websites in each visit, and directly forbidding the visit of the websites with risks;
the specific method for comparing each access keyword in each set with the first comparison database is as follows:
q1, comparing each access keyword in a certain set with the access keywords corresponding to each category of the first comparison database, and counting the comparison result each time, if a certain access keyword corresponds to a plurality of categories at the same time, counting the number of the categories, and adding one to the counted number;
q2, until the access keywords in the set are completely compared with the first comparison library, dividing the number of the statistics of each category by the total number of the access keywords in the set to respectively obtain the corresponding similarity ratio of each category;
q3, comparing the ratio corresponding to each category corresponding to the set, and taking the category corresponding to the maximum ratio as the category corresponding to the set;
q4, repeating the steps Q1, Q2 and Q3 until all the sets are matched with the corresponding categories.
According to the method, whether the corresponding website has the website record information and the type of the corresponding record information is judged by inquiring whether the corresponding website has the risk or not, and a specific enterprise is marked by the record information type corresponding to the normal website, so that the safety of the website can be accurately obtained by judging the website record information type, meanwhile, the type corresponding to the website is judged by starting from the access keywords in the website, the contents in the webpages of different websites are different, and the type of the access keywords can be judged to a certain extent by extracting the access keywords, so that the type corresponding to the website is judged.
Furthermore, when the client terminal aims at the adjusting control instruction sent by the central processing device and the adjusting control instruction sent by the edge computing module carried by the client terminal device, the two instructions are incompatible and only one of the instructions can be executed, the client terminal can default to automatically abandon the other adjusting control instruction,
when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, the edge calculation module carried by the client device analyzes the website record recently visited by the user on the client device and sends and executes the corresponding adjustment control instruction.
The invention limits the adjusting control instruction obtained by the central processing device and the adjusting control instruction obtained by the edge computing module, so that the central processing device and the edge computing module can only execute one of the adjusting control instruction and the adjusting control instruction, on one hand, the invention avoids the waste of computing resources caused by repeated analysis of data, and on the other hand, the invention avoids the repeated execution of the adjusting control instruction, thereby further influencing the client device.
An information security risk assessment system based on big data and edge computing, comprising: a client data acquisition module, a central processing module and an edge calculation module,
the client data acquisition module is used for counting the number of times of attack in unit time, the time of attack each time and website records recently visited by a user on the equipment in client equipment through a network defense system, and uploading the counted information to central processing equipment;
the central processing module is used for summarizing information transmitted by each client in the central processing equipment, acquiring the average attacked times of each client equipment every unit time according to summarized data, recording the average attacked times as a first attacked time, screening the average attacked times of each client equipment every unit time and time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client, further judging whether the client has risks, and analyzing, adjusting and controlling according to corresponding website records;
and the edge calculation module is used for analyzing the website records recently visited by the user on the client device and executing a corresponding adjusting control instruction.
Compared with the prior art, the invention has the following beneficial effects: the invention uses the technologies of big data, edge calculation and the like, so that the system is more accurate when evaluating and feeding back the information security risk, and when the equipment to be managed does not receive the control instruction sent by the management equipment for a long time, the data on the equipment is analyzed by using the edge calculation technology under the condition of not influencing the operation of the current equipment, and the equipment is controlled according to the analysis result, thereby not only saving the time for exchanging and feeding back the equipment, but also avoiding the equipment paralysis caused by the emergency.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of the components of an information security risk assessment system based on big data and edge calculation according to the present invention;
FIG. 2 is a schematic flow chart of an information security risk assessment method based on big data and edge calculation according to the present invention;
FIG. 3 is a schematic flow chart of a method for analyzing websites by using both a central processing device and an edge computing module of an information security risk assessment system based on big data and edge computing according to the present invention;
FIG. 4 is a flowchart illustrating a method for comparing each access keyword in each set of the information security risk assessment system based on big data and edge calculation with the first comparison database according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-4, the present invention provides a technical solution: an information security risk assessment method based on big data and edge calculation is characterized by comprising the following steps:
s1, the client device counts the number of times of attack in unit time, the time of attack each time and the website record of the user' S recent visit on the device through the network defense system;
s2, the client device uploads the information counted in the step S1 to the central processing device, and the central processing device collects and analyzes the information;
s3, the central processing device acquires the average attacked times of each client device every unit time according to the summarized data, records the average attacked times as a first attacked time, and screens the average attacked times of each client device every unit time and the time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client;
s4, when the number of times of attack of the defense system in the client device in unit time is more than or equal to the sum of the first number of times of attack and the first error floating value, the central processing device sends out an adjustment control instruction to the client device for adjustment control by analyzing the website record recently visited by the user on the client device;
when the number of times of attack of the defense system in the client equipment in unit time is counted to be less than the sum of the first number of times of attack and the first error floating value, the client equipment is judged to be normal;
and S5, when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, analyzing the website record recently visited by the user on the client device through the edge calculation module on the client device, and executing the corresponding adjustment control instruction.
The invention realizes the evaluation of information safety risk together through the cooperation among all the steps, normally processes the data through the central processing device, and sends the adjusting control instruction according to the processing result, but when the client does not receive the adjusting control instruction sent by the central processing device in the first unit time, the client device can use the edge computing module carried by the client device to process the data and execute the corresponding adjusting control instruction. The centralized trend of the client attacked time reflects the security degree of the client attacked time, the time point with the most trending centralized trend in the client attacked time is obtained through analyzing the centralized trend of the client attacked time to serve as an attacked event caused by external factors, namely, the attacked condition of the client at the time point with the most trending centralized trend in the client attacked time is ignored, the attacked time point is regarded as caused by the external factors, the client is not caused by manual operation, data corresponding to the time point is not analyzed, the workload of central processing equipment is reduced, and meanwhile, the accuracy of data analysis is improved.
The central processing device and the client devices are in a one-to-many relationship, namely one central processing device can control a plurality of client devices.
The relation between the central processing equipment and the client equipment is one-to-many, the central processing equipment manages the client equipment, the central processing equipment is equivalent to a control terminal, the data of the managed and controlled equipment is analyzed, effective management is carried out according to the analysis result, the data in the client equipment can be summarized and analyzed, the reference quantity of the analyzed data is increased, and the data analysis precision is improved.
The first attacked number in step S3 is an integer, and when the calculated result is a decimal, rounding is performed.
The first attacked number is set to be an integer, so that data can be picked from the concentrated trend of the attacked time of each client quickly in step S3, but the number of picked data can only be an integer, so the first attacked number is set to be an integer, and the decimal part is rounded up.
In step S3, the time corresponding to each attack of the defense system transmitted by each client is first presented by using a histogram, the abscissa of the histogram represents the time, the time of an attack represents a time point on the histogram, the ordinate of the histogram represents the number of times corresponding to the time point of the attack, and a number-time histogram is obtained,
analyzing the concentrated trend of the attacked time on the histogram according to the data information on the obtained histogram, recording the approaching time points of each concentrated trend in the histogram, sequencing the approaching time points according to the approaching degree of each concentrated trend from high to low of the attacked times in the time points, extracting the data in the sequence according to the value corresponding to the first attacked times from high to low in the ranking, and extracting the first names in the sequence according to the number of the values corresponding to the first attacked times and recording the corresponding time as the first time.
The invention adopts the mode of the histogram, because the histogram can well show the concentration trend of the data, whether the client equipment at the corresponding time point is attacked is judged by judging whether the corresponding time point in the histogram has the columnar bodies, the number of times of attacking the corresponding time point of the columnar bodies is shown by the height of the columnar bodies, and when the number of the columnar bodies in the specified time period is more and the height of the columnar bodies is higher, the data is more concentrated. The time points of the approach of the concentrated trend can be obtained according to the height of each column and the mutual security degree of the columns on the histogram, and the time points of the approach are ranked from high to low according to the attacked times in the time points, so that the attacked degrees of each client device are divided, the higher the ranking is, the more the attacked times in the time period of each client are, the greater the influence is, and the priority selection is needed when the first time is selected.
The first error float value in said step S4 is pre-made,
when analyzing the website record recently accessed on the client device in the central processing device, the first time recorded in step S3 and the number of times of attacks per unit time, the time of each attack and the website record recently accessed on the device by the user are obtained by the client device through the defense system of the network,
respectively adding and subtracting a second error floating value to each obtained first time, respectively obtaining a corresponding time period, recording the time period as second time, judging whether the number of times of unit time attack counted by the client device and the time of each attack are overlapped with the second time, removing the overlapped part from the number of times of unit time attack counted by the client device and the time of each attack, and analyzing the number of times of the unit time attack of the client device and the time of each attack after the overlapping part is removed;
and respectively adding and subtracting a third error floating value to the time of each time of attack in unit time of the client device after elimination, respectively obtaining a corresponding time period, recording the time period as third time, screening website records according to the third time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each third time.
The invention firstly obtains the first time which is the time when all client devices are attacked regularly and has commonality, so the first time is caused by external factors, and not each client device is attacked due to misoperation, so the first time needs to be screened out separately so as to influence the analysis result of other data, and the second time is obtained so as to obtain the corresponding influence time range when the first time is represented on a certain client device, when the client device is attacked regularly, the time of each attack is not started at a time point, but has a sequential process and has a corresponding time range, so the second error floating value is calculated on the basis of the first time so as to obtain the specific error fluctuation range when the client device is attacked regularly, therefore, the obtained third time is data obtained after the time corresponding to the regular attack of the total equipment is eliminated, the data corresponds to the unique attacked time of the equipment, and represents that the client equipment is attacked due to the human misoperation factor, so that the website records in the time period are analyzed.
When analyzing the website record recently accessed by the user on the client device through the own edge computing module, the step S5 firstly obtains the number of times of attack per unit time, the time of each attack and the website record recently accessed by the user on the device by the client device through the defense system of the network,
and respectively adding and subtracting a third error floating value to and from each time of attack in unit time of the client device, respectively obtaining a corresponding time period, recording the time period as fourth time, screening website records according to the fourth time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each fourth time.
The invention is characterized in that when the central processing device does not send out the instruction in time, in order to not influence the normal operation of the client device, analyzing all website records corresponding to the attacked time through an edge computing module carried by the client, the mode can judge the self data when the central processing equipment is abnormal or the instruction can not be transmitted in time, the edge calculation module can temporarily replace the central processing device to process the data, but has a slightly poorer effect than the central processing device, that is, more records are recorded for the website to be analyzed for each client device, and the accuracy of the analyzed result is slightly poor, but the acquisition and execution of the adjustment control instruction are more timely, the dependence on the central processing equipment is eliminated to a certain extent, and the normal operation of the client equipment is ensured under the condition that the central processing equipment has problems.
Whether website records corresponding to the equipment visited within each third time or website records corresponding to the equipment visited within each fourth time are extracted, the corresponding website records visited need to be analyzed, the methods for analyzing the websites are the same, and the corresponding website records visited are the website records to be analyzed.
The method for analyzing the website by the central processing equipment and the edge computing module is the same, and the specific analysis steps are as follows:
p1, acquiring a website record to be analyzed;
p2, extracting the corresponding website domain name information in the website record to be analyzed, inputting the extracted domain name information into a record information inquiry official website, and judging whether the website has record information and whether the record information is an enterprise or a person;
p3, when the corresponding record information of the website does not have record information or the corresponding record information is a person, determining that the website has risk,
when the record information corresponding to the website is an enterprise, judging that the website is normal;
p4, extracting website records corresponding to the websites with risks in the step P3, extracting access keywords from pages corresponding to the website records, uniformly classifying the access keywords extracted from each website record into the same set, respectively comparing each access keyword in each set with the first comparison database, and further judging the category corresponding to each website record;
p5, counting categories corresponding to the website records obtained in the step P4, marking the first ranking type, directly inquiring and judging the website record information of the marked websites in each visit, and directly forbidding the visit of the websites with risks;
the specific method for comparing each access keyword in each set with the first comparison database is as follows:
q1, comparing each access keyword in a certain set with the access keywords corresponding to each category of the first comparison database, and counting the comparison result each time, if a certain access keyword corresponds to a plurality of categories at the same time, counting the number of the categories, and adding one to the counted number;
q2, until the access keywords in the set are completely compared with the first comparison library, dividing the number of the statistics of each category by the total number of the access keywords in the set to respectively obtain the corresponding similarity ratio of each category;
q3, comparing the ratio corresponding to each category corresponding to the set, and taking the category corresponding to the maximum ratio as the category corresponding to the set;
q4, repeating the steps Q1, Q2 and Q3 until all the sets are matched with the corresponding categories.
According to the method, whether the corresponding website has the website record information and the type of the corresponding record information is judged by inquiring whether the corresponding website has the risk or not, and a specific enterprise is marked by the record information type corresponding to the normal website, so that the safety of the website can be accurately obtained by judging the website record information type, meanwhile, the type corresponding to the website is judged by starting from the access keywords in the website, the contents in the webpages of different websites are different, and the type of the access keywords can be judged to a certain extent by extracting the access keywords, so that the type corresponding to the website is judged.
When the client terminal aims at the adjusting control instruction sent by the central processing equipment and the adjusting control instruction sent by the edge computing module carried by the client terminal equipment, the two instructions are incompatible and only one of the instructions can be executed, the client terminal can automatically abandon the other adjusting control instruction by default,
when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, the edge calculation module carried by the client device analyzes the website record recently visited by the user on the client device and sends and executes the corresponding adjustment control instruction.
The invention limits the adjusting control instruction obtained by the central processing device and the adjusting control instruction obtained by the edge computing module, so that the central processing device and the edge computing module can only execute one of the adjusting control instruction and the adjusting control instruction, on one hand, the invention avoids the waste of computing resources caused by repeated analysis of data, and on the other hand, the invention avoids the repeated execution of the adjusting control instruction, thereby further influencing the client device.
An information security risk assessment system based on big data and edge computing, comprising: a client data acquisition module, a central processing module and an edge calculation module,
the client data acquisition module is used for counting the number of times of attack in unit time, the time of attack each time and website records recently visited by a user on the equipment in client equipment through a network defense system, and uploading the counted information to central processing equipment;
the central processing module is used for summarizing information transmitted by each client in the central processing equipment, acquiring the average attacked times of each client equipment every unit time according to summarized data, recording the average attacked times as a first attacked time, screening the average attacked times of each client equipment every unit time and time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client, further judging whether the client has risks, and analyzing, adjusting and controlling according to corresponding website records;
and the edge calculation module is used for analyzing the website records recently visited by the user on the client device and executing a corresponding adjusting control instruction.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An information security risk assessment method based on big data and edge calculation is characterized by comprising the following steps:
s1, the client device counts the number of times of attack in unit time, the time of attack each time and the website record of the user' S recent visit on the device through the network defense system;
s2, the client device uploads the information counted in the step S1 to the central processing device, and the central processing device collects and analyzes the information;
s3, the central processing device acquires the average attacked times of each client device every unit time according to the summarized data, records the average attacked times as a first attacked time, and screens the average attacked times of each client device every unit time and the time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client;
s4, when the number of times of attack of the defense system in the client device in unit time is more than or equal to the sum of the first number of times of attack and the first error floating value, the central processing device sends out an adjustment control instruction to the client device for adjustment control by analyzing the website record recently visited by the user on the client device;
when the number of times of attack of the defense system in the client equipment in unit time is counted to be less than the sum of the first number of times of attack and the first error floating value, the client equipment is judged to be normal;
and S5, when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, analyzing the website record recently visited by the user on the client device through the edge calculation module on the client device, and executing the corresponding adjustment control instruction.
2. The information security risk assessment method based on big data and edge calculation according to claim 1, characterized in that: the central processing device and the client devices are in a one-to-many relationship, namely one central processing device can control a plurality of client devices.
3. The information security risk assessment method based on big data and edge calculation according to claim 1, characterized in that: the first attacked number in step S3 is an integer, and when the calculated result is a decimal, rounding is performed.
4. The information security risk assessment method based on big data and edge calculation according to claim 1, characterized in that: in step S3, the time corresponding to each attack of the defense system transmitted by each client is first presented by using a histogram, the abscissa of the histogram represents the time, the time of an attack represents a time point on the histogram, the ordinate of the histogram represents the number of times corresponding to the time point of the attack, and a number-time histogram is obtained,
analyzing the concentrated trend of the attacked time on the histogram according to the data information on the obtained histogram, recording the approaching time points of each concentrated trend in the histogram, sequencing the approaching time points according to the approaching degree of each concentrated trend from high to low of the attacked times in the time points, extracting the data in the sequence according to the value corresponding to the first attacked times from high to low in the ranking, and extracting the first names in the sequence according to the number of the values corresponding to the first attacked times and recording the corresponding time as the first time.
5. The information security risk assessment method based on big data and edge calculation according to claim 4, characterized in that: the first error float value in said step S4 is pre-made,
when analyzing the website record recently accessed on the client device in the central processing device, the first time recorded in step S3 and the number of times of attacks per unit time, the time of each attack and the website record recently accessed on the device by the user are obtained by the client device through the defense system of the network,
respectively adding and subtracting a second error floating value to each obtained first time, respectively obtaining a corresponding time period, recording the time period as second time, judging whether the number of times of unit time attack counted by the client device and the time of each attack are overlapped with the second time, removing the overlapped part from the number of times of unit time attack counted by the client device and the time of each attack, and analyzing the number of times of the unit time attack of the client device and the time of each attack after the overlapping part is removed;
and respectively adding and subtracting a third error floating value to the time of each time of attack in unit time of the client device after elimination, respectively obtaining a corresponding time period, recording the time period as third time, screening website records according to the third time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each third time.
6. The information security risk assessment method based on big data and edge calculation according to claim 5, characterized in that: when analyzing the website record recently accessed by the user on the client device through the own edge computing module, the step S5 firstly obtains the number of times of attack per unit time, the time of each attack and the website record recently accessed by the user on the device by the client device through the defense system of the network,
and respectively adding and subtracting a third error floating value to and from each time of attack in unit time of the client device, respectively obtaining a corresponding time period, recording the time period as fourth time, screening website records according to the fourth time by combining the website records recently visited by the user of the client device on the device, and extracting the website records correspondingly visited by the device in each fourth time.
7. The information security risk assessment method based on big data and edge calculation according to claim 6, characterized in that: whether website records corresponding to the equipment visited within each third time or website records corresponding to the equipment visited within each fourth time are extracted, the corresponding website records visited need to be analyzed, the methods for analyzing the websites are the same, and the corresponding website records visited are the website records to be analyzed.
8. The information security risk assessment method based on big data and edge calculation according to claim 7, characterized in that: the method for analyzing the website by the central processing equipment and the edge computing module is the same, and the specific analysis steps are as follows:
p1, acquiring a website record to be analyzed;
p2, extracting the corresponding website domain name information in the website record to be analyzed, inputting the extracted domain name information into a record information inquiry official website, and judging whether the website has record information and whether the record information is an enterprise or a person;
p3, when the corresponding record information of the website does not have record information or the corresponding record information is a person, determining that the website has risk,
when the record information corresponding to the website is an enterprise, judging that the website is normal;
p4, extracting website records corresponding to the websites with risks in the step P3, extracting access keywords from pages corresponding to the website records, uniformly classifying the access keywords extracted from each website record into the same set, respectively comparing each access keyword in each set with the first comparison database, and further judging the category corresponding to each website record;
p5, counting categories corresponding to the website records obtained in the step P4, marking the first ranking type, directly inquiring and judging the website record information of the marked websites in each visit, and directly forbidding the visit of the websites with risks;
the specific method for comparing each access keyword in each set with the first comparison database is as follows:
q1, comparing each access keyword in a certain set with the access keywords corresponding to each category of the first comparison database, and counting the comparison result each time, if a certain access keyword corresponds to a plurality of categories at the same time, counting the number of the categories, and adding one to the counted number;
q2, until the access keywords in the set are completely compared with the first comparison library, dividing the number of the statistics of each category by the total number of the access keywords in the set to respectively obtain the corresponding similarity ratio of each category;
q3, comparing the ratio corresponding to each category corresponding to the set, and taking the category corresponding to the maximum ratio as the category corresponding to the set;
q4, repeating the steps Q1, Q2 and Q3 until all the sets are matched with the corresponding categories.
9. The information security risk assessment method based on big data and edge calculation according to claim 8, characterized in that: when the client terminal aims at the adjusting control instruction sent by the central processing equipment and the adjusting control instruction sent by the edge computing module carried by the client terminal equipment, the two instructions are incompatible and only one of the instructions can be executed, the client terminal can automatically abandon the other adjusting control instruction by default,
when the number of times of attack counted by the defense system in unit time in the client device is greater than or equal to the sum of the first number of times of attack and the first error floating value and the client device does not receive the adjustment control instruction transmitted by the central processing device in the first unit time, the edge calculation module carried by the client device analyzes the website record recently visited by the user on the client device and sends and executes the corresponding adjustment control instruction.
10. The big data and edge computing based information security risk assessment system applying the big data and edge computing based information security risk assessment method according to any one of claims 1 to 9, comprising: a client data acquisition module, a central processing module and an edge calculation module,
the client data acquisition module is used for counting the number of times of attack in unit time, the time of attack each time and website records recently visited by a user on the equipment in client equipment through a network defense system, and uploading the counted information to central processing equipment;
the central processing module is used for summarizing information transmitted by each client in the central processing equipment, acquiring the average attacked times of each client equipment every unit time according to summarized data, recording the average attacked times as a first attacked time, screening the average attacked times of each client equipment every unit time and time corresponding to each attacked time according to the centralized trend and the corresponding times of the attacked time of each client, further judging whether the client has risks, and analyzing, adjusting and controlling according to corresponding website records;
and the edge calculation module is used for analyzing the website records recently visited by the user on the client device and executing a corresponding adjusting control instruction.
CN202110803140.2A 2021-07-15 2021-07-15 Information security risk assessment system and method based on big data and edge calculation Active CN113467314B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110803140.2A CN113467314B (en) 2021-07-15 2021-07-15 Information security risk assessment system and method based on big data and edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110803140.2A CN113467314B (en) 2021-07-15 2021-07-15 Information security risk assessment system and method based on big data and edge calculation

Publications (2)

Publication Number Publication Date
CN113467314A CN113467314A (en) 2021-10-01
CN113467314B true CN113467314B (en) 2022-04-26

Family

ID=77880511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110803140.2A Active CN113467314B (en) 2021-07-15 2021-07-15 Information security risk assessment system and method based on big data and edge calculation

Country Status (1)

Country Link
CN (1) CN113467314B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113935040B (en) * 2021-09-05 2023-08-01 深圳市蓝畅科技有限公司 Information security evaluation system and method based on big data mobile terminal
CN116155617B (en) * 2023-04-04 2023-07-18 天津市职业大学 Webpage operation safety management monitoring system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103841051A (en) * 2012-11-27 2014-06-04 国基电子(上海)有限公司 Service request control system and method
CN105187359A (en) * 2014-06-17 2015-12-23 阿里巴巴集团控股有限公司 Method and device for detecting attack client
CN107888484A (en) * 2017-11-29 2018-04-06 北京明朝万达科技股份有限公司 A kind of email processing method and system
CN110071941A (en) * 2019-05-08 2019-07-30 北京奇艺世纪科技有限公司 A kind of network attack detecting method, equipment, storage medium and computer equipment
CN110866246A (en) * 2018-12-28 2020-03-06 北京安天网络安全技术有限公司 Malicious code attack detection method and device and electronic equipment
CN112311810A (en) * 2020-11-13 2021-02-02 国网冀北电力有限公司张家口供电公司 Network dynamic defense method for dynamically adapting to attack
CN112351042A (en) * 2020-11-16 2021-02-09 百度在线网络技术(北京)有限公司 Attack flow calculation method and device, electronic equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753862A (en) * 2013-12-27 2015-07-01 华为技术有限公司 Method and device for improving network security
US9392019B2 (en) * 2014-07-28 2016-07-12 Lenovo Enterprise (Singapore) Pte. Ltd. Managing cyber attacks through change of network address
JP6528448B2 (en) * 2015-02-19 2019-06-12 富士通株式会社 Network attack monitoring device, network attack monitoring method, and program

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103841051A (en) * 2012-11-27 2014-06-04 国基电子(上海)有限公司 Service request control system and method
CN105187359A (en) * 2014-06-17 2015-12-23 阿里巴巴集团控股有限公司 Method and device for detecting attack client
CN107888484A (en) * 2017-11-29 2018-04-06 北京明朝万达科技股份有限公司 A kind of email processing method and system
CN110866246A (en) * 2018-12-28 2020-03-06 北京安天网络安全技术有限公司 Malicious code attack detection method and device and electronic equipment
CN110071941A (en) * 2019-05-08 2019-07-30 北京奇艺世纪科技有限公司 A kind of network attack detecting method, equipment, storage medium and computer equipment
CN112311810A (en) * 2020-11-13 2021-02-02 国网冀北电力有限公司张家口供电公司 Network dynamic defense method for dynamically adapting to attack
CN112351042A (en) * 2020-11-16 2021-02-09 百度在线网络技术(北京)有限公司 Attack flow calculation method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向工业物联网数据安全保障的低延时数据存储分配方案研究;姚博文;《中国优秀硕士学位论文全文数据库(电子期刊)》;20200215;全文 *

Also Published As

Publication number Publication date
CN113467314A (en) 2021-10-01

Similar Documents

Publication Publication Date Title
Tian et al. Automated prediction of bug report priority using multi-factor analysis
CN113467314B (en) Information security risk assessment system and method based on big data and edge calculation
US7321892B2 (en) Identifying alternative spellings of search strings by analyzing self-corrective searching behaviors of users
US20060074621A1 (en) Apparatus and method for prioritized grouping of data representing events
CN103761173A (en) Log based computer system fault diagnosis method and device
EP2815335A1 (en) Method of machine learning classes of search queries
CN111127105A (en) User hierarchical model construction method and system, and operation analysis method and system
US10467255B2 (en) Methods and systems for analyzing reading logs and documents thereof
CN115577152B (en) Online book borrowing management system based on data analysis
US20220222268A1 (en) Recommendation system for data assets in federation business data lake environments
WO2013167908A1 (en) Method of operating a server apparatus for delivering website content, server apparatus and device in communication with server apparatus
CN103605746A (en) Method, device and system for acquiring quality of visitors
CN116860311A (en) Script analysis method, script analysis device, computer equipment and storage medium
CN113961811B (en) Event map-based conversation recommendation method, device, equipment and medium
CN114595216A (en) Data verification method and device, storage medium and electronic equipment
US20110258187A1 (en) Relevance-Based Open Source Intelligence (OSINT) Collection
CN113626387A (en) Task data export method and device, electronic equipment and storage medium
Soonthornsutee et al. Web log mining for improvement of caching performance
CN110633430A (en) Event discovery method, device, equipment and computer readable storage medium
US20220366072A1 (en) Search engine using causal replacement of search results for unprivileged access rights
CN113407859B (en) Resource recommendation method and device, electronic equipment and storage medium
KR101096285B1 (en) Method and system for identifying related search terms in the internet search system
CN110020234B (en) Method and device for determining broadband network access point information
CN113612765B (en) Website detection method and device, computer equipment and storage medium
CN114330582A (en) Image application method and device for application program interface, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant