CN113641998A - Network information security management system and management method thereof - Google Patents

Network information security management system and management method thereof Download PDF

Info

Publication number
CN113641998A
CN113641998A CN202110937254.6A CN202110937254A CN113641998A CN 113641998 A CN113641998 A CN 113641998A CN 202110937254 A CN202110937254 A CN 202110937254A CN 113641998 A CN113641998 A CN 113641998A
Authority
CN
China
Prior art keywords
module
network
data
monitoring
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110937254.6A
Other languages
Chinese (zh)
Inventor
王辉
张明元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heilongjiang Wangyuxingyun Information Technology Co ltd
Original Assignee
Heilongjiang Wangyuxingyun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heilongjiang Wangyuxingyun Information Technology Co ltd filed Critical Heilongjiang Wangyuxingyun Information Technology Co ltd
Priority to CN202110937254.6A priority Critical patent/CN113641998A/en
Publication of CN113641998A publication Critical patent/CN113641998A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a network information safety management system and a management method thereof, and the system comprises a central processing unit, a monitoring module, an abnormal data acquisition module, a data information processing module, a feedback module, a power supply module and a display module, wherein the data information processing module is connected with the feedback module, the power supply module is electrically connected with the central processing unit, the monitoring module is used for monitoring network information, and the abnormal data acquisition module acquires and acquires abnormal data monitored by the monitoring module. According to the invention, by arranging the plurality of database modules, the risk assessment module can compare and assess the acquired abnormal data in the corresponding database, and select a proper repair scheme in the corresponding database according to the assessment result, so that the network vulnerability can be maintained quickly, and by arranging the early warning module, the risk which is not assessed can be alarmed in time, so that the network safety can be effectively improved.

Description

Network information security management system and management method thereof
Technical Field
The invention relates to the technical field related to network information security, in particular to a network information security management system and a network information security management method.
Background
With the rapid development of network technology, information transmission by using a network has become more and more common, and the form of information transmitted through the network is more and more diverse and wide, in the process of information transmission through the network, there is a problem that it is not avoidable, which is a security problem of information, and due to the inherent characteristics of network technology, there is a risk that information transmitted on the network is stolen by lawless persons.
When monitoring the network environment, some existing network information security management systems have a narrow monitoring range and are prone to monitoring bugs, so that lawless persons can easily steal important information.
Disclosure of Invention
The present invention is directed to a network information security management system and a management method thereof, so as to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a network information safety management system and a management method thereof comprise a central processing unit, a monitoring module, an abnormal data acquisition module, a data information processing module, a feedback module, a power supply module and a display module, wherein the data information processing module is connected with the feedback module, the power supply module is electrically connected with the central processing unit, the monitoring module is used for monitoring network information, the abnormal data acquisition module is used for acquiring and acquiring abnormal data monitored by the monitoring module, the data information processing module is used for processing the monitored information data, the monitoring module, the abnormal data acquisition module, the data processing module, the feedback module and the display module are all connected with the central processing unit, the system also comprises a database module, a risk assessment module, an automatic repair module and an alarm module, the database module is used for storing various data information, the risk assessment module assesses the monitored risk data, and the database module, the risk assessment module, the automatic repair module and the alarm module are all connected with the central processing unit.
As further preferable in the present technical solution: the monitoring module comprises a network monitoring module, a software monitoring module and a file scanning monitoring module; the network monitoring module can monitor data uploaded or downloaded by a network; the software monitoring module monitors software running by relying on a network; the file scanning and monitoring module monitors files transmitted by relying on a network.
As further preferable in the present technical solution: the data information processing module comprises a data information sorting module, a data information comparison module and a data information judgment module; the data information sorting module is used for sorting the data information collected by the abnormal data collecting module; the data information comparison module is used for comparing the data which is arranged by the data information arrangement module with the data in the database; and the data information judging module judges according to the comparison result of the data information comparing module to judge the virus information.
As further preferable in the present technical solution: and the risk evaluation module is used for carrying out risk evaluation on the virus information processed by the data information processing module and storing the evaluated result into a corresponding database.
As further preferable in the present technical solution: the database module comprises a virus Trojan database, a security strategy database and a risk assessment database; the virus Trojan database is used for storing different Trojan virus data; the safety strategy database stores corresponding measures aiming at different Trojan horse virus data; the risk assessment database stores the level of risk assessment, as well as historical risk assessment data information.
As further preferable in the present technical solution: the feedback module is used for feeding back the result processed by the data information processing module to the central processing unit, and the automatic repairing module is used for repairing the discovered network security loophole.
As further preferable in the present technical solution: the power module comprises a battery, an external power plug, a power switch and a starting switch, and the power module is used for supplying power to the central processing unit.
As further preferable in the present technical solution: the display module comprises a display screen, the display module is used for displaying abnormal data information and processing results, and the alarm module is used for carrying out early warning work on the abnormal data which are not distinguished and displaying alarm information on the display screen.
A management method of a network information security management system comprises the following steps:
step 1: starting a monitoring module, and carrying out real-time monitoring by using a network monitoring module, a software monitoring module and a file scanning monitoring module on the monitoring module; the network monitoring module can be used for monitoring data uploaded or downloaded by a network; monitoring software running by a network by using a software monitoring module; meanwhile, a file scanning monitoring module is used for monitoring files transmitted by a supported network;
step 2: in the monitoring process, an abnormal data acquisition module is used for acquiring the monitored abnormal data information and transmitting the acquired abnormal data information to a data information processing module for processing;
and step 3: the data information sorting module is used for sorting the data information collected by the abnormal data collecting module; the data information comparison module is used for comparing the data which are arranged by the data information arrangement module with the data in the virus Trojan horse database; finally, judging by using a data information judgment module according to the comparison result of the data information comparison module to determine virus information; feeding back the processing result to the central processing unit through a feedback module;
and 4, step 4: the central processing unit starts a risk evaluation module according to the processing result of the data information processing module, carries out risk evaluation processing on the abnormal data, and starts an automatic repair module to repair after determining the risk grade;
and 5: and the automatic repairing module is fixedly arranged in the security policy database for comparison according to the processing, and selects a proper security policy to repair the network vulnerability.
As further preferable in the present technical solution: in the step 4, if the risk level cannot be determined in the risk assessment processing process, an alarm module is started to perform risk early warning work, and alarm information is directly displayed on a display screen to remind background workers.
The invention provides a network information security management system and a management method thereof, which have the following beneficial effects:
(1) according to the invention, by arranging the plurality of database modules, the risk assessment module can compare and assess the acquired abnormal data in the corresponding database, and select a proper repair scheme in the corresponding database according to the assessment result, so that the network vulnerability can be maintained quickly, and by arranging the early warning module, the risk which is not assessed can be warned in time, the warning of background workers can be reminded, the network vulnerability can be repaired in time, and the safety of the network can be effectively improved.
(2) According to the invention, by arranging the monitoring module, and enabling the monitoring module to be composed of the network monitoring module, the software monitoring module and the file scanning monitoring module, the network can be monitored in all aspects, and by arranging the automatic repairing module, after the risk of the acquired abnormal information is evaluated, a proper processing scheme can be selected in the database in time, and the network loophole is automatically repaired through the automatic repairing module, so that the network safety is ensured.
Drawings
FIG. 1 is a block diagram of the system architecture of the present invention;
FIG. 2 is a block diagram of a monitoring module according to the present invention;
FIG. 3 is a block diagram of the database module structure of the present invention;
fig. 4 is a block diagram of a data information processing module according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
as shown in fig. 1 to 4, the present invention provides a technical solution: a network information safety management system comprises a central processing unit, a monitoring module, an abnormal data acquisition module, a data information processing module, a feedback module, a power supply module and a display module, wherein the data information processing module is connected with the feedback module, the power supply module is electrically connected with the central processing unit, the monitoring module is used for monitoring network information, the abnormal data acquisition module acquires and acquires abnormal data monitored by the monitoring module, the data information processing module processes the monitored information data, the monitoring module, the abnormal data acquisition module, the data processing module, the feedback module and the display module are all connected with the central processing unit, the system also comprises a database module, a risk assessment module, an automatic repair module and an alarm module, the database module is used for storing various data information, and the risk assessment module assesses the monitored risk data, the database module, the risk assessment module, the automatic repair module and the alarm module are all connected with the central processing unit.
In this embodiment, specifically: the monitoring module comprises a network monitoring module, a software monitoring module and a file scanning monitoring module; the network monitoring module can monitor data uploaded or downloaded by a network; the software monitoring module monitors software running by relying on a network; the file scanning and monitoring module monitors files transmitted by relying on a network.
In this embodiment, specifically: the data information processing module comprises a data information sorting module, a data information comparison module and a data information judgment module; the data information sorting module is used for sorting the data information collected by the abnormal data collecting module; the data information comparison module is used for comparing the data which is arranged by the data information arrangement module with the data in the database; and the data information judging module judges according to the comparison result of the data information comparing module to judge the virus information.
In this embodiment, specifically: and the risk evaluation module is used for carrying out risk evaluation on the virus information processed by the data information processing module and storing the evaluated result into a corresponding database.
In this embodiment, specifically: the database module comprises a virus Trojan database, a security strategy database and a risk assessment database; the virus Trojan database is used for storing different Trojan virus data; the safety strategy database stores corresponding measures aiming at different Trojan horse virus data; the risk assessment database stores the level of risk assessment, as well as historical risk assessment data information.
In this embodiment, specifically: the feedback module is used for feeding back the result processed by the data information processing module to the central processing unit, and the automatic repairing module is used for repairing the discovered network security loophole.
In this embodiment, specifically: the power module comprises a battery, an external power plug, a power switch and a starting switch, and the power module is used for supplying power to the central processing unit.
In this embodiment, specifically: the display module comprises a display screen, the display module is used for displaying abnormal data information and processing results, and the alarm module is used for carrying out early warning work on the abnormal data which are not distinguished and displaying alarm information on the display screen.
When the network information safety management system works, a monitoring module is used for monitoring data uploaded or downloaded by a network, software running by relying on the network and files transmitted by relying on the network, an abnormal data acquisition module is used for acquiring abnormal data occurring in the monitoring process, the acquired abnormal data is processed by a data information processing module, the processed result is fed back to a central processing unit, a risk evaluation module is used for carrying out risk evaluation processing on the abnormal data, an automatic repair module is started for repairing after the risk grade is determined, and if the risk grade cannot be determined in the risk evaluation processing process, an alarm module is started for carrying out risk early warning work, alarm information is directly displayed on a display screen, and background workers are reminded.
Example 2:
a management method of a network information security management system comprises the following steps:
step 1: starting a monitoring module, and carrying out real-time monitoring by using a network monitoring module, a software monitoring module and a file scanning monitoring module on the monitoring module; the network monitoring module can be used for monitoring data uploaded or downloaded by a network; monitoring software running by a network by using a software monitoring module; meanwhile, a file scanning monitoring module is used for monitoring files transmitted by a supported network;
step 2: in the monitoring process, an abnormal data acquisition module is used for acquiring the monitored abnormal data information and transmitting the acquired abnormal data information to a data information processing module for processing;
and step 3: the data information sorting module is used for sorting the data information collected by the abnormal data collecting module; the data information comparison module is used for comparing the data which are arranged by the data information arrangement module with the data in the virus Trojan horse database; finally, judging by using a data information judgment module according to the comparison result of the data information comparison module to determine virus information; feeding back the processing result to the central processing unit through a feedback module;
and 4, step 4: the central processing unit starts a risk evaluation module according to the processing result of the data information processing module, carries out risk evaluation processing on the abnormal data, and starts an automatic repair module to repair after determining the risk grade; if the risk level cannot be determined in the risk assessment processing process, an alarm module is started to carry out risk early warning work, and alarm information is directly displayed on a display screen to remind background workers.
And 5: and the automatic repairing module is fixedly arranged in the security policy database for comparison according to the processing, and selects a proper security policy to repair the network vulnerability.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A network information safety management system is characterized by comprising a central processing unit, a monitoring module, an abnormal data acquisition module, a data information processing module, a feedback module, a power supply module and a display module, wherein the data information processing module is connected with the feedback module, the power supply module is electrically connected with the central processing unit, the monitoring module is used for monitoring network information, the abnormal data acquisition module is used for acquiring and acquiring abnormal data monitored by the monitoring module, the data information processing module is used for processing the monitored information data, the monitoring module, the abnormal data acquisition module, the data processing module, the feedback module and the display module are all connected with the central processing unit, the network information safety management system further comprises a database module, a risk assessment module, an automatic repair module and an alarm module, the database module is used for storing various data information, the risk assessment module assesses the monitored risk data, and the database module, the risk assessment module, the automatic repair module and the alarm module are all connected with the central processing unit.
2. The network information security management system according to claim 1, wherein: the monitoring module comprises a network monitoring module, a software monitoring module and a file scanning monitoring module;
the network monitoring module can monitor data uploaded or downloaded by a network;
the software monitoring module monitors software running by relying on a network;
the file scanning and monitoring module monitors files transmitted by relying on a network.
3. The network information security management system according to claim 1, wherein: the data information processing module comprises a data information sorting module, a data information comparison module and a data information judgment module;
the data information sorting module is used for sorting the data information collected by the abnormal data collecting module;
the data information comparison module is used for comparing the data which is arranged by the data information arrangement module with the data in the database;
and the data information judging module judges according to the comparison result of the data information comparing module to judge the virus information.
4. The network information security management system according to claim 1, wherein: and the risk evaluation module is used for carrying out risk evaluation on the virus information processed by the data information processing module and storing the evaluated result into a corresponding database.
5. The network information security management system according to claim 1, wherein: the database module comprises a virus Trojan database, a security strategy database and a risk assessment database;
the virus Trojan database is used for storing different Trojan virus data;
the safety strategy database stores corresponding measures aiming at different Trojan horse virus data;
the risk assessment database stores the level of risk assessment, as well as historical risk assessment data information.
6. The network information security management system according to claim 1, wherein: the feedback module is used for feeding back the result processed by the data information processing module to the central processing unit, and the automatic repairing module is used for repairing the discovered network security loophole.
7. The network information security management system according to claim 1, wherein: the power module comprises a battery, an external power plug, a power switch and a starting switch, and the power module is used for supplying power to the central processing unit.
8. The network information security management system according to claim 1, wherein: the display module comprises a display screen, the display module is used for displaying abnormal data information and processing results, and the alarm module is used for carrying out early warning work on the abnormal data which are not distinguished and displaying alarm information on the display screen.
9. A management method of a network information security management system according to any one of claims 1 to 8, characterized by comprising the steps of:
step 1: starting a monitoring module, and carrying out real-time monitoring by using a network monitoring module, a software monitoring module and a file scanning monitoring module on the monitoring module; the network monitoring module can be used for monitoring data uploaded or downloaded by a network; monitoring software running by a network by using a software monitoring module; meanwhile, a file scanning monitoring module is used for monitoring files transmitted by a supported network;
step 2: in the monitoring process, an abnormal data acquisition module is used for acquiring the monitored abnormal data information and transmitting the acquired abnormal data information to a data information processing module for processing;
and step 3: the data information sorting module is used for sorting the data information collected by the abnormal data collecting module; the data information comparison module is used for comparing the data which are arranged by the data information arrangement module with the data in the virus Trojan horse database; finally, judging by using a data information judgment module according to the comparison result of the data information comparison module to determine virus information; feeding back the processing result to the central processing unit through a feedback module;
and 4, step 4: the central processing unit starts a risk evaluation module according to the processing result of the data information processing module, carries out risk evaluation processing on the abnormal data, and starts an automatic repair module to repair after determining the risk grade;
and 5: and the automatic repairing module is fixedly arranged in the security policy database for comparison according to the processing, and selects a proper security policy to repair the network vulnerability.
10. The management method of the network information security management system according to claim 9, wherein: in the step 4, if the risk level cannot be determined in the risk assessment processing process, an alarm module is started to perform risk early warning work, and alarm information is directly displayed on a display screen to remind background workers.
CN202110937254.6A 2021-08-16 2021-08-16 Network information security management system and management method thereof Withdrawn CN113641998A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110937254.6A CN113641998A (en) 2021-08-16 2021-08-16 Network information security management system and management method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110937254.6A CN113641998A (en) 2021-08-16 2021-08-16 Network information security management system and management method thereof

Publications (1)

Publication Number Publication Date
CN113641998A true CN113641998A (en) 2021-11-12

Family

ID=78421997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110937254.6A Withdrawn CN113641998A (en) 2021-08-16 2021-08-16 Network information security management system and management method thereof

Country Status (1)

Country Link
CN (1) CN113641998A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117390017A (en) * 2023-09-27 2024-01-12 国网湖北省电力有限公司黄冈供电公司 Big data information security system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117390017A (en) * 2023-09-27 2024-01-12 国网湖北省电力有限公司黄冈供电公司 Big data information security system
CN117390017B (en) * 2023-09-27 2024-05-24 国网湖北省电力有限公司黄冈供电公司 Big data information security system

Similar Documents

Publication Publication Date Title
CN105867351B (en) Vehicle trouble code acquires the method and device with historical data analysis diagnosis in real time
CN103763127B (en) A kind of equipment state alarm monitoring method and system
CN111932077A (en) TPM (trusted platform Module) whole-person production maintenance platform and method based on Internet of things
CN111159715B (en) Industrial control safety audit system and method based on artificial intelligence
CN108880845A (en) A kind of method and relevant apparatus of information alert
CN114566028B (en) Electric vehicle charging risk monitoring method, device and storage medium
CN111865680A (en) Factory production and processing equipment fault early warning system
CN102937802A (en) System and method for monitoring operating state of device
CN113641998A (en) Network information security management system and management method thereof
CN110456779A (en) A kind of DCS system exception monitoring apparatus
CN111341063A (en) Intelligent control system, method and device for safety early warning and monitoring of electric equipment and terminal equipment
CN115648943A (en) Method and system for diagnosing insulation fault, storage medium and electronic device
CN111030085A (en) Electric power safety multi-engine checking and killing mechanism
CN114331055A (en) Enterprise safety production risk early warning method, device, equipment and storage medium
CN117410597A (en) Intelligent potential safety hazard monitoring and processing method and system applied to energy storage power supply
CN115225534A (en) Method for monitoring running state of monitoring server
CN115220405A (en) Equipment safety point inspection system and equipment safety point inspection method
CN113704066A (en) Machine room equipment monitoring and management method, storage medium and system
CN111624910B (en) Battery storage monitoring device and method and storage medium
CN211785777U (en) Equipment machine maintenance system
CN113110390A (en) Vehicle fault identification method and device, electronic equipment and storage medium
CN112862120A (en) Power maintenance and repair supervision system and method
CN109648217A (en) A kind of marking machine remote monitoring system and method
CN112085230B (en) Method and device for power interruption and transmission of contact network equipment, storage medium and electronic device
CN113077061B (en) Equipment predictive maintenance system based on production data mining

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20211112

WW01 Invention patent application withdrawn after publication