CN113839929A - Information security improving method and device, electronic equipment and storage medium - Google Patents

Information security improving method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113839929A
CN113839929A CN202111038498.7A CN202111038498A CN113839929A CN 113839929 A CN113839929 A CN 113839929A CN 202111038498 A CN202111038498 A CN 202111038498A CN 113839929 A CN113839929 A CN 113839929A
Authority
CN
China
Prior art keywords
safety
security
terminal equipment
data packet
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111038498.7A
Other languages
Chinese (zh)
Other versions
CN113839929B (en
Inventor
罗科峰
袁浩扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen TCL New Technology Co Ltd
Original Assignee
Shenzhen TCL New Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen TCL New Technology Co Ltd filed Critical Shenzhen TCL New Technology Co Ltd
Priority to CN202111038498.7A priority Critical patent/CN113839929B/en
Publication of CN113839929A publication Critical patent/CN113839929A/en
Application granted granted Critical
Publication of CN113839929B publication Critical patent/CN113839929B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses an information security improving method, an information security improving device, electronic equipment and a storage medium, and the method comprises the following steps: acquiring a data packet sent by a terminal device to be tested; determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to the security criterion to obtain a security detection result; according to the safety detection result, safety debugging is carried out on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected; the method comprises the steps of carrying out safety detection on a data packet sent by the terminal equipment through safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, detecting the safety of information transmission when the terminal equipment sends data to obtain a safety detection result, and carrying out safety debugging on the terminal equipment to be detected according to the safety detection result so as to achieve the effect of improving the information transmission safety of the terminal equipment.

Description

Information security improving method and device, electronic equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to an information security improving method and device, electronic equipment and a storage medium.
Background
With the development of computer technology, the types and the number of terminal devices are increasing, and with the diversification of hardware, the types of hardware that can be mounted on a terminal device are increasing, and the data processing capabilities and the modes corresponding to each type of hardware are different.
Meanwhile, with the increase of the types and the number of the terminal devices and the user data, the data security problem becomes the focus of the attention of the user, wherein the data transmission is used as an important node of a data protection life cycle to determine whether the information transmission of the terminal device is safe or not, the security and the compliance of the information transmission are particularly important, and at present, the security of the information transmission still needs to be improved.
Disclosure of Invention
The embodiment of the application provides an information security improving method and device, an electronic device and a storage medium, and the information transmission security is improved, so that the information security is improved.
The embodiment of the application provides an information security improving method, which comprises the following steps:
acquiring a data packet sent by a terminal device to be tested;
determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area;
carrying out security detection on the data packet according to the security criterion to obtain a security detection result;
and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
Correspondingly, this application embodiment still provides an information security hoisting device, includes:
the acquisition module is used for acquiring a data packet sent by the terminal equipment to be tested;
the determining module is used for determining the area to which the terminal equipment to be tested belongs and determining the safety criterion required to be met by the terminal equipment to be tested according to the area;
the detection module is used for carrying out safety detection on the data packet according to the safety criterion to obtain a safety detection result;
and the lifting module is used for carrying out safety debugging on the terminal equipment to be detected according to the safety detection result so as to improve the safety of information transmission of the terminal equipment to be detected.
Optionally, in some embodiments of the present invention, the safety criterion includes a safety baseline, and the detection module includes:
the analysis unit is used for analyzing the data packet and determining the message type of the message corresponding to the data packet;
a first determining unit, configured to determine, according to the packet, an actual cipher suite name for transmitting the data packet when the packet type is a service greeting;
and the first detection unit is used for matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria includes a personal cross-border access rule, and the detection module further includes:
a first extraction unit, configured to extract personal information of a user from the data packet when the transmission of the data packet includes cross-border transmission;
a second determining unit, configured to determine, when the personal information exists, an actual area to which the user belongs according to the personal information;
the device comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a mapping relation set, the mapping relation set comprises legal access relations of a preset current area and a preset target area, and the current area and the target area are different areas;
and the second detection unit is used for determining at least one target area which can be legally accessed by the actual area according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
Optionally, in some embodiments of the invention, the security criteria include a replay attack vulnerability index criterion, and the detection module includes:
a second obtaining unit, configured to obtain data transmission link information between the terminal device to be detected and a target terminal device after the data packet is sent to the target terminal device by the terminal device to be detected;
the sending unit is used for sending the data packet to the target terminal equipment again by the terminal equipment to be tested according to the data transmission link information;
a receiving unit, configured to receive response information of the target terminal device for the data packet;
a third determining unit, configured to determine, according to the response information, an actual replay attack vulnerability index corresponding to a data transmission link corresponding to the data transmission link information;
and the third detection unit is used for matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria include a traffic security type standard, and the detection module includes:
the second extraction unit is used for extracting the characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
the prediction unit is used for predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and the fourth determining unit is used for determining the target traffic type corresponding to the encrypted traffic according to the probability.
And the fourth detection unit is used for matching the target traffic type with the traffic safety type standard so as to determine whether the target traffic type meets the requirement of the traffic safety type standard.
Optionally, in some embodiments of the present invention, before the lifting module, the method further includes:
a third extraction unit, configured to extract, from the security detection result, a detection item name of at least one detection item corresponding to the security detection;
a fifth determining unit, configured to determine, according to the name of the detection item, a scoring weight corresponding to each detection item;
a sixth determining unit, configured to determine, according to the scoring weight and the security detection result, a security score to be deducted for each detection item to be deducted;
the generating unit is used for generating a safety detection report of the safety detection according to the detection item name and the safety score to be deducted;
the lifting module comprises:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
Optionally, in some embodiments of the invention, the lifting module includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal equipment transmitting information at different time;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend so that the safety of the transmission information of the terminal equipment after safety debugging can be improved.
According to the method and the device, the data packet sent by the terminal equipment is subjected to safety detection through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved.
Drawings
In order to more clearly illustrate the technical solutions in the present application, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a scene schematic diagram of an information security enhancing method provided in an embodiment of the present application;
fig. 2 is a schematic flow chart of an information security enhancing method according to an embodiment of the present application;
fig. 3 is another schematic flow chart of an information security enhancing method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an information security enhancing apparatus provided in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present application.
Detailed Description
The technical solutions in the present application will be described clearly and completely with reference to the accompanying drawings in the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the application provides an information security improving method and device, electronic equipment and a storage medium. Specifically, the embodiment of the application provides an information security improving apparatus suitable for an electronic device, where the electronic device may be a terminal or a server. The terminal can be a television, a computer, a notebook, a mobile phone, and the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the server may be directly or indirectly connected through wired or wireless communication.
For example, please refer to fig. 1, in the embodiment of the present application, a terminal and a server jointly execute an information security enhancing method as an example, wherein other devices may be added on the basis of the terminal and the server to assist in completing the information security enhancing method, and the types of the other devices are not limited herein; the terminal and the server are connected through a network, for example, a wired or wireless network connection, and the specific implementation process is as follows:
the method comprises the steps that the terminal equipment 10 sends data to the terminal equipment 11, wherein in the data sending process, the server 12 obtains a data packet corresponding to the sent data through a bypass monitoring mechanism, then the server 12 obtains an area where the terminal equipment 10 is located, determines a safety criterion which the data packet sent by the terminal equipment 10 should meet according to the area where the data packet is located, carries out safety detection on the data packet according to the safety criterion, obtains a safety detection result of the data packet sent by the terminal equipment 10, and finally carries out safety debugging on the terminal equipment 10 according to the safety detection result so as to improve the safety of information transmission of the terminal equipment 10.
The safety criteria include a safety baseline standard, a personal information protection method, and the like, where the areas where the terminal devices are located are different, and the safety criteria to be met are different, that is, the terminal devices need to meet the relevant requirements or standards (safety compliance requirements) of the corresponding areas. Therefore, before the terminal device is delivered, it is necessary to determine whether the information transmission of the terminal device meets the safety criterion of the corresponding target area, and if not, the terminal device needs to be debugged safely to ensure the safety of data.
In this embodiment of the present application, the bypass monitoring mechanism includes a network data detection service (agent), where the network data detection service captures all data packets sent by the terminal device, so that the data packets sent by the terminal device can be captured.
According to the method and the device, the data packet sent by the terminal equipment is subjected to safety detection through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the purpose of improving the information safety is finally achieved.
The embodiment of the application provides an information security improving method, which specifically comprises the following steps:
acquiring a data packet sent by a terminal device to be tested;
in the embodiment of the application, the sent data packet can be acquired through the network data detection service, and whether the security of data transmission of the terminal equipment meets the requirement or not is determined through analysis and detection of the data packet.
Determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area;
in different areas, the security criteria for data transmission by the terminal device are different, and therefore, the information transmission security of the terminal device needs to be detected according to the security criteria corresponding to the different areas. For example, if the terminal device needs to be delivered to foreign countries, the corresponding security criteria requirements of the foreign countries need to be met.
Carrying out security detection on the data packet according to the security criterion to obtain a security detection result;
in the embodiment of the application, the security detection includes a plurality of detection items, and whether the terminal device meets the requirement of information transmission security can be comprehensively determined through the security detection on the plurality of detection items, wherein the security detection result includes detection result data of the plurality of detection items.
And according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
According to the method and the device, the data packet sent by the terminal equipment is subjected to safety detection through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the effect of improving the safety of information is achieved.
The following are detailed below. It should be noted that the description sequence of the following embodiments is not intended to limit the priority sequence of the embodiments.
Referring to fig. 2, fig. 2 is a schematic flow chart of an information security enhancing method according to an embodiment of the present disclosure. The specific process of the information security improving method can be as follows:
101. and acquiring a data packet sent by the terminal equipment to be tested.
The data packet sent by the terminal device contains transmission information of the terminal device transmission data, the standard complied with in the terminal device information transmission process can be obtained through analyzing the data packet, and whether the terminal device information transmission is safe or not can be determined through verifying the standard.
In this embodiment of the present application, a network data detection service (agent) may be used to obtain a data packet sent by a terminal device, for example, a capture handle (such as a pcap code) for a data interface (eth0 or wlan, etc.) of the terminal device is created, meanwhile, a bypass monitoring mechanism is started, the data interface is monitored continuously in a loop, once a data packet passes through the data interface, a callback function bound in the capture handle is triggered, and relevant information of the data packet is returned according to the callback function, where the relevant information includes a protocol header, a byte stream of the data packet, and the like.
In the embodiment of the present application, when the network data detection service agent is used, it may further automatically detect whether version update is required or change of a detection object and a policy is required, for example, version and policy update is performed: and when updating or changing is needed, executing an updating process of upgrading, and performing corresponding detection service after upgrading.
102. And determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area.
In the embodiment of the application, the area expected to be used by the terminal device is the area to which the terminal device belongs, and the security criterion required to be met by the terminal device can be determined by determining the area to which the terminal device belongs. In the embodiment of the present application, the security criteria include a security baseline standard related to a region, a personal information protection law (personal cross-border access rule), a replay attack vulnerability index standard and a traffic security type standard corresponding to a data transmission link, and the like.
The method and the device have the advantages that the determination of the information transmission safety standard required to be met by the terminal equipment is realized through the determination of the region to which the terminal equipment belongs and the safety criterion required to be met, and the detection of the information transmission safety of the terminal equipment is convenient to realize.
103. And carrying out security detection on the data packet according to the security criterion to obtain a security detection result.
The security detection result of the data transmitted by the terminal equipment can be obtained by performing security detection on the data packet according to the security criterion corresponding to the region to which the terminal equipment belongs.
In the implementation of the present application, a data packet needs to undergo three-way handshaking, data Transmission, four-way waving and other steps when a complete Transmission Control Protocol (tcp) Transmission is performed, so that a plurality of data packets (tcp data packets) will be generated in a session based on the tcp, and the data packets are scattered on different timestamps of a Transmission process, and therefore, the data packets belonging to the same session need to be reassembled to obtain the complete data packet.
Therefore, in the embodiment of the present application, before performing security detection on a data packet, preprocessing (data packet reassembly) is further included, where in the embodiment of the present application, a flow of reassembly of the data packet is as follows:
determining a data packet with the same network protocol address (local ip) and port number (local port) of the terminal equipment to be tested, and the same transmission control protocol, network protocol address (remote ip) and port number (remote port) of the opposite terminal equipment;
and according to the start mark and the end mark of the complete session, recombining the continuous data packets.
In the embodiment of the present application, the data packet may have abnormal situations such as packet loss and disorder, so a time threshold (for example, two minutes) may be set, and after the time threshold is reached, the default session is ended, and the reassembly of the data packet is ended.
In this embodiment of the present application, a combination of encryption algorithms during data transmission of a terminal device may be detected, and whether the combination of encryption algorithms meets a corresponding security criterion is detected, that is, optionally, in some embodiments, the security criterion includes a security baseline, and the step "performing security detection on the data packet according to the security criterion" includes:
analyzing the data packet, and determining the message type of the message corresponding to the data packet;
when the message type is a service greeting, determining the actual password suite name for transmitting the data packet according to the message;
and matching the actual password suite name with the security baseline, and determining whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
In the embodiment of the present application, the security baseline includes a list of securely available combinations of encryption algorithms, where the list of combinations of encryption algorithms makes available combinations of encryption algorithms that satisfy security requirements.
In the embodiment of the present application, the cipher suite is a concept of a hypertext Transfer Protocol over secure Layer (HTTPS), the http secure Layer ensures security through authentication and encryption transmission, and the cipher suite defines an algorithm combination used for authentication and encryption in the transmission process, and is negotiated by two communication parties in a handshake phase. The industry defines the security of the http secure protocol cipher suite, and http secure protocol communication using an unsecured cipher suite (combination of encryption algorithms) is unsecured.
In the embodiment of the application, whether the actual password suite belongs to one encryption algorithm combination in the security baseline or not is determined by acquiring the actual password suite (actual encryption algorithm combination) when the terminal device transmits data and comparing and matching the actual password suite with the security baseline, so as to determine whether the terminal device transmits information according with the security criteria of the corresponding area or not. In the embodiment of the present application, when the actual password suite is not matched with the security baseline, the actual password suite is considered to belong to a weak password suite, where the security corresponding to the weak password suite is poor. In the embodiment of the present application, when the name of the cipher suite does not exist, that is, when the type of the packet does not belong to the service Hello, it is determined that the information transmission is not encrypted, that is, the plaintext transmission is performed.
In this embodiment of the present application, a service Hello (Server Hello) is one of message types, where the message type further includes a Client Hello (Client Hello), and the like, where in this embodiment of the present application, the type of the message may be determined by analyzing a field of the parsed message, and since a cipher suite exists in the message only when the message type is the Server Hello, it is necessary to first determine the type of the message, and then determine the cipher suite according to the type of the message.
In this embodiment of the present application, an obtaining process of a password suite when a terminal device transmits a data packet includes:
analyzing the data packet to obtain the message type of the message corresponding to the data packet;
when the message type is the Server Hello, obtaining a parameter value corresponding to a cipher suite field (such as the cipher suite field) in the message, searching a corresponding cipher suite storage table, and determining a cipher suite name (for example, the cipher suite name is: TLS _ ECDHE _ RSA _ WITH _ AES _128_ GCM _ SHA256) corresponding to the parameter value.
In this embodiment of the present application, the cipher suite field may be obtained by skipping a fixed-length part (e.g., the first 43 bytes of the message) and an indefinite-length part (session field) in the message, and then finding the cipher suite (cipher suite) field.
In this embodiment of the present application, a destination area of data packet transmission may be detected to determine whether the destination area meets a requirement of cross-border transmission of a terminal device, that is, optionally, in some embodiments, a security criterion includes a personal cross-border access rule, and the step "performing security detection on the data packet according to the security criterion" includes:
extracting personal information of a user from the data packet when the transmission of the data packet comprises cross-border transmission;
when the personal information exists, determining an actual area to which the user belongs according to the personal information;
acquiring a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current area and a preset target area, and the current area and the target area are different areas;
and determining at least one target area which can be legally accessed by the actual area according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
The target area (the area list where the opposite terminal device is located) where the terminal device can legally transmit information is obtained, so that whether the area where the opposite terminal device is located meets the requirement or not can be determined when the terminal device to be tested is in the cross-border transmission, and whether the terminal device transmits information is determined accordingly. In the embodiment of the application, when cross-border transmission of the data packet is illegal, the terminal device is considered to have violation cross-border during information transmission. Wherein, the area to which the terminal device belongs is determined according to the attribution of the network protocol address (ip).
In this embodiment of the present application, the mapping relationship set may be stored in a form of a data table, or may also be stored in a form of a directed graph, for example, the validity of data transmission from each region to other regions is shown in the directed graph, where whether the validity is valid or not may be identified according to a corresponding digital interval (weight), for example, when the weight between two regions is "1", it represents that cross-border circulation of personal data between the two regions is valid; when the weight value between the two regions is from 1 to 1000 or no weight value, the cross-border circulation of personal data between the two regions is illegal; when the weight between two regions is equal to 1000, it represents that the cross-border circulation of personal data between two regions can adopt a specific mechanism for legal transmission (such as SCC, LIA, etc.).
In this embodiment of the present application, it may be detected whether the terminal device information transmission link is vulnerable to a replay attack, to determine whether the terminal device information transmission link is vulnerable to a replay attack, that is, optionally, in some embodiments, the security criterion includes a replay attack vulnerability index standard, and the step "perform security detection on the data packet according to the security criterion" includes:
after the data packet is sent to a target terminal device by the terminal device to be tested, acquiring data transmission link information between the terminal device to be tested and the target terminal device;
sending the data packet to the target terminal equipment by the terminal equipment to be tested again according to the data transmission link information;
receiving response information of the target terminal equipment for the data packet;
determining an actual replay attack susceptibility index corresponding to the data transmission link information according to the response information;
and matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
In the embodiment of the present application, the data transmission link information includes a protocol address and port information of the terminal to be tested, and a protocol address and port information of the target terminal device. In this embodiment of the present application, the data transmission link information may be obtained according to parsing of the data packet.
The data transmission link which has sent the data packet is used for sending the data packet again to simulate replay attack to the data transmission link, so that whether the data transmission link is vulnerable to replay attack or not is detected, whether the transmission link is safe or not is detected, and safety detection of information transmitted by the terminal equipment is also realized. In the embodiment of the present application, when the data transmission link is vulnerable to replay attack, it is considered that the data transmission link has no authentication or weak authentication.
In the embodiment of the present application, whether the data transmission link is vulnerable to replay attack is determined according to the validity of the response information of the target terminal device (peer terminal device), for example, when the response information is valid, the data transmission link is considered to be vulnerable to replay attack, and otherwise, the data transmission link is not vulnerable to replay attack.
In the embodiment of the present application, whether the degree of vulnerability to replay attack is expressed according to the corresponding index, and when the index meets the replay attack vulnerability index standard, the degree of vulnerability to replay attack of the data transmission link is considered to meet the requirement of the security criterion of the corresponding region, otherwise, the requirement of the security criterion of the corresponding region is not met.
In the embodiment of the present application, the replay attack simulation mainly aims at network requests in a user mode, such as smart home control, order placement for online shopping, and other scenes related to personal information, and therefore, in the embodiment of the present application, the network data attack simulation is mainly adopted based on a data body in which personal data transmission is identified.
In this embodiment of the present application, whether a terminal device has malicious traffic to send may be detected to detect whether information sent by the terminal device includes malicious traffic data, that is, optionally, in some embodiments, a security criterion includes a traffic security type standard, and the step "perform security detection on the data packet according to the security criterion" includes:
extracting features of encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic feature information corresponding to the encrypted traffic;
predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and determining the target traffic type corresponding to the encrypted traffic according to the probability.
And matching the target traffic type with the traffic safety type standard to determine whether the target traffic type meets the requirements of the traffic safety type standard.
The method comprises the steps of obtaining the flow type of flow information in a data packet through the prediction of a preset flow classification model on flow characteristic information, and determining whether the data packet meets the requirement of the flow safety type standard in the transmission process according to the comparison of the flow type and the flow safety type standard so as to determine whether the terminal equipment has the safety problem of transmitting malicious flow when transmitting information.
In the embodiment of the application, the preset flow classification model is obtained by training the model according to training data, and the specific flow is as follows:
acquiring a training sample, and dividing the training sample into a training set and a verification set, wherein the training set and the verification set both comprise sample data marked with malicious traffic;
extracting characteristics of sample data in the training set, wherein the characteristics comprise the analysis of the signature, the transmission control protocol flow and the handshake characteristics of the sample, and extracting the characteristic vector of the sample data; obtaining a characteristic vector set;
training the classification model according to the feature vector set, and converging the training result according to the actual type of each sample data in the training set;
and optimizing the training result after the training convergence according to the sample set to obtain a preset flow classification model.
In the embodiment of the application, when the encrypted traffic is classified according to the preset traffic classification model, the feature data of the encrypted traffic, such as handshake information, signature, protocol and other information, is extracted from the encrypted traffic, so that the preset traffic classification model can determine whether the encrypted traffic is malicious traffic (i.e., a malicious data packet exists) according to the feature data of the encrypted traffic.
The method comprises the steps of predicting whether malicious data packets exist in encrypted flow or not through feature extraction of the encrypted flow in the data packets, so as to determine whether security exists in data transmission of the terminal equipment or not, and improve accuracy of security detection of data transmission of the terminal equipment.
104. And according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
The terminal equipment is safely debugged through the safety detection result of the data transmitted by the terminal equipment, so that the safety of information transmission can be improved by the terminal equipment after safety debugging, and the safety of information is improved.
In this embodiment of the present application, a plurality of historical security detection result data may be combined to determine a variation trend of security compliance corresponding to different terminal devices, and a debugging target of a current terminal device is determined according to the variation trend, that is, optionally, in some embodiments, the step "perform security debugging on the terminal device to be tested according to the security detection result" includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal equipment transmitting information at different time;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend so that the safety of the transmission information of the terminal equipment after safety debugging can be improved.
The safety compliance conditions corresponding to the same terminal device at different times are different, so that the safety compliance change trend of the terminal device needs to be determined by combining the time, wherein the safety compliance trends of different terminal devices (different corresponding parameters of the terminal device) at different times are determined through statistical analysis of a plurality of safety detection results, and the purpose of determining the debugging target of the current terminal device (namely the device parameter to be debugged in the terminal device) according to the safety compliance trend is realized, so that the debugged terminal device has higher safety in information transmission.
In the embodiment of the application, the model can be trained according to the security detection result and the historical security detection result to obtain the security situation awareness model, and the security situation awareness model is used for predicting the security compliance trend within a period of time in the future, wherein the training process of the security debugging awareness model includes: and collecting safety detection results and historical safety detection results, wherein the safety detection results also comprise terminal equipment information (such as test models, versions and applications for sending information, such as apps) corresponding to each safety detection result, classifying each safety detection result according to time, and training a model according to classified safety detection result data to obtain a safety situation perception model. The training data are classified according to time, so that the obtained security situation perception model can predict the security compliance situation in a period of time in the future.
In the embodiment of the application, the security situation awareness model obtained through the training may perceive network transmission security compliance trends of different models, versions and different applications (apps), and a contribution value (characteristic value) having a large influence on the security compliance state may be obtained from the security compliance trend.
In this embodiment of the present application, a weight analysis may be further performed on detection results of a plurality of detection items in the security detection results, a weight corresponding to each detection item is determined, and the terminal device is safely debugged according to a weight condition, that is, optionally, in some embodiments, before the step "safely debugged the terminal device to be tested according to the security detection result", the method further includes:
extracting the detection item name of at least one detection item corresponding to the safety detection from the safety detection result;
determining the scoring weight corresponding to each detection item according to the detection item name;
determining a to-be-deducted security score to be deducted of each detection item according to the scoring weight and the security detection result;
generating a safety detection report of the safety detection according to the detection item name and the safety score to be deducted;
according to the safety detection result, the safety debugging is carried out on the terminal equipment to be detected, and the method comprises the following steps:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
In the embodiment of the present application, the detection items include cross-border transmission detection, plaintext transmission detection, cipher suite detection, authentication detection, malicious traffic carrying detection, and the like, and the corresponding security detection results include violation cross-border and legal cross-border, plaintext transmission and encrypted transmission, weak cipher suite and strong cipher suite, no/weak authentication and presence/strong authentication, malicious traffic carrying and malicious traffic not carrying, and the like.
In the embodiment of the present application, the actual security score (i.e., the security detection report) of each detection item is obtained comprehensively by analyzing and determining the weight of each detection item and combining the detection result of each detection item, and then the device parameter (i.e., the corresponding detection item) that the terminal device needs to be safely debugged is determined according to the security score of each detection item, so that the device parameter that the terminal device preferentially debugged is the device parameter with a higher priority and a lower security score. The terminal equipment is debugged according to the safety detection report, so that the debugging of the terminal equipment is more targeted, for example, the targeted column specific item is rectified and changed or a unified solution is provided.
In the embodiment of the application, the safety compliance trend can be visually displayed, so that a user or a manager can conveniently acquire the safety compliance trend of the terminal equipment.
In this embodiment of the present application, after determining the detection item to be adjusted, the target application initiating information transmission may also be determined according to a manner of determining a process, so as to debug a corresponding application, where a specific process of obtaining a process name includes:
analyzing a data packet to obtain network connection information (a network connection, namely a data transmission link, can be determined according to the network connection information) corresponding to a data transmission link for transmitting the data packet, wherein the network connection information (also called quadruple information) comprises a network protocol address (source ip address) and a port number (source port number) of a terminal device to be detected, and a network protocol address (destination ip address) and a port number (destination port number) of a target terminal device;
determining a socket (inode) corresponding to network connection according to the data transmission link information;
and determining the process name of the process initiating the network connection according to the socket.
For example, in the embodiment of the present application, network connection information and sockets of a network (tcp/udp) connection in various states at the current time are recorded in a network transmission information file (e.g., a unix system/proc/net/tcp/net/udp file), and when each process performs socket connection, a socket file is created under a corresponding/proc/pid/fd and inode is recorded, and a process name of each process is recorded in a corresponding/proc/pid/cmd file, so that after network connection information (quadruple information) corresponding to the network connection is determined, sockets can be respectively obtained from corresponding files and a process name for initiating the network connection can be determined according to the sockets.
The name of the application program of the initiating process can be obtained by analyzing the process name, so that the target application program with information transmission safety problem can be determined, and the information transmission safety can be improved after the corresponding application program is debugged.
In summary, referring to fig. 3, fig. 3 is another schematic flow chart of the information security enhancing method in the embodiment of the present application, which specifically includes:
111. installing a network data detection service agent (used for installing network data detection service, including establishing detection of a data transmission interface of the terminal equipment to be detected);
112. connecting a test area network (for connecting the terminal equipment to be tested to the test area network);
113. version, policy update (for automatic update detection of the network data detection service itself);
114. capturing a data packet (for determining a process name corresponding to a network connection for transmitting the data packet);
115. determining a process name (used for determining the process name of the transmitted data packet);
116. data packet preprocessing (used for carrying out fragment recombination on the data packet to obtain a complete data packet so as to carry out security detection on the complete data packet subsequently);
117. a security baseline audit (used to determine whether the combination of encryption algorithms used to send the data packet meets the security baseline standard);
118. information cross-border transmission legal detection (used for carrying out safety detection on data packet cross-border transmission and determining whether the area where the opposite terminal equipment is located is the area which can be legally accessed by the terminal equipment to be detected);
119. the personal information analysis (is used for analyzing the data packet before the information cross-border transmission legal detection module, determining whether the data packet is user-mode data access (namely whether the data packet is personal access), and executing the information cross-border transmission legal detection module when the personal information exists);
120. replay attack detection (used for carrying out replay attack detection on a data transmission link, wherein in the embodiment of the application, the replay attack detection is mainly used for detecting a user-state data request, and therefore the module is executed after the personal information analysis module);
121. malicious flow analysis (used for carrying out security detection on the encrypted flow in the data packet and determining whether the encrypted flow belongs to malicious flow, namely whether a malicious flow data packet exists);
122. generating a detection report (used for generating the detection report according to the safety detection result of the terminal equipment, so as to conveniently carry out safety debugging on the terminal equipment according to the detection report);
123. and (4) security situation sensing (which is used for sensing the security situation of information transmission of the terminal equipment to obtain a security compliance trend, and is convenient for debugging the terminal equipment according to the security compliance trend).
According to the method and the device, the data packet sent by the terminal equipment is subjected to safety detection through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the effect of improving the safety of information is achieved.
In order to better implement the information security improving method of the application, the application also provides an information security improving device based on the information security improving method. The meaning of the noun is the same as that in the above information security improving method, and specific implementation details may refer to the description in the method embodiment.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an information security enhancing apparatus provided in the present application, where the information security enhancing apparatus may include an obtaining module 201, a determining module 202, a detecting module 203, and an enhancing module 204, which may specifically be as follows:
the obtaining module 201 is configured to obtain a data packet sent by a terminal device to be tested.
A determining module 202, configured to determine a region to which the terminal device to be tested belongs, and determine, according to the region, a security criterion that the terminal device to be tested needs to meet.
And the detection module 203 is configured to perform security detection on the data packet according to the security criterion to obtain a security detection result.
Optionally, in some embodiments of the present invention, the safety criterion includes a safety baseline, and the detecting module 203 further includes:
the analysis unit is used for analyzing the data packet and determining the message type of the message corresponding to the data packet;
a first determining unit, configured to determine, according to the packet, an actual cipher suite name for transmitting the data packet when the packet type is a service greeting;
and the first detection unit is used for matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria includes a personal cross-border access rule, and the detection module 203 further includes:
a first extraction unit, configured to extract personal information of a user from the data packet when the transmission of the data packet includes cross-border transmission;
a second determining unit, configured to determine, when the personal information exists, an actual area to which the user belongs according to the personal information;
the device comprises a first obtaining unit, a second obtaining unit and a third obtaining unit, wherein the first obtaining unit is used for obtaining a mapping relation set, the mapping relation set comprises legal access relations of a preset current area and a preset target area, and the current area and the target area are different areas;
and the second detection unit is used for determining at least one target area which can be legally accessed by the actual area according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
Optionally, in some embodiments of the present invention, the security criteria includes a replay attack vulnerability index criterion, and the detection module 203 includes:
a second obtaining unit, configured to obtain data transmission link information between the terminal device to be detected and a target terminal device after the data packet is sent to the target terminal device by the terminal device to be detected;
the sending unit is used for sending the data packet to the target terminal equipment again by the terminal equipment to be tested according to the data transmission link information;
a receiving unit, configured to receive response information of the target terminal device for the data packet;
a third determining unit, configured to determine, according to the response information, an actual replay attack vulnerability index corresponding to a data transmission link corresponding to the data transmission link information;
and the third detection unit is used for matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria include a traffic security type standard, and the detection module 203 includes:
the second extraction unit is used for extracting the characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
the prediction unit is used for predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and the fourth determining unit is used for determining the target traffic type corresponding to the encrypted traffic according to the probability.
And the fourth detection unit is used for matching the target traffic type with the traffic safety type standard so as to determine whether the target traffic type meets the requirement of the traffic safety type standard.
And the lifting module 204 is configured to perform security debugging on the terminal device to be tested according to the security detection result, so as to improve the security of information transmission of the terminal device to be tested.
Optionally, in some embodiments of the present invention, the lifting module 204 comprises:
a third extraction unit, configured to extract, from the security detection result, a detection item name of at least one detection item corresponding to the security detection;
a fifth determining unit, configured to determine, according to the name of the detection item, a scoring weight corresponding to each detection item;
a sixth determining unit, configured to determine, according to the scoring weight and the security detection result, a security score to be deducted for each detection item to be deducted;
the generating unit is used for generating a safety detection report of the safety detection according to the detection item name and the safety score to be deducted;
the lifting module 204 includes:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
Optionally, in some embodiments of the present invention, the lifting module 204 includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal equipment transmitting information at different time;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend so that the safety of the transmission information of the terminal equipment after safety debugging can be improved.
According to the embodiment of the application, firstly, the data packet sent by the terminal device to be tested is obtained by the obtaining module 201, secondly, the determining module 202 determines the area to which the terminal device to be tested belongs and the safety criterion which the terminal device to be tested needs to meet in the area, then, the detection module 203 carries out safety detection on the data packet transmitted by the terminal device according to the safety criterion determined by the determining module 202, a detection result of whether the transmission of the data packet is safe is obtained, and then, the safety detection result of the promoting module 204 carries out safety debugging on the terminal device, so that the debugged terminal device can promote the safety of transmission information.
According to the method and the device, safety detection is performed on the data packet sent by the terminal equipment through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the effect of improving the safety of information is achieved.
In addition, the present application also provides an electronic device, as shown in fig. 5, which shows a schematic structural diagram of the electronic device related to the present application, specifically:
the electronic device may include components such as a processor 401 of one or more processing cores, memory 402 of one or more computer-readable storage media, a power supply 403, and an input unit 404. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 5 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the processor 401 is a control center of the electronic device, connects various parts of the whole electronic device by various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 402 and calling data stored in the memory 402, thereby performing overall monitoring of the electronic device. Optionally, processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 401.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by operating the software programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 access to the memory 402.
The electronic device further comprises a power supply 403 for supplying power to the various components, and preferably, the power supply 403 is logically connected to the processor 401 through a power management system, so that functions of managing charging, discharging, and power consumption are realized through the power management system. The power supply 403 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
The electronic device may further include an input unit 404, and the input unit 404 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the electronic device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 401 in the electronic device loads the executable file corresponding to the process of one or more application programs into the memory 402 according to the following instructions, and the processor 401 runs the application program stored in the memory 402, thereby implementing various functions as follows:
acquiring a data packet sent by a terminal device to be tested; determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to the security criterion to obtain a security detection result; and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
According to the method and the device, the data packet sent by the terminal equipment is subjected to safety detection through the safety criteria, laws and regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission of the terminal equipment when the terminal equipment sends data is detected, the safety detection result is obtained, and the terminal equipment to be detected is subjected to safety debugging according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the effect of improving the safety of information is achieved.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the present application provides a storage medium, in which a plurality of instructions are stored, and the instructions can be loaded by a processor to execute the steps in any one of the information security enhancing methods provided in the present application. For example, the instructions may perform the steps of:
acquiring a data packet sent by a terminal device to be tested; determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to the security criterion to obtain a security detection result; and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium can execute any step in the information security promotion provided by the present application, the beneficial effects that can be achieved by any information security promotion method provided by the present application can be achieved, which are detailed in the foregoing embodiments and will not be described herein again.
The information security enhancing method, the information security enhancing device, the electronic device and the storage medium provided by the present application are introduced in detail, and a specific example is applied in the present application to illustrate the principle and the implementation manner of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. An information security enhancing method, comprising:
acquiring a data packet sent by a terminal device to be tested;
determining the area to which the terminal equipment to be tested belongs, and determining the safety criterion required to be met by the terminal equipment to be tested according to the area;
carrying out security detection on the data packet according to the security criterion to obtain a security detection result;
and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected.
2. The method of claim 1, wherein the security criteria comprises a security baseline, and wherein the security detecting the data packet according to the security criteria comprises:
analyzing the data packet, and determining the message type of the message corresponding to the data packet;
when the message type is a service greeting, determining the actual password suite name for transmitting the data packet according to the message;
and matching the actual password suite name with the security baseline, and determining whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
3. The method of claim 1, wherein the security criteria include personal cross-border access rules, and wherein the security detecting the data packet according to the security criteria comprises:
extracting personal information of a user from the data packet when the transmission of the data packet comprises cross-border transmission;
when the personal information exists, determining an actual area to which the user belongs according to the personal information;
acquiring a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current area and a preset target area, and the current area and the target area are different areas;
and determining at least one target area which can be legally accessed by the actual area according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
4. The method of claim 1, wherein the security criteria include a replay attack vulnerability index criterion, and wherein the security detecting the data packet according to the security criteria comprises:
after the data packet is sent to a target terminal device by the terminal device to be tested, acquiring data transmission link information between the terminal device to be tested and the target terminal device;
sending the data packet to the target terminal equipment by the terminal equipment to be tested again according to the data transmission link information;
receiving response information of the target terminal equipment for the data packet;
determining an actual replay attack susceptibility index corresponding to the data transmission link information according to the response information;
and matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
5. The method of claim 1, wherein the security criteria include traffic security type criteria, and wherein the security detecting the data packet according to the security criteria comprises:
extracting features of encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic feature information corresponding to the encrypted traffic;
predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
determining a target traffic type corresponding to the encrypted traffic according to the probability;
and matching the target traffic type with the traffic safety type standard to determine whether the target traffic type meets the requirements of the traffic safety type standard.
6. The method according to claim 1, wherein before performing security debugging on the terminal device to be tested according to the security detection result, the method further comprises:
extracting the detection item name of at least one detection item corresponding to the safety detection from the safety detection result;
determining the scoring weight corresponding to each detection item according to the detection item name;
determining a to-be-deducted security score to be deducted of each detection item according to the scoring weight and the security detection result;
generating a safety detection report of the safety detection according to the detection item name and the safety score to be deducted;
according to the safety detection result, the safety debugging is carried out on the terminal equipment to be detected, and the method comprises the following steps:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
7. The method according to claim 1, wherein the performing security debugging on the terminal device to be tested according to the security detection result comprises:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal equipment transmitting information at different time;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend so that the safety of the transmission information of the terminal equipment after safety debugging can be improved.
8. An information security enhancing apparatus, comprising:
the acquisition module is used for acquiring a data packet sent by the terminal equipment to be tested;
the determining module is used for determining the area to which the terminal equipment to be tested belongs and determining the safety criterion required to be met by the terminal equipment to be tested according to the area;
the detection module is used for carrying out safety detection on the data packet according to the safety criterion to obtain a safety detection result;
and the lifting module is used for carrying out safety debugging on the terminal equipment to be detected according to the safety detection result so as to improve the safety of information transmission of the terminal equipment to be detected.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the steps of the information security enhancing method according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, carries out the steps of the information security enhancing method according to any one of claims 1 to 7.
CN202111038498.7A 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium Active CN113839929B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111038498.7A CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111038498.7A CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113839929A true CN113839929A (en) 2021-12-24
CN113839929B CN113839929B (en) 2024-01-19

Family

ID=78962332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111038498.7A Active CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113839929B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917514A (en) * 2006-01-18 2007-02-21 中国科学院计算技术研究所 Method for building globle network safety system in tracing to the source in each sub domain
CN105915516A (en) * 2016-04-15 2016-08-31 杭州华三通信技术有限公司 Security-detection-based data flow obtaining method and apparatus
CN110535865A (en) * 2019-08-30 2019-12-03 北京小米移动软件有限公司 Information processing method, device, test terminal, test platform and storage medium
CN110620768A (en) * 2019-09-16 2019-12-27 北京方研矩行科技有限公司 Baseline safety detection method and device for intelligent terminal of Internet of things
CN110633112A (en) * 2019-08-30 2019-12-31 北京小米移动软件有限公司 Information processing method and device, equipment and storage medium
CN112101954A (en) * 2020-09-29 2020-12-18 支付宝(杭州)信息技术有限公司 Cross-border service processing method and device based on private data and equipment information
CN112861169A (en) * 2021-01-14 2021-05-28 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment based on privacy protection

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917514A (en) * 2006-01-18 2007-02-21 中国科学院计算技术研究所 Method for building globle network safety system in tracing to the source in each sub domain
CN105915516A (en) * 2016-04-15 2016-08-31 杭州华三通信技术有限公司 Security-detection-based data flow obtaining method and apparatus
CN110535865A (en) * 2019-08-30 2019-12-03 北京小米移动软件有限公司 Information processing method, device, test terminal, test platform and storage medium
CN110633112A (en) * 2019-08-30 2019-12-31 北京小米移动软件有限公司 Information processing method and device, equipment and storage medium
US20210064738A1 (en) * 2019-08-30 2021-03-04 Beijing Xiaomi Mobile Software Co., Ltd. Method and device for processing information, equipment, and storage medium
CN110620768A (en) * 2019-09-16 2019-12-27 北京方研矩行科技有限公司 Baseline safety detection method and device for intelligent terminal of Internet of things
CN112101954A (en) * 2020-09-29 2020-12-18 支付宝(杭州)信息技术有限公司 Cross-border service processing method and device based on private data and equipment information
CN112861169A (en) * 2021-01-14 2021-05-28 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment based on privacy protection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YURI M. MONAKHOV等: "Prediction of the Information Security State of the Protected Object Using Recurrent Correction", 2020 URAL SYMPOSIUM ON BIOMEDICAL ENGINEERING, RADIOELECTRONICS AND INFORMATION TECHNOLOGY (USBEREIT) *
刘阳: "电子商务平台信息安全机制的研究", 中国优秀硕士论文电子期刊网 *

Also Published As

Publication number Publication date
CN113839929B (en) 2024-01-19

Similar Documents

Publication Publication Date Title
WO2021063068A1 (en) Operation and maintenance control and operation and maintenance analysis method and apparatus, system, and storage medium
CN110855676B (en) Network attack processing method and device and storage medium
CN113542253B (en) Network flow detection method, device, equipment and medium
CN114268508B (en) Internet of things equipment security access method, device, equipment and medium
CN111181912B (en) Browser identifier processing method and device, electronic equipment and storage medium
CN112751815B (en) Message processing method, device, equipment and computer readable storage medium
CN109474603B (en) Data packet grabbing processing method and terminal equipment
CN112671724B (en) Terminal security detection analysis method, device, equipment and readable storage medium
CN115147956B (en) Data processing method, device, electronic equipment and storage medium
CN113225339B (en) Network security monitoring method and device, computer equipment and storage medium
CN112165445A (en) Method, device, storage medium and computer equipment for detecting network attack
CN114785567B (en) Flow identification method, device, equipment and medium
CN112862487A (en) Digital certificate authentication method, equipment and storage medium
CN111177715A (en) Mobile App vulnerability detection method and device
CN108737328B (en) Browser user agent identification method, system and device
CN114760083B (en) Method, device and storage medium for issuing attack detection file
CN104519069A (en) Method and device for intercepting resource requests
CN114205816A (en) Information security architecture of power mobile Internet of things and use method thereof
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
CN114915566A (en) Application identification method, device, equipment and computer readable storage medium
CN113839929B (en) Information security improvement method and device, electronic equipment and storage medium
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
CN114602186A (en) Cheating behavior identification method and device, storage medium and electronic equipment
CN115473692A (en) Service request processing method, device, equipment and medium
CN114301802A (en) Confidential evaluation detection method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant