CN113839929B - Information security improvement method and device, electronic equipment and storage medium - Google Patents

Information security improvement method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113839929B
CN113839929B CN202111038498.7A CN202111038498A CN113839929B CN 113839929 B CN113839929 B CN 113839929B CN 202111038498 A CN202111038498 A CN 202111038498A CN 113839929 B CN113839929 B CN 113839929B
Authority
CN
China
Prior art keywords
security
safety
terminal equipment
detection
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111038498.7A
Other languages
Chinese (zh)
Other versions
CN113839929A (en
Inventor
罗科峰
袁浩扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen TCL New Technology Co Ltd
Original Assignee
Shenzhen TCL New Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen TCL New Technology Co Ltd filed Critical Shenzhen TCL New Technology Co Ltd
Priority to CN202111038498.7A priority Critical patent/CN113839929B/en
Publication of CN113839929A publication Critical patent/CN113839929A/en
Application granted granted Critical
Publication of CN113839929B publication Critical patent/CN113839929B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses an information security improving method, an information security improving device, electronic equipment and a storage medium, wherein the information security improving method comprises the following steps: acquiring a data packet sent by terminal equipment to be tested; determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to a security criterion to obtain a security detection result; according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of information transmission of the terminal equipment to be detected; and carrying out safety detection on the data packet sent by the terminal equipment through the safety criterion, legal regulations and the like corresponding to the area to which the terminal equipment belongs, detecting the safety of information transmission when the terminal equipment sends data, obtaining a safety detection result, and carrying out safety debugging on the terminal equipment to be detected according to the safety detection result so as to achieve the effect of improving the information transmission safety of the terminal equipment.

Description

Information security improvement method and device, electronic equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to an information security improving method, an information security improving device, electronic equipment and a storage medium.
Background
With the development of computer technology, the types and the number of terminal devices are increasing, and with the diversification of hardware, the types of hardware that can be carried by the terminal devices are increasing, and the data processing capability and modes corresponding to each hardware are different, for example, at present, the intelligent terminal device can be carried by the hardware such as a microphone, a camera, and the like, and can also have the control capability such as voice recognition, action recognition, artificial intelligence, and the like.
Meanwhile, with the increase of the types and the number of the terminal devices and the increase of the user data, the data security problem becomes a focus of attention of the user, wherein the data transmission is used as an important node of the data protection life cycle, so that whether the information transmission of the terminal device is safe or not is determined, the safety and the compliance of the terminal device are particularly important, and the safety of the information transmission still needs to be improved at present.
Disclosure of Invention
The embodiment of the application provides an information security improving method, an information security improving device, electronic equipment and a storage medium, which are used for improving the security of information transmission and further improving the security of information.
The embodiment of the application provides an information security improvement method, which comprises the following steps:
acquiring a data packet sent by terminal equipment to be tested;
Determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area;
performing security detection on the data packet according to the security criterion to obtain a security detection result;
and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of the information transmitted by the terminal equipment to be detected.
Correspondingly, the embodiment of the application also provides an information security lifting device, which comprises:
the acquisition module is used for acquiring a data packet sent by the terminal equipment to be tested;
the determining module is used for determining the area of the terminal equipment to be tested and determining the safety criterion which is required to be met by the terminal equipment to be tested according to the area;
the detection module is used for carrying out safety detection on the data packet according to the safety criterion to obtain a safety detection result;
and the lifting module is used for carrying out safety debugging on the terminal equipment to be tested according to the safety detection result so as to improve the safety of the information transmitted by the terminal equipment to be tested.
Optionally, in some embodiments of the present invention, the security criteria includes a security baseline, and the detection module includes:
The analyzing unit is used for analyzing the data packet and determining the message type of the message corresponding to the data packet;
the first determining unit is used for determining the actual cipher suite name for transmitting the data packet according to the message when the message type is a service greeting;
the first detection unit is used for matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria includes personal cross-border access rules, the detection module further includes:
a first extraction unit, configured to extract personal information of a user from the data packet when transmission of the data packet includes cross-border transmission;
a second determining unit configured to determine, when the personal information exists, an actual area to which the user belongs, based on the personal information;
the first acquisition unit is used for acquiring a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current area and a preset target area, and the current area and the target area are different areas;
And the second detection unit is used for determining at least one target area which can be accessed by the actual area legally according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
Optionally, in some embodiments of the present invention, the security criteria includes replay attack vulnerability index criteria, and the detection module includes:
the second acquisition unit is used for acquiring data transmission link information between the terminal equipment to be detected and the target terminal equipment after the data packet is sent to the target terminal equipment by the terminal equipment to be detected;
the sending unit is used for sending the data packet to the target terminal equipment again by the terminal equipment to be tested according to the data transmission link information;
a receiving unit, configured to receive response information of the target terminal device for the data packet;
a third determining unit, configured to determine, according to the response information, an actual replay attack susceptibility index corresponding to a data transmission link corresponding to the data transmission link information;
and a third detection unit, configured to match the actual replay attack vulnerability index with the replay attack vulnerability index standard, so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria includes traffic security type criteria, and the detection module includes:
the second extraction unit is used for extracting the characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
the prediction unit is used for predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and the fourth determining unit is used for determining the target flow type corresponding to the encrypted flow according to the probability.
And the fourth detection unit is used for matching the target flow type with the flow safety type standard so as to determine whether the target flow type meets the requirements of the flow safety type standard.
Optionally, in some embodiments of the present invention, before the lifting module, the method further includes:
a third extracting unit, configured to extract, from the security detection result, a detection item name of at least one detection item corresponding to the security detection;
a fifth determining unit, configured to determine, according to the detection item names, a scoring weight corresponding to each detection item;
A sixth determining unit, configured to determine a security score to be deducted for each detection item to be deducted according to the scoring weight and the security detection result;
the generating unit is used for generating a safety detection report of the safety detection according to the name of the detection item and the safety score to be deducted;
the lifting module includes:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
Optionally, in some embodiments of the invention, the lifting module includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal devices for transmitting information at different times;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend, so that the safety-debugged terminal equipment can improve the safety of the transmission information.
According to the method and the device, the data packet sent by the terminal device is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal device belongs, the safety of information transmission when the terminal device sends the data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal device to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal device is achieved.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of a scenario of an information security enhancement method provided in an embodiment of the present application;
fig. 2 is a flow chart of an information security improvement method provided in an embodiment of the present application;
fig. 3 is another flow chart of the information security improvement method provided in the embodiment of the present application;
fig. 4 is a schematic structural diagram of an information security promoting device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
The embodiment of the application provides an information security improvement method, an information security improvement device, electronic equipment and a storage medium. Specifically, the embodiment of the application provides an information security promoting device suitable for electronic equipment, wherein the electronic equipment can be a terminal or a server and other equipment. The terminal may be a television, a computer, a notebook, a mobile phone, or the like. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (CDN, content Delivery Network), basic cloud computing services such as big data and an artificial intelligent platform, and the servers may be directly or indirectly connected through a wired or wireless communication manner.
For example, referring to fig. 1, in the embodiment of the present application, an information security promotion method is executed by a terminal and a server together, where other devices may be added to assist in completing the information security promotion method on the basis of the terminal and the server, and the types of the other devices are not limited herein; the terminal and the server are connected through a network, for example, through wired or wireless network connection, and the specific implementation process is as follows:
The terminal device 10 sends data to the terminal device 11, wherein in the data sending process, the server 12 obtains a data packet corresponding to the sent data through a bypass monitoring mechanism, then the server 12 obtains an area where the terminal device 10 is located, determines a security criterion that the data packet sent by the terminal device 10 should meet according to the area where the data packet is located, performs security detection on the data packet according to the security criterion to obtain a security detection result of the data packet sent by the terminal device 10, and finally performs security debugging on the terminal device 10 according to the security detection result to improve the security of information transmission of the terminal device 10.
The security criteria include security baseline criteria, personal information protection laws, etc., where the areas where the terminal devices are located are different, and the security criteria that should be satisfied are different, that is, the terminal devices need to satisfy the relevant requirements or criteria (security compliance requirements) of the corresponding areas. Therefore, before the production and delivery of the terminal equipment, it is required to determine whether the information transmission of the terminal equipment meets the safety criterion of the corresponding target area, and if not, it is required to perform safety debugging on the terminal equipment to ensure the safety of the data.
In this embodiment of the present application, the bypass monitoring mechanism includes a network data detection service (agent), where the network data detection service captures all data packets sent by the terminal device, so that capturing of the data packets sent by the terminal device may be implemented.
According to the method and the device, the data packet sent by the terminal device is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal device belongs, the safety of information transmission when the terminal device sends data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal device to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal device is achieved, and finally the purpose of improving the information safety is achieved.
The embodiment of the application provides an information security improvement method, which specifically comprises the following steps:
acquiring a data packet sent by terminal equipment to be tested;
in this embodiment of the present application, the sent data packet may be acquired through a network data detection service, and whether the security of the data transmission of the terminal device meets the requirement is determined through analysis and detection of the data packet.
Determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area;
the security criteria of the terminal device for transmitting data in different areas are different, so that the information transmission security of the terminal device needs to be detected according to the security criteria corresponding to the different areas. For example, the terminal device needs to be delivered abroad, and then needs to meet the corresponding requirements of the security guidelines abroad.
Performing security detection on the data packet according to the security criterion to obtain a security detection result;
in the embodiment of the application, the security detection includes a plurality of detection items, and whether the terminal device meets the requirement of information transmission security can be comprehensively determined through the security detection of the plurality of detection items, wherein the security detection result includes detection result data of the plurality of detection items.
And according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of the information transmitted by the terminal equipment to be detected.
According to the method and the device, the data packet sent by the terminal device is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal device belongs, the safety of information transmission when the terminal device sends data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal device to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal device is achieved, and the effect of improving the safety of the information is achieved.
The following will describe in detail. It should be noted that the following description order of embodiments is not a limitation of the priority order of embodiments.
Referring to fig. 2, fig. 2 is a flow chart of an information security improvement method according to an embodiment of the present disclosure. The specific flow of the information security improvement method can be as follows:
101. and acquiring a data packet sent by the terminal equipment to be tested.
The data packet sent by the terminal equipment comprises transmission information of the terminal equipment transmission data, the standard complied with in the terminal equipment information transmission process can be obtained through analyzing the data packet, and whether the terminal equipment information transmission is safe or not can be determined through verifying the standard.
In this embodiment of the present application, a network data detection service (agent) may be used to acquire a data packet sent by a terminal device, for example, a capture handle (such as a pcap code) for a data interface (eth 0 or wlan, etc.) of the terminal device is created, and meanwhile, a bypass monitoring mechanism is started to monitor the data interface in a circulating and continuous manner, once a data packet passes through the data interface, a callback function bound in the capture handle is triggered, and relevant information of the data packet is returned according to the callback function, where the relevant information includes a protocol header, a byte stream of the data packet, and so on.
In this embodiment of the present application, when the network data detection service agent is used, whether version update is needed or whether a detection object and a policy change are needed or not may also be automatically detected, for example, version update and policy update are performed: when the updating or changing is needed, the updating and upgrading process is executed, and the corresponding detection service is carried out after the updating.
102. And determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area.
In this embodiment of the present application, the area that the terminal device expects to use is the area that the terminal device belongs to, and by determining the area that the terminal device belongs to, the security criterion that the terminal device needs to satisfy can be determined. In this embodiment of the present application, the security criteria include a security baseline standard related to an area, a personal information protection law (personal cross-border access rule), a replay attack susceptibility index standard corresponding to a data transmission link, a traffic security type standard, and the like.
The method and the device realize the determination of the standard of the information transmission security required to be met by the terminal equipment through the determination of the area to which the terminal equipment belongs and the security criterion required to be met, and are convenient for detecting the security of the information transmission of the terminal equipment.
103. And carrying out safety detection on the data packet according to the safety criterion to obtain a safety detection result.
The security detection result of the data transmitted by the terminal equipment can be obtained by performing security detection on the data packet according to the security criterion corresponding to the area to which the terminal equipment belongs.
In this application, the data packets need to undergo three handshakes, data transmission, four waving steps and the like when transmitting a complete transmission control protocol (tcp, transmission Control Protocol), so that a plurality of data packets (tcp data packets) are generated in a session based on the transmission control protocol, and the data packets are scattered on different time stamps in the transmission process, so that the data packets belonging to the same session need to be reassembled to obtain the complete data packets.
Therefore, in the embodiment of the present application, before performing security detection on the data packet, the method further includes preprocessing the data packet (packet reassembly), where in the embodiment of the present application, the packet reassembly flow is as follows:
determining the network protocol address (local ip) and the port number (local port) of the terminal equipment to be tested, and data packets with the same transmission control protocol, the network protocol address (remote ip) and the same port number (remote port) of the opposite terminal equipment;
and reorganizing each continuous data packet according to the start mark and the end mark of the complete session.
In this embodiment of the present application, the data packet may have abnormal situations such as packet loss and disordered packets, so a time threshold (for example, two minutes) may be set, and after the time threshold is reached, the default session ends, and the reorganization of the data packet ends.
In this embodiment, the method may detect a combination of encryption algorithms when the terminal device transmits data, and detect whether the combination of encryption algorithms meets a corresponding security criterion, that is, optionally, in some embodiments, the security criterion includes a security baseline, and the step of "performing security detection on the data packet according to the security criterion" includes:
analyzing the data packet and determining the message type of the message corresponding to the data packet;
when the message type is a service greeting, determining an actual cipher suite name for transmitting the data packet according to the message;
and matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
In the embodiment of the application, the security baseline comprises a security available encryption algorithm combination list, wherein the encryption algorithm combination list is formulated with available encryption algorithm combinations meeting security requirements.
In this embodiment, the cipher suite is a concept of hypertext transfer security protocol (HTTPS, hyper Text Transfer Protocol over SecureSocket Layer), which guarantees security through authentication and encryption transfer, and defines an algorithm combination used for authentication and encryption in this transfer process, which is negotiated by both communication parties in a handshake phase. The industry defines the security of hypertext transfer security protocol suites, which are not secure using unsecure suites (combination of encryption algorithms).
In this embodiment of the present application, by acquiring an actual cipher suite (an actual encryption algorithm combination) when the terminal device transmits data, and comparing and matching the actual cipher suite with the security baseline, it is determined whether the actual cipher suite belongs to one encryption algorithm combination in the security baseline, so as to determine whether the terminal device accords with the security criterion of the corresponding area when transmitting information. In this embodiment of the present application, when the actual password suite is not matched with the security baseline, the actual password suite is considered to belong to a weak password suite, where the security corresponding to the weak password suite is poor. In this embodiment, when the cipher suite name does not exist, that is, the message type does not belong to a service Hello (Server Hello), the information transmission is considered to be not encrypted, that is, the plaintext transmission.
In this embodiment of the present application, the service Hello (Server Hello) is one of the message types, where the message types further include Client Hello (Client Hello) and the like, where in this embodiment of the present application, the type of the message may be determined by analyzing a field of the parsed message, where, because only when the message type is Server Hello, a cipher suite exists in the message, it is necessary to determine the message type first, and then determine the cipher suite according to the message type.
In this embodiment of the present application, the acquiring procedure of the cipher suite when the terminal device transmits the data packet includes:
analyzing the data packet to obtain the message type of the message corresponding to the data packet;
when the message type is Server Hello, a parameter value corresponding to a cipher suite field (such as a cipher suite field) in the message is obtained, a corresponding cipher suite storage table is searched, and a cipher suite name (for example, cipher suite name: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA 256) corresponding to the parameter value is determined.
In this embodiment, the cipher suite field may skip the fixed-length portion (e.g., the first 43 bytes of the message) and the variable-length portion (session field) of the message, and then find the cipher suite (cipher suite) field.
In this embodiment, the destination area of the data packet transmission may be detected to determine whether the destination area meets the requirements of cross-border transmission of the terminal device, that is, optionally, in some embodiments, the security criteria includes a personal cross-border access rule, and the step of "performing security detection on the data packet according to the security criteria" includes:
when the transmission of the data packet comprises cross-border transmission, extracting personal information of a user from the data packet;
When the personal information exists, determining an actual area to which the user belongs according to the personal information;
obtaining a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current region and a preset target region, and the current region and the target region are different regions;
and determining at least one target area which can be accessed by the actual area legally according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
The target area (the area list of the opposite terminal device) where the terminal device can legally transmit information is obtained, so that whether the area of the opposite terminal device meets the requirements during the cross-border transmission of the terminal device to be tested can be determined, whether the terminal device transmits information is safe or not can be determined, for example, whether the terminal device has the capability of transmitting information to an illegal area or not is detected, and when the terminal device has the capability of transmitting information to the illegal area, poor information transmission safety of the terminal device is indicated. In the embodiment of the application, when the data packet cross-border transmission is illegal, the terminal equipment is considered to have the illegal cross-border when transmitting the information. Wherein the area to which the terminal device belongs is determined according to the attribution of the network protocol address (ip).
In this embodiment of the present application, the mapping relation set may be stored in a data table or in a directed graph, for example, the validity of transmitting data from each region to other regions is shown in the directed graph, where whether the validity is valid or not may be identified according to a corresponding digital interval (weight), for example, when the weight between two regions is "1", it represents that the personal data cross-border circulation between the two regions is valid; when the weight between two areas is from 1 to 1000 or no weight is available, the personal data cross-border circulation between the two areas is illegal; when the weight between two regions is equal to 1000, then a specific mechanism may be adopted for legal transmission (such as SCC, LIA, etc.) on behalf of the personal data cross-border circulation between the two regions.
Wherein in the embodiment of the present application, whether the terminal device information transmission link is vulnerable to replay attack may be detected to determine whether the terminal device information transmission link is vulnerable to replay attack, that is, optionally, in some embodiments, the security criteria includes replay attack susceptibility index criteria, and the step of "performing security detection on the data packet according to the security criteria" includes:
After the data packet is sent to target terminal equipment by the terminal equipment to be tested, acquiring data transmission link information between the terminal equipment to be tested and the target terminal equipment;
according to the data transmission link information, the terminal equipment to be tested sends the data packet to the target terminal equipment again;
receiving response information of the target terminal equipment aiming at the data packet;
determining an actual replay attack susceptibility index corresponding to the data transmission link information according to the response information;
and matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attacks according to the matching result.
In this embodiment of the present application, the data transmission link information includes the protocol address and port information of the terminal to be tested, and the protocol address and port information of the target terminal device. In this embodiment of the present application, the data transmission link information may be obtained according to analysis of the data packet.
The replay attack of the data transmission link is simulated by retransmitting the data packet by utilizing the data transmission link of the transmitted data packet, so that whether the data transmission link is easy to be replay attack is detected, the detection of whether the data transmission link is safe is realized, and the safety detection of the information transmitted by the terminal equipment is also realized. In the embodiment of the application, when the data transmission link is vulnerable to replay attack, the data transmission link is considered to have no authentication or weak authentication.
In this embodiment of the present application, whether the data transmission link is vulnerable to replay attack is determined according to the validity of the response information of the target terminal device (the opposite terminal device), for example, when the response information is valid, the data transmission link is considered to be vulnerable to replay attack, and otherwise, is not vulnerable to replay attack.
In this embodiment of the present application, whether the replay attack is vulnerable is indicated according to a corresponding index, and when the index meets the replay attack vulnerability index standard, the vulnerable replay attack extent of the data transmission link is considered to be able to meet the requirement of the security criterion of the corresponding area, otherwise, the requirement of the security criterion of the corresponding area is not met.
In this embodiment of the present application, the replay attack simulation is mainly directed to a network request in a user mode, such as smart home control, online shopping and ordering, and other scenarios involving personal information, so in this embodiment of the present application, network data attack simulation is mainly adopted based on a data body that has been identified that there is personal data transmission.
In this embodiment of the present application, whether the terminal device has malicious traffic sent may be detected to detect whether the information sent by the terminal device includes malicious traffic data, that is, optionally, in some embodiments, the security criteria includes traffic security type criteria, and the step of "performing security detection on the data packet according to the security criteria" includes:
Extracting characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and determining a target flow type corresponding to the encrypted flow according to the probability.
And matching the target flow type with the flow safety type standard to determine whether the target flow type meets the requirements of the flow safety type standard.
The method comprises the steps of obtaining the flow type of flow information in a data packet by predicting flow characteristic information through a preset flow classification model, determining whether the data packet meets the requirements of flow safety type standards in the transmission process according to the comparison of the flow type and the flow safety type standards, and determining whether the terminal equipment has the safety problem of transmitting malicious flow in the transmission process of the information.
In this embodiment of the present application, the preset flow classification model is obtained by training the model according to training data, and the specific flow is as follows:
the method comprises the steps of obtaining a training sample, and dividing the training sample into a training set and a verification set, wherein the training set and the verification set both comprise sample data marked with malicious traffic;
Extracting characteristics of sample data in a training set, including analyzing signature, transmission control protocol flow and handshake characteristics of the sample, and extracting characteristic vectors of the sample data; obtaining a feature vector set;
training the classification model according to the feature vector set, and converging the training result according to the actual type of each sample data in the training set;
and optimizing the training result after training convergence according to the sample set to obtain a preset flow classification model.
In this embodiment of the present application, when classifying the encrypted traffic according to the preset traffic classification model, feature data of the encrypted traffic, for example, handshake information, signature, protocol, etc., is extracted from the encrypted traffic, so that the preset traffic classification model can determine whether the encrypted traffic is malicious (i.e., there is a malicious packet) according to the feature data classification of the encrypted traffic.
And predicting whether a malicious data packet exists in the encrypted flow or not by extracting the characteristics of the encrypted flow in the data packet, so as to determine whether the security problem exists in the data transmitted by the terminal equipment, and improve the accuracy of the security detection of the data transmitted by the terminal equipment.
104. And according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of the information transmitted by the terminal equipment to be detected.
The terminal equipment is subjected to safety debugging through a safety detection result of the data transmitted by the terminal equipment, so that the safety of information transmission can be improved by the terminal equipment after the safety debugging, and the safety of the information is improved.
In this embodiment of the present application, a change trend of security compliance corresponding to different terminal devices may be determined by combining multiple historical security detection result data, and a debug target of a current terminal device may be determined according to the change trend, that is, optionally, in some embodiments, the step of "performing security debug on the terminal device to be tested according to the security detection result" includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal devices for transmitting information at different times;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend, so that the safety-debugged terminal equipment can improve the safety of the transmission information.
The security compliance conditions corresponding to the same terminal equipment at different times are different, so that the security compliance change trend of the terminal equipment needs to be determined by combining the time, wherein the security compliance trend of different terminal equipment (corresponding parameters of the terminal equipment are different) at different times is determined by carrying out statistical analysis on a plurality of security detection results, the determination of the debugging target (namely the equipment parameters to be debugged in the terminal equipment) of the current terminal equipment according to the security compliance trend is realized, and the debugged terminal equipment has higher security when information is transmitted.
In this embodiment of the present application, a model may also be trained by a security detection result and a historical security detection result to obtain a security situation awareness model, and a security compliance trend in a future period is predicted by using the security situation awareness model, where a training process of the security debugging awareness model includes: and collecting the safety detection results and the historical safety detection results, wherein the safety detection results also comprise terminal equipment information (test machine type, version, application for sending information, such as app and the like) corresponding to each safety detection result, classifying each safety detection result according to time, and training a model according to classified safety detection result data to obtain a safety situation perception model. The training data are classified according to time, so that the obtained security situation awareness model can predict security compliance situations in a future period of time.
In this embodiment of the present application, the security situation awareness model obtained after the training may perceive a network transmission security compliance trend of different models, versions and different applications (apps), from which a contribution value (feature value) that has a greater influence on a security compliance state may be obtained, for example, from the security compliance trend, a model state at a certain moment may be resolved, for example, at a moment a, where the feature value of "violation cross-border" in the model is significantly higher than that of the other, and thus "violation cross-border" is considered to seriously affect the security compliance state, so that when a terminal device is subsequently subjected to security debugging, parameters related to "cross-border" may be emphasized and adjusted.
In this embodiment of the present application, the weight analysis may be further performed on the detection results of the plurality of detection items in the security detection results, the weight corresponding to each detection item is determined, and the security debug is performed on the terminal device according to the weight condition, that is, optionally, in some embodiments, before the step of "performing security debug on the terminal device to be tested according to the security detection results", the method further includes:
extracting a detection item name of at least one detection item corresponding to the security detection from the security detection result;
determining the scoring weight corresponding to each detection item according to the detection item name;
determining a security score to be deducted for each detection item to be deducted according to the scoring weight and the security detection result;
generating a safety detection report of the safety detection according to the name of the detection item and the safety score to be deducted;
and performing security debugging on the terminal equipment to be tested according to the security detection result, wherein the security debugging comprises the following steps:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
In this embodiment of the present application, the detection items include cross-border transmission detection, clear text transmission detection, cipher suite detection, authentication detection, malicious traffic carrying detection, and the like, and the corresponding security detection results include illegal cross-border and legal cross-border, clear text transmission and encryption transmission, weak cipher suite and strong cipher suite, no/weak authentication and strong authentication, and malicious traffic carrying and no malicious traffic carrying, and the like.
In this embodiment of the present application, by analyzing and determining the weight of each detection item, and combining the detection result of each detection item, an actual security score (i.e., a security detection report) of each detection item is obtained comprehensively, and then, according to the security scores of the detection items, the device parameters (i.e., corresponding detection items) of the terminal device that need to be subjected to security debugging are determined, so that the device parameters that are preferentially debugged by the terminal device are the device parameters with higher priority and lower security score. The terminal equipment is debugged according to the security detection report, so that the terminal equipment is debugged more specifically, for example, the specific list is modified or a unified solution is provided.
In the embodiment of the application, the safety compliance trend can be visually displayed, so that a user or a manager can conveniently acquire the safety compliance trend of the terminal equipment.
In this embodiment of the present application, after determining the detection item to be adjusted, the target application that initiates the information transmission may also be determined according to a manner of determining a process, so as to debug a corresponding application, where a specific process of obtaining the process name includes:
Analyzing the data packet to obtain network connection information (a network connection, namely, a data transmission link can be determined according to the network connection information) corresponding to a data transmission link for transmitting the data packet, wherein the network connection information (also called quad information) comprises a network protocol address (source ip address) and a port number (source port number) of the terminal equipment to be tested, and a network protocol address (destination ip address) and a port number (destination port number) of the target terminal equipment;
determining a socket (inode) corresponding to the network connection according to the data transmission link information;
and determining the process name of the process for initiating the network connection according to the socket.
For example, in the embodiment of the present application, network connection information and sockets of network (tcp/udp) connections in various states at the current time are recorded in a network transmission information file (such as a unix system/proc/net/tcp/proc/net/udp file), and when each process performs socket connection, a socket file is created under the corresponding/proc/pid/fd, and an inode is recorded, and a process name of each process is recorded in the corresponding/proc/pid/cmd file, so after network connection corresponding network connection information (quad information) is determined, the process name of initiating the network connection can be determined by respectively acquiring the socket from the corresponding file and determining the process name of the network connection according to the socket.
The application program name of the initiating process can be obtained through analyzing the process name, so that the target application program with the information transmission safety problem can be determined, and the safety of information transmission can be improved after the corresponding application program is debugged.
In summary, referring to fig. 3, fig. 3 is another flow chart of the information security improvement method in the embodiment of the application, which specifically includes:
111. installing a network data detection service agent (for installing a network data detection service, including establishing detection of a data transmission interface of a terminal device to be detected);
112. connecting a test area network (for connecting the terminal device to be tested into the test area network);
113. version, policy updates (for automatically performing update detection of the network data detection service itself);
114. capturing a data packet (for determining a process name corresponding to a network connection for transmitting the data packet);
115. determining a process name (a process name for determining a transmission packet);
116. the data packet preprocessing (used for carrying out fragment recombination on the data packet to obtain a complete data packet so as to facilitate the subsequent safety detection of the complete data packet);
117. a security baseline audit (for determining whether a combination of encryption algorithms for transmitting data packets meets a security baseline standard);
118. Information cross-border transmission legal detection (used for carrying out security detection on data packet cross-border transmission and determining whether the area where the opposite terminal equipment is located is an area which can be accessed legally by the terminal equipment to be detected);
119. the method comprises the steps of analyzing personal information (analyzing a data packet before an information cross-border transmission legal detection module to determine whether the data packet is accessed in a user mode (namely whether the data packet is accessed in a personal mode), and executing the information cross-border transmission legal detection module when the personal information exists;
120. replay attack detection (for replay attack detection of a data transmission link, wherein in the embodiment of the present application, the replay attack detection is mainly used for detecting a user state data request, and therefore, the module is executed after the personal information analysis module);
121. malicious traffic analysis (used for carrying out security detection on encrypted traffic in a data packet, determining whether the encrypted traffic belongs to malicious traffic, namely whether a malicious traffic data packet exists);
122. generating a detection report (used for generating the detection report according to the safety detection result of the terminal equipment, so as to facilitate the safety debugging of the terminal equipment according to the detection report);
123. security situation awareness (used for perceiving the security situation of the terminal equipment transmission information to obtain a security compliance trend, and facilitating debugging of the terminal equipment according to the security compliance trend).
According to the method and the device, the data packet sent by the terminal device is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal device belongs, the safety of information transmission when the terminal device sends data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal device to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal device is achieved, and the effect of improving the safety of the information is achieved.
In order to facilitate better implementation of the information security promotion method, the application also provides an information security promotion device based on the information security promotion method. The meaning of the nouns is the same as that of the information security improvement method, and specific implementation details can be referred to the description of the method embodiment.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an information security lifting device provided in the present application, where the information security lifting device may include an acquisition module 201, a determination module 202, a detection module 203, and a lifting module 204, and may specifically be as follows:
the acquiring module 201 is configured to acquire a data packet sent by a terminal device to be tested.
The determining module 202 is configured to determine an area to which the terminal device to be tested belongs, and determine a security criterion to be met by the terminal device to be tested according to the area.
And the detection module 203 is configured to perform security detection on the data packet according to the security criterion, so as to obtain a security detection result.
Optionally, in some embodiments of the present invention, the security criteria includes a security baseline, and the detection module 203 further includes:
the analyzing unit is used for analyzing the data packet and determining the message type of the message corresponding to the data packet;
the first determining unit is used for determining the actual cipher suite name for transmitting the data packet according to the message when the message type is a service greeting;
the first detection unit is used for matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria includes personal cross-border access rules, and the detection module 203 further includes:
a first extraction unit, configured to extract personal information of a user from the data packet when transmission of the data packet includes cross-border transmission;
a second determining unit configured to determine, when the personal information exists, an actual area to which the user belongs, based on the personal information;
The first acquisition unit is used for acquiring a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current area and a preset target area, and the current area and the target area are different areas;
and the second detection unit is used for determining at least one target area which can be accessed by the actual area legally according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
Optionally, in some embodiments of the present invention, the security criteria include replay attack vulnerability index criteria, and the detection module 203 includes:
the second acquisition unit is used for acquiring data transmission link information between the terminal equipment to be detected and the target terminal equipment after the data packet is sent to the target terminal equipment by the terminal equipment to be detected;
the sending unit is used for sending the data packet to the target terminal equipment again by the terminal equipment to be tested according to the data transmission link information;
a receiving unit, configured to receive response information of the target terminal device for the data packet;
a third determining unit, configured to determine, according to the response information, an actual replay attack susceptibility index corresponding to a data transmission link corresponding to the data transmission link information;
And a third detection unit, configured to match the actual replay attack vulnerability index with the replay attack vulnerability index standard, so as to determine whether the data transmission link is vulnerable to replay attack according to the matching result.
Optionally, in some embodiments of the present invention, the security criteria include traffic security type criteria, and the detection module 203 includes:
the second extraction unit is used for extracting the characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
the prediction unit is used for predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
and the fourth determining unit is used for determining the target flow type corresponding to the encrypted flow according to the probability.
And the fourth detection unit is used for matching the target flow type with the flow safety type standard so as to determine whether the target flow type meets the requirements of the flow safety type standard.
And the lifting module 204 is configured to perform security debugging on the terminal device to be tested according to the security detection result, so as to improve the security of the information transmitted by the terminal device to be tested.
Optionally, in some embodiments of the present invention, the lifting module 204 includes before:
a third extracting unit, configured to extract, from the security detection result, a detection item name of at least one detection item corresponding to the security detection;
a fifth determining unit, configured to determine, according to the detection item names, a scoring weight corresponding to each detection item;
a sixth determining unit, configured to determine a security score to be deducted for each detection item to be deducted according to the scoring weight and the security detection result;
the generating unit is used for generating a safety detection report of the safety detection according to the name of the detection item and the safety score to be deducted;
the lifting module 204 includes:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
Optionally, in some embodiments of the present invention, the lifting module 204 includes:
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
carrying out statistical analysis on the detection result data set to determine the safety compliance trend of different terminal devices for transmitting information at different times;
And carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend, so that the safety-debugged terminal equipment can improve the safety of the transmission information.
Firstly, the acquiring module 201 acquires a data packet sent by the terminal device to be tested, secondly, the determining module 202 determines an area to which the terminal device to be tested belongs and a security criterion that the terminal device to be tested needs to meet in the area, then, the detecting module 203 detects the security of the data packet transmitted by the terminal device according to the security criterion determined by the determining module 202 to obtain a detection result of whether the transmission of the data packet is secure, and then, the lifting module 204 performs security debugging on the terminal device according to the security detection result, so that the terminal device after debugging can lift the security of the transmission information.
According to the embodiment of the application, the data packet sent by the terminal equipment is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal equipment belongs, the safety of information transmission when the terminal equipment sends data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal equipment to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal equipment is achieved, and the effect of improving the safety of the information is achieved.
In addition, the present application further provides an electronic device, as shown in fig. 5, which shows a schematic structural diagram of the electronic device according to the present application, specifically:
the electronic device may include one or more processing cores 'processors 401, one or more computer-readable storage media's memory 402, power supply 403, and input unit 404, among other components. It will be appreciated by those skilled in the art that the electronic device structure shown in fig. 5 is not limiting of the electronic device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components. Wherein:
the processor 401 is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, and performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 402, and calling data stored in the memory 402, thereby performing overall monitoring of the electronic device. Optionally, processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, etc., and the modem processor mainly processes wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 401.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by executing the software programs and modules stored in the memory 402. The memory 402 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data created according to the use of the electronic device, etc. In addition, memory 402 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 with access to the memory 402.
The electronic device further comprises a power supply 403 for supplying power to the various components, preferably the power supply 403 may be logically connected to the processor 401 by a power management system, so that functions of managing charging, discharging, and power consumption are performed by the power management system. The power supply 403 may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
The electronic device may further comprise an input unit 404, which input unit 404 may be used for receiving input digital or character information and generating keyboard, mouse, joystick, optical or trackball signal inputs in connection with user settings and function control.
Although not shown, the electronic device may further include a display unit or the like, which is not described herein. In particular, in this embodiment, the processor 401 in the electronic device loads executable files corresponding to the processes of one or more application programs into the memory 402 according to the following instructions, and the processor 401 executes the application programs stored in the memory 402, so as to implement various functions as follows:
acquiring a data packet sent by terminal equipment to be tested; determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to a security criterion to obtain a security detection result; and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of the information transmitted by the terminal equipment to be detected.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
According to the method and the device, the data packet sent by the terminal device is subjected to safety detection through the safety criterion, legal regulations and the like corresponding to the area where the terminal device belongs, the safety of information transmission when the terminal device sends data is detected, a safety detection result is obtained, and safety debugging is carried out on the terminal device to be detected according to the safety detection result, so that the effect of improving the information transmission safety of the terminal device is achieved, and the effect of improving the safety of the information is achieved.
Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor.
To this end, the present application provides a storage medium having stored therein a plurality of instructions capable of being loaded by a processor to perform the steps of any of the information security enhancement methods provided herein. For example, the instructions may perform the steps of:
acquiring a data packet sent by terminal equipment to be tested; determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area; carrying out security detection on the data packet according to a security criterion to obtain a security detection result; and according to the safety detection result, carrying out safety debugging on the terminal equipment to be detected so as to improve the safety of the information transmitted by the terminal equipment to be detected.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
Wherein the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.
Because the instructions stored in the storage medium can execute any step in the information security promotion provided by the present application, the beneficial effects that can be achieved by any information security promotion method provided by the present application can be achieved, and detailed descriptions of the foregoing embodiments are omitted herein.
The foregoing has described in detail the method, apparatus, electronic device and storage medium for improving information security, and specific examples have been used herein to illustrate the principles and embodiments of the present invention, and the above examples are only for aiding in understanding the method and core idea of the present invention; meanwhile, as those skilled in the art will vary in the specific embodiments and application scope according to the ideas of the present invention, the present description should not be construed as limiting the present invention in summary.

Claims (9)

1. An information security improvement method, characterized by comprising:
Acquiring a data packet sent by terminal equipment to be tested;
determining a region to which the terminal equipment to be tested belongs, and determining a security criterion to be met by the terminal equipment to be tested according to the region, wherein the security criterion comprises at least one of a security baseline standard, a personal cross-border access rule, a replay attack susceptibility index standard corresponding to a data transmission link or a traffic security type standard;
performing security detection on the data packet according to the security criterion to obtain a security detection result;
classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set;
training through the detection result data set to obtain a security situation awareness model;
predicting a safety compliance trend in a future period of time by using the safety situation awareness model;
and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend, so that the safety-debugged terminal equipment can improve the safety of the transmission information.
2. The method of claim 1, wherein the security criteria includes a security baseline, and wherein the security detection of the data packet according to the security criteria includes:
Analyzing the data packet and determining the message type of the message corresponding to the data packet;
when the message type is a service greeting, determining an actual cipher suite name for transmitting the data packet according to the message;
and matching the actual password suite name with the security baseline so as to determine whether the password suite corresponding to the actual password suite name meets the requirement of the security baseline according to the matching result.
3. The method of claim 1, wherein the security criteria comprises personal cross-border access rules, the security detection of the data packet according to the security criteria comprising:
when the transmission of the data packet comprises cross-border transmission, extracting personal information of a user from the data packet;
when the personal information exists, determining an actual area to which the user belongs according to the personal information;
obtaining a mapping relation set, wherein the mapping relation set comprises a legal access relation between a preset current region and a preset target region, and the current region and the target region are different regions;
and determining at least one target area which can be accessed by the actual area legally according to the mapping relation set and the actual area, so that whether the cross-border transmission is legal or not is determined according to the target area.
4. The method of claim 1, wherein the security criteria comprises replay attack vulnerability index criteria, the security detection of the data packets according to the security criteria comprising:
after the data packet is sent to target terminal equipment by the terminal equipment to be tested, acquiring data transmission link information between the terminal equipment to be tested and the target terminal equipment;
according to the data transmission link information, the terminal equipment to be tested sends the data packet to the target terminal equipment again;
receiving response information of the target terminal equipment aiming at the data packet;
determining an actual replay attack susceptibility index corresponding to the data transmission link information according to the response information;
and matching the actual replay attack vulnerability index with the replay attack vulnerability index standard so as to determine whether the data transmission link is vulnerable to replay attacks according to the matching result.
5. The method of claim 1, wherein the security criteria comprises traffic security type criteria, and wherein the security detection of the data packet according to the security criteria comprises:
Extracting characteristics of the encrypted traffic in the data packet according to a preset traffic classification model to obtain traffic characteristic information corresponding to the encrypted traffic;
predicting the probability that the encrypted flow belongs to at least one preset flow type through the preset flow classification model according to the flow characteristic information;
determining a target flow type corresponding to the encrypted flow according to the probability;
and matching the target flow type with the flow safety type standard to determine whether the target flow type meets the requirements of the flow safety type standard.
6. The method according to claim 1, wherein before the security test result is used for performing security debugging on the terminal device to be tested, the method further comprises:
extracting a detection item name of at least one detection item corresponding to the security detection from the security detection result;
determining the scoring weight corresponding to each detection item according to the detection item name;
determining a security score to be deducted for each detection item to be deducted according to the scoring weight and the security detection result;
generating a safety detection report of the safety detection according to the name of the detection item and the safety score to be deducted;
And performing security debugging on the terminal equipment to be tested according to the security detection result, wherein the security debugging comprises the following steps:
and carrying out safety debugging on the terminal equipment to be tested according to the safety detection report.
7. An information security improvement apparatus, comprising:
the acquisition module is used for acquiring a data packet sent by the terminal equipment to be tested;
the determining module is used for determining the area of the terminal equipment to be tested, and determining the security criterion to be met by the terminal equipment to be tested according to the area, wherein the security criterion comprises at least one of a security baseline standard, a personal cross-border access rule, a replay attack susceptibility index standard corresponding to a data transmission link or a traffic security type standard;
the detection module is used for carrying out safety detection on the data packet according to the safety criterion to obtain a safety detection result;
the lifting module is used for classifying and storing the safety detection result and the historical safety detection result according to time to obtain a detection result data set; training through the detection result data set to obtain a security situation awareness model; predicting a safety compliance trend in a future period of time by using the safety situation awareness model; and carrying out safety debugging on the current terminal equipment to be tested according to the safety compliance trend, so that the safety-debugged terminal equipment can improve the safety of the transmission information.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the information security enhancement method according to any of claims 1-6 when the program is executed by the processor.
9. A computer readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the information security enhancement method according to any of claims 1-6.
CN202111038498.7A 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium Active CN113839929B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111038498.7A CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111038498.7A CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113839929A CN113839929A (en) 2021-12-24
CN113839929B true CN113839929B (en) 2024-01-19

Family

ID=78962332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111038498.7A Active CN113839929B (en) 2021-09-06 2021-09-06 Information security improvement method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113839929B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917514A (en) * 2006-01-18 2007-02-21 中国科学院计算技术研究所 Method for building globle network safety system in tracing to the source in each sub domain
CN105915516A (en) * 2016-04-15 2016-08-31 杭州华三通信技术有限公司 Security-detection-based data flow obtaining method and apparatus
CN110535865A (en) * 2019-08-30 2019-12-03 北京小米移动软件有限公司 Information processing method, device, test terminal, test platform and storage medium
CN110620768A (en) * 2019-09-16 2019-12-27 北京方研矩行科技有限公司 Baseline safety detection method and device for intelligent terminal of Internet of things
CN110633112A (en) * 2019-08-30 2019-12-31 北京小米移动软件有限公司 Information processing method and device, equipment and storage medium
CN112101954A (en) * 2020-09-29 2020-12-18 支付宝(杭州)信息技术有限公司 Cross-border service processing method and device based on private data and equipment information
CN112861169A (en) * 2021-01-14 2021-05-28 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment based on privacy protection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1917514A (en) * 2006-01-18 2007-02-21 中国科学院计算技术研究所 Method for building globle network safety system in tracing to the source in each sub domain
CN105915516A (en) * 2016-04-15 2016-08-31 杭州华三通信技术有限公司 Security-detection-based data flow obtaining method and apparatus
CN110535865A (en) * 2019-08-30 2019-12-03 北京小米移动软件有限公司 Information processing method, device, test terminal, test platform and storage medium
CN110633112A (en) * 2019-08-30 2019-12-31 北京小米移动软件有限公司 Information processing method and device, equipment and storage medium
CN110620768A (en) * 2019-09-16 2019-12-27 北京方研矩行科技有限公司 Baseline safety detection method and device for intelligent terminal of Internet of things
CN112101954A (en) * 2020-09-29 2020-12-18 支付宝(杭州)信息技术有限公司 Cross-border service processing method and device based on private data and equipment information
CN112861169A (en) * 2021-01-14 2021-05-28 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment based on privacy protection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Prediction of the Information Security State of the Protected Object Using Recurrent Correction;Yuri M. Monakhov等;2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT);全文 *
电子商务平台信息安全机制的研究;刘阳;中国优秀硕士论文电子期刊网;全文 *

Also Published As

Publication number Publication date
CN113839929A (en) 2021-12-24

Similar Documents

Publication Publication Date Title
CN110855676B (en) Network attack processing method and device and storage medium
US11425047B2 (en) Traffic analysis method, common service traffic attribution method, and corresponding computer system
CN112468520B (en) Data detection method, device and equipment and readable storage medium
US9055096B2 (en) Apparatus and method for detecting an attack in a computer network
CN111181912B (en) Browser identifier processing method and device, electronic equipment and storage medium
CN109474603B (en) Data packet grabbing processing method and terminal equipment
WO2017071148A1 (en) Cloud computing platform-based intelligent defense system
CN101997700A (en) Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection
CN110784383A (en) Shadowclocks proxy network flow detection method, storage medium and terminal
CN113518042B (en) Data processing method, device, equipment and storage medium
CN111865996A (en) Data detection method and device and electronic equipment
CN108737328B (en) Browser user agent identification method, system and device
CN113630418B (en) Network service identification method, device, equipment and medium
CN114205816A (en) Information security architecture of power mobile Internet of things and use method thereof
CN112671724B (en) Terminal security detection analysis method, device, equipment and readable storage medium
CN113839929B (en) Information security improvement method and device, electronic equipment and storage medium
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
CN105323206B (en) Ip defence method
CN110830416A (en) Network intrusion detection method and device
WO2023082605A1 (en) Http message extraction method and apparatus, and medium and device
CN108566380B (en) Proxy internet surfing behavior identification and detection method
CN115473692A (en) Service request processing method, device, equipment and medium
CN114760083B (en) Method, device and storage medium for issuing attack detection file
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
CN114915566B (en) Application identification method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant