CN113965416B - Website security protection capability scheduling method and system based on workflow - Google Patents

Website security protection capability scheduling method and system based on workflow Download PDF

Info

Publication number
CN113965416B
CN113965416B CN202111565943.5A CN202111565943A CN113965416B CN 113965416 B CN113965416 B CN 113965416B CN 202111565943 A CN202111565943 A CN 202111565943A CN 113965416 B CN113965416 B CN 113965416B
Authority
CN
China
Prior art keywords
security
node
website
detection
management module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111565943.5A
Other languages
Chinese (zh)
Other versions
CN113965416A (en
Inventor
董陵
童恩
王宏图
孙迎春
吴刚
陈程
周翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Mobile Information System Integration Co ltd
Original Assignee
Jiangsu Mobile Information System Integration Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Mobile Information System Integration Co ltd filed Critical Jiangsu Mobile Information System Integration Co ltd
Priority to CN202111565943.5A priority Critical patent/CN113965416B/en
Publication of CN113965416A publication Critical patent/CN113965416A/en
Application granted granted Critical
Publication of CN113965416B publication Critical patent/CN113965416B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a website safety protection capability scheduling method and system based on workflow, and belongs to the field of data processing methods specially suitable for supervision. The scheduling method comprises the following steps: s1, sorting out all security resource pool capacities, S2, classifying the security resource pool capacities in a layered and graded mode, S3, pre-labeling the security resource pool capacities, S4, performing decision tree chain pre-initialization on website security protection, S5, matching a machine learning algorithm, dynamically adjusting left and right chance weight values of each node, gradually forming risk effective parameters of each node of each client, and S6, sorting network security protection data in a preset time period based on stage data of the website security protection, and providing a target client prediction result. The invention improves the working efficiency of safety resource scheduling, solves the problem of non-sharing of data in the safety resource pool, reduces the searching time of the safety resources and improves the hit efficiency of the safety resources.

Description

Website security protection capability scheduling method and system based on workflow
Technical Field
The invention relates to the field of data processing methods specially suitable for supervision, in particular to a website security protection capability scheduling method and system based on workflow.
Background
With the development of the internet, the network communication technology and the network interception technology are also developed at a high speed, and novel attack technologies are in the endlessly, so that the risks are more obvious while convenience is brought to mass consumers. Besides the unilateral risk of the traditional network attack, the influence of high interaction risk, large-batch personal information leakage risk, government and financial data leakage, falsified risk and the like on mass consumers is stronger.
In the prior art, the use scheduling and data sharing among multiple security resource capacities still stay on the aspect of 'single fighting', and aiming at the role of 'website security' protection of target customers, host vulnerability scanning can only carry out vulnerability detection on hosts deployed by websites, web vulnerability scanning can only carry out exposure risk vulnerability detection on websites, website security can only monitor horse hanging and tampering detection, the means still stay on the superposition of individual security resource capacities, and the requirement of current security development is difficult to meet in manual security resource capacity scheduling, so that the prior art has at least the following problems:
firstly, when the safety resource capacity serves a target customer, the safety resource capacity is transitionally dependent on manual scheduling, a systematic automatic scheduling tool and an algorithm are lacked, secondly, a series of safety resource capacity sets lead to that the safety resource capacity can only be searched one by one and then matched according to the search result, the matching efficiency is low, the threat cannot be quickly and efficiently searched when the target customer is attacked, thirdly, the safety resource capacity is not classified and classified, the target customer is forced to use to search one by one and match the safety resource capacity, the scheduling is disordered, fourthly, the data results of a plurality of safety resource capacities are independent, the data sharing cannot be formed, fifthly, an effective historical risk surface cannot be formed for each customer, and the difficulty of predicting the potential risk is increased.
Therefore, a website security protection capability scheduling method which can automatically schedule security resource capability, can quickly and efficiently retrieve threats, can classify and effectively schedule security resource capability, can share data and can predict potential risks is needed.
Disclosure of Invention
The purpose of the invention is as follows: the invention provides a website security protection capability scheduling method based on workflow, and further provides a system for realizing the method, so as to solve the problems in the prior art.
The technical scheme is as follows: in a first aspect, a website security protection capability scheduling method based on workflow is provided, and the method includes the following steps: s1, the access register module collects the ability of the safe resource pool.
And S2, the hierarchical management module reads the security resource pool capacity information accessed to the registration module and performs hierarchical classification on the security resource pool capacity according to the attribute information of the security resource pool capacity.
And S3, the label management module pre-labels the security resource pool capacity according to the classification result of the hierarchical management module.
And S4, the decision tree chain management module pre-initializes the decision tree chain for the website security protection according to the label result of the label management module.
The decision tree chain comprises at least one decision node, each node is configured with a safety resource pool capacity, a left opportunity and a right opportunity are arranged under each decision node, and the execution of the left opportunity node or the right opportunity node is determined according to the output result of the decision node.
And S5, a machine learning algorithm is further arranged in the safety protection decision tree chain management module, the left and right chance weight values of each node are dynamically adjusted, and the risk effective parameters of each node of each client are gradually formed.
And S6, using the decision tree chain of S4 and S5 to check the website security protection, inputting the check result to the result management module, and outputting the target client prediction result by the result management module according to the network security protection data of the decision tree chain in the preset time period.
In a further embodiment of the first aspect, the secure resource pool capability comprises at least: host vulnerability scanning, access control terminal detection, video terminal detection, other terminal detection, flow cleaning, network security monitoring, network security protection, video security private network, identity authentication service, log audit service, database audit and baseline detection, text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target detection.
In a further embodiment of the first aspect, the hierarchy of secure resource pool capabilities includes at least: and the equipment layer at least comprises host vulnerability scanning, entrance guard terminal detection, video terminal detection and other terminal detection.
And the network layer at least comprises flow cleaning, network security monitoring, network security protection and a video security private network.
And the system layer at least comprises identity authentication service, log audit service, database audit and baseline detection.
And the application layer at least comprises text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target investigation.
In a further embodiment of the first aspect, the defining in S3 each of the secure resource pool capabilities includes at least one tag, each tag being provided with a respective security weight.
In a further embodiment of the first aspect, the left opportunity set below the decision node is at risk, and the respective left opportunity node is a same level of handling resources.
The right opportunity is risk-free and the corresponding right opportunity node is the next decision node.
In a further embodiment of the first aspect, the machine learning algorithm comprises decreasing the weight value by a predetermined value when there are a predetermined number of consecutive misses to the left of each node of the decision tree.
In a second aspect, a website security protection capability scheduling system is provided, and the system includes an access registration module, a hierarchical management module, a tag management module, a decision tree chain management module, and a result management module.
The access registration module is used for sorting out all the security resource pool capabilities; the hierarchical management module is used for performing hierarchical classification on the capacity of the security resource pool; the label management module is used for pre-labeling the capacity of the security resource pool; the decision tree chain management module is used for performing decision tree chain pre-initialization on website security protection; the result management module outputs a target client prediction result according to the network security protection data of the decision tree chain in a preset time period; wherein, the decision tree chain management module further comprises: a machine learning algorithm dynamically adjusts the left and right chance weight values of each node to gradually form a risk effective parameter of each node of each client; and the decision tree chain management module also reads the target client prediction result of the result management module and inputs the target client prediction result into a machine learning algorithm.
In a further embodiment of the second aspect, the decision tree chain includes at least one decision node, each node is configured with a security resource pool capability, a left opportunity and a right opportunity are configured under each decision node, and a left opportunity node or a right opportunity node is determined to be executed according to an output result of the decision node.
In a third aspect, a website security protection capability scheduling apparatus is provided, the apparatus including: at least one processor and memory; the memory stores computer-executable instructions; the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform the website security capability scheduling method according to the first aspect.
In a fourth aspect, a readable storage medium is provided, where computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the website security protection capability scheduling method according to the first aspect is implemented.
Has the advantages that: by constructing a safety capacity resource decision tree chain and using workflow to implement website safety protection, the problems of disordered use and scheduling between safety resource capacities, low automation and low matching efficiency caused by pure manual scheduling are solved by a labeling method, the working efficiency of safety resource scheduling is improved, secondly, by the decision tree chain, the query efficiency of safe resource retrieval and scheduling is greatly improved, the high-speed safe attack is effectively responded, the problems that each capacity of a safe resource pool is singly dug and data is not shared are solved, the safe resource scheduling problems of disordered risk and loosely coupled capacity in the prior art can be solved, the method plays a role in the fields of construction and capability output of the security resource pool, reduces the search time of the security resources, improves the hit efficiency of the security resources, and aims to realize the search efficiency improvement of more than 5 times.
Drawings
FIG. 1 is a diagram illustrating a hierarchical classification of security capability resources.
FIG. 2 is a schematic diagram of hierarchical security capability resource tagging.
FIG. 3 is a schematic diagram of a security capability resource decision tree chain.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the invention.
The application discloses a website safety protection capability scheduling method capable of automatically scheduling safety resource capability, rapidly and efficiently retrieving threats, classifying and effectively scheduling safety resource capability, sharing data and estimating potential risks.
The scheduling method comprises the following steps: s1, the access register module collects the ability of the safe resource pool.
And S2, the hierarchical management module reads the security resource pool capacity information accessed to the registration module and performs hierarchical classification on the security resource pool capacity according to the attribute information of the security resource pool capacity.
And S3, the label management module pre-labels the security resource pool capacity according to the classification result of the hierarchical management module.
And S4, the decision tree chain management module pre-initializes the decision tree chain for the website security protection according to the label result of the label management module.
The decision tree chain comprises at least one decision node, each node is configured with a safety resource pool capacity, a left opportunity and a right opportunity are arranged under each decision node, and the execution of the left opportunity node or the right opportunity node is determined according to the output result of the decision node.
Wherein the right and left chance judgment basis is as follows: and judging according to the constructed decision tree, wherein the key value source of the decision tree is a label and weight.
And (3) judging an algorithm: that is, in the implementation process of the decision tree shown in fig. 3, the head label is preferentially selected, and if a plurality of labels exist, the label with the maximum weight value is selected according to the weight values of the labels.
And S5, a machine learning algorithm is further arranged in the safety protection decision tree chain management module, the left and right chance weight values of each node are dynamically adjusted, and the risk effective parameters of each node of each client are gradually formed.
The decision tree chain is constructed by defining labels for different security capabilities of each security resource pool capability, and left and right opportunity nodes of each node are constructed after the labels exist.
And S6, using the decision tree chain of S4 and S5 to check the website security protection, inputting the check result to the result management module, and outputting the target client prediction result by the result management module according to the network security protection data of the decision tree chain in the preset time period.
The target client prediction result is a data result for detecting the weak points and the quantity of the network security protection of the client, and the target client prediction result is used for analyzing the possibility of being attacked in which links, the high probability of being attacked in which points, the key reinforcement of which points to be made and the like according to the weak points protected by the client.
In the embodiment, the website safety protection is implemented by using a workflow type workflow through a constructed safety capacity resource decision tree chain, namely a binary tree decision chain algorithm and an execution process of the invention, capacity matching is carried out through the constructed website safety protection binary tree chain, corresponding capacity is scheduled after matching is achieved, and a corresponding safety result is executed, firstly, the problems of disordered use scheduling and low matching efficiency among safety resource capacities are solved by using a tagging method, the working efficiency of safety resource scheduling is improved, the constructed binary tree decision chain is further used for gradually executing leftwards/rightwards to quickly match the optimal safety capacity, the result of website safety protection is obtained, the problems of low matching efficiency caused by the next task due to manual selection of safety capacity, manual scheduling and single capacity execution are solved, the problem of scheduling disorder is solved, then through a decision tree chain, the query efficiency of safe resource retrieval and scheduling is greatly improved, the high-speed safe attack is effectively coped with, the problems of 'single fighting' of each capacity of a safe resource pool and no data sharing are solved, the safe resource scheduling problems of disorder risk and loose coupling of capacity in the prior art can be solved, the construction and capacity output fields of the safe resource pool play a value, the safe resource searching time is reduced, the hitting efficiency of safe resources is improved, and the searching efficiency of the target is improved by more than 5 times.
In a further embodiment, the secure resource pool capabilities include at least: host vulnerability scanning, access control terminal detection, video terminal detection, other terminal detection, flow cleaning, network security monitoring, network security protection, video security private network, identity authentication service, log audit service, database audit and baseline detection, text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target detection.
In the sorting out of all the security resource pool capacities, the capacities of the related security resource pools for the website security protection are mainly classified into seven categories, namely host vulnerability scanning, network security monitoring, flow cleaning, baseline detection, website compliance protection, website compliance detection and network security protection.
In a further embodiment, the hierarchy of secure resource pool capabilities includes at least: and the equipment layer at least comprises host vulnerability scanning, entrance guard terminal detection, video terminal detection and other terminal detection.
And the network layer at least comprises flow cleaning, network security monitoring, network security protection and a video security private network.
And the system layer at least comprises identity authentication service, log audit service, database audit and baseline detection.
And the application layer at least comprises text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target investigation.
The invention establishes a set of open hierarchical safety capacity resource pool, classifies the resources hierarchically according to the service range and the efficiency of the safety capacity resources, and classifies the safety capacity resources into an equipment layer, a network layer, a system layer and an application layer from bottom to top.
The classification levels of the open type hierarchical security capability resource pool established by the invention support gradual refinement, and the resource pool can be refined into an equipment layer 1, an equipment layer 2, a network layer 1, a network layer 2, a system layer 1, a system layer 2, an application layer 1 and an application layer 2 in the existing four types of levels, and supports tree structure recursive iterative extension.
In this embodiment, the hierarchy level is attributed to the bearer support, a security problem occurs in the device layer, which may affect the network running on the device, a security problem occurs in the network, which may affect the system loaded on the network, a security problem occurs in the system, which may affect the service application executed on the system, and there is a possibility of upward influence layer by layer according to the bearer sequence, so the present invention automatically detects the security capability according to the sequence of the device layer, the network layer, the system layer, and the application layer, and then automatically detects according to the label and the weight, thereby solving the problems that the existing manual scheduling security capability resource may only detect the upper layer security capability leak and then complement, and the repeated inspection, retrieval, complement and the like may still be caused by the fact that the leak still cannot be found.
The invention realizes the effective hierarchical classification of the security resources through the security capacity resource pool of the recursive tree structure.
In a further embodiment, defining each secure resource pool capability in S3 includes at least one tag, each tag being provided with a respective security weight.
Two information values of the labeling rule, label classification and label weight, and values of label classification information when the information of the security resource capacity is input, namely the number of labels, the label classification and the initial label weight are manually appointed by an attribution party of the security resource capacity when the security resource capacity is accessed. The label weight information is from a weighted value score, wherein three factors of a weighting factor service attribute, an accessible matching degree and a problem solving degree are used for setting a machine according to the description of the safety resource capacity and specification parameters; and the network security expert scoring factor scores according to the professions of three or more third-party network security experts. If the label classification is a single label, calculating the weight through a single label rule program; if the label classification is multiple labels, the weight is calculated by a multi-label rule program.
As shown in the embodiment of fig. 2, the tagged information of the secure resource pool capability in S3 at least includes: host vulnerability scanning, wherein the labeling information is as follows: label 1: host security, weight: 10. in this embodiment, the host vulnerability scanning tagging information includes a tag classification and a tag weight. Labeling rules: the label classification is summarized into the host security according to the capability characteristics of host vulnerability scanning, the label weight is divided into 10 according to the service attribute of the host vulnerability scanning capability, the accessible matching degree, the problem solving degree and the network security expert score, and the weighted value is obtained. In this embodiment, it is agreed that the host vulnerability scanning only has one tag, and the tagging rule is a single-tag rule.
Network security monitoring, the tagged information is: label 1: website security, weight: 10; and 2, labeling: information security, weight: 9; and (3) labeling: data security, weight: 7. in the embodiment, the network security monitoring tagged information includes tag classification and tag weight. Labeling rules: the label classification is summarized into three types of website safety, information safety and data safety according to the capability characteristics of network safety monitoring, and the weight weighting value scores of the three types of labels are respectively 10, 9 and 7. In this embodiment, it is agreed that the network security monitoring has more than one tag, and the tagging rule is a multi-tag rule.
Flow cleaning resources, and labeling information is as follows: label 1: network security, weight: 10; and 2, labeling: data security, weight: 6. in this embodiment, it is agreed that the traffic cleansing resource is classified into three tags and measured by using a multi-tag rule, so that the traffic cleansing resource uses a tagged information rule having the same capability as the network security monitoring capability in this embodiment.
The baseline detection resources and the labeling information are as follows: label 1: configuration security, weight: 9; and 2, labeling: password security, weight: 8; and (3) labeling: authorization security, weight: 6. in this embodiment, it is agreed that the tags of the baseline detection resources are classified into three tags, and a multi-tag rule is adopted for measurement, so that the baseline detection resources in this embodiment use tagged information rules with the same network security monitoring capability.
Website compliance detection: the labeling information is: label 1: information security, weight: 10. in this embodiment, it is agreed that the tags for website compliance detection are classified into a single tag, and a single tag rule is adopted for measurement, so in this embodiment, the website compliance detection uses tagged information rules with the same capability as that of host vulnerability scanning.
And (3) website compliance protection: the labeling information is: label 1: network security, weight: 10. since the tags of the website compliance protection are classified into single tags and calculated by using a single tag rule, the website compliance protection uses tagged information rules with the same capability as the host vulnerability scanning capability in this embodiment.
And (3) preferentially taking the opportunity nodes with high weights from the same type of labels for detection by setting the weights, wherein the basis for measuring and calculating the weights is to weight the values according to the service attribute of each safety capability, the accessible matching degree, the problem solving degree, the network safety expert score and the like. In the same level, the scores after classification and weighted value taking may be completely consistent.
The invention establishes a hierarchical security capability resource labeling system from bottom to top based on the hierarchical security capability resource pool. And (3) aiming at the condition that the classification and the weight of the safety capacity are completely consistent, when the program judges the left opportunity node and the right opportunity node, the safety capacity access reverse order forward rule is adopted by default, namely the safety capacity accessed later is hit preferentially.
In the security resource tagging system established by the invention, each security resource capability is provided with a plurality of tags, and the basic information of each tag comprises tag content and tag weight. The safety resource capacity label of the nano tube supports transverse linear extension, and the safety resource pool capacity after each transverse linear extension is released and then takes effect.
The invention realizes the labeling of safety capacity resources through a linearly extended label system.
In a further embodiment, the left opportunity set below the decision node is at risk, and the corresponding left opportunity node is the same level of handling resources.
The right opportunity is risk-free, and the corresponding right opportunity node side is the next decision node.
Taking the first left opportunity of the network security monitoring resource capability shown in the embodiment of fig. 3 as risky, the corresponding left opportunity node is a handling resource at the same level, i.e. a website security protection resource, the first right opportunity of the network security monitoring resource capability is risk-free, and the corresponding right opportunity node is a detection resource at the next level, i.e.: a system-level baseline detects resource capabilities.
In the last-but-second step of the constructed network security protection decision tree chain, if a network attack point appears in the specific target detection process, the specific target needs to be handled according to the actual situation of the specific target, wherein the actual situation comprises the time for detecting the specific target, the network security protection level of the specific target, the network security protection requirement of the specific target and other factors, and the shielding strength of the specific target is comprehensively judged. Namely, the specific target mask dynamically changes depending on the result of the specific target investigation and the actual situation of the specific target. The specific target shielding is the website security protection of the highest level, namely, the website of the client is completely isolated from the Internet and is isolated into an internal local area network, namely, the internal local area network is completely risk-free, and the website is guaranteed to be risk-free.
And sequentially carrying out iterative recursion of network security protection, and finally constructing a complete network security protection decision tree chain. In this embodiment, after a left opportunity node of a risky website uses website security resources to reinforce or performs specific target shielding, it is ensured that the website is risk-free, and a right opportunity node of the riskless website continuously detects and observes to finally obtain a risk-free website.
In S5 of this embodiment, the machine learning algorithm of the weight value includes: the weight value is decreased by a predetermined value when there are a predetermined number of consecutive misses on the left side of each node of the decision tree, for example, by 0.1 if there are 10 consecutive misses on the left side of each node of the decision tree. The reason for adjusting the weight value is that if the weight value is not hit continuously for multiple times, the weight measurement in the previous period has deviation, the quick hit rate of the decision tree chain is optimized by continuously adjusting the deviation, the decision time is shortened, and the searching efficiency of the protective capability is improved.
In actual implementation, the protection of the same website address of a target client is increased along with the difference of actual detection results at different time, the final path of each detection is different, and the input of each next step and the execution of a left opportunity node or a right opportunity node of the method depend on the output result of the previous step.
The statistical results within 100 times of task execution comparison according to the target client are as follows: with a conventional traversal lookup, the index hits in average step size 52. I.e., N/2, where N is the amount of security resource capability.
And searching the security resource of the next node through the decision tree index, wherein the average hit step length of the index is 9, and the hit step length is reduced by 5 times.
And (4) combining machine learning, adjusting the hit probability of the left opportunity node for 10 times continuously, and if the left opportunity node is not hit, adjusting the weight of the left opportunity node.
The statistical results within 1000 times of task execution comparison according to the target client are as follows: with a conventional traversal lookup, the index hit average step size is 531. I.e., N/2, where N is the amount of security resource capability.
And searching the security resource of the next node through the decision tree index, wherein the average hit step length of the index is 54, and the hit step length is reduced by 10 times.
In order to implement the method of the above embodiment, the present application further provides a website security protection capability scheduling system, which includes an access registration module, a hierarchical management module, a tag management module, a decision tree chain management module, and a result management module.
The access registration module is used for sorting out all the security resource pool capabilities; the hierarchical management module is used for performing hierarchical classification on the capacity of the security resource pool; the label management module is used for pre-labeling the capacity of the security resource pool; the decision tree chain management module is used for performing decision tree chain pre-initialization on website security protection; the result management module outputs a target client prediction result according to the network security protection data of the decision tree chain in a preset time period; wherein, the decision tree chain management module further comprises: a machine learning algorithm dynamically adjusts the left and right chance weight values of each node to gradually form a risk effective parameter of each node of each client; and the decision tree chain management module also reads the target client prediction result of the result management module and inputs the target client prediction result into the machine learning algorithm, so that the machine learning algorithm further calculates and optimizes the weight of the security resource pool capacity.
In this embodiment, the decision tree chain includes at least one decision node, each node is configured with a security resource pool capability, a left opportunity and a right opportunity are set under each decision node, and a left opportunity node or a right opportunity node is determined to be executed according to an output result of the decision node.
The application also provides a website safety protection capability scheduling device, which comprises: at least one processor and memory; the memory stores computer-executable instructions; the at least one processor executes computer-executable instructions stored by the memory to cause the at least one processor to perform a website security capability scheduling method.
The application also provides a readable storage medium, wherein a computer execution instruction is stored in the readable storage medium, and when the processor executes the computer execution instruction, the website security protection capability scheduling method is realized.
As noted above, while the present invention has been shown and described with reference to certain preferred embodiments, it is not to be construed as limited thereto. Various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (9)

1. A website security protection capability scheduling method based on workflow is characterized by comprising the following steps:
s1, accessing the register module to collect the safety resource pool ability;
s2, the hierarchical management module reads the security resource pool capacity information accessed to the registration module, and hierarchically classifies the security resource pool capacity according to the attribute information of the security resource pool capacity;
s3, the label management module pre-labels the security resource pool capacity according to the classification result of the grading management module;
s4, the decision tree chain management module pre-initializes the decision tree chain for the website safety protection according to the label result of the label management module;
the decision tree chain comprises at least one decision node, each node is configured with a safety resource pool capacity, a left opportunity and a right opportunity are arranged under each decision node, and the execution of the left opportunity node or the right opportunity node is determined according to the output result of the decision node;
s5, a machine learning algorithm is further arranged in the safety protection decision tree chain management module, the left and right chance weight values of each node are dynamically adjusted, and the risk effective parameters of each node of each client are gradually formed;
and S6, using the decision tree chain of S4 and S5 to check the website security protection, inputting the check result to the result management module, and outputting the target client prediction result by the result management module according to the network security protection data of the decision tree chain in the preset time period.
2. The website security protection capability scheduling method based on workflow as claimed in claim 1, wherein the security resource pool capability at least comprises: host vulnerability scanning, access control terminal detection, video terminal detection, other terminal detection, flow cleaning, network security monitoring, network security protection, video security private network, identity authentication service, log audit service, database audit and baseline detection, text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target detection.
3. The website security protection capability scheduling method based on workflow as claimed in claim 2, wherein the security resource pool capability hierarchy at least comprises:
the equipment layer at least comprises host vulnerability scanning, entrance guard terminal detection, video terminal detection and other terminal detection;
the network layer at least comprises flow cleaning, network security monitoring, network security protection and a video security private network;
the system layer at least comprises identity authentication service, log audit service, database audit and baseline detection;
and the application layer at least comprises text detection, image detection, voice detection, video detection, website compliance protection, website compliance detection, APP vulnerability detection, specific site shielding and specific target investigation.
4. The method for scheduling website security protection capability based on workflow of claim 2, wherein each security resource pool capability defined in S3 comprises at least one tag, and each tag is provided with a corresponding security weight.
5. The website security protection capability scheduling method based on workflow as claimed in claim 1,
the left opportunity set under the decision node is risky, and the corresponding left opportunity node is a disposal resource at the same level;
the right opportunity is risk-free and the corresponding right opportunity node is the next decision node.
6. The method as claimed in claim 1, wherein the machine learning algorithm includes that when there are a predetermined number of consecutive misses at the left side of each node of the decision tree, the weight value is reduced by a predetermined value.
7. The website safety protection capability scheduling system is characterized by comprising:
the access registration module is used for sorting out all the security resource pool capabilities;
the hierarchical management module is connected with the access registration module and is used for hierarchically classifying the capacity of the security resource pool;
the label management module is connected with the grading management module and is used for pre-labeling the capacity of the security resource pool;
the decision tree chain management module is connected with the label management module and is used for performing decision tree chain pre-initialization on website security protection;
the result management module is connected with the decision tree chain management module and outputs a target client prediction result according to the network security protection data of the decision tree chain in a preset time period;
wherein the decision tree chain management module further comprises: a machine learning algorithm dynamically adjusts the left and right chance weight values of each node to gradually form a risk effective parameter of each node of each client;
the decision tree chain management module also reads a target client prediction result of the result management module and inputs the target client prediction result into a machine learning algorithm;
the decision tree chain comprises at least one decision node, each node is configured with a safety resource pool capacity, a left opportunity and a right opportunity are arranged under each decision node, and the execution of the left opportunity node or the right opportunity node is determined according to the output result of the decision node.
8. Website safety protection ability scheduling equipment, its characterized in that includes: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the website security capability scheduling method of any one of claims 1 to 6.
9. A readable storage medium, wherein the readable storage medium stores computer executable instructions, and when a processor executes the computer executable instructions, the website security protection capability scheduling method according to any one of claims 1 to 6 is implemented.
CN202111565943.5A 2021-12-21 2021-12-21 Website security protection capability scheduling method and system based on workflow Active CN113965416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111565943.5A CN113965416B (en) 2021-12-21 2021-12-21 Website security protection capability scheduling method and system based on workflow

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111565943.5A CN113965416B (en) 2021-12-21 2021-12-21 Website security protection capability scheduling method and system based on workflow

Publications (2)

Publication Number Publication Date
CN113965416A CN113965416A (en) 2022-01-21
CN113965416B true CN113965416B (en) 2022-03-18

Family

ID=79473310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111565943.5A Active CN113965416B (en) 2021-12-21 2021-12-21 Website security protection capability scheduling method and system based on workflow

Country Status (1)

Country Link
CN (1) CN113965416B (en)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090024663A1 (en) * 2007-07-19 2009-01-22 Mcgovern Mark D Techniques for Information Security Assessment
CN105975984B (en) * 2016-04-29 2018-05-15 吉林大学 Network quality evaluation method based on evidence theory
CN106899440B (en) * 2017-03-15 2020-04-07 苏州大学 Network intrusion detection method and system for cloud computing
US10778702B1 (en) * 2017-05-12 2020-09-15 Anomali, Inc. Predictive modeling of domain names using web-linking characteristics
CN111049827A (en) * 2019-12-12 2020-04-21 杭州安恒信息技术股份有限公司 Network system safety protection method, device and related equipment
CN111160992A (en) * 2020-01-02 2020-05-15 焦点科技股份有限公司 Marketing system based on user portrait system
CN112215505A (en) * 2020-10-19 2021-01-12 国网山东省电力公司电力科学研究院 Data security intelligent management and control platform suitable for electric power industry
CN112699090B (en) * 2020-12-23 2024-05-14 北京北信源软件股份有限公司 Log auditing method and device, electronic equipment and storage medium
CN112950231A (en) * 2021-03-19 2021-06-11 广州瀚信通信科技股份有限公司 XGboost algorithm-based abnormal user identification method, device and computer-readable storage medium

Also Published As

Publication number Publication date
CN113965416A (en) 2022-01-21

Similar Documents

Publication Publication Date Title
Abdelhamid et al. Phishing detection: A recent intelligent machine learning comparison based on models content and features
Bamakan et al. A new intrusion detection approach using PSO based multiple criteria linear programming
Tang et al. A deep learning-based framework for phishing website detection
CN107241352A (en) A kind of net security accident classificaiton and Forecasting Methodology and system
CN111787011B (en) Intelligent analysis and early warning system, method and storage medium for security threat of information system
CN107977575A (en) A kind of code-group based on privately owned cloud platform is into analysis system and method
CN112422537A (en) Behavior prediction method of network attack knowledge graph generated based on honeypot actual combat
WO2023093100A1 (en) Method and apparatus for identifying abnormal calling of api gateway, device, and product
CN110011976B (en) Network attack destruction capability quantitative evaluation method and system
US10419449B1 (en) Aggregating network sessions into meta-sessions for ranking and classification
Ajdani et al. Introduced a new method for enhancement of intrusion detection with random forest and PSO algorithm
Gonaygunta Machine learning algorithms for detection of cyber threats using logistic regression
CN111431883B (en) Web attack detection method and device based on access parameters
Kaiser et al. Attack hypotheses generation based on threat intelligence knowledge graph
Sheng et al. Backdoor attack of graph neural networks based on subgraph trigger
Nadella et al. Exploring the impact of AI-driven solutions on cybersecurity adoption in small and medium enterprises
Marin et al. Inductive and deductive reasoning to assist in cyber-attack prediction
Seraphim et al. A survey on machine learning techniques in network intrusion detection system
CN113965416B (en) Website security protection capability scheduling method and system based on workflow
CN110472416A (en) A kind of web virus detection method and relevant apparatus
Dalmaz et al. Machine Learning Approaches in Detecting Network Attacks
CN107239704A (en) Malicious web pages find method and device
Moreno-Vera et al. Cream skimming the underground: Identifying relevant information points from online forums
Vevera et al. A Multi-Attribute Approach for Cyber Threat Intelligence Product and Services Selection
Pandey et al. An Effective Phishing Site Prediction using Machine Learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant