CN114969333A - Network information security management method and device based on data mining - Google Patents

Network information security management method and device based on data mining Download PDF

Info

Publication number
CN114969333A
CN114969333A CN202210548664.6A CN202210548664A CN114969333A CN 114969333 A CN114969333 A CN 114969333A CN 202210548664 A CN202210548664 A CN 202210548664A CN 114969333 A CN114969333 A CN 114969333A
Authority
CN
China
Prior art keywords
text
security
network
information
alarm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210548664.6A
Other languages
Chinese (zh)
Inventor
李佳
贾小娥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telephase Technology Development Beijing Co ltd
Original Assignee
Telephase Technology Development Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telephase Technology Development Beijing Co ltd filed Critical Telephase Technology Development Beijing Co ltd
Priority to CN202210548664.6A priority Critical patent/CN114969333A/en
Publication of CN114969333A publication Critical patent/CN114969333A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/35Clustering; Classification
    • G06F16/353Clustering; Classification into predefined classes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2465Query processing support for facilitating data mining operations in structured databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/3331Query processing
    • G06F16/334Query execution
    • G06F16/3344Query execution using natural language analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • General Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to the technical field of intelligent decision, in particular to a network information security management method and a device based on data mining, which comprises the following steps: the method comprises the steps of collecting text information of a network node in a designated time by using a data mining system, processing the text information to obtain a classified text, calling a preset network security perception system to evaluate an information security level value of the network node by combining the classified text, comparing an information security level result with a preset security level parameter threshold value, evaluating a security threat level received by the network node, sending the security threat level evaluation result to a security alarm in the network security perception system, and adopting a defense scheme matched with the security threat level according to an alarm condition of the security alarm to realize dynamic management of network information security of the network node. The invention can solve the problems that the accuracy of manual judgment of the network information security level is low and the prevention efficiency needs to be improved.

Description

Network information security management method and device based on data mining
Technical Field
The invention relates to the technical field of intelligent decision, in particular to a network information security management method and device based on data mining.
Background
The development of network information technology promotes the production and life quality of people, but the development of network information technology is accompanied by the infinite network information security problem. Therefore, an effective method is sought for ensuring the network information security to become a hot problem for analysis of related personnel.
The existing mining method aiming at the network unsafe information is mainly based on the fact that reasoning rules are manually set in advance, a regression model is built by utilizing information obtained by a webpage or algorithm links are built, judgment on webpage information safety is completed, information with detected threats is fed back to a user, and the user takes corresponding precautionary measures according to feedback results.
Disclosure of Invention
The invention provides a network information security management method and device based on data mining and a computer readable storage medium, and mainly aims to solve the problems that the accuracy of manual judgment of network information security levels is low and the prevention efficiency needs to be improved.
In order to achieve the above object, the present invention provides a network information security management method based on data mining, which includes:
receiving an information security evaluation instruction for a network node, and starting a data mining system pre-installed in the network node according to the information security evaluation instruction;
searching text information of the network nodes in the appointed time by using the data mining system, and classifying to obtain classified texts;
and calling a preset network security perception system to evaluate the information security grade value of the network node by combining the classification text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure BDA0003653468260000011
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
matching the information security level value with a preset security level threshold section, determining the security threat level of the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system;
and according to the alarm condition of the safety alarm, adopting a defense scheme matched with the safety threat level to realize dynamic management on the network node network information safety.
Optionally, the collecting, by the data mining system, text information of the network node in a specified time and classifying the text information to obtain a classified text includes:
filtering the noise of the text information by using an information acquisition module of the data mining system to obtain a standard text;
and executing a preset text classification model in the text classifier, and classifying the standard file into the classification text.
Optionally, the filtering, by using an information acquisition module of the data mining system, noise of the text information to obtain a standard text includes:
starting the information acquisition module, wherein the information acquisition module is connected with a website to be acquired by a text through a Web protocol;
acquiring an original text from the website to be acquired by using a Spider collector in the information acquisition module based on the Web protocol;
filtering non-structural data including images and sounds in the original text to obtain a text to be processed including hyperlinks, text labels, a response head and a text;
and acquiring a URL (uniform resource locator) through the hyperlink in the text to be processed, and dividing the text to be processed into the standard text in the form of an article title plus a main body according to the response head and the file extension of the URL.
Optionally, the executing a preset text classification model in the text classifier to classify the specification file into the classification text includes:
receiving a collected text set input by a user;
performing word segmentation processing on the collected text set, and filtering stop words of the collected text set to obtain a standard text set;
vectorizing the feature words in the standard text set to obtain a vector text set;
constructing a label set of the vector text set based on the relevance among the feature words in the vector text set;
inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model;
and calling the text classification model, and processing the standard text into the classified text.
Optionally, the inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model includes:
constructing the original classification model according to a Python programming program, wherein the original classification model is as follows:
Figure BDA0003653468260000031
wherein Obj is the original classification model, T is the number of original classification models generated in the training process, G j As the first derivative of the original classification model error value, H j Is the second derivative of the original classification model error value;
inputting the label set and the vector text set into the original classification model, and changing G by changing the weight of the vector text set j 、H j To obtain T of said originalsClassifying the model;
and linearly weighting the T original classification models to obtain the text classification model.
Optionally, the step of calling a preset network security awareness system to evaluate the information security level value of the network node in combination with the classification text includes:
inputting initial parameters of the network security perception model;
dividing the classified texts into different network information security management topics, wherein the topics comprise fraud prevention, webpage purification and Trojan horse searching and killing;
adjusting parameters of the network security perception model based on the theme, wherein the parameters are network information threat conversion coefficients of different themes;
and calculating to obtain the information security grade value of the network node by using the network security perception model after parameter adjustment.
Optionally, the matching the information security level value with a preset security level threshold segment, and determining the security threat level suffered by the network node according to the matching result includes:
determining the value range of the network information security level of the theme;
dividing a security level threshold segment of the subject;
judging the interval of the information security level value in the security level threshold section to obtain the information security state of the network node;
and matching to obtain the security threat level of the network node according to the information security state.
Optionally, the taking a defense scheme matching the security threat level according to the alarm condition of the security alarm comprises:
judging whether the alarm condition is a blue alarm or not, and if the alarm condition is the blue alarm, adopting an information filtering and data backup defense scheme;
if the alarm is not the blue alarm, judging whether the alarm condition is an orange alarm, and if the alarm condition is the orange alarm, adopting a firewall and Trojan killing defense scheme;
and if the alarm is not the orange alarm, judging whether the alarm condition is a red alarm, if the alarm condition is the red alarm, adopting a data encryption and network counterattack defense scheme, and if the alarm condition is not the red alarm, generating a network information safety prompt and prompting the network node not to adopt the defense scheme.
Optionally, the constructing a tag set of the vector text set based on the relevance between the feature words in the vector text set includes:
constructing the following model to judge the relevance among the feature words:
Figure BDA0003653468260000041
wherein q and d are the text characteristic words,
Figure BDA0003653468260000042
for the vector text containing the feature words q, d, n is the number of texts, tf i,q 、tf i,d For the frequency of occurrence of the feature words q and d in the text, df i The number of texts containing the feature words q and d is determined; score (q, d) is the relevance score between the feature words q and d;
judging the relevance between the feature words q and d based on the score of the score (q, d) to obtain a relevance value;
constructing the set of vector text labels based on the relevance values.
In order to solve the above problem, the present invention further provides a network information security management apparatus based on data mining, the apparatus comprising:
the system comprises a mining system starting module, a data mining system and a data processing module, wherein the mining system starting module is used for receiving an information security evaluation instruction for a network node and starting the data mining system which is pre-installed on the network node according to the information security evaluation instruction;
the text classification module is used for collecting text information of the network nodes in the appointed time by using the data mining system and classifying the text information to obtain classified texts;
and the information security level evaluation module is used for calling a preset network security perception system to evaluate the information security level value of the network node in combination with the classified text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure BDA0003653468260000051
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
the security threat level judging module is used for matching the information security level value with a preset security level threshold section, determining the security threat level received by the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system:
and the defense module is used for adopting a defense scheme matched with the security threat level according to the alarm condition of the security alarm to realize dynamic management on the network node network information security.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the network information security management method based on data mining.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, which stores at least one instruction, where the at least one instruction is executed by a processor in an electronic device to implement the above method for managing network information security based on data mining.
In order to solve the problems in the background art, the embodiment of the invention utilizes the data mining system to collect the text information of the network nodes in the designated time and classifies the text information to obtain classified texts, it can be seen that the embodiment of the invention replaces the manual work with the data mining system to classify the collected text content, thereby improving the accuracy of manual thinking classification, therefore, further, in combination with the classification text, a preset network security perception system is invoked to evaluate the information security level value of the network node, wherein, in order to improve the accuracy of the network information security level judgment, the network security sensing system comprises a network security sensing module, according to the alarm condition of the safety alarm, a defense scheme matched with the safety threat level is adopted, dynamic management on the network information safety of the network nodes is achieved, and the prevention efficiency of the network information safety is greatly improved. Therefore, the network information security management method and device based on data mining, the electronic equipment and the computer readable storage medium provided by the invention can solve the problems that the accuracy of manual judgment of the network information security level is low and the prevention efficiency needs to be improved.
Drawings
Fig. 1 is a schematic flowchart of a network information security management method based on data mining according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart showing a detailed implementation of one of the steps in FIG. 1;
FIG. 3 is a schematic flow chart showing another step of FIG. 1;
fig. 4 is a functional block diagram of a network information security management apparatus based on data mining according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device for implementing the network information security management method based on data mining according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a network information security management method based on data mining. The execution subject of the network information security management method based on data mining includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiments of the present application. In other words, the network information security management method based on data mining may be performed by software or hardware installed in a terminal device or a server device. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Fig. 1 is a schematic flow chart of a network information security management method based on data mining according to an embodiment of the present invention. In this embodiment, the method for managing network information security based on data mining includes:
s1, receiving an information security assessment instruction for the network node, and starting a data mining system pre-installed in the network node according to the information security assessment instruction.
It should be understood that the network node refers to a computer or other device connected to a network having a separate address and having the function of transmitting or receiving data. The nodes may be workstations, clients, network users or personal computers, servers, printers and other network-connected devices. Each workstation, server, terminal device, network device, i.e. the device having its own unique network address, is a network node.
For example, a personal notebook computer is used as a network node, the network information security management device of the present invention is installed, and before the personal notebook computer is used, the personal notebook computer is clicked to run the network information security management device to perform security evaluation on the personal notebook computer. After receiving an information security evaluation instruction sent by a personal notebook computer, the computer starts a data mining system in the network information security management device.
And S2, collecting text information of the network nodes in the appointed time by using the data mining system, and classifying to obtain classified texts.
It can be understood that the text information is a whole information collection containing characters, pictures, audio and images captured by a computer after a series of actions of browsing a webpage, editing a document and playing audio by using a personal notebook computer occur.
It should be explained that the classified text is a result obtained by the computer performing category judgment and classification on the text information by using a machine learning method according to a certain classification system or standard and based on the correlation between the text features and the text information.
In detail, referring to fig. 2, collecting text information of the network node in a specified time by using the data mining system, and classifying the text information to obtain a classified text, includes:
s21, filtering the noise of the text information by using an information acquisition module of the data mining system to obtain a standard text;
and S22, executing a preset text classification model in the text classifier, and classifying the specification file into the classified text.
It should be understood that the text information obtained by computer capture contains many noises, such as traditional characters: am, Ann; symbol: ≥ ≥ pi; the standard text is obtained by deleting the text information through noise filtering.
Further, the filtering, by using an information acquisition module of the data mining system, noise of the text information to obtain a standard text includes:
starting an information acquisition module of the data mining system, wherein the information acquisition module is connected with a website to be acquired of a text through a Web protocol;
acquiring an original text from the website to be acquired by using a Spider collector in the information acquisition module based on the Web protocol;
filtering non-structural data including images and sounds in the original text to obtain a text to be processed including hyperlinks, text labels, a response head and a text;
and acquiring a URL (uniform resource locator) through the hyperlink in the text to be processed, and dividing the text to be processed into the standard text in the form of an article title plus a main body according to the response head and the file extension of the URL.
It should be clear that, a Protocol named HTTP (HyperText Transfer Protocol) is used as a specification for Web to complete a series of processes from a client to a server, so to speak, the Web is established on the HTTP Protocol for communication, and the information acquisition module of the present invention establishes a connection with the website to be acquired of the text based on the HTTP Protocol. The Spider automatic webpage information acquisition tool can realize the acquisition and the arrangement of different website information based on a Web protocol, a user can customize acquisition rule configuration, and the Spider acquisition tool acquires all the original texts of the connected websites. Url (uniform Resource locator) is a universal Resource locator, which contains enough information for finding a Resource and can open a string to reach the target Resource.
In addition, executing a preset text classification model in the text classifier to classify the specification file into the classification text includes:
receiving a collected text set input by a user;
performing word segmentation processing on the collected text set, and filtering stop words of the collected text set to obtain a standard text set;
vectorizing the feature words in the standard text set to obtain a vector text set;
constructing a label set of the vector text set based on the relevance among the feature words in the vector text set;
inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model;
and calling the text classification model, and processing the standard text into the classified text.
Illustratively, stop words are functional words contained in human languages, such as the, is, at, on, what, under, above, ground, dobby, preposition, adverb, preposition, and conjunctions.
It can be clear that the standard text set is obtained after the collected text set is processed by deleting stop words.
Then, inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model, including:
constructing the original classification model according to a Python programming program, wherein the original classification model is as follows:
Figure BDA0003653468260000081
wherein Obj is the original classification model, T is the number of original classification models generated in the training process, G j As the first derivative of the original classification model error value, H j Is the second derivative of the original classification model error value;
inputting the label set and the vector text set into the original classification model, and changing G by changing the weight of the vector text set j 、H j Obtaining T original classification models;
and linearly weighting the T original classification models to obtain the text classification model.
It needs to be explained that the original classification model is based on a vector space model, on the basis, the weight of the vector text set input into the original classification model for T times is changed by using a machine learning algorithm, T original classification models are obtained through training and have different G j 、H j And finally, linearly weighting the T original classification models to obtain the text classification model.
And S3, calling a preset network security perception system to evaluate the information security grade value of the network node by combining the classified text.
Specifically, referring to fig. 3, the step of calling a preset network security awareness system to evaluate the information security level value of the network node in combination with the classification text includes:
s31, constructing the network security perception model;
the network security perception model is as follows:
Figure BDA0003653468260000091
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the information security level value, p (x) ij ) A network information threat conversion coefficient for the classified text;
s32, inputting initial parameters of the network security perception model;
s33, dividing the classified texts into different topics of network information security management, wherein the topics comprise fraud prevention, webpage purification and Trojan horse searching and killing;
s34, adjusting parameters of the network security perception model based on the theme, wherein the parameters are network information threat conversion coefficients of different themes;
and S35, calculating the information security grade value of the network node by using the network security perception model after parameter adjustment.
It should be explained that the network security perception model is called to analyze the information security level value Y of different subject texts, such as fraud texts, advertisement texts or virus texts ij In the model, p (x) ij ) The value of (c) needs to be adjusted according to the subject of the text. Illustratively, when the network security perception model receives classified texts, it first determines whether the classified text type belongs to fraud information, advertisement implantation, or Trojan horse virus, and then adjusts initial parameters of the network security perception model based on new application scenarios according to network information security management appeal such as fraud prevention, webpage purification, Trojan horse checking and killing, and calculates to obtain the obtained parametersThe information security level value of the network node.
Illustratively, for example, when a user browses to phishing information through a personal notebook computer, the phishing information security management device of the present invention can adjust p (x) based on the fraud prevention application scenario after capturing the phishing information ij ) The network security perception model judges the information security level value of a certain personal notebook computer based on the new parameters.
S4, matching the information security level value with a preset security level threshold value section, determining the security threat level of the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system.
In detail, the determining, according to the matching result, the security threat level suffered by the network node by matching the information security level value with a preset security level threshold segment includes:
determining the value range of the network information security level of the theme;
dividing a security level threshold segment of the theme;
judging the interval of the information security level value in the security level threshold section to obtain the information security state of the network node;
and matching to obtain the security threat level of the network node according to the information security state.
It may be clear that the text training set may contain fraud text, advertisement text or virus text, so there are also differences in the security level value ranges of the classified text.
It should be explained that if the security level of the obtained fraud text is in the range of [ z1, z4], the [ z1, z4] is divided into different thresholds [ z1, z2], [ z2, z3], [ z3, z4 ]. If the information security level value falls within the threshold [ z1, z2] interval, the level of security threat suffered by the network node is low, if the information security level value falls within the threshold [ z2, z3] interval, the level of security threat suffered by the network node is high, if the information security level value falls within the threshold [ z3, z4] interval, the level of security threat suffered by the network node is high.
S5, according to the alarm condition of the safety alarm, adopting a defense scheme matched with the safety threat level to realize dynamic management of the network node network information safety.
In detail, the taking of a defense scheme matching the security threat level according to the alarm condition of the security alarm comprises:
judging whether the alarm condition is a blue alarm or not, and if the alarm condition is the blue alarm, adopting an information filtering and data backup defense scheme;
if the alarm is not the blue alarm, judging whether the alarm condition is an orange alarm, and if the alarm condition is the orange alarm, adopting a firewall and Trojan killing defense scheme;
and if the alarm is not the orange alarm, judging whether the alarm condition is a red alarm, if the alarm condition is the red alarm, adopting a data encryption and network counterattack defense scheme, and if the alarm condition is not the red alarm, generating a network information safety prompt and prompting the network node not to adopt the defense scheme.
It is to be explained that the network information security awareness system will only initiate a defense scheme when the security alarm emits blue, orange and red alarms.
In order to solve the problems in the background art, the embodiment of the invention utilizes the data mining system to collect the text information of the network nodes in the designated time and classifies the text information to obtain classified texts, it can be seen that the embodiment of the invention replaces the manual work with the data mining system to classify the collected text content, thereby improving the accuracy of manual thinking classification, therefore, further, in combination with the classification text, a preset network security perception system is invoked to evaluate the information security level value of the network node, wherein, in order to improve the accuracy of the network information security level judgment, the network security sensing system comprises a network security sensing module, according to the alarm condition of the safety alarm, a defense scheme matched with the safety threat level is adopted, dynamic management on network node network information safety is achieved, and the prevention efficiency of the network information safety is greatly improved. Therefore, the network information security management method and device based on data mining, the electronic equipment and the computer readable storage medium provided by the invention can solve the problems that the accuracy of manual judgment of the network information security level is low and the prevention efficiency needs to be improved.
Fig. 4 is a functional block diagram of a network information security management apparatus based on data mining according to an embodiment of the present invention.
The network information security management device 100 based on data mining according to the present invention may be installed in an electronic device. According to the realized functions, the network information security management device 100 based on data mining can comprise a mining system starting module 101, a text classification module 102, an information security level evaluation module 103, a security threat level judgment module 104 and a defense module 105. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
The mining system starting module 101 is configured to receive an information security assessment instruction for a network node, and start a data mining system pre-installed in the network node according to the information security assessment instruction;
the text classification module 102 is configured to collect text information of the network node within a specified time by using the data mining system, and classify the text information to obtain a classified text;
the information security level evaluation module 103 is configured to invoke a preset network security sensing system to evaluate an information security level value of the network node in combination with the classified text, where the network security sensing system is based on a network security sensing model, and the network security sensing model is as follows:
Figure BDA0003653468260000121
wherein i is a time slice, and T is the maximum range value of the time sliceJ is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
the security threat level determination module 104 is configured to match the information security level value with a preset security level threshold segment, determine, according to a matching result, a security threat level suffered by the network node, and send the security threat level to a security alarm in the network security sensing system;
the defense module 105 is configured to adopt a defense scheme matched with the security threat level according to an alarm condition of the security alarm, so as to implement dynamic management on network information security of the network node.
In detail, the specific implementation manner of using each module in the network information security management apparatus 100 based on data mining in the embodiment of the present invention is the same as that in embodiment 1, and is not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device for implementing a network information security management method based on data mining according to an embodiment of the present invention.
The electronic device 1 may include a processor 10, a memory 11 and a bus 12, and may further include a computer program, such as a network information security management method program based on data mining, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of network information security management method programs based on data mining, etc., but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., network information security management method programs based on data mining, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus 12 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus 12 may be divided into an address bus, a data bus, a control bus, etc. The bus 12 is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 5 only shows an electronic device with components, and it will be understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The network information security management method program based on data mining stored in the memory 11 of the electronic device 1 is a combination of a plurality of instructions, and when running in the processor 10, can realize:
receiving an information security evaluation instruction for a network node, and starting a data mining system pre-installed in the network node according to the information security evaluation instruction;
searching text information of the network nodes in the appointed time by using the data mining system, and classifying to obtain classified texts;
and calling a preset network security perception system to evaluate the information security grade value of the network node by combining the classified text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure BDA0003653468260000141
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For said classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
matching the information security level value with a preset security level threshold section, determining the security threat level of the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system;
and according to the alarm condition of the safety alarm, adopting a defense scheme matched with the safety threat level to realize dynamic management on the network node network information safety.
Specifically, the specific implementation method of the processor 10 for the instruction may refer to the description of the relevant steps in the embodiments corresponding to fig. 1 to fig. 5, which is not repeated herein.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, a recording medium, a usb-disk, a removable hard disk, a magnetic diskette, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
receiving an information security evaluation instruction for a network node, and starting a data mining system pre-installed in the network node according to the information security evaluation instruction;
receiving an information security evaluation instruction for a network node, and starting a data mining system pre-installed in the network node according to the information security evaluation instruction;
searching text information of the network nodes in the appointed time by using the data mining system, and classifying to obtain classified texts;
and calling a preset network security perception system to evaluate the information security grade value of the network node by combining the classified text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure BDA0003653468260000151
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
matching the information security level value with a preset security level threshold section, determining the security threat level of the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system;
and according to the alarm condition of the safety alarm, adopting a defense scheme matched with the safety threat level to realize dynamic management on the network node network information safety.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A network information security management method based on data mining is characterized by comprising the following steps:
receiving an information security evaluation instruction for a network node, and starting a data mining system pre-installed in the network node according to the information security evaluation instruction;
searching text information of the network nodes in the appointed time by using the data mining system, and classifying to obtain classified texts;
and calling a preset network security perception system to evaluate the information security grade value of the network node by combining the classified text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure FDA0003653468250000011
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
matching the information security level value with a preset security level threshold section, determining the security threat level of the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system;
and according to the alarm condition of the safety alarm, adopting a defense scheme matched with the safety threat level to realize dynamic management on the network node network information safety.
2. The method for managing network information security based on data mining as claimed in claim 1, wherein the collecting text information of the network node in a specified time by the data mining system and classifying the text information to obtain a classified text comprises:
filtering the noise of the text information by using an information acquisition module of the data mining system to obtain a standard text;
and executing a preset text classification model in the text classifier, and classifying the standard file into the classification text.
3. The method for managing network information security based on data mining as claimed in claim 2, wherein the filtering noise of the text information by using the information collecting module of the data mining system to obtain a canonical text comprises:
starting the information acquisition module, wherein the information acquisition module is connected with a website to be acquired by a text through a Web protocol;
acquiring an original text from the website to be acquired by using a Spider collector in the information acquisition module based on the Web protocol;
filtering non-structural data including images and sounds in the original text to obtain a text to be processed including hyperlinks, text labels, response heads and a text;
and acquiring a URL (uniform resource locator) through the hyperlink in the text to be processed, and dividing the text to be processed into the standard text in the form of an article title plus a main body according to the response head and the file extension of the URL.
4. The method as claimed in claim 2, wherein the executing a text classification model preset in the text classifier to classify the specification document into the classified text comprises:
receiving a collected text set input by a user;
performing word segmentation processing on the collected text set, and filtering stop words of the collected text set to obtain a standard text set;
vectorizing the feature words in the standard text set to obtain a vector text set;
constructing a label set of the vector text set based on the relevance among the feature words in the vector text set;
inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model;
and calling the text classification model, and processing the standard text into the classified text.
5. The method for managing network information security based on data mining of claim 4, wherein the inputting the label set and the vector text set into an original classification model of the text classifier, and training to obtain the text classification model, comprises:
constructing the original classification model according to a Python programming program, wherein the original classification model is as follows:
Figure FDA0003653468250000021
wherein Obj is the original classification model, T is the number of the original classification models generated in the training process, G j As the first derivative of the original classification model error value, H j Is the second derivative of the original classification model error value;
inputting the label set and the vector text set into the original classification model, and changing G by changing the weight of the vector text set j 、H j Obtaining T original classification models;
and linearly weighting the T original classification models to obtain the text classification model.
6. The method for managing network information security based on data mining as claimed in claim 1, wherein said invoking a preset network security aware system to evaluate the information security level value of the network node in combination with the classification text comprises:
inputting initial parameters of the network security perception model;
dividing the classified texts into different network information security management topics, wherein the topics comprise fraud prevention, webpage purification and Trojan horse searching and killing;
adjusting parameters of the network security perception model based on the theme, wherein the parameters are network information threat conversion coefficients of different themes;
and calculating to obtain the information security grade value of the network node by using the network security perception model after parameter adjustment.
7. The method for managing network information security based on data mining as claimed in claim 1, wherein the matching the information security level value with a preset security level threshold segment, and determining the security threat level suffered by the network node according to the matching result comprises:
determining the value range of the network information security level of the theme;
dividing a security level threshold segment of the theme;
judging the interval of the information security level value in the security level threshold value section to obtain the information security state of the network node;
and matching to obtain the security threat level of the network node according to the information security state.
8. The method for managing network information security based on data mining as claimed in claim 1, wherein the taking a defense scheme matching the security threat level according to the alarm condition of the security alarm comprises:
judging whether the alarm condition is a blue alarm or not, and if the alarm condition is the blue alarm, adopting an information filtering and data backup defense scheme;
if the alarm is not the blue alarm, judging whether the alarm condition is an orange alarm, and if the alarm condition is the orange alarm, adopting a firewall and Trojan killing defense scheme;
if the alarm is not the orange alarm, judging whether the alarm condition is a red alarm, if the alarm condition is the red alarm, adopting a data encryption and network counterattack defense scheme, and if the alarm condition is not the red alarm, generating a network information safety prompt and prompting the network node to not adopt the defense scheme.
9. The method for managing network information security based on data mining as claimed in claim 4, wherein the constructing the tag set of the vector text set based on the association between the feature words in the vector text set comprises:
constructing the following model to judge the relevance among the feature words:
Figure FDA0003653468250000041
wherein q and d are the text characteristic words,
Figure FDA0003653468250000042
for the vector text containing the feature words q, d, n is the number of texts, tf i,q 、tf i,d For the frequency of occurrence of the feature words q and d in the text, df i The number of texts containing the feature words q and d is obtained; score (q, d) is the relevance score between the feature words q and d;
judging the relevance between the feature words q and d based on the score of the score (q, d) to obtain a relevance value;
constructing the set of vector text labels based on the relevance values.
10. A network information security management apparatus based on data mining, the apparatus comprising:
the system comprises a mining system starting module, a data mining system and a data processing module, wherein the mining system starting module is used for receiving an information security evaluation instruction for a network node and starting the data mining system which is pre-installed on the network node according to the information security evaluation instruction;
the text classification module is used for collecting text information of the network nodes in the appointed time by using the data mining system and classifying the text information to obtain classified texts;
and the information security level evaluation module is used for calling a preset network security perception system to evaluate the information security level value of the network node in combination with the classified text, wherein the network security perception system is based on a network security perception model, and the network security perception model comprises the following steps:
Figure FDA0003653468250000043
wherein i is a time slice, T is the maximum range value of the time slice, j is the network node, m is the number of the network nodes, x ij For the classified text X ij Value of (A), Y ij For the value of the information security level, p (x) ij ) A network information threat conversion coefficient for the classified text;
the security threat level judging module is used for matching the information security level value with a preset security level threshold section, determining the security threat level received by the network node according to the matching result, and sending the security threat level to a security alarm in the network security perception system:
and the defense module is used for adopting a defense scheme matched with the security threat level according to the alarm condition of the security alarm to realize dynamic management on the network node network information security.
CN202210548664.6A 2022-05-20 2022-05-20 Network information security management method and device based on data mining Pending CN114969333A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210548664.6A CN114969333A (en) 2022-05-20 2022-05-20 Network information security management method and device based on data mining

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210548664.6A CN114969333A (en) 2022-05-20 2022-05-20 Network information security management method and device based on data mining

Publications (1)

Publication Number Publication Date
CN114969333A true CN114969333A (en) 2022-08-30

Family

ID=82985420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210548664.6A Pending CN114969333A (en) 2022-05-20 2022-05-20 Network information security management method and device based on data mining

Country Status (1)

Country Link
CN (1) CN114969333A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115580486A (en) * 2022-11-18 2023-01-06 宁波市镇海区大数据投资发展有限公司 Network security sensing method and device based on big data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115580486A (en) * 2022-11-18 2023-01-06 宁波市镇海区大数据投资发展有限公司 Network security sensing method and device based on big data
CN115580486B (en) * 2022-11-18 2023-04-07 宁波市镇海区大数据投资发展有限公司 Network security sensing method and device based on big data

Similar Documents

Publication Publication Date Title
CN106557695B (en) A kind of malicious application detection method and system
CN106874253A (en) Recognize the method and device of sensitive information
US9805022B2 (en) Generation of topic-based language models for an app search engine
CN108737423B (en) Phishing website discovery method and system based on webpage key content similarity analysis
CN109145216A (en) Network public-opinion monitoring method, device and storage medium
CN112771564A (en) Artificial intelligence engine that generates semantic directions for web sites to map identities for automated entity seeking
CN108718298B (en) Malicious external connection flow detection method and device
KR20170035892A (en) Recognition of behavioural changes of online services
US9906542B2 (en) Testing frequency control using a volatility score
US20230214679A1 (en) Extracting and classifying entities from digital content items
CN114528457B (en) Web fingerprint detection method and related equipment
WO2016010875A1 (en) Behavior change detection system for services
CN115941322B (en) Attack detection method, device, equipment and storage medium based on artificial intelligence
CN113657547B (en) Public opinion monitoring method based on natural language processing model and related equipment thereof
CN112492606B (en) Classification recognition method and device for spam messages, computer equipment and storage medium
CN111881398A (en) Page type determination method, device and equipment and computer storage medium
WO2016188334A1 (en) Method and device for processing application access data
CN114969333A (en) Network information security management method and device based on data mining
CN108415807A (en) A method of crawling whether monitoring electronic equipment browses flame
CN110197375A (en) A kind of similar users recognition methods, device, similar users identification equipment and medium
CN113688346A (en) Illegal website identification method, device, equipment and storage medium
CN112579781A (en) Text classification method and device, electronic equipment and medium
CN115801455A (en) Website fingerprint-based counterfeit website detection method and device
CN114513355A (en) Malicious domain name detection method, device, equipment and storage medium
CN111581533B (en) Method and device for identifying state of target object, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination