CN115085960A - Network security access authentication method and device, electronic equipment and readable storage medium - Google Patents

Network security access authentication method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115085960A
CN115085960A CN202110281155.7A CN202110281155A CN115085960A CN 115085960 A CN115085960 A CN 115085960A CN 202110281155 A CN202110281155 A CN 202110281155A CN 115085960 A CN115085960 A CN 115085960A
Authority
CN
China
Prior art keywords
network access
access equipment
target information
authentication
evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110281155.7A
Other languages
Chinese (zh)
Inventor
黄静
陈佳
张会娟
孙哲元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110281155.7A priority Critical patent/CN115085960A/en
Publication of CN115085960A publication Critical patent/CN115085960A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security access authentication method, a network security access authentication device, electronic equipment and a readable storage medium, and belongs to the field of network security. The method comprises the following steps: analyzing the acquired flow data of the network access equipment to obtain target information; classifying the target information based on a pre-trained clustering model to obtain the type of the target information; and authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule. The method and the device can improve the accuracy and efficiency of the authentication of the network access equipment.

Description

Network security access authentication method and device, electronic equipment and readable storage medium
Technical Field
The invention belongs to the field of network security, and particularly relates to a data-driven network security access authentication method and device, electronic equipment and a computer-readable storage medium.
Background
With the deep development of the 5G network, massive heterogeneous devices are used as real-time data sources to be accessed to the Internet of things, and the safety of network devices is paid extensive attention. If an unauthenticated untrusted device accesses the network, numerous security risks are introduced, resulting in other devices being attacked or data information being revealed. Therefore, in order to ensure the safe and stable operation of the network environment, the identification and authentication of the network access device are required.
The existing authentication method of the network access equipment is suitable for authenticating the known access equipment with fixed function or stable behavior information, with hundreds of millions of equipment access networks, a large number of unknown equipment access networks, and continuously-increased function dimensions and complicated and various network interaction behaviors of the equipment, so that the equipment authentication difficulty is increased, and the authentication precision and efficiency are lower.
Disclosure of Invention
Embodiments of the present invention provide a network security access authentication method, device, electronic device, and computer readable storage medium, so as to solve the problem of low accuracy and efficiency of the authentication method of the existing network access device.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a network security access authentication method, where the method includes:
analyzing the acquired flow data of the network access equipment to obtain target information;
classifying the target information based on a pre-trained clustering model to obtain the type of the target information;
and authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
In a second aspect, an embodiment of the present invention provides a network security access authentication apparatus, where the apparatus includes:
the analysis module is used for analyzing the acquired flow data of the network access equipment to obtain target information;
the equipment classification module is used for classifying the target information based on a pre-trained clustering model to obtain the type of the target information;
and the hierarchical authentication module is used for authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a processor, a memory, and a program or instructions stored on the memory and executable on the processor, and when executed by the processor, the program or instructions implement the steps of the method according to the first aspect.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to the first aspect.
In the embodiment of the invention, the target information is obtained by analyzing the acquired flow data of the network access equipment, the target information is classified based on a pre-trained clustering model to obtain the type of the target information, and the network access equipment is authenticated according to the type of the target information based on a preset hierarchical authentication rule; according to the authentication result of the network access equipment and the behavior characteristics of the network access equipment, the credibility of the network access equipment is evaluated, the rapid classification and non-invasive authentication of mass heterogeneous network access equipment can be realized, the artificial participation is reduced, the authentication of unknown equipment and equipment with various functional behaviors is realized, and the accuracy and the efficiency of the authentication are improved.
Drawings
Fig. 1 is a flowchart of a network security access authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a hierarchical authentication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network security access authentication apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the objects identified as "first," "second," etc. are generally a class of objects and do not limit the number of objects, e.g., a first object may be one or more. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
The network security access authentication method provided by the embodiment of the present invention is described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
Referring to fig. 1, fig. 1 is a flowchart of a network security access authentication method according to an embodiment of the present invention, where the method is applied to an electronic device, and as shown in fig. 1, the method includes the following steps:
step 101, analyzing the acquired traffic data of the network access device to obtain target information.
In the embodiment of the present invention, the network access device may include an internet of things access device such as a desktop computer, a smart phone, a printer, a tablet computer, a vehicle computer, a robot, and a wearable device. In this embodiment, the dynamic network traffic data of the network access device may be collected and subjected to processing such as cleaning and message parsing to obtain target information, where the target information reflects a function of the network access device. For example, the destination information may include information such as a source IP address, a destination IP address, a source port, a destination port, and a packet type, and the content of the destination information is not limited in the embodiment of the present invention.
And 102, classifying the target information based on a pre-trained clustering model to obtain the type of the target information.
In the embodiment of the invention, the flow data of each network access device in a period of time can be collected in advance, analyzed and stored to obtain the training data set, the preset clustering model is trained through the training data set to obtain the trained clustering model, and the offline training of the clustering model is completed. The preset clustering model can adopt the existing clustering algorithm, such as a k-means clustering algorithm, and the embodiment of the invention does not limit the type of the clustering algorithm adopted by the clustering model.
In the embodiment of the present invention, after the trained cluster model is obtained, the target information obtained by acquiring the traffic data of the network access device at present may be input into the pre-trained cluster model, and the similarity between the current target information and the centroid information of each cluster in the cluster model is calculated, where a larger similarity indicates a higher matching degree of the dynamic behavior of the current target information and the device corresponding to the cluster, and the current target information belongs to the device, so that the type corresponding to the cluster with the largest similarity may be used as the type of the current target information.
Optionally, the method for calculating the similarity may adopt euclidean distance, cosine similarity, mutual information, and the like, and the similarity calculation method adopted when the clustering model is classified in the embodiment of the present invention is not limited. The embodiment of the invention can classify the target information of the network access equipment by adopting an unsupervised learning method, overcomes the defect that the supervised learning method cannot be better applied to label-free data, can quickly and accurately classify the functions of all the network access equipment, improves the applicability of a clustering model, can meet the requirements of lack of labels for data of a large amount of equipment in actual engineering and simplicity and high efficiency for an algorithm, and provides a basis for better authentication of the network access equipment.
And 103, authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
In the embodiment of the invention, whether the types of the target information sent by the network access equipment at different times are changed or not can be judged according to the types of the target information obtained by the traffic data at different times through collecting the traffic data of the network access equipment at different times. For example, the different times may be morning and evening of a day, and the embodiment of the present invention does not limit the selection manner of the different times. If the types of the target information sent by the network access equipment at different time are changed, authenticating the network access equipment according to the identity identification information of the network access equipment; and if the types of the target information sent by the network access equipment at different time are not changed, authenticating the network access equipment according to the centroid information of the type to which the target information belongs and the predetermined reference information. The predetermined reference information is target information corresponding to the network access device which is successfully authenticated when the network access device is authenticated through the identity identification information.
In the embodiment of the invention, target information is obtained by analyzing the acquired flow data of the network access equipment; classifying the target information based on a pre-trained clustering model to obtain the type of the target information; based on a preset hierarchical authentication rule, the network access equipment is authenticated according to the type of the target information, so that the rapid classification and the non-invasive authentication of massive heterogeneous network access equipment can be realized, the human participation is reduced, and the accuracy and the efficiency of the authentication are improved.
Optionally, the authenticating the network access device according to the centroid information of the type to which the target information belongs and the predetermined reference information may include:
and determining a first similarity between the target information and the centroid information, and judging whether the first similarity is smaller than a first preset threshold value. If the first similarity is smaller than a first preset threshold value, determining that the authentication of the network access equipment is successful; if the first similarity is greater than or equal to a first preset threshold, determining second similarities between the target information and all predetermined reference information, and judging whether a second similarity smaller than a second preset threshold exists;
if the second similarity smaller than the second preset threshold exists, determining that the authentication of the network access equipment is successful; and if all the determined second similarity degrees are greater than or equal to a second preset threshold value, authenticating the network access equipment according to the identity identification information of the network access equipment.
In the embodiment of the present invention, the network Access device has identifiable identification information, for example, a Media Access Control Address (MAC Address), an International Mobile Equipment Identity (International Mobile Equipment Identity, IMEI for short), a shared secret or a certificate, which can be used for identification information, so as to establish an initial trust relationship. The reference information is target information corresponding to the network access device which is successfully authenticated by authenticating the network access device through the identity identification information, that is, by using the target information of the trusted device after the identity identification information is authenticated as the reference point, the defect that the conventional authentication method cannot well deal with the authentication of unknown devices which are firstly accessed to the network and the defect that the conventional authentication method cannot well deal with the authentication of devices with various functional behaviors when the behavior of the devices accessed to the network is normally changed can be solved, and the authentication precision and the authentication efficiency can be improved. Optionally, the method for calculating the similarity may adopt euclidean distance, cosine similarity, mutual information, and the like, and the similarity calculation method adopted in the hierarchical authentication is not limited in the embodiment of the present invention.
As shown in fig. 2The present invention provides a flowchart of a hierarchical authentication method, which includes the following steps: and judging whether the type of the current target information of the equipment is changed or not according to the classified target information. And if the change occurs, carrying out identity authentication. If not, judging whether the Euclidean distance D between the current target information and the centroid information of the type is smaller than a preset threshold value D or not 1 . If D is less than D 1 The device is proved to be high in conformity with the type, and the device is successfully authenticated. If D is greater than or equal to D 1 Respectively calculating Euclidean distances d ═ of (d) between the current target information and all the reference information 1 ,d 2 ,…,d n ) Judging whether all the elements in D are larger than or equal to a preset threshold value D or not 2
If any element in D is smaller than the preset threshold value D 2 And the device authentication is successful. If all elements in D are greater than or equal to a preset threshold value D 2 It means that the reliability of the device behavior is weak, and the device needs to be authenticated.
By authenticating the device. And if the equipment authentication is successful, taking the current target information as the reference information. Otherwise, the device authentication fails.
Optionally, after the network access device is authenticated according to the type of the target information based on the preset hierarchical authentication rule, the network access device may be further evaluated for reliability according to an authentication result of the network access device and behavior characteristics of the network access device.
Further, when the network access device is evaluated for the credibility, the membership of each evaluation index in the evaluation index set to each evaluation level in the quantitative evaluation set can be determined according to an evaluation index set constructed by the authentication result of the network access device and the behavior characteristics of the network access device and a quantitative evaluation set constructed by a preset evaluation level reflecting the occurrence frequency of the evaluation index, so as to obtain a membership matrix, a credibility evaluation vector can be determined according to a preset evaluation index weight set and the membership matrix, and the credibility of the network access device can be evaluated according to the credibility evaluation vector.
In the embodiment of the invention, the network connection can be performed in advance according to the networkAnd establishing a plurality of evaluation indexes according to the authentication result of the access equipment and the behavior characteristics of the network access equipment, and establishing an evaluation index set. Based on expert knowledge, the established evaluation index may include: the grading authentication result, the IP message accuracy, the TCP message accuracy, the data accuracy and the data collapse rate. Optionally, whether a transmission error occurs in the packet may be determined by detecting a CRC check code of an IP header and a TCP header of the packet in the flow data, so as to obtain an IP packet accuracy and a TCP packet accuracy, and obtain a data accuracy and a data collapse rate according to ACK and RESET in a flag bit of the TCP packet. The evaluation index set U ═ U (U) thus constructed 1 ,u 2 ,u 3 ,u 4 ,u 5 ) Wherein u is 1 For hierarchical authentication results, u 2 Is IP message accuracy, u 3 For TCP message accuracy, u 4 For data accuracy, u5 is the data collapse rate.
In the embodiment of the invention, the evaluation grade reflecting the appearance frequency of the evaluation index can be preset, and the quantitative evaluation set is constructed according to the preset evaluation grade. For example, the constructed quantitative evaluation set V ═ (V ═ V) 1 ,v 2 ,v 3 ,v 4 ,v 5 ) Wherein v is 1 、v 2 、v 3 、v 4 、v 5 Respectively represent first, second, third, fourth and fifth levels. The corresponding grade quantification can be carried out on the evaluation indexes, namely the grading authentication result, the IP message accuracy, the TCP message accuracy, the data accuracy and the data breakdown rate through the preset evaluation grade, and the quantification details can refer to the network safety standard specification or the actual condition. In some alternative examples, the quantitative criteria are a quantitative evaluation set as shown in table 1.
TABLE 1
Evaluation of First stage Second order Three-stage Four stages Five stages
Class m 1 2 3 4 5
Y i (frequency) y i >0.02 0.02>y i >0.01 0.01>y i >0.002 0.002>y i >0.001 y i <0.001
In the embodiment of the invention, the membership degree of each evaluation index in the evaluation index set to each evaluation grade in the quantitative evaluation set can be determined according to the evaluation index set and the quantitative evaluation set, so as to obtain the membership degree matrix. For example, the resulting membership matrix R, where R ij Each evaluation index set U in the representative evaluation index set U i For each evaluation grade V in the quantitative evaluation set V j Degree of membership of, establish u i And obtaining a membership matrix R according to the fuzzy relation of V.
Figure BDA0002978474430000071
Wherein S is ij The number of times the ith evaluation index is evaluated as an evaluation rank j is represented, and S represents the total number of times of evaluation. And determining that the reliability evaluation vector b is a 1 x 5 vector according to a preset evaluation index weight set w and the membership matrix R, and evaluating the reliability of the network access equipment according to the reliability evaluation vector b.
b ═ wR (formula 2)
Optionally, selecting the element with the largest value in the credibility assessment vector b, matching the selected element with a preset trust level, and determining the trust level of the network access equipment; or the sum of products of each element in the credibility evaluation vector b and the corresponding score preset by each evaluation grade can be determined to serve as the trust score Q of the network access equipment, and the trust score Q is matched with the preset trust grade to determine the trust grade of the network access equipment.
Figure BDA0002978474430000072
Wherein, delta j Indicating a predetermined score for each rating, e.g. 100, 80, 60, 40, 20, b j Representing the jth element in vector b. By the trust score of the network access equipment, not only can the credibility of the current message of the access equipment be obtained, but also the trust grade of the equipment can be more objectively given by analyzing the historical trust score of the equipment. When the equipment trust score fluctuates greatly, the equipment authentication early warning can be carried out in advance, the authentication safety is improved, therefore, the equipment can be continuously trusted and evaluated through the trust score, the problem that the equipment legality change caused by the existing single authentication cannot be perceived in time can be avoided, in addition, theoretical support can be provided for operators to carry out fine-grained authority distribution and access control on the equipment through continuously evaluating the trust level and the credibility of the equipment, fine-grained authority management can be carried out according to business requirements, and therefore subsequent safety isolation, manual inspection and the like are carried out.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a network security access authentication device according to an embodiment of the present invention, the device is applied to an electronic device, and as shown in fig. 3, the network security access authentication device 300 may include:
the analyzing module 310 is configured to analyze the acquired traffic data of the network access device to obtain target information.
And the device classification module 320 is configured to classify the target information based on a pre-trained clustering model to obtain a type of the target information.
And the hierarchical authentication module 330 is configured to authenticate the network access device according to the type of the target information based on a preset hierarchical authentication rule.
Optionally, the hierarchical authentication module 330 includes:
the judging unit is used for judging whether the types of the target information sent by the network access equipment at different time are changed or not according to the types of the target information;
the first authentication unit is used for authenticating the network access equipment according to the identity identification information of the network access equipment when the types of the target information sent by the network access equipment at different times are changed;
and the second authentication unit is used for authenticating the network access equipment according to the centroid information of the type of the target information and predetermined reference information when the type of the target information sent by the network access equipment at different time is not changed, wherein the reference information is the target information corresponding to the network access equipment which is successfully authenticated when the network access equipment is authenticated through the identity identification information.
Optionally, the second authentication unit comprises:
the first judging subunit is used for determining a first similarity between the target information and the centroid information and judging whether the first similarity is smaller than a first preset threshold value;
the first authentication subunit is used for determining that the authentication of the network access equipment is successful when the first similarity is smaller than a first preset threshold value;
the second judging subunit is used for determining a second similarity between the target information and the predetermined reference information when the first similarity is greater than or equal to a first preset threshold value, and judging whether the second similarity smaller than the second preset threshold value exists;
the second authentication subunit is used for determining that the authentication of the network access equipment is successful when a second similarity smaller than a second preset threshold exists;
and the first authentication unit is further configured to authenticate the network access device according to the identity information of the network access device when all the determined second similarities are greater than or equal to a second preset threshold.
Optionally, the network security access authentication apparatus 300 may further include:
and the trust evaluation module is used for evaluating the credibility of the network access equipment according to the authentication result of the network access equipment and the behavior characteristics of the network access equipment.
Optionally, the trust evaluation module 340 includes:
the data processing unit is used for determining the membership of each evaluation index in the evaluation index set to each evaluation grade in the quantitative evaluation set according to an evaluation index set constructed by the authentication result of the network access equipment and the behavior characteristics of the network access equipment and a quantitative evaluation set constructed by preset evaluation grades reflecting the occurrence frequency of the evaluation indexes to obtain a membership matrix; determining a credibility evaluation vector according to a preset evaluation index weight set and a membership matrix;
and the credibility evaluation unit is used for evaluating the credibility of the network access equipment according to the credibility evaluation vector.
Optionally, the reliability evaluation unit is configured to select an element with the largest numerical value in the reliability evaluation vector; matching the obtained elements with a preset trust level to determine the trust level of the network access equipment, wherein the trust level is used as the credibility of the network access equipment; or the like, or, alternatively,
optionally, the credibility assessment unit is configured to determine a sum of products of each element in the credibility assessment vector and a preset score of each corresponding evaluation level, where the sum is used as a trust score of the network access device; and matching the trust score with a preset trust level to determine the trust level of the network access equipment, wherein the trust level is used as the credibility of the network access equipment.
It can be understood that the network security access authentication apparatus 300 according to the embodiment of the present invention can implement the processes of the method embodiments shown in fig. 1 and fig. 2, and can achieve the same technical effect, and for avoiding repetition, the details are not described here.
In addition, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the computer program, when executed by the processor, can implement each process of the method embodiments shown in fig. 1 and fig. 2 and achieve the same technical effect, and is not described herein again to avoid repetition.
Referring to fig. 4, an embodiment of the present invention further provides an electronic device 40, which includes a bus 41, a transceiver 42, an antenna 43, a bus interface 44, a processor 45, and a memory 46.
In the embodiment of the present invention, the electronic device 40 further includes: programs or instructions stored on the memory 46 and executable on the processor 45. Optionally, the program or the instructions may implement the following steps when executed by the processor 45:
analyzing the acquired flow data of the network access equipment to obtain target information;
classifying the target information based on a pre-trained clustering model to obtain the type of the target information;
and authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
It can be understood that the computer program can implement the processes of the method embodiments shown in fig. 1 and fig. 2 when executed by the processor 45, and can achieve the same technical effects, and the details are not repeated herein to avoid repetition.
In fig. 4, a bus architecture (represented by bus 41), bus 41 may include any number of interconnected buses and bridges, with bus 41 linking together various circuits including one or more processors, represented by processor 45, and memory, represented by memory 46. The bus 41 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 44 provides an interface between the bus 41 and the transceiver 42. The transceiver 42 may be one element or may be multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 45 is transmitted over a wireless medium via the antenna 43, and further, the antenna 43 receives the data and transmits the data to the processor 45.
The processor 45 is responsible for managing the bus 41 and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And the memory 46 may be used to store data used by the processor 45 in performing operations.
Alternatively, the processor 45 may be a CPU, ASIC, FPGA or CPLD.
An embodiment of the present invention further provides a computer-readable storage medium, on which a program or an instruction is stored, where the program or the instruction, when executed by a processor, can implement the processes of the method embodiments shown in fig. 1 and fig. 2 and achieve the same technical effects, and in order to avoid repetition, details are not repeated here.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a service classifying device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (14)

1. A network security access authentication method is characterized by comprising the following steps:
analyzing the acquired flow data of the network access equipment to obtain target information;
classifying the target information based on a pre-trained clustering model to obtain the type of the target information;
and authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
2. The method of claim 1, wherein the authenticating the network access device according to the type of the target information based on a preset hierarchical authentication rule comprises:
judging whether the types of the target information sent by the network access equipment at different time are changed or not according to the types of the target information;
if the types of the target information sent by the network access equipment at different time are changed, authenticating the network access equipment according to the identity identification information of the network access equipment;
if the types of the target information sent by the network access equipment at different time are not changed, authenticating the network access equipment according to the centroid information of the type of the target information and predetermined reference information; the reference information is target information corresponding to the network access equipment which is successfully authenticated when the network access equipment is authenticated through the identity identification information.
3. The method of claim 2, wherein the authenticating the network access device according to the centroid information of the type to which the target information belongs and predetermined reference information comprises:
determining a first similarity between the target information and the centroid information, and judging whether the first similarity is smaller than a first preset threshold value;
if the first similarity is smaller than a first preset threshold value, determining that the authentication of the network access equipment is successful;
alternatively, the first and second electrodes may be,
if the first similarity is larger than or equal to a first preset threshold, determining second similarities between the target information and all predetermined reference information, and judging whether a second similarity smaller than a second preset threshold exists;
if the second similarity smaller than the second preset threshold exists, determining that the authentication of the network access equipment is successful; or if the determined second similarity is greater than or equal to the second preset threshold, authenticating the network access equipment according to the identity information of the network access equipment.
4. The method according to any one of claims 1 to 3, further comprising: and evaluating the credibility of the network access equipment according to the authentication result of the network access equipment and the behavior characteristics of the network access equipment.
5. The method of claim 4, wherein the evaluating the trustworthiness of the network access device according to the authentication result of the network access device and the behavior characteristics of the network access device comprises:
determining the membership of each evaluation index in the evaluation index set to each evaluation grade in the quantitative evaluation set according to an evaluation index set constructed by the authentication result of the network access equipment and the behavior characteristics of the network access equipment and a quantitative evaluation set constructed by a preset evaluation grade reflecting the occurrence frequency of the evaluation index to obtain a membership matrix;
determining a credibility evaluation vector according to a preset evaluation index weight set and the membership matrix;
and evaluating the credibility of the network access equipment according to the credibility evaluation vector.
6. The method of claim 5, wherein said assessing trustworthiness of said network access device based on said trustworthiness assessment vector comprises:
selecting the element with the largest numerical value in the credibility evaluation vector;
matching the selected elements with a preset trust level, and determining the trust level of the network access equipment, wherein the trust level is used as the credibility of the network access equipment; or the like, or, alternatively,
determining the sum of products of each element in the credibility assessment vector and the corresponding score preset by each evaluation grade as the trust score of the network access equipment;
and matching the trust score with a preset trust level to determine the trust level of the network access equipment, wherein the trust level is used as the credibility of the network access equipment.
7. A network security access authentication apparatus, comprising:
the analysis module is used for analyzing the acquired flow data of the network access equipment to obtain target information;
the equipment classification module is used for classifying the target information based on a pre-trained clustering model to obtain the type of the target information;
and the hierarchical authentication module is used for authenticating the network access equipment according to the type of the target information based on a preset hierarchical authentication rule.
8. The apparatus of claim 7, wherein the hierarchical authentication module comprises:
a judging unit, configured to judge whether types of target information sent by the network access device at different times change according to the type of the target information;
the first authentication unit is used for authenticating the network access equipment according to the identity identification information of the network access equipment when the types of the target information sent by the network access equipment at different times are changed;
and the second authentication unit is used for authenticating the network access equipment according to the centroid information of the type of the target information and predetermined reference information when the types of the target information sent by the network access equipment at different times are not changed, wherein the reference information is the target information corresponding to the network access equipment which is successfully authenticated when the network access equipment is authenticated through the identity identification information.
9. The apparatus according to claim 8, wherein the second authentication unit includes:
the first judgment subunit is configured to determine a first similarity between the target information and the centroid information, and judge whether the first similarity is smaller than a first preset threshold;
a first authentication subunit, configured to determine that authentication on the network access device is successful when the first similarity is smaller than a first preset threshold;
a second judging subunit, configured to determine, when the first similarity is greater than or equal to a first preset threshold, second similarities between the target information and all pieces of predetermined reference information, and judge whether there is a second similarity smaller than a second preset threshold;
the second authentication subunit is configured to determine that the authentication of the network access device is successful when a second similarity smaller than a second preset threshold exists;
the first authentication unit is further configured to authenticate the network access device according to the identity information of the network access device when the determined second similarities are all greater than or equal to a second preset threshold.
10. The apparatus of any one of claims 7 to 9, further comprising:
and the trust evaluation module is used for evaluating the credibility of the network access equipment according to the authentication result of the network access equipment and the behavior characteristics of the network access equipment.
11. The apparatus of claim 10, wherein the trust evaluation module comprises:
the data processing unit is used for determining the membership degree of each evaluation index in the evaluation index set to each evaluation grade in the quantitative evaluation set according to an evaluation index set constructed by the authentication result of the network access equipment and the behavior characteristics of the network access equipment and a quantitative evaluation set constructed by preset evaluation grades reflecting the occurrence frequency of the evaluation indexes to obtain a membership degree matrix; determining a credibility evaluation vector according to a preset evaluation index weight set and the membership matrix;
and the credibility evaluation unit is used for evaluating the credibility of the network access equipment according to the credibility evaluation vector.
12. The apparatus of claim 11,
the credibility evaluation unit is used for: selecting the element with the maximum value in the credibility evaluation vector; matching the selected elements with a preset trust level, and determining the trust level of the network access equipment, wherein the trust level is used as the credibility of the network access equipment; or the like, or, alternatively,
the credibility evaluation unit is used for: determining the sum of products of each element in the credibility assessment vector and the corresponding score preset by each evaluation grade as the trust score of the network access equipment; and matching the trust score with a preset trust level to determine the trust level of the network access equipment, wherein the trust level is used as the trust level of the network access equipment.
13. An electronic device comprising a processor, a memory, and a program or instructions stored on the memory and executable on the processor, the program or instructions when executed by the processor implementing the steps of the network security access authentication method according to any one of claims 1-6.
14. A computer-readable storage medium, on which a program or instructions are stored, which when executed by a processor, implement the steps of the network security access authentication method according to any one of claims 1 to 6.
CN202110281155.7A 2021-03-16 2021-03-16 Network security access authentication method and device, electronic equipment and readable storage medium Pending CN115085960A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110281155.7A CN115085960A (en) 2021-03-16 2021-03-16 Network security access authentication method and device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110281155.7A CN115085960A (en) 2021-03-16 2021-03-16 Network security access authentication method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN115085960A true CN115085960A (en) 2022-09-20

Family

ID=83246446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110281155.7A Pending CN115085960A (en) 2021-03-16 2021-03-16 Network security access authentication method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115085960A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626322A (en) * 2009-08-17 2010-01-13 中国科学院计算技术研究所 Method and system of network behavior anomaly detection
WO2018119950A1 (en) * 2016-12-29 2018-07-05 深圳天珑无线科技有限公司 Access control method and apparatus
CN110138804A (en) * 2019-06-03 2019-08-16 武汉思普崚技术有限公司 A kind of method and system of network security certification
WO2020119662A1 (en) * 2018-12-14 2020-06-18 深圳先进技术研究院 Network traffic classification method
US20200244653A1 (en) * 2019-01-24 2020-07-30 Hewlett Packard Enterprise Development Lp Continuous multifactor device authentication
CN111901230A (en) * 2020-06-03 2020-11-06 浙江吉利汽车研究院有限公司 Internet of things gateway and system supporting equipment access verification and equipment access verification method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626322A (en) * 2009-08-17 2010-01-13 中国科学院计算技术研究所 Method and system of network behavior anomaly detection
WO2018119950A1 (en) * 2016-12-29 2018-07-05 深圳天珑无线科技有限公司 Access control method and apparatus
WO2020119662A1 (en) * 2018-12-14 2020-06-18 深圳先进技术研究院 Network traffic classification method
US20200244653A1 (en) * 2019-01-24 2020-07-30 Hewlett Packard Enterprise Development Lp Continuous multifactor device authentication
CN110138804A (en) * 2019-06-03 2019-08-16 武汉思普崚技术有限公司 A kind of method and system of network security certification
CN111901230A (en) * 2020-06-03 2020-11-06 浙江吉利汽车研究院有限公司 Internet of things gateway and system supporting equipment access verification and equipment access verification method

Similar Documents

Publication Publication Date Title
US9923912B2 (en) Learning detector of malicious network traffic from weak labels
CN108629593B (en) Fraud transaction identification method, system and storage medium based on deep learning
Lee et al. Self-adaptive and dynamic clustering for online anomaly detection
CN109145030B (en) Abnormal data access detection method and device
Chandolikar et al. Efficient algorithm for intrusion attack classification by analyzing KDD Cup 99
CN114553523A (en) Attack detection method and device based on attack detection model, medium and equipment
US11516240B2 (en) Detection of anomalies associated with fraudulent access to a service platform
CN111090807A (en) Knowledge graph-based user identification method and device
CN112308387B (en) Customer intention evaluation method and device and cloud server
CN112202718B (en) XGboost algorithm-based operating system identification method, storage medium and device
CN113313479A (en) Payment service big data processing method and system based on artificial intelligence
CN116366374A (en) Security assessment method, system and medium for power grid network management based on big data
Powell et al. A cross-comparison of feature selection algorithms on multiple cyber security data-sets.
CN112733146A (en) Penetration testing method, device and equipment based on machine learning and storage medium
CN114399321A (en) Business system stability analysis method, device and equipment
Shitharth et al. A new probabilistic relevancy classification (PRC) based intrusion detection system (IDS) for SCADA network
Abushark et al. Cyber security analysis and evaluation for intrusion detection systems
CN110830504A (en) Network intrusion behavior detection method and system
CN113934611A (en) Statistical method and device for access information, electronic equipment and readable storage medium
CN111275453A (en) Industry identification method and system of Internet of things equipment
CN111224919B (en) DDOS (distributed denial of service) identification method and device, electronic equipment and medium
CN116707859A (en) Feature rule extraction method and device, and network intrusion detection method and device
Manokaran et al. An empirical comparison of machine learning algorithms for attack detection in internet of things edge
CN115085960A (en) Network security access authentication method and device, electronic equipment and readable storage medium
CN113254672B (en) Method, system, equipment and readable storage medium for identifying abnormal account

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination