CN115174190A - Information security management and control system and method based on network traffic - Google Patents

Information security management and control system and method based on network traffic Download PDF

Info

Publication number
CN115174190A
CN115174190A CN202210762820.9A CN202210762820A CN115174190A CN 115174190 A CN115174190 A CN 115174190A CN 202210762820 A CN202210762820 A CN 202210762820A CN 115174190 A CN115174190 A CN 115174190A
Authority
CN
China
Prior art keywords
user
verification
module
users
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210762820.9A
Other languages
Chinese (zh)
Other versions
CN115174190B (en
Inventor
谢强
陈晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Jiyi Network Technology Co ltd
Original Assignee
Wuhan Jiyi Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Jiyi Network Technology Co ltd filed Critical Wuhan Jiyi Network Technology Co ltd
Priority to CN202210762820.9A priority Critical patent/CN115174190B/en
Publication of CN115174190A publication Critical patent/CN115174190A/en
Application granted granted Critical
Publication of CN115174190B publication Critical patent/CN115174190B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

The invention discloses an information security management and control system and method based on network flow, wherein the information management and control system comprises a Rayleigh induction unit, an auxiliary judgment unit, a verification integration unit and a setting unlocking unit. According to the information safety management and control system and method based on the network flow, the abnormal condition of a user is judged according to the abnormal IP address setting standard, preliminary induction is carried out, after a time interval error interval is set, time for sending verification information to different users and time for receiving feedback results are arranged into time intervals and then compared, key audit marks are directly carried out in the error interval, further screening of abnormal users is achieved, then key audit marks are removed by using an identity information verification mode, and the information safety management and control system and method serve as a final judgment means, guarantee feedback of normal users, and meanwhile achieve effective management and control of multiple application users.

Description

Information security management and control system and method based on network traffic
Technical Field
The invention relates to the technical field of network security, in particular to an information security management and control system and method based on network flow.
Background
The application of multi-open auxiliary software is common, one user can simultaneously control a plurality of account numbers through the software, when a plurality of account numbers of the same enterprise are registered, a large amount of enterprise traffic is occupied, one user controls a plurality of account numbers, operations such as 'wool weeding' and the like are carried out, the traffic loss of the enterprise is caused, uncontrollable factors are brought to the estimation of actual output values which can be obtained by the enterprise, and the processing space of an enterprise server is greatly consumed.
At present, the detection means for applying more applications is single, the IP address is often detected in a single mode, when a plurality of user accounts are detected on the same IP address, the account abnormality is directly judged, the detection mode is that when a plurality of users apply more applications, if a plurality of users use one device together, the normal users are easily accidentally injured, more detailed and accurate judgment on network flow cannot be carried out, and the loss of normal user resources is caused.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an information security management and control system and method based on network flow, and solves the problems that the conventional application is too open, the detection means is single, the normal user is easily accidentally injured when the normal user is too open, the network flow cannot be judged more precisely in detail, and the resource loss of the normal user is caused.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: an information security management and control system based on network flow comprises an information management and control system, wherein the information management and control system comprises a Rayleigh sum unit, an auxiliary judgment unit, a verification integration unit and a setting unlocking unit, the Rayleigh sum unit is used for collecting a network IP address of a user, recording the registered identity information of the user, setting an abnormal IP address judgment standard, marking the user with an abnormal condition when the user is in an abnormal condition, the Rayleigh sum unit is in butt joint with the auxiliary judgment unit, the auxiliary judgment unit is used for performing routine behavior monitoring on the user with the abnormal mark, sending verification information to the user with the abnormal mark, setting the sending time of the verification information and the feedback time of a verification result, performing key verification marking on the user after the user feeds back the exceeding feedback time, and the auxiliary judgment unit is in butt joint with the verification unit in an integrated mode, the verification integration unit is used for recording the sending time of verification information and the feedback time of a verification result, setting a time interval error interval, arranging the recorded time, comparing the time intervals of a plurality of users with abnormal marks of the same IP address, adding key verification marks to the users when the time interval comparison results of the users are in the set time interval error interval, butting the verification integration unit with the set unlocking unit, setting the control requirement of the users with the key verification marks by the set unlocking unit, setting the operation of removing the marks according to the identity information verification after the users with the same IP address have the key verification marks, and carrying out account number blocking on the users who can not be rechecked and verified by the identity information symbols in the process of removing the marks by the users, and releasing the key audit mark until the user passes the identity information recheck verification.
By adopting the technical scheme, according to the IP address abnormity setting standard, the abnormity condition of the user is judged, the user is subjected to preliminary conclusion, after a time interval error interval is set, the time for sending verification information to different users and the time for receiving feedback results are collated to form a time interval for comparison, a key audit mark is directly carried out in the error interval, the further screening of the abnormal user is realized, then the key audit mark is removed by utilizing the verification mode of identity information, and the method is used as a final judgment means, ensures the feedback of normal users, and realizes the effective management and control of the application multi-open users.
The invention is further configured to: the Rayleigh similarity induction unit comprises an IP address monitoring module, an abnormity setting module, an abnormity marking module and an abnormity storage module, wherein the IP address monitoring module is in butt joint with the abnormity setting module, the abnormity setting module is in butt joint with the abnormity marking module, and the abnormity marking module is in butt joint with the abnormity storage module.
The invention is further configured to: the IP address monitoring module is used for collecting the network IP address of the user and recording the registration identity information of the user;
the abnormal setting module is used for setting an abnormal condition judgment standard, limiting the times of different users appearing on the same network IP address within a set time, and authenticating that a plurality of users logged on the network IP address have abnormal conditions when the times exceed the limited times;
the abnormity marking module is used for marking abnormity of a plurality of users when the plurality of users have abnormal conditions;
and the exception storage module is used for carrying out storage management on the users with the exception marks.
By adopting the technical scheme, the IP address is simply monitored and controlled, the primary screening of abnormal users is realized, the monitoring range of network flow is further reduced, and the processing intensity of the system is effectively reduced.
The invention is further configured to: the auxiliary judging unit comprises a behavior monitoring module and a verification setting module;
the behavior monitoring module is used for carrying out conventional behavior monitoring on the user with the abnormal mark, and carrying out key audit marking on the user when the user breaks the conventional behavior operation;
the verification setting module is used for sending verification information to the user with the abnormal mark, setting the sending time of the verification information and the feedback time of the verification result, and performing key audit mark on the user after the user feeds back the exceeding feedback time.
By adopting the technical scheme, the user with the abnormal mark is detected by utilizing a conventional behavior monitoring mode, abnormal judgment caused by abnormal operation of the user with the abnormal mark is effectively eliminated, and the identity of the user is preliminarily verified by sending verification information, so that effective man-machine distinguishing is realized.
The invention is further configured to: the verification integration unit comprises a time recording module, a feedback statistical module and a key auditing module;
the time recording module is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistical module is used for setting a time interval error interval, sorting the time recorded in the time recording module and comparing the time intervals of a plurality of users with abnormal marks at the same IP address;
the key auditing module is used for adding key auditing marks to a plurality of users when the time interval comparison results of the users are within a set time interval error interval, and otherwise, deleting abnormal marks.
By adopting the technical scheme, the multiple corresponding single-person or multi-person judgment is carried out on a plurality of abnormal mark users of the same IP address by utilizing the sorting statistics of the sending time of the verification information and the feedback time of the result, so that the condition that normal users are accidentally injured is avoided, and meanwhile, the abnormal condition of the users can be further judged in more detail.
As the auditing basis, different persons have different time for making the verification feedback when receiving the verification information, and when the results of the time for receiving the verification information by a plurality of users and the time for making the verification feedback are similar, the operation of the same person can be preliminarily judged.
The invention is further configured to: the setting and unlocking unit comprises a control setting module, an unlocking setting module and a seal control management module, wherein the control setting module is in butt joint with the unlocking setting module, and the unlocking setting module is in butt joint with the seal control management module.
The invention is further configured to: the management and control setting module is used for setting management and control requirements for users with key audit marks, and the management and control requirements specifically include: verifying the physical position in the limited time aiming at the user with the key auditing mark, judging the physical position of the mobile terminal in use in the limited time, directly carrying out account number blocking when the physical positions of a plurality of users are repeated, and carrying out rechecking verification on identity information;
the unlocking setting module is used for performing operation setting of label removing after key audit marks appear on users at the same IP address, and the specific operation setting is as follows: sending an identity information verification popup to a user through a control requirement set by a control setting module;
the seal-forbidden management module is used for carrying out account forbidden for the user who cannot pass the identity information symbol recheck verification in the process of removing the mark by the user until the user passes the identity information recheck verification, and then the key verification mark can be removed.
By adopting the technical scheme, the management and control requirements of the user with the abnormal mark are set, the mode of acquiring the physical position is used as more specific abnormal judgment, the abnormal judgment is carried out on the mobile terminal, the identity information when the user registers the account is used as the final verification standard, a channel is provided for removing the key audit mark of the user, and meanwhile, the credibility of the user in the normal state is ensured.
As a basis for the determination, there is a possibility that a plurality of people share one device in a fixed terminal such as a desktop computer, but there is almost no possibility that a plurality of people share one device in a mobile terminal such as a mobile phone.
The invention also discloses a control method of the information security control system based on the network flow, which specifically comprises the following steps:
step one, performing the same induction: the IP address monitoring module collects the network IP address of a user and records the registered identity information of the user, the abnormity setting module sets an abnormity judgment standard, limits the times of different users appearing on the same network IP address within a set time, authenticates that a plurality of users logged on the network IP address have abnormity when the times exceed the limited times, and carries out abnormity marking on the plurality of users by the abnormity marking module when the plurality of users have abnormity, and then stores the users with the abnormity marking in the abnormity storage module;
step two, auxiliary judgment: the behavior monitoring module carries out conventional behavior monitoring on the user with the abnormal mark, when the conventional behavior operation is violated, the user is subjected to key audit marking, meanwhile, the verification setting module sends verification information to the user with the abnormal mark, sets the sending time of the verification information and the feedback time of a verification result, and after the user feeds back the exceeding feedback time, the user is subjected to key audit marking;
step three, verifying and integrating: the time recording module records the sending time of the verification information and the feedback time of the verification result, the feedback statistical module sets a time interval error interval, the recorded time is sorted, a plurality of users with abnormal marks at the same IP address carry out time interval comparison, and when the time interval comparison results of the plurality of users are in the set time interval error interval, key auditing marks are added to the plurality of users;
step four, unlocking setting: the management and control setting module sets a management and control requirement for the user with the key audit mark, wherein the management and control requirement specifically comprises the following steps: the method comprises the following steps of verifying the physical position in the limited time aiming at the user with the key audit mark, judging the physical position of the mobile terminal in use in the limited time, directly carrying out account number blocking when the physical positions of a plurality of users are repeated, carrying out rechecking verification on identity information, and carrying out operation setting of label removing by an unlocking setting module after the user with the same IP address has the key audit mark, wherein the specific operation setting is as follows: and sending an identity information verification popup to the user through the control requirement set by the control setting module, and in the process of removing the mark by the user, carrying out account number prohibition on the user which cannot pass the identity information symbol recheck verification by the prohibition management module until the user passes the identity information recheck verification, so that the key audit mark can be removed.
(III) advantageous effects
The invention provides an information security management and control system and method based on network flow. The method has the following beneficial effects:
(1) According to the information safety management and control system and method based on the network flow, the abnormal condition of a user is judged according to the abnormal IP address setting standard, preliminary induction is carried out, after a time interval error interval is set, time for sending verification information to different users and time for receiving feedback results are arranged into time intervals and then compared, key audit marks are directly carried out in the error interval, further screening of abnormal users is achieved, then key audit marks are removed by using an identity information verification mode, and the information safety management and control system and method serve as a final judgment means, guarantee feedback of normal users, and meanwhile achieve effective management and control of multiple application users.
(2) According to the information security management and control system and method based on the network flow, the IP address is monitored and controlled simply, the primary screening of the abnormal user is realized, the monitoring range of the network flow is further reduced, and the processing intensity of the system is effectively reduced.
(3) According to the information safety management and control system and method based on the network flow, the user with the abnormal mark is detected by using a conventional behavior monitoring mode, abnormal judgment caused by abnormal operation of the user with the abnormal mark is effectively eliminated, and the identity of the user is preliminarily verified by sending verification information, so that effective man-machine distinguishing is realized.
(4) According to the information safety control system and method based on the network flow, the multiple corresponding single-person or multi-person judgment is carried out on a plurality of abnormal mark users of the same IP address by utilizing the sorting statistics of the sending time of the verification information and the feedback time of the result, so that the condition that normal users are accidentally injured is avoided, and meanwhile, the more detailed judgment can be further carried out on the abnormal conditions of the users.
(5) According to the information security management and control system and method based on the network flow, the management and control requirements of users with abnormal marks are set, the mode of acquiring physical positions is used as more specific abnormal judgment, the abnormal judgment is carried out on the mobile terminal, the identity information when the users register accounts is used as a final verification standard, a channel is provided for removing key audit marks of the users, and meanwhile the credibility of the users in normal states is guaranteed.
Drawings
FIG. 1 is a schematic block diagram of the system of the present invention;
FIG. 2 is a system schematic block diagram of a Lei-Council induction unit of the present invention;
FIG. 3 is a schematic block diagram of a system of an auxiliary decision unit according to the present invention;
FIG. 4 is a schematic block diagram of a system for verifying an integration unit in accordance with the present invention;
FIG. 5 is a functional block diagram of a system for setting an unlocking unit according to the present invention.
In the figure, 1, an information management and control system; 2. a Lei Tong induction unit; 3. an auxiliary judgment unit; 4. verifying the integration unit; 5. setting an unlocking unit; 6. an IP address monitoring module; 7. an exception setting module; 8. an anomaly marking module; 9. an exception storage module; 10. a behavior monitoring module; 11. a verification setting module; 12. a time recording module; 13. a feedback statistics module; 14. a key auditing module; 15. a control setting module; 16. an unlocking setting module; 17. and a seal control management module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-5, an embodiment of the present invention provides a technical solution: an information security management and control system based on network traffic comprises an information management and control system 1, as shown in fig. 1, the information management and control system 1 comprises a Leohe induction unit 2, an auxiliary judgment unit 3, a verification integration unit 4 and a setting unlocking unit 5.
As a preferred scheme, in order to implement preliminary screening of an abnormal user, the rale induction unit 2 is configured to collect a network IP address of the user and record registration identity information of the user, and at the same time, set an IP address abnormal condition determination standard, and when the user has an abnormal condition, perform an abnormal marking on the user, specifically, as shown in fig. 2, the rale induction unit 2 includes an IP address monitoring module 6, an abnormal setting module 7, an abnormal marking module 8, and an abnormal storage module 9, where the IP address monitoring module 6 is configured to collect the network IP address of the user and record the registration identity information of the user;
the IP address monitoring module 6 is in butt joint with the abnormity setting module 7, the abnormity setting module 7 is used for setting an abnormity condition judgment standard, limiting the times of different users appearing on the same network IP address within a set time, and when the times exceed the limited times, authenticating that a plurality of users logged in the network IP address have abnormity;
the abnormity setting module 7 is in butt joint with the abnormity marking module 8, and the abnormity marking module 8 is used for carrying out abnormity marking on a plurality of users when the plurality of users have abnormal conditions;
the exception marking module 8 is connected with an exception storage module 9, and the exception storage module 9 is used for carrying out storage management on users with exception marks.
As a preferred scheme, in order to realize effective man-machine differentiation, the inductive unit 2 is in butt joint with the auxiliary determination unit 3, the auxiliary determination unit 3 is configured to perform routine behavior monitoring on a user with an abnormal mark, send verification information to the user with the abnormal mark, set sending time of the verification information and feedback time of a verification result, and perform key verification marking on the user after the user feeds back excessive feedback time, specifically, as shown in fig. 3, the auxiliary determination unit 3 includes a behavior monitoring module 10 and a verification setting module 11;
the behavior monitoring module 10 is configured to perform conventional behavior monitoring on a user with an abnormal flag, and perform key auditing flag on the user when the user violates conventional behavior operations, where the conventional behavior monitoring mainly monitors various website access behaviors such as a source, a browsing condition, and a return visit of the user to obtain various basic data of website traffic, so as to provide more accurate analysis data for an enterprise;
the verification setting module 11 is configured to send verification information to a user with an abnormal mark, set sending time of the verification information and feedback time of a verification result, and perform a key audit mark on the user after the user feeds back the exceeded feedback time.
As a preferred scheme, in order to further determine the abnormal condition of the user in more detail, the auxiliary determining unit 3 is in butt joint with the verification integrating unit 4, the verification integrating unit 4 is configured to record the sending time of the verification information and the feedback time of the verification result, set a time interval error interval, after the recorded time is sorted, perform time interval comparison on a plurality of users with abnormal marks at the same IP address, and add a key audit mark to the plurality of users when the time interval comparison results of the plurality of users are within the set time interval error interval, specifically, as shown in fig. 4, the verification integrating unit 4 includes a time recording module 12, a feedback statistics module 13 and a key audit module 14;
the time recording module 12 is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistical module 13 is configured to set a time interval error interval, sort the time recorded in the time recording module 12, and compare time intervals of a plurality of users with abnormal marks at the same IP address;
the key auditing module 14 is used for adding key auditing marks to a plurality of users when the time interval comparison results of the users are within a set time interval error interval.
As a preferred scheme, in order to ensure the reliability of a user in a normal state, the verification integration unit 4 is in butt joint with the setting unlocking unit 5, the setting unlocking unit 5 is used for setting a control requirement for the user with a key audit mark, and after the key audit mark appears for the user with the same IP address, the operation setting of removing the mark is performed according to the authentication of the identity information, the user who cannot be verified by the identity information sign recheck in the process of removing the mark by the user is prohibited by an account number, until the user passes the identity information recheck verification, the key audit mark can be removed, specifically, as shown in fig. 5, in order to perform specific judgment for the mobile terminal, the setting unlocking unit 5 includes a control setting module 15, an unlocking setting module 16 and a prohibition management module 17, the control setting module 15 is used for setting a control requirement for the user with the key audit mark, and the control requirement specifically is as follows: verifying the physical position in the limited time aiming at the user with the key auditing mark, judging the physical position of the mobile terminal in use in the limited time, directly sealing the account when the physical positions of a plurality of users are repeated, and rechecking and verifying the identity information;
the control setting module 15 is in butt joint with the unlocking setting module 16, the unlocking setting module 16 is used for performing operation setting of label removing after key audit marks appear on users at the same IP address, and specific operation setting is as follows: sending an identity information verification popup to a user through a control requirement set by a control setting module 15;
the unlocking setting module 16 is in butt joint with the forbidden management module 17, and the forbidden management module 17 is used for carrying out account forbidden by a user who cannot pass identity information symbol recheck verification in the process of removing marks by the user until the user passes identity information recheck verification, so that key verification marks can be removed.
The control method of the information security control system based on the network flow specifically comprises the following steps:
step one, performing the same induction: the IP address monitoring module 6 collects the network IP address of the user and records the registered identity information of the user, the abnormal setting module 7 sets an abnormal condition judgment standard, limits the times of different users appearing on the same network IP address within a set time, authenticates the abnormal conditions of a plurality of users logged in the network IP address when the limited times are exceeded, and when the abnormal conditions of a plurality of users appear, the abnormal marking module 8 marks the abnormal conditions of the plurality of users and then stores the users with the abnormal marks in the abnormal storage module 9;
step two, auxiliary judgment: the behavior monitoring module 10 monitors the conventional behavior of the user with the abnormal mark, and when the conventional behavior operation is violated, performs key audit marking on the user, and meanwhile, the verification setting module 11 sends verification information to the user with the abnormal mark, sets the sending time of the verification information and the feedback time of the verification result, and performs key audit marking on the user after the user feeds back the exceeding feedback time;
step three, verifying and integrating: the time recording module 12 records the sending time of the verification information and the feedback time of the verification result, the feedback statistical module 13 sets a time interval error interval, sorts the recorded time, compares the time intervals of a plurality of users with abnormal marks at the same IP address, and adds a key audit mark to the plurality of users when the time interval comparison results of the plurality of users are in the set time interval error interval;
step four, unlocking setting: the management and control setting module 15 sets a management and control requirement for the user with the key audit mark, wherein the management and control requirement specifically includes: the method comprises the following steps of verifying the physical position in the limited time aiming at the user with the key audit mark, judging the physical position of the mobile terminal in use in the limited time, directly carrying out account number blocking and identity information rechecking verification when the physical positions of a plurality of users are repeated, and carrying out the operation setting of label removing by an unlocking setting module 16 after the key audit mark appears for the user with the same IP address, wherein the specific operation setting is as follows: an identity information verification popup is sent to the user through the control requirement set by the control setting module 15, and in the process that the user releases the mark, the seal prohibition management module 17 prohibits the account of the user which cannot pass the identity information symbol recheck verification until the user passes the identity information recheck verification, so that the key audit mark can be released.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. The utility model provides an information security management and control system based on network flow, includes information management and control system (1), its characterized in that: the information management and control system (1) comprises a Rayleigh sum induction unit (2), an auxiliary judgment unit (3), a verification integration unit (4) and a setting unlocking unit (5), wherein the Rayleigh sum induction unit (2) is used for collecting a network IP address of a user, recording the registered identity information of the user, setting an abnormal IP address condition judgment standard, marking the user with an abnormal condition when the user is in the abnormal condition, the Rayleigh sum induction unit (2) is in butt joint with the auxiliary judgment unit (3), the auxiliary judgment unit (3) is used for performing routine behavior monitoring on the user with the abnormal condition, sending verification information to the user with the abnormal condition, setting the sending time of the verification information and the feedback time of the verification result, and after the user feeds back the exceeded feedback time, the system comprises an auxiliary judging unit (3), a verification integration unit (4), a verification unit (4), a time interval comparison unit (5), an unlocking unit (5), a verification unit (4) and a control unit (C), wherein the verification integration unit (4) is used for recording the sending time of verification information and the feedback time of a verification result, setting a time interval error interval, arranging the recorded time, comparing the time intervals of a plurality of users with abnormal marks at the same IP address, adding key verification marks to the users when the time interval comparison results of the users are in the set time interval error interval, butting the verification integration unit (4) with the unlocking unit (5), and the unlocking unit (5) is used for setting the control requirement of the users with key verification marks, and after the user at the same IP address appears the key audit mark, the operation setting of removing the mark is carried out according to the identity information verification, the account number of the user which can not pass the identity information symbol recheck verification in the process of removing the mark is forbidden until the user passes the identity information recheck verification, and the key audit mark can be removed.
2. The information security management and control system based on the network flow as claimed in claim 1, wherein: the thunder sameness induction unit (2) comprises an IP address monitoring module (6), an abnormity setting module (7), an abnormity marking module (8) and an abnormity storage module (9), wherein the IP address monitoring module (6) is in butt joint with the abnormity setting module (7), the abnormity setting module (7) is in butt joint with the abnormity marking module (8), and the abnormity marking module (8) is in butt joint with the abnormity storage module (9).
3. The information security management and control system based on the network flow as claimed in claim 2, characterized in that: the IP address monitoring module (6) is used for collecting the network IP address of the user and recording the registration identity information of the user;
the abnormity setting module (7) is used for setting an abnormity judgment standard, limiting the times of different users appearing on the same network IP address within a set time, and authenticating that a plurality of users logged in the network IP address have abnormity when the times exceed the limited times;
the abnormity marking module (8) is used for carrying out abnormity marking on a plurality of users when the plurality of users have abnormal conditions;
the exception storage module (9) is used for carrying out storage management on users with exception marks.
4. The information security management and control system based on network traffic as claimed in claim 1, wherein: the auxiliary judging unit (3) comprises a behavior monitoring module (10) and a verification setting module (11);
the behavior monitoring module (10) is used for performing conventional behavior monitoring on the user with the abnormal mark, and performing key audit marking on the user when the user breaks the conventional behavior operation;
the verification setting module (11) is used for sending verification information to a user with an abnormal mark, setting the sending time of the verification information and the feedback time of a verification result, and performing key audit marking on the user after the user feeds back the exceeding feedback time.
5. The information security management and control system based on network traffic as claimed in claim 1, wherein: the verification integration unit (4) comprises a time recording module (12), a feedback statistic module (13) and a key auditing module (14);
the time recording module (12) is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistical module (13) is used for setting a time interval error interval, sorting the time recorded in the time recording module (12) and comparing the time intervals of a plurality of users with abnormal marks at the same IP address;
the key auditing module (14) is used for adding key auditing marks to a plurality of users when the time interval comparison results of the users are within a set time interval error interval.
6. The information security management and control system based on network traffic as claimed in claim 1, wherein: the setting and unlocking unit (5) comprises a control setting module (15), an unlocking setting module (16) and a sealing and prohibiting management module (17), the control setting module (15) is in butt joint with the unlocking setting module (16), and the unlocking setting module (16) is in butt joint with the sealing and prohibiting management module (17).
7. The information security management and control system based on network traffic as claimed in claim 6, wherein: the management and control setting module (15) is used for setting management and control requirements for users with key audit marks, and the management and control requirements specifically include: verifying the physical position in the limited time aiming at the user with the key auditing mark, judging the physical position of the mobile terminal in use in the limited time, directly carrying out account number blocking when the physical positions of a plurality of users are repeated, and carrying out rechecking verification on identity information;
the unlocking setting module (16) is used for performing operation setting of label removing after a key audit mark appears for a user with the same IP address, and the specific operation setting is as follows: sending an identity information verification popup to a user through a control requirement set by a control setting module (15);
the forbidding management module (17) is used for carrying out account number forbidding on the user who cannot pass the identity information symbol recheck verification in the process of removing the mark by the user until the user passes the identity information recheck verification, and then removing the key verification mark.
8. A management and control method of an information security management and control system based on network flow is characterized in that: the method specifically comprises the following steps:
step one, performing the same induction: the IP address monitoring module (6) collects the network IP address of the user and records the registered identity information of the user, the abnormity setting module (7) sets an abnormity judgment standard, limits the times of different users appearing on the same network IP address within a set time, authenticates the abnormal conditions of a plurality of users logged in the network IP address when the limited times are exceeded, and the abnormity marking module (8) marks the abnormity of the users when the abnormal conditions of the users occur, and then stores the users with the abnormal marks in the abnormity storage module (9);
step two, auxiliary judgment: the behavior monitoring module (10) carries out conventional behavior monitoring on the user with the abnormal mark, when the conventional behavior operation is violated, the user is subjected to key audit marking, meanwhile, the verification setting module (11) sends verification information to the user with the abnormal mark, sets the sending time of the verification information and the feedback time of a verification result, and carries out key audit marking on the user after the user feeds back the exceeding feedback time;
step three, verifying and integrating: the time recording module (12) records the sending time of the verification information and the feedback time of the verification result, the feedback statistical module (13) sets a time interval error interval, arranges the recorded time, compares the time intervals of a plurality of users with abnormal marks at the same IP address, and adds a key verification mark to the plurality of users when the time interval comparison results of the plurality of users are in the set time interval error interval;
step four, unlocking setting: the management and control setting module (15) sets a management and control requirement for the user with the key audit mark, wherein the management and control requirement specifically comprises the following steps: the method comprises the steps of verifying the physical position in the limited time aiming at the user with the key audit mark, judging the physical position of a mobile terminal in use in the limited time, directly blocking an account when the physical positions of a plurality of users are repeated, rechecking and verifying identity information, and setting an unlocking setting module (16) to perform operation setting of label removal after the user with the same IP address has the key audit mark, wherein the specific operation setting is as follows: the identity information verification popup window is sent to the user through the control requirement set by the control setting module (15), and in the process that the user releases the mark, the seal prohibition management module (17) forbids the user which cannot pass the identity information symbol recheck verification through an account number until the user passes the identity information recheck verification, and then the key verification mark can be released.
CN202210762820.9A 2022-06-29 2022-06-29 Information security management and control system and method based on network traffic Active CN115174190B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210762820.9A CN115174190B (en) 2022-06-29 2022-06-29 Information security management and control system and method based on network traffic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210762820.9A CN115174190B (en) 2022-06-29 2022-06-29 Information security management and control system and method based on network traffic

Publications (2)

Publication Number Publication Date
CN115174190A true CN115174190A (en) 2022-10-11
CN115174190B CN115174190B (en) 2024-01-26

Family

ID=83489659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210762820.9A Active CN115174190B (en) 2022-06-29 2022-06-29 Information security management and control system and method based on network traffic

Country Status (1)

Country Link
CN (1) CN115174190B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7472422B1 (en) * 2003-09-10 2008-12-30 Symantec Corporation Security management system including feedback and control
CN102957579A (en) * 2012-09-29 2013-03-06 北京邮电大学 Network anomaly traffic monitoring method and device
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
EP3223495A1 (en) * 2016-03-21 2017-09-27 Light Cyber Ltd Detecting an anomalous activity within a computer network
US20180288126A1 (en) * 2017-03-28 2018-10-04 Indigovision Limited Monitoring devices and methods for ip surveillance networks
CN109376038A (en) * 2018-12-05 2019-02-22 合肥卓瑞信息技术有限公司 A kind of security information processing system based on O&M service management
CN110149343A (en) * 2019-05-31 2019-08-20 国家计算机网络与信息安全管理中心 A kind of abnormal communications and liaison behavioral value method and system based on stream
CN112287252A (en) * 2020-10-26 2021-01-29 平安科技(深圳)有限公司 Website domain name hijacking detection method, device, equipment and storage medium
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system
CN113079143A (en) * 2021-03-24 2021-07-06 北京锐驰信安技术有限公司 Flow data-based anomaly detection method and system
WO2021258348A1 (en) * 2020-06-24 2021-12-30 深圳市欢太科技有限公司 Abnormal flow detection method and system and computer storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7472422B1 (en) * 2003-09-10 2008-12-30 Symantec Corporation Security management system including feedback and control
CN102957579A (en) * 2012-09-29 2013-03-06 北京邮电大学 Network anomaly traffic monitoring method and device
CN106789855A (en) * 2015-11-25 2017-05-31 北京奇虎科技有限公司 The method and device of user login validation
EP3223495A1 (en) * 2016-03-21 2017-09-27 Light Cyber Ltd Detecting an anomalous activity within a computer network
US20180288126A1 (en) * 2017-03-28 2018-10-04 Indigovision Limited Monitoring devices and methods for ip surveillance networks
CN109376038A (en) * 2018-12-05 2019-02-22 合肥卓瑞信息技术有限公司 A kind of security information processing system based on O&M service management
CN110149343A (en) * 2019-05-31 2019-08-20 国家计算机网络与信息安全管理中心 A kind of abnormal communications and liaison behavioral value method and system based on stream
WO2021258348A1 (en) * 2020-06-24 2021-12-30 深圳市欢太科技有限公司 Abnormal flow detection method and system and computer storage medium
CN112287252A (en) * 2020-10-26 2021-01-29 平安科技(深圳)有限公司 Website domain name hijacking detection method, device, equipment and storage medium
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system
CN113079143A (en) * 2021-03-24 2021-07-06 北京锐驰信安技术有限公司 Flow data-based anomaly detection method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
万明: "身份与位置分离体系映射安全关键技术研究", 《中国优秀硕士学位论文全文数据库》 *
莫静容: "基于深度学习的异常网络流量检测方法", 《中国优秀硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN115174190B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
US10686829B2 (en) Identifying changes in use of user credentials
US20180309772A1 (en) Method and device for automatically verifying security event
US8516586B1 (en) Classification of unknown computer network traffic
CN106295349A (en) Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen
CN107454118A (en) Identifying code acquisition methods and device, login method and system
CN109409849A (en) A kind of audit trail method and system of MES system
EP3794481A1 (en) Creation and verification of behavioral baselines for the detection of cybersecurity anomalies using machine learning techniques
CN111049828B (en) Network attack detection and response method and system
CN112688971B (en) Function-damaged network security threat identification device and information system
KR20110110431A (en) Apparatus for information security and method thereof
JP4843546B2 (en) Information leakage monitoring system and information leakage monitoring method
EP2023259B1 (en) Method, computer program and apparatus for controlling access to a computer resource
CN106407836B (en) A kind of method and device that the behavior of data illegal modifications detects automatically
KR101399326B1 (en) Tracking trail apparatus for information security and method thereof
CN117235731A (en) Big data monitoring and early warning system for secret equipment
CN115174190A (en) Information security management and control system and method based on network traffic
CN109190408B (en) Data information security processing method and system
KR20210110765A (en) Method for providing ai-based big data de-identification solution
CN106937282A (en) VPN cut-in methods and system based on mobile terminal
CN110266562B (en) Method for automatically detecting identity authentication function of network application system
CN113922977A (en) Anti-cheating method and system based on mobile terminal
JPH07262135A (en) Security management devices
CN113722772B (en) Quantitative evaluation method for security degree of side channel of password security chip
CN115203741B (en) Intelligent park information safety management system based on big data
Leniski et al. Securing the biometric model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant