CN115174190B - Information security management and control system and method based on network traffic - Google Patents
Information security management and control system and method based on network traffic Download PDFInfo
- Publication number
- CN115174190B CN115174190B CN202210762820.9A CN202210762820A CN115174190B CN 115174190 B CN115174190 B CN 115174190B CN 202210762820 A CN202210762820 A CN 202210762820A CN 115174190 B CN115174190 B CN 115174190B
- Authority
- CN
- China
- Prior art keywords
- verification
- users
- module
- user
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 131
- 230000002159 abnormal effect Effects 0.000 claims abstract description 82
- 238000007726 management method Methods 0.000 claims abstract description 69
- 238000012550 audit Methods 0.000 claims abstract description 56
- 230000005856 abnormality Effects 0.000 claims abstract description 50
- 230000006698 induction Effects 0.000 claims abstract description 13
- 230000010354 integration Effects 0.000 claims abstract description 9
- 238000012544 monitoring process Methods 0.000 claims description 36
- 210000001503 joint Anatomy 0.000 claims description 21
- 238000007789 sealing Methods 0.000 claims description 18
- 238000012552 review Methods 0.000 claims description 4
- 230000000903 blocking effect Effects 0.000 claims description 2
- 238000012216 screening Methods 0.000 abstract description 6
- 230000006399 behavior Effects 0.000 description 21
- 238000010586 diagram Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 229910052704 radon Inorganic materials 0.000 description 2
- SYUHGPGVQRZVTB-UHFFFAOYSA-N radon atom Chemical compound [Rn] SYUHGPGVQRZVTB-UHFFFAOYSA-N 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 210000002268 wool Anatomy 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses an information security management and control system and method based on network traffic, and the system comprises an information management and control system, wherein the information management and control system comprises a Lei-in induction unit, an auxiliary judging unit, a verification integration unit and a setting unlocking unit. According to the information security management and control system and method based on network traffic, abnormal conditions of users are judged according to the IP address abnormality setting standard, preliminary generalization is carried out, after time interval error intervals are set, time intervals are arranged and compared between time when verification information is sent to different users and time when feedback results are received, key audit marks are directly carried out in the error intervals, further screening of abnormal users is achieved, then verification modes of identity information are utilized to remove the key audit marks, and the effective management and control of multiple users is achieved when normal user feedback is guaranteed.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an information security management and control system and method based on network traffic.
Background
The application of multi-opening auxiliary software is common, a user can control a plurality of accounts through the software, when registering a plurality of accounts of the same enterprise, the user occupies a large amount of enterprise flow, the user controls the plurality of accounts, performs operations such as application of 'pig wool', and the like, causes the flow loss of the enterprise, and causes uncontrollable factors to the estimation of the actual production value which the enterprise can obtain, and consumes a large amount of processing space of an enterprise server.
At present, the detection means for multiple applications are single, namely the detection of the IP address is single, when a plurality of user accounts appear on the same IP address, the account abnormity judgment is directly carried out, and when the normal user performs multiple applications in the detection means, for example, when a plurality of users commonly use one device, the situation of accidentally injuring the normal user is easy to appear, and the network flow cannot be accurately judged in more detail, so that the resources of the normal user are lost.
Disclosure of Invention
(one) solving the technical problems
Aiming at the defects of the prior art, the invention provides an information security management and control system and method based on network traffic, which solve the problems that the conventional multi-application detection means is single, when the normal user performs multi-application, the situation of accidentally injuring the normal user easily occurs, the network traffic cannot be accurately judged in more detail, and the resource loss of the normal user is caused.
(II) technical scheme
In order to achieve the above purpose, the present invention provides the following technical solutions: the information security management and control system based on network traffic comprises an information management and control system, wherein the information management and control system comprises an identical induction unit, an auxiliary judging unit, a verification integration unit and a set unlocking unit, the identical induction unit is used for collecting network IP addresses of users and recording registered identity information of the users, setting IP address abnormal condition judging standards, when abnormal conditions occur to the users, carrying out abnormal marking on the users, the identical induction unit is in butt joint with the auxiliary judging unit, the auxiliary judging unit is used for carrying out regular behavior monitoring on the users with abnormal marks, sending verification information to the users with abnormal marks, setting sending time of the verification information and feedback time of verification results, carrying out key mark on the users after the feedback time of the users exceeds, the auxiliary judging unit is in butt joint with the verification integration unit, the verification integration unit is used for recording the sending time of the verification information and the feedback time of the verification results, setting time interval error intervals, carrying out time interval comparison on a plurality of users with abnormal marks on the same IP addresses after the recorded time interval is finished, carrying out time interval comparison on a plurality of users with the verification labels, carrying out the key mark verification operation on the key mark and unlocking unit after the verification result is set, the key mark is set on the key mark is required to be carried out on the verification unit according to the set after the verification result is fed back to the user, and (3) in the process of releasing the mark, the user who cannot pass the verification of the identity information symbol performs account blocking until the user passes the verification of the identity information symbol, so that the key audit mark can be released.
By adopting the technical scheme, the abnormal situation of the user is judged according to the IP address abnormal setting standard, the abnormal situation is primarily induced, after the error interval is set, the time for sending verification information to different users and the time for receiving feedback results are compared after the time interval is arranged, the key audit mark is directly carried out in the error interval, the further screening of the abnormal user is realized, the key audit mark is released by using the verification mode of the identity information, and the effective management and control of the user with multiple openings is realized when the feedback of the normal user is ensured as a final judging means.
The invention is further provided with: the Lei-Hope induction unit comprises an IP address monitoring module, an abnormality setting module, an abnormality marking module and an abnormality storage module, wherein the IP address monitoring module is in butt joint with the abnormality setting module, the abnormality setting module is in butt joint with the abnormality marking module, and the abnormality marking module is in butt joint with the abnormality storage module.
The invention is further provided with: the IP address monitoring module is used for collecting the network IP address of the user and recording the registered identity information of the user;
the abnormality setting module is used for setting an abnormality judgment standard, limiting the times of different users appearing on the same network IP address in a set time, and authenticating that a plurality of users logged in the network IP address appear abnormal when the times exceed the limited times;
the abnormality marking module is used for marking the abnormality of a plurality of users when the abnormality occurs to the plurality of users;
the abnormal storage module is used for carrying out storage management on the user with the abnormal mark.
By adopting the technical scheme, the IP address is simply monitored and controlled, the preliminary screening of abnormal users is realized, the monitoring range of network traffic is further reduced, and the processing intensity of the system is effectively reduced.
The invention is further provided with: the auxiliary judging unit comprises a behavior monitoring module and a verification setting module;
the behavior monitoring module is used for performing conventional behavior monitoring on the user with the abnormal mark, and performing key audit marks on the user when the user breaks the conventional behavior operation;
the verification setting module is used for sending verification information to the user with the abnormal mark, setting the sending time of the verification information and the feedback time of the verification result, and carrying out key audit marks on the user after the user feeds back the exceeding feedback time.
By adopting the technical scheme, the user with the abnormal mark is detected by using a conventional behavior monitoring mode, abnormal judgment caused by abnormal operation of the user with the abnormal mark is effectively eliminated, and preliminary verification of the user identity is carried out by sending verification information, so that effective man-machine distinction is realized.
The invention is further provided with: the verification integration unit comprises a time recording module, a feedback statistics module and a key auditing module;
the time recording module is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistics module is used for setting a time interval error interval, sorting the time recorded in the time recording module and comparing the time intervals of a plurality of users with abnormal marks of the same IP address;
and the key auditing module is used for adding key auditing marks to the plurality of users when the time interval comparison results of the plurality of users are in the set time interval error interval, and otherwise deleting the abnormal marks.
By adopting the technical scheme, the judgment of applying multiple opening corresponding single person or multiple persons is carried out for a plurality of abnormal marked users of the same IP address by utilizing the arrangement statistics of the sending time of the verification information and the feedback time of the result, thereby avoiding the situation of accidentally injuring the normal users, and simultaneously carrying out more detailed judgment on the abnormal situation of the users.
As an audit basis, different people can make different times of verification feedback when receiving verification information, and when the verification time received by a plurality of users is similar to the verification feedback time result, the operation of the same person can be primarily judged.
The invention is further provided with: the unlocking unit comprises a control setting module, an unlocking setting module and a sealing management module, wherein the control setting module is in butt joint with the unlocking setting module, and the unlocking setting module is in butt joint with the sealing management module.
The invention is further provided with: the control setting module is used for setting control requirements of users with key audit marks, and the control requirements are specifically as follows: the method comprises the steps of verifying physical positions in limited time for users with key audit marks, judging the physical positions of the mobile terminal in use in the limited time, directly sealing accounts when the physical positions of a plurality of users are repeated, and verifying identity information;
the unlocking setting module is used for performing operation setting for releasing the mark after the key audit mark appears on the same IP address user, and the specific operation setting is as follows: sending an identity information verification popup window to a user through a management and control requirement set by a management and control setting module;
the seal and ban management module is used for carrying out account seal and ban on the user which cannot pass identity information character verification in the process of releasing the mark by the user until the user passes the identity information verification, and the key audit mark can be released.
By adopting the technical scheme, the management and control requirements of the user with the abnormal mark are set, the abnormal judgment is carried out on the mobile terminal by taking the physical position as a more specific abnormal judgment mode, the identity information when the user registers the account is used as a final verification standard, a channel is provided for releasing the key audit mark of the user, and the credibility of the user in a normal state is ensured.
As a basis for determination, there is a possibility that a plurality of persons share one device in a fixed terminal such as a desktop, but there is little possibility that a plurality of persons share one device in a mobile terminal such as a cellular phone.
The invention also discloses a control method of the information security control system based on the network traffic, which comprises the following steps:
step one, lei generalizes: the IP address monitoring module collects network IP addresses of users and records registration identity information of the users, the abnormality setting module sets abnormality judgment standards, limits the times of different users appearing on the same network IP address in set time, authenticates that a plurality of users logged in the network IP address appear abnormal situations when the limit times are exceeded, and the abnormality marking module carries out abnormality marking on the plurality of users when the plurality of users appear abnormal situations, and then stores the users with the abnormality marks in the abnormality storage module;
step two, auxiliary judgment: the behavior monitoring module monitors the conventional behavior of the user with the abnormal mark, when the situation of violating the conventional behavior operation occurs, the user is subjected to key audit marks, meanwhile, the verification setting module sends verification information to the user with the abnormal mark, the sending time of the verification information and the feedback time of the verification result are set, and after the user feeds back the exceeding feedback time, the user is subjected to key audit marks;
step three, verifying and integrating: the time recording module records the sending time of the verification information and the feedback time of the verification result, the feedback statistics module sets a time interval error interval, the recorded time is tidied, a plurality of users with abnormal marks of the same IP address are subjected to time interval comparison, and when the time interval comparison result of the plurality of users is in the set time interval error interval, key audit marks are added to the plurality of users;
step four, unlocking is set: the management and control setting module sets management and control requirements for users with key audit marks, wherein the management and control requirements are specifically as follows: the method comprises the steps that verification of physical positions in limiting time is conducted on users with key audit marks, the physical positions in use of a mobile terminal are judged in limiting time, account sealing and forbidden are directly conducted when the physical positions of a plurality of users are repeated, verification of identity information is conducted, after the key audit marks are conducted on the users with the same IP address, an unlocking setting module conducts operation setting of releasing the marks, and specific operation setting is that: and sending an identity information verification popup window to the user through the management and control requirement set by the management and control setting module, and in the process that the user releases the mark, the sealing and disabling management module seals and disables the account of the user which cannot pass the identity information check verification until the user passes the identity information check verification, so that the key verification mark can be released.
(III) beneficial effects
The invention provides an information security management and control system and method based on network traffic. The beneficial effects are as follows:
(1) According to the information security management and control system and method based on network traffic, abnormal conditions of users are judged according to the IP address abnormality setting standard, preliminary generalization is carried out, after time interval error intervals are set, time intervals are arranged and compared between time when verification information is sent to different users and time when feedback results are received, key audit marks are directly carried out in the error intervals, further screening of abnormal users is achieved, then verification modes of identity information are utilized to remove the key audit marks, and the effective management and control of multiple users is achieved when normal user feedback is guaranteed.
(2) According to the information security management and control system and method based on the network traffic, the initial screening of abnormal users is achieved through the simple monitoring and control of the IP address, the monitoring range of the network traffic is further narrowed, and the processing intensity of the system is effectively reduced.
(3) According to the information security management and control system and method based on network traffic, the user with the abnormal mark is detected by using a conventional behavior monitoring mode, abnormal judgment caused by irregular operation of the user with the abnormal mark is effectively eliminated, and preliminary verification of user identity is carried out by sending verification information, so that effective man-machine distinction is realized.
(4) According to the information security management and control system and method based on the network traffic, the judgment of single person or multiple persons corresponding to multiple applications is carried out for a plurality of abnormal marked users of the same IP address by utilizing the arrangement statistics of the sending time of verification information and the feedback time of results, so that the situation of accidentally injuring normal users is avoided, and meanwhile, the abnormal situation of the users can be further judged in more detail.
(5) According to the information security management and control system and method based on network traffic, the management and control requirements of the users with the abnormal marks are set, the abnormal judgment is carried out on the mobile terminal by taking a physical position obtaining mode as more specific abnormal judgment, the identity information when the users register account numbers is used as a final verification standard, a channel is provided for eliminating the key audit marks of the users, and meanwhile the credibility of the users in a normal state is guaranteed.
Drawings
FIG. 1 is a schematic block diagram of a system of the present invention;
FIG. 2 is a schematic block diagram of a system of the inventive radom unit;
FIG. 3 is a schematic block diagram of a system of the auxiliary determination unit of the present invention;
FIG. 4 is a schematic block diagram of a system for verifying an integrated unit in accordance with the present invention;
fig. 5 is a schematic block diagram of a system for setting an unlock unit according to the present invention.
In the figure, 1, an information management and control system; 2. a radom induction unit; 3. an auxiliary determination unit; 4. verifying the integration unit; 5. setting an unlocking unit; 6. an IP address monitoring module; 7. an abnormality setting module; 8. an anomaly marking module; 9. an exception storage module; 10. a behavior monitoring module; 11. a verification setting module; 12. a time recording module; 13. a feedback statistics module; 14. a key auditing module; 15. a management and control setting module; 16. an unlocking setting module; 17. and sealing and forbidden management module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-5, the embodiment of the present invention provides a technical solution: an information security management and control system based on network traffic comprises an information management and control system 1, wherein the information management and control system 1 is shown in figure 1, and comprises a Lei-in induction unit 2, an auxiliary judging unit 3, a verification integration unit 4 and a setting unlocking unit 5.
As a preferred scheme, in order to realize preliminary screening of abnormal users, the radon induction unit 2 is used for collecting network IP addresses of users, recording registered identity information of the users, setting an IP address abnormal condition judgment standard, and when abnormal conditions occur to the users, carrying out abnormal marking on the users, specifically, as shown in fig. 2, the radon induction unit 2 comprises an IP address monitoring module 6, an abnormal setting module 7, an abnormal marking module 8 and an abnormal storage module 9, wherein the IP address monitoring module 6 is used for collecting network IP addresses of the users and recording registered identity information of the users;
the IP address monitoring module 6 is in butt joint with the abnormality setting module 7, the abnormality setting module 7 is used for setting an abnormality judgment standard, limiting the times of different users appearing on the same network IP address in a set time, and authenticating that a plurality of users logged in the network IP address appear abnormal when the times exceed the limiting times;
the abnormality setting module 7 is in butt joint with the abnormality marking module 8, and the abnormality marking module 8 is used for carrying out abnormality marking on a plurality of users when the plurality of users have abnormal conditions;
the abnormality marking module 8 is in butt joint with the abnormality storage module 9, and the abnormality storage module 9 is used for carrying out storage management on users with abnormality marks.
As a preferred scheme, in order to realize effective man-machine distinction, the Lei-in unit 2 is in butt joint with the auxiliary judging unit 3, the auxiliary judging unit 3 is used for performing conventional behavior monitoring on the user with the abnormal mark, sending verification information to the user with the abnormal mark, setting the sending time of the verification information and the feedback time of the verification result, and performing key audit marks on the user after the user feeds back the exceeding feedback time, specifically, as shown in fig. 3, the auxiliary judging unit 3 comprises a behavior monitoring module 10 and a verification setting module 11;
the behavior monitoring module 10 is used for performing conventional behavior monitoring on a user with abnormal marks, and performing key audit marks on the user when the user breaks the conventional behavior operation, wherein the conventional behavior monitoring is mainly used for monitoring various website access behaviors such as source, browsing condition, return visit and the like of the user so as to obtain various basic data of website traffic and provide more accurate analysis data for enterprises;
the verification setting module 11 is configured to send verification information to a user with an abnormal mark, set a sending time of the verification information and a feedback time of a verification result, and perform a key audit mark on the user after the user feeds back the exceeding feedback time.
As a preferred solution, in order to further determine the abnormal situation of the user in more detail, the auxiliary determining unit 3 interfaces with the verification integrating unit 4, where the verification integrating unit 4 is configured to record the sending time of the verification information and the feedback time of the verification result, set a time interval error interval, sort the recorded time, perform time interval comparison on a plurality of users with abnormal marks of the same IP address, and add key audit marks to the plurality of users when the time interval comparison result of the plurality of users is within the set time interval error interval, specifically, as shown in fig. 4, the verification integrating unit 4 includes a time recording module 12, a feedback statistics module 13, and a key audit module 14;
the time recording module 12 is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistics module 13 is used for setting a time interval error interval, sorting the time recorded in the time recording module 12, and comparing the time intervals of a plurality of users with abnormal marks of the same IP address;
the key audit module 14 is configured to add key audit marks to a plurality of users when the time interval comparison results of the plurality of users are within a set time interval error interval.
As a preferred scheme, in order to ensure the credibility of the user in a normal state, the verification integration unit 4 is in butt joint with the setting unlocking unit 5, the setting unlocking unit 5 is used for setting a control requirement for the user with a key audit mark, and after the key audit mark appears for the user at the same IP address, the operation setting of releasing the mark is performed according to the identity information verification, the account sealing is performed for the user which cannot be verified through the identity information character review in the process of releasing the mark by the user until the user passes the identity information review verification, and the key audit mark can be released, specifically, as shown in fig. 5, in order to perform specific judgment for the mobile terminal, the setting unlocking unit 5 comprises a control setting module 15, an unlocking setting module 16 and a sealing management module 17, and the control setting module 15 is used for setting the control requirement for the user with the key audit mark, wherein the control requirement is specifically: the method comprises the steps of verifying physical positions in limited time for users with key audit marks, judging the physical positions of the mobile terminal in use in the limited time, directly sealing accounts when the physical positions of a plurality of users are repeated, and verifying identity information;
the control setting module 15 is in butt joint with the unlocking setting module 16, and the unlocking setting module 16 is used for performing operation setting for releasing the mark after the key audit mark appears on the same IP address user, and the specific operation setting is as follows: the identity information verification popup window is sent to the user through the control requirement set by the control setting module 15;
the unlocking setting module 16 is in butt joint with the sealing and forbidden management module 17, and the sealing and forbidden management module 17 is used for sealing and forbidden accounts of users which cannot pass identity information check verification in the process of releasing marks by the users until the users pass the identity information check verification, and the key check marks can be released.
The control method of the information security control system based on the network traffic specifically comprises the following steps:
step one, lei generalizes: the IP address monitoring module 6 collects network IP addresses of users, records registration identity information of the users, the abnormality setting module 7 sets abnormality judgment standards, limits the times of different users appearing on the same network IP address within set time, authenticates that a plurality of users logged in the network IP address appear abnormal situations when the times exceed the limit times, and the abnormality marking module 8 performs abnormality marking on the plurality of users when the plurality of users appear abnormal situations, and then stores the users with the abnormality marks in the abnormality storage module 9;
step two, auxiliary judgment: the behavior monitoring module 10 monitors the conventional behavior of the user with the abnormal mark, when the situation of violating the conventional behavior operation occurs, the user is subjected to key audit marks, meanwhile, the verification setting module 11 sends verification information to the user with the abnormal mark, the sending time of the verification information and the feedback time of the verification result are set, and after the user feeds back the exceeding feedback time, the user is subjected to key audit marks;
step three, verifying and integrating: the time recording module 12 records the sending time of the verification information and the feedback time of the verification result, the feedback statistics module 13 sets a time interval error interval, sorts the recorded time, compares the time intervals of a plurality of users with abnormal marks of the same IP address, and adds key audit marks to the plurality of users when the time interval comparison result of the plurality of users is in the set time interval error interval;
step four, unlocking is set: the management and control setting module 15 sets management and control requirements for users with key audit marks, wherein the management and control requirements are specifically as follows: the method comprises the steps that verification of physical positions in limiting time is carried out on users with key audit marks, the physical positions in use of a mobile terminal are judged in limiting time, account sealing and forbidden are directly carried out when the physical positions of a plurality of users are repeated, verification of identity information is carried out, after the key audit marks are formed on the same IP address user, the unlocking setting module 16 carries out operation setting for releasing the marks, and the specific operation setting is as follows: the management and control request set by the management and control setting module 15 sends an identity information verification popup window to the user, and in the process of releasing the mark by the user, the seal and control management module 17 performs account seal and control on the user which cannot pass the identity information check verification until the user passes the identity information check verification, so that the key check mark can be released.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. The utility model provides an information security management and control system based on network flow, includes information management and control system (1), its characterized in that: the information management and control system (1) comprises a radom induction unit (2), an auxiliary judging unit (3), a verification integrating unit (4) and a verification result setting unlocking unit (5), wherein the radom induction unit (2) is used for collecting network IP addresses of users and recording registration identity information of the users, meanwhile setting IP address abnormal condition judging standards, when abnormal conditions occur to the users, carrying out abnormal marking on the users, the radom induction unit (2) is in butt joint with the auxiliary judging unit (3), the auxiliary judging unit (3) is used for carrying out regular behavior monitoring on the users with abnormal marks, sending verification information to the users with the abnormal marks, setting sending time of the verification information and feedback time of the verification result, carrying out key verification marks on the users after the feedback time of the users exceeds, the verification integrating unit (4) is in butt joint with the verification integrating unit (4), the verification integrating unit (4) is used for recording the sending time of the verification information and the feedback time of the verification result, setting an error interval, carrying out comparison between a plurality of the verification result with the verification integrating units (4) and the user with a plurality of key verification result at a plurality of time intervals within the preset time interval of the verification integrating units (4), the unlocking unit (5) is used for setting a control requirement for a user with a key audit mark, and after the key audit mark appears on the user with the same IP address, the user can carry out operation setting for releasing the mark according to identity information verification, and the user who cannot pass identity information sign review verification can carry out account sealing and forbidden in the process of releasing the mark until the user passes the identity information review verification, so that the key audit mark can be released.
2. The network traffic-based information security management and control system according to claim 1, wherein: the Lei-Hope induction unit (2) comprises an IP address monitoring module (6), an anomaly setting module (7), an anomaly marking module (8) and an anomaly storage module (9), wherein the IP address monitoring module (6) is in butt joint with the anomaly setting module (7), the anomaly setting module (7) is in butt joint with the anomaly marking module (8), and the anomaly marking module (8) is in butt joint with the anomaly storage module (9).
3. The network traffic based information security management and control system according to claim 2, wherein: the IP address monitoring module (6) is used for collecting the network IP address of the user and recording the registered identity information of the user;
the abnormality setting module (7) is used for setting an abnormality judgment standard, limiting the times of different users appearing on the same network IP address in a set time, and authenticating that a plurality of users logged in the network IP address appear abnormal when the times exceed the limited times;
the abnormality marking module (8) is used for performing abnormality marking on a plurality of users when the plurality of users have abnormal conditions;
the abnormal storage module (9) is used for carrying out storage management on the user with the abnormal mark.
4. The network traffic-based information security management and control system according to claim 1, wherein: the auxiliary judging unit (3) comprises a behavior monitoring module (10) and a verification setting module (11);
the behavior monitoring module (10) is used for performing conventional behavior monitoring on the user with the abnormal mark, and performing key audit marks on the user when the user is in the condition of violating conventional behavior operation;
the verification setting module (11) is used for sending verification information to the user with the abnormal mark, setting the sending time of the verification information and the feedback time of the verification result, and carrying out key audit marks on the user after the user feeds back the exceeding feedback time.
5. The network traffic-based information security management and control system according to claim 1, wherein: the verification integration unit (4) comprises a time recording module (12), a feedback statistics module (13) and a key auditing module (14);
the time recording module (12) is used for recording the sending time of the verification information and the feedback time of the verification result;
the feedback statistics module (13) is used for setting a time interval error interval, sorting the time recorded in the time recording module (12), and comparing the time intervals of a plurality of users with abnormal marks of the same IP address;
the key auditing module (14) is used for adding key auditing marks to the plurality of users when the time interval comparison results of the plurality of users are within the set time interval error interval.
6. The network traffic-based information security management and control system according to claim 1, wherein: the unlocking unit (5) comprises a control setting module (15), an unlocking setting module (16) and a sealing and forbidden management module (17), wherein the control setting module (15) is in butt joint with the unlocking setting module (16), and the unlocking setting module (16) is in butt joint with the sealing and forbidden management module (17).
7. The network traffic based information security management and control system according to claim 6, wherein: the control setting module (15) is used for setting control requirements of users with key audit marks, and the control requirements are specifically as follows: the method comprises the steps of verifying physical positions in limited time for users with key audit marks, judging the physical positions of the mobile terminal in use in the limited time, directly sealing accounts when the physical positions of a plurality of users are repeated, and verifying identity information;
the unlocking setting module (16) is used for performing operation setting for releasing the mark after the key audit mark appears on the same IP address user, and the specific operation setting is as follows: sending an identity information verification popup window to a user through a management and control requirement set by a management and control setting module (15);
the seal and ban management module (17) is used for carrying out account seal and ban on the user which cannot pass identity information character check verification in the process of releasing the mark by the user until the user passes the identity information check verification, and the key audit mark can be released.
8. A management and control method of an information security management and control system based on network traffic is characterized by comprising the following steps: the method specifically comprises the following steps:
step one, lei generalizes: the IP address monitoring module (6) collects network IP addresses of users, records registration identity information of the users, the abnormality setting module (7) sets an abnormality judgment standard, limits the times of different users appearing on the same network IP address within a set time, authenticates that a plurality of users logged in the network IP address appear abnormal situations when the limit times are exceeded, and the abnormality marking module (8) marks the abnormality of the plurality of users when the abnormality occurs to the plurality of users, and then stores the users with the abnormality marks in the abnormality storage module (9);
step two, auxiliary judgment: the behavior monitoring module (10) monitors the conventional behavior of the user with the abnormal mark, when the situation of violating the conventional behavior operation occurs, the user is subjected to key audit marks, meanwhile, the verification setting module (11) sends verification information to the user with the abnormal mark, the sending time of the verification information and the feedback time of the verification result are set, and after the user feeds back the exceeding feedback time, the user is subjected to key audit marks;
step three, verifying and integrating: the time recording module (12) records the sending time of the verification information and the feedback time of the verification result, the feedback statistics module (13) sets a time interval error interval, sorts the recorded time, compares the time intervals of a plurality of users with abnormal marks of the same IP address, and adds key audit marks to the plurality of users when the time interval comparison result of the plurality of users is in the set time interval error interval;
step four, unlocking is set: the control setting module (15) sets control requirements for users with key audit marks, wherein the control requirements are specifically as follows: the method comprises the steps that verification of physical positions in limiting time is conducted on users with key audit marks, the physical positions in use of a mobile terminal are judged in limiting time, account blocking is conducted directly when the physical positions of a plurality of users are repeated, verification of identity information is conducted, after the key audit marks are conducted on the same IP address user, an unlocking setting module (16) conducts operation setting for releasing the marks, and the specific operation setting is that: the management and control requirements set by the management and control setting module (15) are sent to the user to verify the popup window, and in the process that the user releases the mark, the sealing management module (17) seals the account of the user which cannot pass the verification of the identity information symbol until the user passes the verification of the identity information symbol, and the key verification mark can be released.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762820.9A CN115174190B (en) | 2022-06-29 | 2022-06-29 | Information security management and control system and method based on network traffic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762820.9A CN115174190B (en) | 2022-06-29 | 2022-06-29 | Information security management and control system and method based on network traffic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115174190A CN115174190A (en) | 2022-10-11 |
| CN115174190B true CN115174190B (en) | 2024-01-26 |
Family
ID=83489659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210762820.9A Active CN115174190B (en) | 2022-06-29 | 2022-06-29 | Information security management and control system and method based on network traffic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174190B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7472422B1 (en) * | 2003-09-10 | 2008-12-30 | Symantec Corporation | Security management system including feedback and control |
| CN102957579A (en) * | 2012-09-29 | 2013-03-06 | 北京邮电大学 | Network anomaly traffic monitoring method and device |
| CN106789855A (en) * | 2015-11-25 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of user login validation |
| EP3223495A1 (en) * | 2016-03-21 | 2017-09-27 | Light Cyber Ltd | Detecting an anomalous activity within a computer network |
| CN109376038A (en) * | 2018-12-05 | 2019-02-22 | 合肥卓瑞信息技术有限公司 | A kind of security information processing system based on O&M service management |
| CN110149343A (en) * | 2019-05-31 | 2019-08-20 | 国家计算机网络与信息安全管理中心 | A kind of abnormal communications and liaison behavioral value method and system based on stream |
| CN112287252A (en) * | 2020-10-26 | 2021-01-29 | 平安科技(深圳)有限公司 | Website domain name hijacking detection method, device, equipment and storage medium |
| CN112448949A (en) * | 2020-11-12 | 2021-03-05 | 武汉空格信息技术有限公司 | Computer network monitoring system |
| CN113079143A (en) * | 2021-03-24 | 2021-07-06 | 北京锐驰信安技术有限公司 | Flow data-based anomaly detection method and system |
| WO2021258348A1 (en) * | 2020-06-24 | 2021-12-30 | 深圳市欢太科技有限公司 | Abnormal flow detection method and system and computer storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201704931D0 (en) * | 2017-03-28 | 2017-05-10 | Indigovision Ltd | Monitoring devices and methods for IP surveillance networks |
-
2022
- 2022-06-29 CN CN202210762820.9A patent/CN115174190B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7472422B1 (en) * | 2003-09-10 | 2008-12-30 | Symantec Corporation | Security management system including feedback and control |
| CN102957579A (en) * | 2012-09-29 | 2013-03-06 | 北京邮电大学 | Network anomaly traffic monitoring method and device |
| CN106789855A (en) * | 2015-11-25 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of user login validation |
| EP3223495A1 (en) * | 2016-03-21 | 2017-09-27 | Light Cyber Ltd | Detecting an anomalous activity within a computer network |
| CN109376038A (en) * | 2018-12-05 | 2019-02-22 | 合肥卓瑞信息技术有限公司 | A kind of security information processing system based on O&M service management |
| CN110149343A (en) * | 2019-05-31 | 2019-08-20 | 国家计算机网络与信息安全管理中心 | A kind of abnormal communications and liaison behavioral value method and system based on stream |
| WO2021258348A1 (en) * | 2020-06-24 | 2021-12-30 | 深圳市欢太科技有限公司 | Abnormal flow detection method and system and computer storage medium |
| CN112287252A (en) * | 2020-10-26 | 2021-01-29 | 平安科技(深圳)有限公司 | Website domain name hijacking detection method, device, equipment and storage medium |
| CN112448949A (en) * | 2020-11-12 | 2021-03-05 | 武汉空格信息技术有限公司 | Computer network monitoring system |
| CN113079143A (en) * | 2021-03-24 | 2021-07-06 | 北京锐驰信安技术有限公司 | Flow data-based anomaly detection method and system |
Non-Patent Citations (2)
| Title |
|---|
| 基于深度学习的异常网络流量检测方法;莫静容;《中国优秀硕士学位论文全文数据库》;全文 * |
| 身份与位置分离体系映射安全关键技术研究;万明;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115174190A (en) | 2022-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105825138B (en) | A kind of method and apparatus of sensitive data identification | |
| EP3306512B1 (en) | Account theft risk identification method, identification apparatus, and prevention and control system | |
| CN110290138B (en) | Restricted login method and system suitable for test database | |
| CN113177205B (en) | Malicious application detection system and method | |
| CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
| Singh et al. | Sql injection detection and correction using machine learning techniques | |
| CN113032793A (en) | Intelligent reinforcement system and method for data security | |
| CN110839003A (en) | Method and device for identifying number stealing behavior, computer equipment and storage medium | |
| CN112699357A (en) | Big data security system access operation platform and data retrieval method | |
| CN110826094A (en) | Information leakage monitoring method and device | |
| CN111092845B (en) | Early warning evaluation method and system for accessing confidential files | |
| CN115174190B (en) | Information security management and control system and method based on network traffic | |
| KR102338998B1 (en) | System and method for checking log integrity and proving forgery and alteration activity of log through the same | |
| CN110955908A (en) | Early warning evaluation method and system for confidential files and intelligent terminal | |
| CN109726187B (en) | Hadoop-oriented adaptive permission control method and device | |
| CN101702168A (en) | Method for inquiring information based on key information of the second generation identity card | |
| Kim et al. | A system for detection of abnormal behavior in BYOD based on web usage patterns | |
| KR20210110765A (en) | Method for providing ai-based big data de-identification solution | |
| CN113612748A (en) | Authority management method and system based on block chain | |
| CN112966235A (en) | Big data component access control method and system of intelligent education platform | |
| CN112199651A (en) | Login identity information verification system and verification method thereof | |
| CN110336782A (en) | Data access safety certifying method and system | |
| CN113407925B (en) | Application-free reconstruction docking method and system between application system and IAM system | |
| CN113722772B (en) | Quantitative evaluation method for security degree of side channel of password security chip | |
| CN112565306B (en) | Third-party server identification method for app private data collection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |