CN115238277A - Safety protection system of network information - Google Patents
Safety protection system of network information Download PDFInfo
- Publication number
- CN115238277A CN115238277A CN202210832551.9A CN202210832551A CN115238277A CN 115238277 A CN115238277 A CN 115238277A CN 202210832551 A CN202210832551 A CN 202210832551A CN 115238277 A CN115238277 A CN 115238277A
- Authority
- CN
- China
- Prior art keywords
- equipment
- time
- historical
- value
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002159 abnormal effect Effects 0.000 claims abstract description 43
- 238000004458 analytical method Methods 0.000 claims abstract description 35
- 238000009825 accumulation Methods 0.000 claims abstract description 20
- 238000012217 deletion Methods 0.000 claims description 14
- 230000037430 deletion Effects 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000007726 management method Methods 0.000 claims description 6
- 238000000034 method Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000000737 periodic effect Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 230000000739 chaotic effect Effects 0.000 claims description 2
- 238000011835 investigation Methods 0.000 claims description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Abstract
The invention discloses a security protection system of network information, belonging to the field of information security protection, and particularly comprising a real-time login device, a history device and a plurality of corresponding history login time groups which are obtained by an information obtaining unit; then, the processor is used for carrying out abnormity analysis on the real-time login equipment and generating an abnormity signal according to the analysis condition; the processor transmits the abnormal signal and the abnormal equipment group to the information source analysis unit; performing inertial anomaly analysis on the abnormal equipment set by combining an information source analysis unit with an information accumulation library to confirm illegal equipment, namely accounts which are possibly automatically logged in, so that the problem of personal privacy security is caused; the invention is simple, effective and easy to use.
Description
Technical Field
The invention belongs to the field of information security protection, and particularly relates to a network information security protection system.
Background
Patent publication No. CN102789563A discloses a website background program information security protection system and a protection method thereof, which are suitable for encrypting and protecting website background program contents to prevent peering by outsiders. The information security protection system of the website background program comprises the website background program, a data storage center, a security management center, an encryption authentication unit arranged in the website background program, and a security identity verification tool connected with the website background program when in use. The system and the method for protecting the information of the website background program can facilitate normal compiling and using of the website background program file by a programmer and a website foreground, and can prevent the periphery from illegally peeping and stealing the content of the program file.
For a user, when the current user uses an office computer or is located at a certain fixed computer at a certain stage, the current user habitually uses automatic login for an account, but meanwhile, when the current user leaves the corresponding fixed computer, the user can forget to delete the automatic login of the account, so that the problem can be avoided only by modifying a password when the user logs in the personal account by other equipment, and the personal privacy safety is influenced.
Disclosure of Invention
The invention aims to provide a network information security protection system.
The purpose of the invention can be realized by the following technical scheme:
a security protection system for network information comprises
The information acquisition unit is used for acquiring real-time login equipment, historical equipment and a plurality of historical login time groups corresponding to the historical equipment;
the information acquisition unit is used for transmitting the real-time login equipment, the historical equipment and the corresponding historical login time group to the information accumulation library through the controlled accumulation unit;
the information acquisition unit is used for transmitting the real-time login equipment to the processor through the controlled accumulation unit, and the processor is used for carrying out abnormity analysis on the real-time login equipment and generating an abnormity signal according to the analysis condition;
the processor is used for transmitting the abnormal signal and the abnormal equipment group to the information source analysis unit; the information source analysis unit is used for carrying out inertial anomaly analysis on the abnormal equipment set by combining the information accumulation library, and the specific mode of the inertial anomaly analysis is as follows:
the method comprises the following steps: acquiring all historical devices in an information accumulation library and corresponding historical login time groups;
step two: optionally selecting a historical device, and acquiring all historical login time of the historical device in an approaching stage of the historical device, wherein the approaching stage refers to a time period away from the next six months;
automatically acquiring the current distance time, and marking the current distance time as span time to obtain a plurality of span time Ki, i = 1. When the processor receives the abnormal device group, the time point is designated; carrying out periodic analysis on the span duration to obtain an effective value, a total use value and the span duration of the historical equipment;
step three: analyzing all historical devices according to the principle of the second step to obtain effective values, total use values and span-time lengths of all historical devices, and marking the historical devices as Lj, wherein j =1, · m; the effective value, the total use value and the span duration are marked as Uj, yj and Dj in sequence, and j =1,.. And m; lj, uj, yj and Dj are in one-to-one correspondence;
step four: calculating the inertia value Gj by using a formula, wherein the specific calculation formula is as follows:
Gj=0.34×Yj+0.35/Dj+0.31/Uj;
wherein 0.34, 0.35 and 0.31 are preset numerical values;
step five: obtaining inertia values Gj of all historical equipment Lj, and marking the historical equipment with Gj exceeding X2 as inertial equipment;
step six: and then acquiring all abnormal devices in the abnormal device group, performing abnormal troubleshooting, and determining compliant devices and illegal devices.
The invention has the beneficial effects that:
the method comprises the steps that real-time login equipment, historical equipment and a plurality of historical login time groups corresponding to the historical equipment are obtained through an information obtaining unit; then, the processor is used for carrying out abnormity analysis on the real-time login equipment and generating an abnormity signal according to the analysis condition; the processor transmits the abnormal signals and the abnormal equipment group to the information source analysis unit; performing inertial anomaly analysis on the abnormal equipment group by using the information source analysis unit and combining the information accumulation library to confirm illegal equipment, namely accounts which can be automatically logged in, so as to cause the personal privacy security problem; the invention is simple, effective and easy to use.
Drawings
To facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
FIG. 1 is a block diagram of the system of the present invention.
Detailed Description
As shown in fig. 1, a system for securing network information specifically includes, as a first embodiment of the present invention, a system for securing network information
The system comprises an information acquisition unit, a controlled accumulation unit, an information accumulation library, a processor and an information source analysis unit;
the information acquisition unit is used for monitoring all devices logged in by a user account and the login time of the devices, and marking the devices as historical devices, each historical device corresponds to a plurality of historical login time groups, each historical login time group comprises a plurality of historical login times, and the historical login time acquisition mode is as follows:
marking the time as historical login time each time the user logs in by using the account;
the information acquisition unit is also used for monitoring the login condition of the account in real time to obtain real-time login information, and the real-time login information is equipment which corresponds to the current account and is logged in and is marked as real-time login equipment;
the information acquisition unit is used for transmitting the real-time login equipment, the historical equipment and the corresponding historical login time group to the controlled accumulation unit, and the controlled accumulation unit is used for transmitting the historical equipment and the corresponding historical login time group to the information accumulation library;
the controlled accumulation unit is used for transmitting the real-time login equipment to the processor, the processor is used for carrying out abnormity analysis on the real-time login equipment, and the abnormity analysis specific mode is as follows:
when the real-time login equipment is two or more than two, generating an abnormal signal, and marking all the real-time login equipment at the moment as an abnormal equipment group;
the processor is used for transmitting the abnormal signal and the abnormal equipment group to the information source analysis unit; the information source analysis unit is used for carrying out inertial anomaly analysis on the abnormal equipment set by combining the information accumulation library, and the specific mode of the inertial anomaly analysis is as follows:
the method comprises the following steps: acquiring all historical devices in an information accumulation library and corresponding historical login time groups;
step two: optionally selecting a historical device, and acquiring all historical login time of the historical device in an approaching stage, wherein the approaching stage refers to a time period away from the next six months;
automatically acquiring the current distance time, and marking the current distance time as span time to obtain a plurality of span time Ki, i = 1. When the processor receives the abnormal device group, the time point is designated; and carrying out periodic analysis on the span duration, wherein the specific mode of the periodic analysis is as follows:
s1: calculating the span time difference Ci, i =1,. And n-1 by using a formula, wherein the specific calculation mode is as follows:
C i =K i+1 -K i ,i=1、...、n-1;
s2: obtaining all span time differences Ci, automatically calculating the mean value of Ci, and marking the mean value as P; and then calculating the deviation value W by using a formula, wherein the specific calculation formula is as follows:
s3: when the W value does not exceed X1, generating a sum signal, otherwise, deleting data, specifically, sequentially selecting corresponding Ci values according to the sequence of Ci-P from large to small, deleting one Ci value when selecting one Ci value, recalculating the W value after deleting, comparing the one Ci value with X1 after obtaining one W value, if the W value still exceeds X1, selecting the next Ci value according to the sequence until the W value does not exceed X1, marking the number of the deleted Ci values as a deletion value, and dividing the deletion value by n-1 to obtain a deletion ratio; x1 is a preset numerical value;
s4: when the ratio of the deletion and the modification exceeds 0.5, a disordered signal is generated; if the ratio of deletion is 0, no value is deleted, and a stable signal is generated; if the ratio of the deletion is between 0 and 0.3, generating a micro-stability signal, and if the ratio of the deletion is between 0.3 and 0.5, including an endpoint value, generating a mid-stability signal;
s5: defining an effective value according to the disordered signal, the metastable signal, the slightly stable signal and the stable signal, and specifically:
when the chaotic signal is generated, the effective value is marked as 2;
when a steady signal is generated, the value is marked as 1.6
When a micro-steady signal is generated, the effective value is marked as 1.3;
when a stable signal is generated, marking the effective value as 1;
s6: then marking the specific value of n as a total use value; then automatically acquiring the current time and the shortest time within all historical login time, and marking the current time and the shortest time as a short-span time;
s7: obtaining the effective value, the total use value and the span length of the historical equipment;
step three: analyzing all historical devices according to the principle of the second step to obtain effective values, total use values and span-time lengths of all historical devices, and marking the historical devices as Lj, wherein j =1, · m; the effective values, the total use values and the time span are marked as Uj, yj and Dj in sequence, and j =1,.. And m; lj, uj, yj and Dj are in one-to-one correspondence;
step four: calculating the inertia value Gj by using a formula, wherein the specific calculation formula is as follows:
Gj=0.34×Yj+0.35/Dj+0.31/Uj;
in the formula, 0.34, 0.35 and 0.31 are preset numerical values which are used for highlighting different importance of different factors;
step five: obtaining inertia values Gj of all historical equipment Lj, and marking the historical equipment with Gj exceeding X2 as inertial equipment;
step six: then all abnormal devices in the abnormal device group are obtained, and abnormal investigation is carried out, wherein the specific mode is as follows:
s01: when the abnormal equipment belongs to the inertial equipment, a judgment is carried out, specifically:
automatically sending information to the intelligent equipment of the user corresponding to the account, and confirming the legal abnormal equipment by the user through the intelligent equipment feedback message and marking the legal abnormal equipment as compliant equipment by the user;
s02: when the abnormal equipment does not belong to the inertial equipment, carrying out two-term judgment, specifically:
automatically sending information to intelligent equipment of a user corresponding to an account, wherein the user needs to confirm the identity of the user through face recognition or fingerprint recognition before the user confirms legal abnormal equipment through intelligent equipment feedback information, and then confirms compliant equipment according to the feedback information;
s03: after the compliant equipment is confirmed, marking the rest abnormal equipment as illegal equipment;
as an embodiment two of the present invention, on the basis of the embodiment one, the processor is further configured to transmit the illegal device to the emergency processing unit, and the emergency processing unit is configured to perform device determination on the legal device and the illegal device, where the device determination specifically includes:
if the equipment corresponding to the compliance equipment is marked as the compliance equipment for X3 times continuously, wherein X3 is a preset numerical value, and is usually 5;
and the user account, the password and the related account information content on all illegal devices are cached and completely deleted.
As a third embodiment of the present invention, the present embodiment is used for implementing the first embodiment and the second embodiment in a fusion manner, and further includes a management unit, the management unit is in communication connection with the processor, and the management unit is used for recording all preset values.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.
Claims (8)
1. A system for securing network information, comprising:
the information acquisition unit is used for acquiring real-time login equipment, historical equipment and a plurality of historical login time groups corresponding to the real-time login equipment and the historical equipment;
the information acquisition unit is used for transmitting the real-time login equipment, the historical equipment and the corresponding historical login time group to the information accumulation library through the controlled accumulation unit;
the information acquisition unit is used for transmitting the real-time login equipment to the processor through the controlled accumulation unit, and the processor is used for performing anomaly analysis on the real-time login equipment and generating an anomaly signal according to the analysis condition;
the processor is used for transmitting the abnormal signal and the abnormal equipment group to the information source analysis unit; the information source analysis unit is used for performing inertial anomaly analysis on the abnormal equipment set by combining the information accumulation library, and the inertial anomaly analysis is specifically carried out in the following mode:
the method comprises the following steps: acquiring all historical devices in an information accumulation library and corresponding historical login time groups;
step two: optionally selecting a historical device, and acquiring all historical login time of the historical device in an approaching stage of the historical device, wherein the approaching stage refers to a time period away from the next six months;
automatically acquiring the current distance time, and marking the current distance time as span duration to obtain a plurality of span durations Ki, i =1, n; when the processor receives the abnormal device group, the time point is designated; carrying out periodic analysis on the span duration to obtain a valid value, a total use value and the span duration of the historical equipment;
step three: analyzing all historical devices according to the principle of the second step to obtain effective values, total use values and span-time lengths of all historical devices, and marking the historical devices as Lj, wherein j =1, · m; the effective value, the total use value and the span duration are marked as Uj, yj and Dj in sequence, and j =1,.. And m; lj, uj, yj and Dj are in one-to-one correspondence;
step four: calculating the inertia value Gj by using a formula, wherein the specific calculation formula is as follows:
Gj=0.34×Yj+0.35/Dj+0.31/Uj;
wherein 0.34, 0.35 and 0.31 are preset numerical values;
step five: obtaining inertia values Gj of all historical equipment Lj, and marking the historical equipment of which Gj exceeds X2 as inertial equipment;
step six: and then acquiring all abnormal devices in the abnormal device group, performing abnormal investigation, and determining compliant devices and illegal devices.
2. The system of claim 1, wherein the information obtaining unit obtains the real-time log-in device, the historical device, and the plurality of historical log-in time groups corresponding thereto in a specific manner:
monitoring all devices logged in by a user account and login time of the devices, and marking the devices as historical devices, wherein each historical device corresponds to a plurality of historical login time groups, each historical login time group comprises a plurality of historical login times, and the historical login time refers to the time marked as the historical login time when the user logs in by using the account;
the information acquisition unit is also used for monitoring the login condition of the account in real time to obtain real-time login information, and the real-time login information is equipment which corresponds to the current account and is logged in, and is marked as real-time login equipment.
3. The system for securing network information according to claim 1, wherein the specific manner of the anomaly analysis is:
when the real-time login equipment is two or more than two, an abnormal signal is generated, and all the real-time login equipment at the moment is marked as an abnormal equipment group.
4. The system for securing network information according to claim 1, wherein the period analysis is performed in a specific manner:
s1: calculating the span time difference Ci, i =1,. And n-1 by using a formula, wherein the specific calculation mode is as follows:
C i =K i+1 -K i ,i=1、...、n-1;
s2: obtaining all span time differences Ci, automatically calculating the mean value of Ci, and marking the mean value as P; and then calculating the deviation value W by using a formula, wherein the specific calculation formula is as follows:
s3: when the W value does not exceed X1, generating a sum signal, otherwise, deleting data, specifically, sequentially selecting corresponding Ci values according to the sequence of Ci-P from large to small, deleting one Ci value when selecting one Ci value, recalculating the W value after deleting, comparing the one Ci value with X1 after obtaining one W value, if the W value still exceeds X1, selecting the next Ci value according to the sequence until the W value does not exceed X1, marking the number of the deleted Ci values as a deletion value, and dividing the deletion value by n-1 to obtain a deletion ratio; x1 is a preset numerical value;
s4: when the ratio of the deletion is over 0.5, generating a disordered signal; if the deletion ratio is 0, no numerical value is deleted, and a stable signal is generated; if the ratio of the repair and deletion is between 0 and 0.3, generating a micro-stability signal; if the ratio of the deletion is between 0.3 and 0.5, the endpoint value is included, and a stable signal is generated;
s5: defining an effective value according to the disordered signal, the metastable signal, the slightly stable signal and the stable signal, and specifically:
when the chaotic signal is generated, the effective value is marked as 2;
when a steady signal is generated, the value is marked as 1.6
When a micro-steady signal is generated, the effective value is marked as 1.3;
when a stable signal is generated, marking the effective value as 1;
s6: then, marking the specific value of n as a total use value; then automatically acquiring the current time and the shortest time within all historical login time, and marking the current time and the shortest time as a short-span time;
s7: and obtaining the effective value, the total use value and the span time length of the historical equipment.
5. The system for securing network information according to claim 1, wherein the specific manner of exception checking in the sixth step is:
s01: when the abnormal equipment belongs to the inertial equipment, a judgment is carried out, specifically:
automatically sending information to the intelligent equipment of the user corresponding to the account, and enabling the user to confirm legal abnormal equipment through intelligent equipment feedback information and mark the legal abnormal equipment as compliant equipment;
s02: when the abnormal equipment does not belong to the inertial equipment, carrying out two-term judgment, specifically:
automatically sending information to the intelligent equipment of the user corresponding to the account, wherein the user needs to confirm the user identity through face recognition or fingerprint recognition before confirming the legal abnormal equipment through the intelligent equipment feedback information, and then confirming the compliance equipment according to the feedback information;
s03: after the compliant device is confirmed, the remaining abnormal devices are marked as illegal devices.
6. The system for securing network information according to claim 1, wherein: the processor is further configured to transmit the illegal device to an emergency processing unit, the emergency processing unit configured to perform a device determination for the compliant device and the illegal device.
7. The system for securing network information according to claim 6, wherein the device determines the specific manner as follows:
if the equipment corresponding to the compliance equipment is continuously marked as the compliance equipment for X3 times, wherein X3 is a preset value;
and all the user accounts, passwords and related account information contents on all illegal devices are cached and deleted.
8. The system according to claim 1, further comprising a management unit, wherein the management unit is communicatively connected to the processor, and the management unit is configured to enter all preset values.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210832551.9A CN115238277A (en) | 2022-07-14 | 2022-07-14 | Safety protection system of network information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210832551.9A CN115238277A (en) | 2022-07-14 | 2022-07-14 | Safety protection system of network information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115238277A true CN115238277A (en) | 2022-10-25 |
Family
ID=83674106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210832551.9A Pending CN115238277A (en) | 2022-07-14 | 2022-07-14 | Safety protection system of network information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115238277A (en) |
-
2022
- 2022-07-14 CN CN202210832551.9A patent/CN115238277A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5272754A (en) | Secure computer interface | |
| CN107612698B (en) | Commercial password detection method, device and system | |
| US20080276092A1 (en) | Method for Authentication of Sensor Data, and an Associated Sensor | |
| CN111708658A (en) | Judicial-assisted case data risk management system and application method thereof | |
| CN112769808B (en) | Mobile fort machine for industrial local area network, operation and maintenance method thereof and computer equipment | |
| CN112383535B (en) | Method and device for detecting Hash transfer attack behavior and computer equipment | |
| CN109743174A (en) | The monitoring and managing method that electric power monitoring security management and control system program updates | |
| CN111292438A (en) | Unmanned aerial vehicle inspection method with information security | |
| CN104035408A (en) | RTU (Remote Terminal Unit) controller and communication method with SCADA (Supervisory Control And Data Acquisition) system | |
| CN111553689A (en) | Matching correlation method and system based on quadratic hash | |
| CN113918977A (en) | User information transmission device based on Internet of things and big data analysis | |
| CN117113199A (en) | File security management system and method based on artificial intelligence | |
| CN115238277A (en) | Safety protection system of network information | |
| CN113205632B (en) | Internet of things equipment security access method suitable for electric power operation field | |
| CN115600189A (en) | Commercial password application security evaluation system | |
| CN113076531A (en) | Identity authentication method and device, computer equipment and storage medium | |
| CN213122985U (en) | PIS authentication system | |
| CN113326528A (en) | Block chain application method based on big data high-security personal information protection | |
| CN114218597A (en) | Method and system suitable for privacy data confidentiality inside enterprise | |
| CN113923034B (en) | Networking equipment supervision authentication system and method | |
| CN112818326A (en) | USB device permission determining method, device, equipment and medium | |
| CN107171784B (en) | Emergency command scheduling method and system for emergency environment events | |
| CN111553694A (en) | Distributed storage block chain method and system | |
| CN113259105B (en) | Block chain data sharing method and system | |
| CN110365467B (en) | Unmanned aerial vehicle behavior supervision system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |