CN115296882A - Network security monitoring system - Google Patents

Network security monitoring system Download PDF

Info

Publication number
CN115296882A
CN115296882A CN202210914352.2A CN202210914352A CN115296882A CN 115296882 A CN115296882 A CN 115296882A CN 202210914352 A CN202210914352 A CN 202210914352A CN 115296882 A CN115296882 A CN 115296882A
Authority
CN
China
Prior art keywords
information
user
data
unit
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210914352.2A
Other languages
Chinese (zh)
Inventor
赵秋含
赵艳军
赵思嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heilongjiang Yulan Jiayuan Information Technology Co ltd
Original Assignee
Heilongjiang Yulan Jiayuan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heilongjiang Yulan Jiayuan Information Technology Co ltd filed Critical Heilongjiang Yulan Jiayuan Information Technology Co ltd
Priority to CN202210914352.2A priority Critical patent/CN115296882A/en
Publication of CN115296882A publication Critical patent/CN115296882A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)

Abstract

The invention belongs to the technical field of network security detection, and discloses a network security monitoring system which comprises a monitoring unit, an information acquisition unit, a security evaluation unit and a user conveying unit, wherein the monitoring unit intercepts all information, and the information acquisition unit classifies the acquired information. The method and the device have the advantages that the source data are circulated to the user conveying unit after the safety evaluation is passed, the source data are stored through the user conveying unit, the user address and the corresponding data are recorded according to the user access acquisition condition, an access log is generated, the access data and the user address are paired, and the mirror image detection can be performed after the data are acquired, so that the comprehensive information detection is gradually completed in the data information circulation lottery and storage to-be-accessed process, the accurate detection is completed during the data information acquisition and use period of the user, the thorough risk detection is ensured, the final calling efficiency of the actual data information is greatly improved, and the use effect is good.

Description

Network security monitoring system
Technical Field
The invention belongs to the technical field of network security detection, and particularly relates to a network security monitoring system.
Background
Network Security (Cyber Security) refers to the protection of hardware, software and data in the system of a network system, and the protection of the hardware, software and data in the system from being damaged, altered and leaked due to accidental or malicious reasons, the continuous, reliable and normal operation of the system, uninterrupted network service, and network Security, which generally refers to the Security of computer networks, and in fact, may also refer to the Security of computer communication networks. The computer communication network is a system which interconnects a plurality of computers with independent functions through communication equipment and transmission media and realizes information transmission and exchange among the computers under the support of communication software. The computer network is a system that connects a plurality of independent computer systems, terminals, and data devices, which are relatively dispersed geographically, by a communication means for the purpose of sharing resources, and performs data exchange under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are the way to implement network resource sharing, so that computer networks are secure, and corresponding computer communication networks must also be secure, and information exchange and resource sharing should be implemented for network users.
In the network security monitoring system in the prior art, in the using process, log generation is generally performed after information is acquired, detection of a neural network model is performed after the acquisition, whether circulating information is a dangerous file is judged, marking interception is performed after the dangerous file is detected, security processing is performed after the interception, the detected file is continuously conveyed to a user, detection of a full information stream is performed in the actual detection process, information transmission and circulation are performed after the complete detection, although a good security effect is achieved, the online circulation speed of the actual information file is delayed, more time is consumed for waiting detection, and the using effect is poor.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network security monitoring system which has the advantage of improving the information circulation efficiency.
In order to achieve the above purpose, the invention provides the following technical scheme: the utility model provides a network security monitoring system, network security monitoring system includes monitoring unit, information acquisition unit, safety assessment unit and user's conveying unit, the monitoring unit intercepts whole information, information acquisition unit carries out classification with the information that obtains, safety assessment unit is used for carrying out basic safety assessment with the information that obtains and carries out sampling test.
Preferably, the information obtaining unit includes comprehensive detection and information source positioning, wherein the information obtaining unit is used for dividing all the obtained information into link information and file information according to information types and completing obtaining of address information of each information source after the information is completely classified, so that the source address information generates a safety log which is stored in the source address log for calling.
By carrying out classification processing on the acquired network data information, classification retrieval and searching can be realized according to the data characteristics of the actual risk items when actual detection and searching are carried out, and rapid searching of the source address access user address of the risk items is improved, so that the intercepting and cleaning efficiency of the actual risk items is greatly improved.
Preferably, the information acquisition unit transmits the acquired classification information to the safety evaluation unit after classification, and meanwhile, the information acquisition unit directly copies the mirror image of the information, stores the mirror image as an information mirror image library, and calls a neural network simulation training model to detect all data in the mirror image library one by one.
The acquired information is subjected to mirror image processing at the information acquisition unit, so that the source data information is continuously and comprehensively detected in the mirror image library in the time of descending to the security evaluation unit and the user conveying unit, after the security evaluation allows data access, the user continuously detects the data in the mirror image library during random access downloading at the user conveying unit, once a risk item appears, the information acquisition unit quickly sends a signal to terminate the random inspection of the security evaluation unit and send a risk alarm, meanwhile, the online information acquisition unit can quickly search a user address for risk interception, and good risk monitoring is realized while the high-efficiency data information conveying is ensured.
Preferably, the safety evaluation unit receives the uplink information data, performs skip lottery from the information data, calls a neural network simulation training model for on-line operation according to the lottery information data, performs safety marking according to operation safety, allows circulation when no risk is evaluated, allows a user to perform download calling, stores the allowed data information in a user conveying library, and waits for random download of the user.
The data are subjected to online operation by utilizing the neural network simulation training model, so that risk detection is completed, comprehensive detection is performed by matching with the data in the mirror image data, and sampling detection is completed by matching with the sampling data in the safety assessment unit.
Preferably, the user conveying unit generates a user address mark according to the user download information record in the process of allowing the user to download data, and records the user address and the information mark aiming at the object of the user download data, so that the system can track the risk data in time when the user has problems.
By utilizing the user conveying unit, a user address library of the access user is formed according to each group of data information and the corresponding access user, so that the interception and the cleaning of the risk items can be conveniently and rapidly completed when the flow direction of the risk items is searched.
Preferably, the monitoring unit establishes network security log data according to an information acquisition interface of the network security site, selects corresponding data according to a source address library, sets an update frequency of updated data information, continuously acquires the network security log data from the acquisition interface of the source address of the data information, and constantly performs update monitoring on the source data information.
The information acquisition of the information acquisition unit is updated by using the monitoring unit, and the change of the data source is discovered as soon as possible through stable updating frequency, so that the updated data information is conveniently additionally detected, and the monitoring quality is ensured.
Preferably, the stored user address data is sorted and labeled according to the domain name, the protocol feature and the data feature, the creation of a user address library is completed, the user address library is sorted according to the actual access frequency of the user, key risk users are obtained, and when the retrieval of the flow direction address of the risk item is performed, the timely search of the users with the risk items is improved, and the rapid tracking is completed.
Through classifying the users, key users are sorted according to the access times of the users, when the risk items appear, searching according to needs is achieved according to the key users, the retrieval efficiency of the flow direction of the risk items is improved, and the interception and cleaning efficiency of the risk items is improved.
Preferably, when the data information is comprehensively detected, and the data information flows downwards along with the data information, after the sampling detection is completed and normal user conveying is performed, when a risk item appears in the comprehensive data information detection, the network information acquisition unit rapidly searches the source address information in the log library according to the risk item, seals the risk source address and performs the distrust marking, then directly performs risk reminding on the safety evaluation unit, the safety evaluation unit stops evaluation in time and sends out an air risk alarm, along with the risk reminding of the safety evaluation, the network information acquisition unit directly acts on the user conveying unit, the user conveying unit searches and downloads a user address according to the data information of the risk item, tracks the user address of the risk item to a target risk item, and invokes user side searching and killing software to perform on-network interception and cleaning.
The on-line interception and cleaning are realized by directly calling the user side searching and killing software according to the user address of the flow direction of the risk item, the actual interception and cleaning efficiency is greatly improved, and the high-speed searching and killing is finished by crossing the subjective operation of the user aiming at the risk item.
The invention has the following beneficial effects:
the method comprises the steps of quickly classifying after data information is acquired, carrying out mirror image storage after classification, circulating the classified data information to security assessment, quickly calling a neural network simulation detection model in a mirror image database, carrying out on-line detection, gradually completing one-by-one detection, simultaneously carrying out sampling detection on source data while comprehensively detecting in a mirror image database, circulating the source data to a user conveying unit after the security assessment is passed, storing the source data through the user conveying unit, recording a user address and corresponding data according to user access acquisition conditions, generating an access log, pairing the access data with the user address, carrying out mirror image detection after data acquisition, ensuring that the comprehensive information detection is gradually completed in the processes of circulating lottery and storing the data information to be accessed, ensuring that the accurate detection is completed during the use period of the data information acquisition for a user, ensuring complete risk detection, greatly improving the final calling efficiency of actual data information, and having good use effect.
Drawings
FIG. 1 is a system diagram of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a network security monitoring system, where the network security monitoring system includes a monitoring unit, an information obtaining unit, a security evaluating unit, and a user conveying unit, the monitoring unit intercepts all information, the information obtaining unit performs classification processing on the obtained information, and the security evaluating unit is configured to perform basic security evaluation on the obtained information and perform sampling detection.
The information acquisition unit is divided into link information and file information according to information types, and acquires address information of each information source after complete classification, so that the source address information generates a safety log which is stored in the source address log for calling.
By carrying out classification processing on the acquired network data information, during actual detection and search, classification retrieval and search can be realized according to the data characteristics of the actual risk items, and the rapid search of the source address access user address of the risk items is improved, so that the interception and cleaning efficiency of the actual risk items is greatly improved.
The information acquisition unit transmits the acquired classification information to the safety evaluation unit after classification is completed, meanwhile, the information acquisition unit directly copies the mirror image of the information, stores the mirror image as an information mirror image library, and calls a neural network simulation training model to detect all data in the mirror image library one by one.
The acquired information is subjected to mirror image processing at the information acquisition unit, so that the source data information is continuously and comprehensively detected in the mirror image library in the time of descending to the security evaluation unit and the user conveying unit, after the security evaluation allows data access, the user continuously detects the data in the mirror image library during random access downloading at the user conveying unit, once a risk item appears, the information acquisition unit quickly sends a signal to terminate the random inspection of the security evaluation unit and send a risk alarm, meanwhile, the online information acquisition unit can quickly search a user address for risk interception, and good risk monitoring is realized while the high-efficiency data information conveying is ensured.
The safety evaluation unit receives the uplink information data, performs skip lottery from the information data, calls a neural network simulation training model for on-line operation according to the lottery information data, performs safety marking according to operation safety, allows circulation when no risk is evaluated, allows a user to perform downloading call, stores the allowed data information in a user conveying library, and waits for random downloading of the user.
The data are subjected to online operation by utilizing the neural network simulation training model, so that risk detection is completed, comprehensive detection is performed by matching with the data in the mirror image data, and sampling detection is completed by matching with the sampling data in the safety assessment unit.
The user conveying unit generates a user address mark according to the user downloading information record in the process of allowing the user to download, and records the user address and the information mark aiming at the object of the user downloading data, so that the system can track the risk data in time when the user has problems.
By utilizing the user conveying unit, a user address library of the access user is formed according to each group of data information and the corresponding access user, so that the interception and the cleaning of the risk items can be conveniently and rapidly completed when the flow direction of the risk items is searched.
The monitoring unit establishes network security log data according to an information acquisition interface of a network security site, selects corresponding data according to a source address library, sets the updating frequency of updated data information, continuously acquires the network security log data from the acquisition interface of a data information source address, and constantly updates and monitors the source data information.
The information acquisition of the information acquisition unit is updated by using the monitoring unit, and the change of the data source is discovered as soon as possible through stable updating frequency, so that the updated data information is conveniently additionally detected, and the monitoring quality is ensured.
The method comprises the steps of sorting and marking stored user address data according to domain names, protocol features and data features, creating a user address library, sequencing according to the actual access frequency of users to obtain key risk users, improving the timely search of the users with risk items when searching the flow direction address of the risk items, and completing the quick tracking.
Through classifying the users, key users are sorted according to the access times of the users, when risk items appear, searching according to needs is achieved according to the key sorted users, the retrieval efficiency of the flow direction of the risk items is improved, and the interception and cleaning efficiency of the risk items is improved.
When a risk item appears in the comprehensive data information detection, the network information acquisition unit rapidly searches source address information in a log library according to the risk item, seals a risk source address and carries out distrust marking, then directly carries out risk reminding on the safety evaluation unit, the safety evaluation unit timely stops evaluation and sends out a risk alarm, along with the risk reminding of the safety evaluation, the network information acquisition unit directly acts on the user conveying unit, the user conveying unit searches and downloads a user address according to the data information of the risk item, the user address of the risk item is tracked to a target risk item, and user side searching and killing software is called to carry out on-network interception and cleaning.
The on-line interception and cleaning are realized by directly calling the user side searching and killing software according to the user address of the flow direction of the risk item, the actual interception and cleaning efficiency is greatly improved, and the high-speed searching and killing is finished by crossing the subjective operation of the user aiming at the risk item.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. A network security monitoring system, characterized by: the network security monitoring system comprises a monitoring unit, an information acquisition unit, a security evaluation unit and a user conveying unit, wherein the monitoring unit intercepts all information, the information acquisition unit classifies the acquired information, and the security evaluation unit is used for performing basic security evaluation on the acquired information and performing sampling detection.
2. The network security monitoring system according to claim 1, wherein: the information acquisition unit comprises comprehensive detection and information source positioning, wherein all acquired information is divided into link information and file information according to information types, and the acquisition of the address information of each information source is completed after the information is completely classified, so that the source address information generates a safety log which is stored in the source address log for calling.
3. The network security monitoring system according to claim 1, wherein: the information acquisition unit transmits the acquired classification information to the safety evaluation unit after classification is completed, meanwhile, the information acquisition unit directly copies the mirror image of the information, stores the mirror image as an information mirror image library, and calls a neural network simulation training model to detect all data in the mirror image library one by one.
4. The network security monitoring system according to claim 1, wherein: the safety evaluation unit receives the uplink information data, performs jumping lottery from the information data, calls a neural network simulation training model for on-line operation of the lottery information data, performs safety marking according to operation safety, allows circulation when no risk is evaluated, allows a user to perform downloading call, stores the allowed data information in a user conveying library, and waits for random downloading of the user.
5. The network security monitoring system according to claim 1, wherein: and the user conveying unit generates a user address mark according to the user downloading information record in the process of allowing the user to download, and records the user address and the information mark aiming at the object of the user downloading data, so that the system can track the risk data in time when the user has a problem.
6. The network security monitoring system according to claim 1, wherein: the monitoring unit establishes network security log data according to an information acquisition interface of a network security site, selects corresponding data according to a source address library, sets the updating frequency of updated data information, continuously acquires the network security log data from the acquisition interface of a data information source address, and constantly performs updating monitoring on the source data information.
7. The network security monitoring system according to claim 1, wherein: the stored user address data is sorted and labeled according to the domain name, the protocol characteristics and the data characteristics, the creation of a user address library is completed, the user address library is sorted according to the actual access frequency of the user, key risk users are obtained, the users with risk items are timely searched when the risk item flow direction address retrieval is carried out, and the rapid tracking is completed.
8. The network security monitoring system according to claim 1, wherein: when the data information is comprehensively detected, along with the downward circulation of the data information, after sampling detection is completed and normal user conveying is carried out, when a risk item appears in comprehensive data information detection, the network information acquisition unit rapidly searches source address information in a log library according to the risk item, seals a risk source address and carries out distrust marking, then directly carries out risk reminding on the safety evaluation unit, the safety evaluation unit timely stops evaluation and sends out a risk alarm, along with the risk reminding of the safety evaluation, the network information acquisition unit directly acts on the user conveying unit, the user conveying unit searches and downloads a user address according to the data information of the risk item, the user address of the risk item is tracked to a target risk item, and user side searching and killing software is called to carry out on-network interception and cleaning.
CN202210914352.2A 2022-08-01 2022-08-01 Network security monitoring system Withdrawn CN115296882A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210914352.2A CN115296882A (en) 2022-08-01 2022-08-01 Network security monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210914352.2A CN115296882A (en) 2022-08-01 2022-08-01 Network security monitoring system

Publications (1)

Publication Number Publication Date
CN115296882A true CN115296882A (en) 2022-11-04

Family

ID=83826737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210914352.2A Withdrawn CN115296882A (en) 2022-08-01 2022-08-01 Network security monitoring system

Country Status (1)

Country Link
CN (1) CN115296882A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659341A (en) * 2022-12-23 2023-01-31 中国计量大学现代科技学院 Software information safety monitoring system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659341A (en) * 2022-12-23 2023-01-31 中国计量大学现代科技学院 Software information safety monitoring system
CN115659341B (en) * 2022-12-23 2023-03-10 中国计量大学现代科技学院 Software information safety monitoring system

Similar Documents

Publication Publication Date Title
CN112769796B (en) Cloud network side collaborative defense method and system based on end side edge computing
CN108366045B (en) Method and device for setting wind control scoring card
US9154516B1 (en) Detecting risky network communications based on evaluation using normal and abnormal behavior profiles
Zheng et al. Smoke screener or straight shooter: Detecting elite sybil attacks in user-review social networks
CN105187394B (en) Proxy server and method with mobile terminal from malicious software action detectability
CN104683984B (en) The real-time monitoring process method of wireless communication signals and system
CN105187395B (en) The method and system of Malware network behavior detection are carried out based on couple in router
CN108243421B (en) Pseudo base station identification method and system
IL257849B2 (en) Systems and methods for detecting and scoring anomalies
CN105721406A (en) Method and device for obtaining IP black list
CN108206769B (en) Method, apparatus, device and medium for filtering network quality alarms
CN112733045B (en) User behavior analysis method and device and electronic equipment
CN101808102A (en) Operating record tracing system and method based on cloud computing
CN115296882A (en) Network security monitoring system
Kistijantoro Vitality based feature selection for intrusion detection
CN116956083A (en) Data processing method and device
CN113987504A (en) Vulnerability detection method for network asset management
CN115134099A (en) Network attack behavior analysis method and device based on full flow
CN111915331A (en) Enterprise credit investigation data management method and system based on block chain
CN113535518B (en) Distributed real-time dynamic monitoring method and system for user behaviors
CN108876314B (en) Career professional ability traceable method and platform
CN117254983A (en) Method, device, equipment and storage medium for detecting fraud-related websites
CN109474529B (en) Method for feeding back terminal network associated data
CN115442159B (en) Household routing-based risk management and control method, system and storage medium
CN115314424B (en) Method and device for rapidly detecting network signals

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20221104