CN115544508A - Computer system security management system and method based on big data - Google Patents

Computer system security management system and method based on big data Download PDF

Info

Publication number
CN115544508A
CN115544508A CN202211292039.6A CN202211292039A CN115544508A CN 115544508 A CN115544508 A CN 115544508A CN 202211292039 A CN202211292039 A CN 202211292039A CN 115544508 A CN115544508 A CN 115544508A
Authority
CN
China
Prior art keywords
data
information
virus
module
uploaded
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211292039.6A
Other languages
Chinese (zh)
Inventor
张超然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202211292039.6A priority Critical patent/CN115544508A/en
Publication of CN115544508A publication Critical patent/CN115544508A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90344Query processing by using string matching techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Quality & Reliability (AREA)
  • Automation & Control Theory (AREA)
  • Bioethics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of computer security management, in particular to a computer system security management system and a method based on big data, which comprises the following steps: the system comprises an access management module, a data uploading and using module, a database, a periodic detection module and a feedback module; the identity information of an accessor is registered and an opening authority is set through the access management module, and the confirmed identity information is sent to the database and the data uploading and using module; the data uploading and using module is used for managing the uploading and using of the data; storing all identity information and uploaded and used data through the database; the software and hardware of the computer are periodically detected through the periodic detection module, and the detection result is sent to the feedback module; displaying the detection result through the feedback module and judging whether the data is abnormal or not; further solve the security problem of campus computer system.

Description

Computer system security management system and method based on big data
Technical Field
The invention relates to the technical field of computer security management, in particular to a computer system security management system and method based on big data.
Background
The computer system is computer hardware and software for database management and network system, and features accurate and fast calculation and judgment, high universality, easy use and networking. With the rapid development of networks, computer technology becomes an indispensable course for college students, so that a campus computer room also becomes an indispensable component in campus construction.
Because most objects facing the campus are students, the occurrence of bad webpages, bad advertisements and the like needs to be avoided, and in addition, the occurrence of viruses may cause the whole computer system to be paralyzed, thereby causing very important influence, therefore, the security management of the computer system on the campus still needs to be strengthened.
Therefore, a computer system security management system and method based on big data are needed to solve the above problems, and the occurrence of bad information is reduced by using an intelligent auditing model and an information filtering technology to audit and filter information; the virus in the computer is identified and killed by using a software simulation scanning method, so that the virus is prevented from invading.
Disclosure of Invention
The present invention is directed to a system and method for managing security of a computer system based on big data, so as to solve the problems mentioned in the background art.
In order to solve the technical problems, the invention provides the following technical scheme: a big data based computer system security management system, the system comprising: the system comprises an access management module, a data uploading and using module, a database, a periodic detection module and a feedback module;
the identity information of an accessor is registered and an opening authority is set through the access management module, and the confirmed identity information is sent to the database and the data uploading and using module;
the data uploading and using module manages the uploading and using of the data;
storing all identity information and uploaded and used data through the database;
the software and hardware of the computer are periodically detected through the periodic detection module, and the detection result is sent to the feedback module;
and displaying the detection result through the feedback module, judging whether the data is abnormal or not, and alarming if the data is abnormal.
Further, the access management module comprises an identity registration unit and a permission setting unit; the identity registration unit is used for registering identity information of the visitor and confirming whether the visitor belongs to a school member, if so, the identity information is uploaded to the database, and if not, the visitor stops accessing; the permission setting unit is used for opening different computer permissions according to different identities of visitors, and the opening of the computer permissions specifically comprises the step of starting a teacher access mode if the identity of the visitor is confirmed to be a teacher; and if the identity of the visitor is confirmed to be the student, starting a student access mode and the like.
Furthermore, the data uploading and using module comprises an uploading management unit, an information filtering unit and a data backup unit; the uploading management unit is used for detecting whether the file uploaded by the visitor meets the campus management specification or not and detecting whether the file contains viruses or not; the information filtering unit is used for filtering bad information encountered by a visitor in the data using process by using an information filtering technology; the data backup unit is used for backing up data uploaded and used by an accessor;
the uploading management unit comprises a content audit subunit and a virus detection subunit; the content auditing subunit is used for auditing the uploaded file content by using the intelligent auditing model, judging whether the uploaded file content conforms to the campus management specification, uploading the file if the uploaded file content conforms to the campus management specification, and displaying uploading failure if the uploaded file content does not conform to the campus management specification; the virus detection subunit is used for detecting whether the uploaded file data contains viruses by using a search method based on character strings.
Further, the database also comprises a virus library and a sensitive word library; the virus library is used for storing characteristic character strings of possible computer viruses; the sensitive word bank is used for storing sensitive word information which does not accord with campus management specifications.
Further, the periodic detection module comprises a time control unit, a hardware detection unit and a software detection unit; the time control unit controls the starting time of the hardware detection unit and the software detection unit by arranging a time valve; the hardware detection unit is used for detecting whether the hardware function of the computer can be normally used; the software detection unit is used for detecting viruses in the computer system;
the software detection unit comprises a virus identification subunit, a virus searching and killing subunit and a virus alarm subunit; the virus identification subunit is used for identifying the virus in the computer system; the virus searching and killing subunit is used for cleaning the virus identified by the virus identification subunit; the virus alarm subunit is used for carrying out alarm processing on the virus which cannot be cleared and sending the signal to the feedback module.
Further, the feedback module displays the result detected by the periodic detection module, judges the result, and performs alarm processing if the result is abnormal.
A computer system security management method based on big data comprises the following steps:
s1: registering identity information of an accessor and setting an opening authority;
s2: managing and detecting data uploaded and used by an accessor, and backing up the data;
s3: storing all identity information and data uploaded and used to the database;
s4: periodically detecting software and hardware of a computer system;
s5: and displaying the detection result, judging whether the data is abnormal or not, and alarming if the data is abnormal.
Further, in step S1: and registering the identity information of the visitor, judging whether the visitor belongs to a school member or not according to the member information recorded in the database, if so, opening the corresponding authority according to the identity information, and if not, stopping the access.
Further, in step S2: in order to detect whether the file uploaded by the visitor meets the campus management specification, the uploaded data is audited by using an intelligent auditing model, if the file is in accordance with the campus management specification, the file is uploaded, and if the file is not in accordance with the campus management specification, uploading failure is displayed:
s201: firstly, calculating the similarity between the keywords of the file content and the sensitive word information in the sensitive word library:
mapping the uploaded file content to a numerical vector space by using a word embedding algorithm, establishing a coordinate system, processing the uploaded file information to obtain a vector set A, processing the sensitive word bank information to obtain a vector set B, and setting gamma as the similarity between the vector set A and the vector set B, wherein at the moment
Figure BDA0003901419130000031
If the gamma value is larger than the set threshold value m, the sensitive words representing the file content are similar to the sensitive words of the sensitive word bank, and the campus management specification is not met, otherwise, the campus management specification is met;
s202: judging whether the file content meets the campus management specification, if so, uploading the file, and if not, stopping uploading the file and displaying uploading failure;
meanwhile, in order to detect whether the uploaded file data contains viruses, a search method based on character strings is used for detecting according to the virus library, and the search method based on character strings belongs to the conventional technical means of the technical personnel in the field, so that redundant details are not given.
In order to avoid that visitors encounter bad information in the computer in the process of using data, the information is filtered by using an information filtering technology:
s203: firstly, extracting characteristic values of all words in a webpage based on a vector space model:
the text set formed in the web page is set as R, and the ith vocabulary in the text is set as R i And setting the training text set in the database as M, then the logarithm mutual information amount logI (R) of the vocabulary and the text set i And R) is:
Figure BDA0003901419130000041
wherein, P (R) i R) represents the vocabulary R i Specific gravity in text set R, p (R) i ) Representing the word R i Specific gravity in the training text set M; at the moment, all the vocabularies are sequenced according to the mutual information quantity of the formula, and some vocabularies arranged at higher positions are selected as characteristic items;
s204: then calculating the similarity between the extracted characteristic items and the information in the sensitive word bank:
setting the selected feature item as W i And forming a set W, wherein beta is the similarity between the characteristic item and the sensitive word stock information:
Figure BDA0003901419130000042
s205: then, whether the webpage information is bad information is judged by setting a threshold value n, if the webpage information is larger than the set threshold value n, the webpage contains the bad information, otherwise, the webpage meets the requirement; and the web pages containing bad information are eliminated, and the web pages which are normally used are reserved.
Further, in step S4: the method comprises the steps that a time valve is installed in a system to control the starting time of computer software and hardware detection, a time period is set in the time valve, for example, 24 hours, and at the moment, the detection is performed on the computer software and hardware every 24 hours;
after the time valve is opened, entering a hardware detection mode and a software detection mode; the hardware detection mode detects whether the hardware function of the computer can be normally used by starting a series of computer detection tools, wherein the computer detection tools comprise a CPU-Z for detecting a processor and a display card; the HD TUNE is used for detecting the transmission rate of the hard disk, the capacity of the hard disk, the health state, the temperature and the surface scanning of the magnetic disk; super PI is used for detecting CPU stability and the like; the software detection mode is used for identifying computer viruses by using a software simulation scanning method, and searching and killing the identified viruses by using antivirus software installed in a computer, wherein the software simulation scanning method belongs to the conventional technical means of technicians in the field, and therefore, excessive details are not given; and if the antivirus software cannot thoroughly clean the identified virus, entering an alarm system and sending a signal to the feedback module.
Further, in step S5: and displaying the detection results of the system, including the hardware function detection result and the software virus detection result, if the results are displayed to be normal, not performing alarm processing, and if the results are displayed to be abnormal, performing reminding and alarming.
Compared with the prior art, the invention has the following beneficial effects:
the identity information is registered, so that the login of a person who does not belong to the school to the computer is effectively avoided; by setting the authority, the use of different people for the computer is facilitated; by using the intelligent auditing model to audit data, whether the uploaded files meet the campus management specification or not can be detected; whether the file contains viruses or not is detected by utilizing a character string-based search method, so that virus invasion caused by file uploading is effectively avoided; by utilizing the information filtering technology, the bad information in the computer is effectively avoided in the data using process; the time valve is set to control the hardware detection time and the software detection time, so that the computer is cleaned automatically at regular intervals, and the intrusion of viruses is avoided; by timely alarming and processing the virus which cannot be cleaned, the problem can be found by workers, so that the problem that the computer system is paralyzed due to the occurrence of the virus is reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a block diagram of a big data based computer system security management system of the present invention;
FIG. 2 is a flow chart of a method for managing security of a big data-based computer system according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it should be understood that they are presented herein only to illustrate and explain the present invention and not to limit the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: a big data based computer system security management system, the system comprising: the system comprises an access management module, a data uploading and using module, a database, a periodic detection module and a feedback module;
the identity information of an accessor is registered and an opening authority is set through the access management module, and the confirmed identity information is sent to the database and the data uploading and using module;
the data uploading and using module manages the uploading and using of the data;
storing all identity information and uploaded and used data through the database;
the software and hardware of the computer are periodically detected through the periodic detection module, and the detection result is sent to the feedback module;
and displaying the detection result through the feedback module, judging whether the data is abnormal or not, and alarming if the data is abnormal.
Further, the access management module comprises an identity registration unit and a permission setting unit; the identity registration unit is used for registering identity information of the visitor and confirming whether the visitor belongs to a school member, if so, the identity information is uploaded to the database, and if not, the visitor stops accessing; the permission setting unit is used for opening different permissions of the computer according to different identities of the visitor, and the opening of the computer permission specifically comprises the step of starting a teacher access mode if the identity of the visitor is confirmed to be a teacher; and if the identity of the visitor is confirmed to be the student, starting a student access mode and the like.
Further, the data uploading and using module comprises an uploading management unit, an information filtering unit and a data backup unit; the uploading management unit is used for detecting whether the file uploaded by the visitor meets the campus management specification or not and detecting whether the file contains viruses or not; the information filtering unit is used for filtering bad information encountered by a visitor in the data using process by using an information filtering technology; the data backup unit is used for backing up data uploaded and used by an accessor;
the uploading management unit comprises a content auditing subunit and a virus detecting subunit; the content auditing subunit is used for auditing the uploaded file content by using the intelligent auditing model, judging whether the uploaded file content conforms to the campus management specification, uploading the file if the uploaded file content conforms to the campus management specification, and displaying that the uploading fails if the uploaded file content does not conform to the campus management specification; the virus detection subunit is used for detecting whether the uploaded file data contains viruses by using a search method based on character strings.
Further, the database also comprises a virus library and a sensitive word library; the virus library is used for storing characteristic character strings of possible computer viruses; the sensitive word bank is used for storing sensitive word information which does not accord with campus management specifications.
Further, the periodic detection module comprises a time control unit, a hardware detection unit and a software detection unit; the time control unit controls the starting time of the hardware detection unit and the software detection unit by arranging a time valve; the hardware detection unit is used for detecting whether the hardware function of the computer can be normally used; the software detection unit is used for detecting viruses in the computer system;
the software detection unit comprises a virus identification subunit, a virus searching and killing subunit and a virus alarm subunit; the virus identification subunit is used for identifying a virus in the computer system; the virus searching and killing subunit is used for cleaning the virus identified by the virus identification subunit; the virus alarm subunit is used for carrying out alarm processing on the virus which cannot be cleared, sending the signal to the feedback module, and carrying out timely alarm processing on the virus which cannot be cleared, so that the problem finding by workers is facilitated, and the problem of paralysis of a computer system caused by the occurrence of the virus is reduced.
Further, the feedback module displays the result detected by the periodic detection module, judges the result, and performs alarm processing if the result is abnormal.
A computer system security management method based on big data comprises the following steps:
s1: registering identity information of an accessor and setting an opening authority;
s2: managing and detecting data uploaded and used by an accessor, and backing up the data;
s3: storing all identity information and data uploaded and used to the database;
s4: periodically detecting software and hardware of a computer system;
s5: and displaying the detection result, judging whether the data is abnormal or not, and alarming if the data is abnormal.
Further, in step S1: the identity information of the visitor is registered, whether the visitor belongs to a school member or not is judged according to the member information recorded in the database, if the visitor belongs to the school member, corresponding authority is opened according to the identity information, the use of different people for the computer is facilitated by setting the authority, and if the visitor does not belong to the school member, the visit is stopped.
Further, in step S2: in order to detect whether the file uploaded by the visitor meets the campus management specification, the uploaded data is audited by using an intelligent auditing model, if the file is in accordance with the campus management specification, the file is uploaded, and if the file is not in accordance with the campus management specification, uploading failure is displayed:
s201: firstly, calculating the similarity between the keywords of the file content and the information of the sensitive words in the sensitive word library:
mapping the uploaded file content to a numerical vector space by using a word embedding algorithm, establishing a coordinate system, processing the uploaded file information to obtain a vector set A, processing the sensitive word bank information to obtain a vector set B, and setting gamma as the similarity between the vector set A and the vector set B, wherein at the moment
Figure BDA0003901419130000081
If the gamma value is larger than the set threshold value m, the sensitive words representing the file content are similar to the sensitive words of the sensitive word bank, and the campus management specification is not met, otherwise, the campus management specification is met;
s202: judging whether the content of the file meets the campus management specification, if so, uploading the file, otherwise, stopping uploading the file and displaying uploading failure;
meanwhile, in order to detect whether the uploaded file data contains viruses, a search method based on character strings is used for detecting according to the virus library, so that the problem of virus intrusion caused by uploading of the file data is effectively avoided.
In order to avoid that visitors encounter bad information in the computer in the process of using data, the information is filtered by using an information filtering technology:
s203: firstly, extracting characteristic values of all words in a webpage based on a vector space model:
setting a text set formed in a webpage as R, and setting the ith vocabulary in the text as R i And setting the training text set in the database as M, the logarithm mutual information amount logI (R) of the vocabulary and the text set i And R) is:
Figure BDA0003901419130000082
wherein, P (R) i R) represents the vocabulary R i Specific gravity in text set R, P (R) i ) Representing the word R i Specific gravity in the training text set M; at the moment, all the vocabularies are sequenced according to the mutual information quantity of the formula, and some vocabularies arranged at higher positions are selected as characteristic items;
s204: and then calculating the similarity between the extracted feature items and the information in the sensitive word stock:
setting the selected feature item as W i And forming a set W, wherein beta is the similarity between the characteristic item and the sensitive word stock information:
Figure BDA0003901419130000091
s205: then, whether the webpage information is bad information is judged by setting a threshold value n, if the webpage information is larger than the set threshold value n, the webpage is indicated to contain the bad information, otherwise, the webpage is indicated to meet the requirements, and the bad information does not appear; and then, removing the web pages containing bad information, and reserving the web pages which are normally used.
Further, in step S4: the time for detecting and starting the software and hardware of the computer is controlled by installing a time valve in the system, a time period is set in the time valve, for example, 24 hours is set as a time period, at the moment, the software and hardware of the computer system are detected once every 24 hours, and the computer is controlled by utilizing the time valve to realize the regular automatic cleaning of the system, so that the system is more favorable for avoiding the occurrence of computer viruses;
after the time valve is opened, entering a hardware detection mode and a software detection mode; the hardware detection mode detects whether the hardware function of the computer can be normally used by starting a series of computer detection tools, wherein the computer detection tools comprise a CPU-Z for detecting a processor and a display card; the HD TUNE is used for detecting the transmission rate of the hard disk, the capacity of the hard disk, the health state, the temperature and the surface scanning of the magnetic disk; super PI is used for detecting CPU stability and the like; in the software detection mode, computer viruses are identified by using a software simulation scanning method, and the identified viruses are searched and killed by using antivirus software installed in a computer, wherein the software simulation scanning method belongs to the conventional technical means of technicians in the field, and therefore, the software detection mode is not described in detail; if the antivirus software cannot thoroughly clean the identified viruses, the antivirus software enters an alarm system and sends signals to the feedback module, and the viruses which cannot be cleaned are subjected to timely alarm processing, so that the problem can be found by workers, and the problem that the computer system is paralyzed due to the occurrence of the viruses is reduced.
Further, in step S5: and displaying the detection results of the system, including the hardware function detection result and the software virus detection result, if the results are displayed to be normal, not performing alarm processing, and if the results are displayed to be abnormal, prompting and alarming so as to prompt a worker to repair and process the computer system.
The first embodiment is as follows:
in step S1: registering identity information of an accessor, judging the identity of the accessor according to member information recorded in a database, receiving the existence of the identity information of the accessor in a record table in the database by the system, starting a student access mode for a student and enabling a computer to be in a student access interface, wherein the student-Zhang III is a student, and the student access mode is a student access interface;
in step S2: in order to detect whether the files uploaded by the student Zhang III conform to the campus management standard or not, the uploaded data are audited by an intelligent auditing model:
s201: firstly, calculating the similarity between the keywords of the file content and the sensitive word information in the sensitive word library:
mapping the uploaded file content to a numerical vector space by using a word embedding algorithm, establishing a coordinate system, processing the uploaded file information to obtain a vector set A, processing the sensitive word bank information to obtain a vector set B, and setting gamma as the similarity of the vector set A and the vector set B, wherein at the moment
Figure BDA0003901419130000101
Through traversal, the information similarity between the file content information and the sensitive word bank is found to be 30%;
s202: because the similarity between the content information of the file and the sensitive word bank information is 30% and is less than the set threshold value of 0.9, the file conforms to the campus management specification at this moment, and the file can be uploaded to the system;
meanwhile, in order to detect whether the uploaded file data contains viruses or not, a search method based on character strings is used for detecting according to the virus library, so that the problem of virus invasion caused by uploading of the file data is effectively avoided.
In order to avoid that 'student-Zhang III' meets bad information in a computer in the process of using data, the information is filtered by using an information filtering technology:
s203: firstly, extracting characteristic values of all words in a webpage based on a vector space model:
the text set formed in the web page is set as R, and the ith vocabulary in the text is set as R i And setting the training text set in the database as M, then the logarithm mutual information amount logI (R) of the vocabulary and the text set i And R) is:
Figure BDA0003901419130000102
wherein, P (R) i R) represents the vocabulary R i Specific gravity in text set R, P (R) i ) Representing the word R i Specific gravity in the training text set M; at the moment, all the vocabularies are sequenced according to the mutual information quantity of the formula, and some vocabularies arranged at higher positions are selected as characteristic items;
s204: and then calculating the similarity between the extracted feature items and the information in the sensitive word stock:
setting the selected feature item as W i And forming a set W, wherein beta is the similarity between the characteristic item and the sensitive word bank information:
Figure BDA0003901419130000111
s205: and then, judging whether the webpage information is bad information or not by setting a threshold value of 0.8, if the webpage information is larger than the set threshold value of 0.8, clearing the webpage, and if the webpage information is smaller than the set threshold value of 0.8, reserving the webpage, thereby avoiding the occurrence of the webpage possibly having bad information in the computer.
And after the student-Zhang III finishes using the computer, backing up the file data uploaded by the member and the used webpage data, and sending the file data and the used webpage data to the database.
In step S4: the method comprises the steps that a time valve is arranged in a system to control the starting time of the detection of software and hardware of the computer, and a period of 12 hours is set in the time valve to indicate that the software and hardware of the computer system are detected once every 12 hours; after the time valve is opened, entering a hardware detection mode and a software detection mode; the hardware detection mode detects computer hardware functions by starting a series of computer detection tools, wherein the computer detection tools comprise a CPU-Z for detecting a processor and a display card; the HD TUNE is used for detecting the transmission rate of the hard disk, the capacity of the hard disk, the health state, the temperature and the surface scanning of the magnetic disk; super PI is used for detecting CPU stability and the like; the software detection mode is used for identifying computer viruses by using a software simulation scanning method and searching and killing the identified viruses by using antivirus software installed in a computer; if the antivirus software cannot thoroughly clean the identified virus, entering an alarm system and sending a signal to the feedback module;
at this time, the system detects that the computer hardware functions normally, and the software part does not recognize the virus.
In step S5: the detection result of the system is displayed, the hardware function state is good, the software function is normal and no virus exists.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalents may be substituted for elements thereof. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A big data-based computer system security management system is characterized in that: the system comprises: the system comprises an access management module, a data uploading and using module, a database, a periodic detection module and a feedback module;
the identity information of an accessor is registered and an opening authority is set through the access management module, and the confirmed identity information is sent to the database and the data uploading and using module;
the data uploading and using module is used for managing the uploading and using of the data;
storing all identity information and uploaded and used data through the database;
the software and hardware of the computer are periodically detected by the periodic detection module, and the detection result is sent to the feedback module;
and displaying the detection result through the feedback module, judging whether the data is abnormal or not, and alarming if the data is abnormal.
2. The big data based computer system security management system of claim 1, wherein: the access management module comprises an identity registration unit and a permission setting unit; the identity registration unit is used for registering identity information of the visitor and confirming whether the visitor belongs to a school member or not; the permission setting unit is used for opening different permissions of the computer according to different identities of visitors.
3. The big data based computer system security management system of claim 1, wherein: the data uploading and using module comprises an uploading management unit, an information filtering unit and a data backup unit; the uploading management unit is used for detecting whether the file uploaded by the visitor meets the campus management specification or not and detecting whether the file contains viruses or not; the information filtering unit is used for filtering bad information encountered by a visitor in the data using process by using an information filtering technology; the data backup unit is used for backing up data uploaded and used by an accessor;
the uploading management unit comprises a content audit subunit and a virus detection subunit; the content auditing subunit is used for auditing the uploaded file content by using an intelligent auditing model and judging whether the uploaded file content conforms to the campus management specification; the virus detection subunit is used for detecting whether the uploaded file data contains viruses or not by using a search method based on character strings.
4. The big data based computer system security management system of claim 1, wherein: the database also comprises a virus library and a sensitive word library; the virus library is used for storing characteristic character strings of possible computer viruses; the sensitive word bank is used for storing sensitive word information which does not accord with campus management specifications.
5. The big data based computer system security management system of claim 1, wherein: the periodic detection module comprises a time control unit, a hardware detection unit and a software detection unit; the time control unit controls the starting time of the hardware detection unit and the software detection unit by arranging a time valve; the hardware detection unit is used for detecting whether the hardware function of the computer can be normally used; the software detection unit is used for detecting viruses in the computer system;
the software detection unit comprises a virus identification subunit, a virus searching and killing subunit and a virus alarm subunit; the virus identification subunit is used for identifying a virus in the computer system; the virus searching and killing subunit is used for cleaning the virus identified by the virus identification subunit; the virus alarm subunit is used for carrying out alarm processing on the virus which cannot be cleared and sending the signal to the feedback module.
6. A computer system security management method based on big data is characterized in that: the method comprises the following steps:
s1: registering identity information of an accessor and setting an opening authority;
s2: managing and detecting data uploaded and used by an accessor, and backing up the data;
s3: storing all identity information and data uploaded and used to the database;
s4: regularly detecting software and hardware of a computer system;
s5: and displaying the detection result, judging whether the data is abnormal or not, and alarming if the data is abnormal.
7. The big-data based computer system security management method of claim 6, wherein: in step S1: and registering the identity information of the visitor, judging whether the visitor belongs to a school member or not according to the member information recorded in the database, if so, opening the corresponding authority according to the identity information, and if not, stopping the access.
8. The big-data based computer system security management method of claim 6, wherein: in step S2: in order to detect whether the file uploaded by the visitor meets the campus management specification, the uploaded data is audited by using an intelligent auditing model:
s201: firstly, calculating the similarity between the keywords of the file content and the sensitive word information in the sensitive word library:
mapping the uploaded file content to a numerical vector space by using a word embedding algorithm, establishing a coordinate system, processing the uploaded file information to obtain a vector set A, processing the sensitive word bank information to obtain a vector set B, and setting gamma as the similarity of the vector set A and the vector set B, wherein at the moment
Figure FDA0003901419120000031
If the gamma value is larger than the set threshold value m, the sensitive words representing the content of the file are similar to the sensitive words of the sensitive word bank, and the campus management standard is not met at the moment, otherwise, the campus management standard is met;
s202: judging whether the file content meets the campus management specification, if so, uploading the file, and if not, stopping uploading the file and displaying uploading failure;
meanwhile, in order to detect whether the uploaded file data contains viruses or not, detection is performed according to the virus library by using a character string-based search method.
9. The big data based computer system security management method of claim 8, wherein: in step S2: in order to avoid that visitors encounter bad information in the computer in the process of using data, the information is filtered by using an information filtering technology:
s203: firstly, extracting characteristic values of all words in a webpage based on a vector space model:
setting a text set formed in a webpage as R, and setting the ith vocabulary in the text as R i And setting the training text set in the database as M, then the logarithm mutual information amount logI (R) of the vocabulary and the text set i And R) is:
Figure FDA0003901419120000032
wherein, P (R) i R) represents the vocabulary R i Specific gravity in text set R, P (R) i ) Representing the word R i Specific gravity in the training text set M; at the moment, all the vocabularies are sequenced according to the mutual information quantity of the formula, and some vocabularies arranged at higher positions are selected as characteristic items;
s204: and then calculating the similarity between the extracted feature items and the information in the sensitive word stock:
setting the selected feature item as W i And forming a set W, wherein beta is the similarity between the characteristic item and the sensitive word stock information:
Figure FDA0003901419120000033
s205: and then judging whether the webpage information is bad information or not by setting a threshold value n, removing the webpage containing the bad information, and reserving the normally used webpage.
10. The big data based computer system security management method of claim 6, wherein: in step S4: the method comprises the steps that a time valve is installed in a system to control the starting time of computer software and hardware detection, and after the time valve is started, a hardware detection mode and a software detection mode are started; the hardware detection mode detects whether the hardware function of the computer can be normally used by starting a series of computer detection tools; the software detection mode is used for identifying computer viruses by using a software simulation scanning method and searching and killing the identified viruses by using antivirus software installed in a computer; and if the antivirus software cannot thoroughly clean the identified virus, entering an alarm system and sending a signal to the feedback module.
CN202211292039.6A 2022-10-21 2022-10-21 Computer system security management system and method based on big data Pending CN115544508A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211292039.6A CN115544508A (en) 2022-10-21 2022-10-21 Computer system security management system and method based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211292039.6A CN115544508A (en) 2022-10-21 2022-10-21 Computer system security management system and method based on big data

Publications (1)

Publication Number Publication Date
CN115544508A true CN115544508A (en) 2022-12-30

Family

ID=84735671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211292039.6A Pending CN115544508A (en) 2022-10-21 2022-10-21 Computer system security management system and method based on big data

Country Status (1)

Country Link
CN (1) CN115544508A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116089961A (en) * 2023-02-14 2023-05-09 哈尔滨晨亿科技有限公司 Big data-based computer intelligent image management system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116089961A (en) * 2023-02-14 2023-05-09 哈尔滨晨亿科技有限公司 Big data-based computer intelligent image management system and method
CN116089961B (en) * 2023-02-14 2023-07-21 河南省中视新科文化产业有限公司 Big data-based computer intelligent image management system and method

Similar Documents

Publication Publication Date Title
US20160012280A1 (en) Person search method and device for searching person staying on platform
CN101197676B (en) Authentication system managing method
US8572736B2 (en) System and method for detecting behavior anomaly in information access
WO2019041774A1 (en) Customer information screening method and apparatus, electronic device, and medium
EP3023852A1 (en) Method for intrusion detection in industrial automation and control system
CN112149749B (en) Abnormal behavior detection method, device, electronic equipment and readable storage medium
CN109784231B (en) Security information management method, device and storage medium
CN115544508A (en) Computer system security management system and method based on big data
CN106874951A (en) A kind of passenger's attention rate ranking method and device
KR102516819B1 (en) Method for allowing threat events to be analyzed and handled based on big data and server using the same
CN112839014A (en) Method, system, device and medium for establishing model for identifying abnormal visitor
CN107196942B (en) Internal threat detection method based on user language features
CN118427158B (en) File development and utilization management system based on artificial intelligence technology
US20230108198A1 (en) Abnormal access prediction system, abnormal access prediction method, and programrecording medium
CN118114301A (en) File processing method and system based on digital information security
CN110598397A (en) Deep learning-based Unix system user malicious operation detection method
CN114398667A (en) Data security access system and method of computer storage system
CN110866700B (en) Method and device for determining enterprise employee information disclosure source
CN107808238A (en) A kind of management method and system for equipping assets
CN116976435A (en) Knowledge graph construction method based on network security
CN110365642B (en) Method and device for monitoring information operation, computer equipment and storage medium
US20230297460A1 (en) Information providing system, information providing method and recording medium
CN116489176A (en) Private cloud storage server system of intelligent lock
CN116226908A (en) Data security emergency management analysis method and system based on big data
CN115567241A (en) Multi-site network perception detection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination