CN115549989A - Network security protection method and network security protection system thereof - Google Patents
Network security protection method and network security protection system thereof Download PDFInfo
- Publication number
- CN115549989A CN115549989A CN202211135454.0A CN202211135454A CN115549989A CN 115549989 A CN115549989 A CN 115549989A CN 202211135454 A CN202211135454 A CN 202211135454A CN 115549989 A CN115549989 A CN 115549989A
- Authority
- CN
- China
- Prior art keywords
- login
- target user
- parameters
- security
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security protection method, which relates to the technical field of network security, and comprises the following steps: obtaining login parameters of a target user, and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index; acquiring behavior parameters of a target user, and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise an operation index and a behavior abnormity index; and determining the security parameters of the target user based on the first reliable value and the second reliable value, and determining the security value, the security and the like of the current network according to the security parameters. The invention can dynamically adjust the protection level of the security network according to the login information and the operation information, thereby improving the security of the network information and ensuring the stability of the normal operation of the user. In addition, the invention also discloses a network security protection system.
Description
Technical Field
The invention relates to the technical field of network security protection, in particular to a network security protection method and a network security method system thereof.
Background
The network security means that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally fails, and the network service is not interrupted. And (4) safety of information propagation consequences, including information filtering and the like. It focuses on preventing and controlling the consequences of illegal, harmful information dissemination, avoiding free information loss control over public networks.
In the prior art, the network security protection method still has the problem that the security is insufficient due to the fact that the network security protection level is difficult to adjust in real time according to the current network state and the actual operation behavior of a user.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network security protection method and a network security method system thereof, which can dynamically adjust the network security protection level so as to improve the system security.
The scheme of the invention is as follows: a network security protection method comprises
Obtaining login parameters of a target user, and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
acquiring behavior parameters of a target user, and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise an operation index and a behavior abnormity index;
and determining the security parameter of the target user based on the first reliable value and the second reliable value, and determining the security value and the security level of the current network according to the security parameter.
Preferably, the obtaining of the login parameter of the target user, and the determining of the first reliable value of the target user according to the login parameter includes:
acquiring historical login information of a target user within a week;
dividing a week into a working day and a rest day to obtain target login information of a user, wherein the target login information comprises working day login times, rest day login times, working day abnormal login times and rest day abnormal login times.
Preferably, the login parameters are calculated using the following formula:
wherein f is 1 Is an activity index, f 2 To register an anomaly index, x 1 For number of working day logins, X 1 Rated number of logins for a working day, x 2 For the number of logins on a weekday, X 2 Rated number of logins for day of rest, y 1 Number of abnormal logins on workday, Y 1 Rated number of abnormal logins for workday, y 2 For abnormal logins on weekdays, Y 2 Rated number of abnormal logins for day of rest, theta 1 、θ 2 As a weight, θ 3 +θ 4 =1。
Preferably, the first reliability value is calculated using the following equation:
where M is a first reliability value, f 0 Is rated activity, A is constant, lambda 1 、λ 2 As a weight, λ 1 +λ 2 =1。
Preferably, the method for acquiring the behavior parameters of the target user comprises the following steps:
acquiring operation information within preset time after current login;
and dividing 24 hours in a single day into working time and rest time to obtain target operation information of the user, wherein the target operation information comprises working time fault duration, working time fault time interval, rest time fault duration, rest time fault time interval, working time abnormal operation times and rest time abnormal operation times.
Preferably, the behavior parameter is calculated using the following formula:
f 4 =z 1 θ 3 +z 2 θ 4
wherein f is 3 For the running index, f 4 As an index of operational abnormality, t 1 For the working time fault interval, t 2 For rest time fault intervals, t 3 For the duration of the operating time fault, t 3 For rest time fault duration, z 1 For the number of abnormal operations in working time, z 1 For abnormal operation times of rest time, theta 3 、θ 4 As a weight, θ 3 +θ 4 =1。
Preferably, the second reliability value is calculated using the following equation:
wherein N is the second reliability value and B is a constant.
Preferably, the security parameters of the target user are calculated using the following formula:
h=k 1 M+k 2 N
wherein h is a safety parameter, k 1 、k 2 Is a weight, k 1 +k 2 =1。
Preferably, the security value of the current network is calculated using the following equation:
i=1,2,…n
where H is the security value of the current network, H i And the security parameters of the ith target user accessing the current network.
In a second aspect, a network security protection system includes:
the first acquisition module is used for acquiring login parameters of a target user and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
the second obtaining module is used for obtaining the behavior parameters of the target user and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise a health index and a behavior abnormity index;
and the determining module is used for determining the security value and the security protection level of the current network based on the first reliable value and the second reliable value.
The invention has the beneficial effects that: the embodiment of the invention provides a network security protection method, which determines login parameters of login information before current login, determines a first reliable value according to the login parameters to obtain a first reliable value, determines behavior parameters of operation information after current login, determines a second reliable value according to the behavior parameters, determines security parameters of target users according to the first reliable value and the second reliable value, and determines the security value of a current network according to the security parameters of all target users connected with the current network, thereby determining the security protection level of the current network. The invention can dynamically adjust the security network protection level according to the login information and the operation information, thereby improving the security of the network information and ensuring the stability of the normal operation of the user.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a flowchart of a network security protection method according to embodiment 1 of the present invention;
fig. 2 is a system block diagram of a network security protection system according to embodiment 2 of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
As shown in fig. 1, a network security protection method includes:
obtaining login parameters of a target user, and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
acquiring behavior parameters of a target user, and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise an operation index and a behavior abnormity index;
and determining the security parameter of the target user based on the first reliable value and the second reliable value, and determining the security value and the security level of the current network according to the security parameter.
In the embodiment of the present invention, obtaining a login parameter of a target user, and determining a first reliable value of the target user according to the login parameter includes:
acquiring historical login information of a target user within a week;
dividing a week into a working day and a rest day, and counting historical login information in the week to obtain target login information of a user, wherein the target login information comprises working day login times, rest day login times, working day abnormal login times and rest day abnormal login times.
Specifically, the weekdays from monday to friday are recorded as "working days", saturday and Zhou Tianji are rest days, and subsequent calculation is performed.
In other embodiments, to be more accurate, a daily average may be calculated for the target login break by days.
In the embodiment of the present invention, the following formula is adopted to calculate the login parameters:
wherein f is 1 Is an activity index, f 2 To register an anomaly index, x 1 For number of working day logins, X 1 Rated number of logins for workday, x 2 Number of logins for holidays, X 2 Rated number of logins for day of rest, y 1 For abnormal number of logins on a working day, Y 1 Rated number of abnormal logins for working day, y 2 For abnormal logins on weekdays, Y 2 Rated number of abnormal logins for day of rest, theta 1 、θ 2 As a weight, θ 3 +θ 4 =1。
Specifically, the larger the difference between the active index and the rated active index is, the lower the reliability of the target user is, and the larger the login abnormality index is, the lower the reliability of the target user is.
In an embodiment of the present invention, the first reliability value is calculated using the following formula:
where M is a first reliability value, f 0 Is rated activity, A is constant, lambda 1 、λ 2 As a weight, λ 1 +λ 2 =1。
In the embodiment of the present invention, a method for acquiring a behavior parameter of a target user includes:
acquiring operation information within preset time after current login;
and dividing 24 hours in a single day into working time and rest time to obtain target operation information of the user, wherein the target operation information comprises working time fault duration, working time fault time interval, rest time fault duration, rest time fault time interval, working time abnormal operation times and rest time abnormal operation times.
Specifically, 24 hours in a single day are divided into five time periods of 0 to 8 hours, 8 to 12 hours, 12 to 14 hours, 14 to 18 hours and 18 to 24 hours, two time periods of 8 to 12 hours and 14 to 18 hours are recorded as 'working time' for subsequent calculation, and three time periods of 0 to 8 hours, 12 to 14 hours and 18 to 24 hours are recorded as 'rest time' for subsequent calculation.
In other embodiments, the target operating information may also be averaged in hours for more accurate calculations.
In an embodiment of the present invention, the behavior parameters are calculated using the following formula:
f 4 =z 1 θ 3 +z 2 θ 4
wherein, f 3 As the running index, f 4 As an index of operational abnormality, t 1 For the working time fault interval, t 2 For rest time fault intervals, t 3 For the duration of the operating time fault, t 3 To rest time fault duration, z 1 For the number of abnormal operations in working time, z 1 For abnormal operation times of rest time, theta 3 、θ 4 As a weight, θ 3 +θ 4 =1。
In an embodiment of the present invention, the second reliability value is calculated using the following formula:
wherein N is a second reliability value and B is a constant.
Specifically, the larger the running index is, the higher the reliability of the target user is, the larger the operation abnormality index is, the lower the reliability of the target user is, and the second reliability value is a dynamic reliability value.
It should be understood that the second reliability value may be a dynamic value within a preset time after the user logs in, or may be an average value of dynamic reliability values within a continuous preset time.
In the embodiment of the invention, the following formula is adopted to calculate the safety parameters of the target user:
h=k 1 M+k 2 N
wherein h is a safety parameter, k 1 、k 2 Is a weight, k 1 +k 2 =1。
Specifically, the security parameters of the target user are adjusted in real time by combining the state of the current network and the actual operation behavior of the user, so that technical support is provided for the subsequent calculation of the security value of the current network.
In the embodiment of the present invention, the following formula is adopted to calculate the security value of the current network:
i=1,2,…n
where H is the security value of the current network, H i And the security parameters of the ith target user accessing the current network.
Specifically, as more network devices are accessed to the current network, the higher the security value is, the higher the required security level is, the security level is determined according to the range of the security value, and the security level is dynamically adjusted according to the dynamically changing security parameters of each target user accessing the current network, so as to improve the network security.
To sum up, an embodiment of the present invention provides a network security protection method, which determines a login parameter for login information before current login, determines a first reliable value according to the login parameter, obtains the first reliable value, determines a behavior parameter for operation information after current login, determines a second reliable value according to the behavior parameter, determines a security parameter of a target user according to the first reliable value and the second reliable value, and determines a security value of a current network according to security parameters of all target users connected to the current network, thereby determining a security protection level of the current network. The invention can dynamically adjust the security network protection level according to the login information and the operation information, thereby improving the security of the network information and ensuring the stability of the normal operation of the user.
Example 2
On the basis of the above embodiments, an embodiment of the present invention provides a network security protection system, including:
the first acquisition module is used for acquiring login parameters of a target user and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
the second obtaining module is used for obtaining the behavior parameters of the target user and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise a health index and a behavior abnormity index;
and the determining module is used for determining the security value and the security protection level of the current network based on the first reliable value and the second reliable value.
The network security protection system provided in the embodiment of the present invention and the network security protection method provided in the above embodiment are based on the same inventive concept, and reference may be made to the above embodiments for more specific working principles of each module in this embodiment, which are not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A network security protection method is characterized in that the method comprises
Obtaining login parameters of a target user, and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
acquiring behavior parameters of a target user, and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise an operation index and a behavior abnormity index;
and determining the security parameter of the target user based on the first reliable value and the second reliable value, and determining the security value and the security level of the current network according to the security parameter.
2. The method according to claim 1, wherein obtaining login parameters of a target user, and determining the first reliability value of the target user according to the login parameters comprises:
acquiring historical login information of a target user within a week;
dividing a week into a working day and a rest day to obtain target login information of a user, wherein the target login information comprises working day login times, rest day login times, working day abnormal login times and rest day abnormal login times.
3. A network security protection method according to claim 3, wherein the login parameters are calculated by the following formula:
wherein f is 1 Is an activity index, f 2 For logging inAnomaly index, x 1 For number of working day logins, X 1 Rated number of logins for a working day, x 2 For the number of logins on a weekday, X 2 Rated number of logins for day of rest, y 1 For abnormal number of logins on a working day, Y 1 Rated number of abnormal logins for working day, y 2 For abnormal logins on weekdays, Y 2 Rated number of abnormal logins for day of rest, theta 1 、θ 2 As a weight, θ 3 +θ 4 =1。
4. A method for network security protection according to claim 4, wherein the first reliability value is calculated by using the following formula:
where M is a first reliability value, f 0 Is rated activity, A is constant, lambda 1 、λ 2 As a weight, λ 1 +λ 2 =1。
5. The network security protection method according to claim 1, wherein the method for obtaining the behavior parameters of the target user comprises:
acquiring operation information within preset time after current login;
and dividing 24 hours in a single day into working time and rest time to obtain target operation information of the user, wherein the target operation information comprises working time fault duration, working time fault time interval, rest time fault duration, rest time fault time interval, working time abnormal operation times and rest time abnormal operation times.
6. A network security protection method according to claim 6, characterized in that the behavior parameters are calculated by using the following formula:
f 4 =z 1 θ 3 +z 2 θ 4
wherein f is 3 For the running index, f 4 As an index of operational abnormality, t 1 For the working time fault interval, t 2 For rest time fault intervals, t 3 For the duration of the operating time fault, t 3 For rest time fault duration, z 1 For the number of abnormal operations in working time, z 1 For abnormal operation times of rest time, theta 3 、θ 4 As a weight, θ 3 +θ 4 =1。
7. A method according to claim 7, wherein the second reliability value is calculated by using the following formula:
wherein N is the second reliability value and B is a constant.
8. A network security protection method as claimed in claim 8, wherein the security parameters of the target user are calculated by using the following formula:
h=k 1 M+k 2 N
wherein h is a safety parameter, k 1 、k 2 Is a weight, k 1 +k 2 =1。
9. A network security protection method as claimed in claim 8, wherein the security value of the current network is calculated by using the following formula:
wherein H is the current networkSafety value of h i And the security parameters of the ith target user accessing the current network.
10. A network security protection system, comprising:
the first acquisition module is used for acquiring login parameters of a target user and determining a first reliable value of the target user according to the login parameters; wherein the login parameters comprise an activity index and a login abnormity index;
the second obtaining module is used for obtaining the behavior parameters of the target user and determining a second reliable value of the target user according to the behavior parameters of the target user, wherein the behavior parameters comprise a health index and a behavior abnormity index;
and the determining module is used for determining the security value and the security protection level of the current network based on the first reliable value and the second reliable value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211135454.0A CN115549989A (en) | 2022-09-19 | 2022-09-19 | Network security protection method and network security protection system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211135454.0A CN115549989A (en) | 2022-09-19 | 2022-09-19 | Network security protection method and network security protection system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115549989A true CN115549989A (en) | 2022-12-30 |
Family
ID=84727895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211135454.0A Pending CN115549989A (en) | 2022-09-19 | 2022-09-19 | Network security protection method and network security protection system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115549989A (en) |
-
2022
- 2022-09-19 CN CN202211135454.0A patent/CN115549989A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9032237B2 (en) | Using travel-time as means for improving the accuracy of Simple Network Time Protocol | |
| US8862119B2 (en) | Method and apparatus for telecommunications network performance anomaly events detection and notification | |
| CN111427336A (en) | Vulnerability scanning method, device and equipment for industrial control system | |
| US20160117505A1 (en) | Large-scale, time-sensitive secure distributed control systems and methods | |
| CN114726648B (en) | Terminal security cloud control system based on Internet of things | |
| EP2410654B1 (en) | Grid frequency rate limiting system | |
| Zheng et al. | Defending sdn-based iot networks against ddos attacks using markov decision process | |
| CN115549989A (en) | Network security protection method and network security protection system thereof | |
| JP2009159024A (en) | Communication system, communication regulation method, signal processing server, and program | |
| CN113765821A (en) | Multi-dimensional access flow control system | |
| CN109922055A (en) | A kind of detection method, system and the associated component of risk terminal | |
| WO2023039676A1 (en) | Methods and systems for assessing and enhancing cybersecurity of a network | |
| EP3097660B1 (en) | Methods and apparatus for operating an access network | |
| CN115361160A (en) | Method and system for carrying out network security protection on Internet of things system | |
| CN115347559B (en) | Load frequency safety control method of multi-region electric power system under denial of service attack | |
| CN115484063B (en) | Network security prevention and control method and system for industrial control system | |
| CN115150161B (en) | Firewall security policy configuration method and device, storage medium and electronic device | |
| Nasr et al. | An alarm based access control model for scada system | |
| CN115834436B (en) | Network connectivity detection method, device and storage medium | |
| US12010152B2 (en) | Information security systems and methods for cyber threat event prediction and mitigation | |
| CN116527191B (en) | Equipment management method and system of optical fiber time service system | |
| US20230179637A1 (en) | Information Security Systems and Methods for Cyber Threat Event Prediction and Mitigation | |
| US20220357789A1 (en) | Application freezing control method and device, terminal, and readable storage medium | |
| CN117663376A (en) | Air conditioner control parameter monitoring method and device, medium and electronic equipment | |
| CN117811824A (en) | Network path analysis system and method for network security anomaly detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |