CN115604018A - Network security monitoring method, system, equipment and storage medium - Google Patents

Network security monitoring method, system, equipment and storage medium Download PDF

Info

Publication number
CN115604018A
CN115604018A CN202211363935.7A CN202211363935A CN115604018A CN 115604018 A CN115604018 A CN 115604018A CN 202211363935 A CN202211363935 A CN 202211363935A CN 115604018 A CN115604018 A CN 115604018A
Authority
CN
China
Prior art keywords
network security
network
security monitoring
feature vector
data request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211363935.7A
Other languages
Chinese (zh)
Other versions
CN115604018B (en
Inventor
魏书山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Waner Technology Co ltd
Original Assignee
Guangdong Waner Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Waner Technology Co ltd filed Critical Guangdong Waner Technology Co ltd
Priority to CN202211363935.7A priority Critical patent/CN115604018B/en
Publication of CN115604018A publication Critical patent/CN115604018A/en
Application granted granted Critical
Publication of CN115604018B publication Critical patent/CN115604018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Artificial Intelligence (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security monitoring method, a system, equipment and a storage medium, wherein the method comprises the following steps: identifying a protected network; acquiring a data request of a protected network, wherein the data request carries configuration information of a configuration file; setting a network security monitoring neural network model; training the operation of the device while running; judging an input value corresponding to the output network security protection level; combining the network security protection level output by the network security feature vector with configuration information to configure a corresponding network security strategy; sending alarm information to a receiving terminal, triggering a network security strategy to execute, converting a new data request into a new network security feature vector after executing, inputting the new network security feature vector into a network security monitoring neural network model, and judging whether the new data request is allowed to access a protected network. The invention can improve the monitoring efficiency of network security, reduce configuration threshold and reduce labor cost.

Description

Network security monitoring method, system, equipment and storage medium
Technical Field
The invention relates to the technical field of network security, in particular to a network security monitoring method, a system, equipment and a storage medium.
Background
The network security equipment is specially used for maintaining network security as the name implies, and like a security door, the network security equipment prevents the network security problem in advance and avoids the loss of individuals, enterprises or governments.
The main function of the network safety equipment is to ensure the network safety, and the specific function comprises 1, maintaining the safety of the operation system. 2. And maintaining the security of system information on the network. 3. And maintaining the information propagation safety on the network. 4. The security of the information content on the network is maintained. The currently commonly used network security equipment comprises a WAF application FireWall, an IDS intrusion detection system, an IPS intrusion prevention system, an SOC security operation center, SIEM security information management, a Vulnerability ScannerScanner Vulnerability scanner, UTM unified threat management, DDOS protection, firewall FireWall and a VPN virtual private network.
However, the conventional network security monitoring method needs to be manually configured by a professional engineer in an application scenario of a network location during execution. Such configuration can be time consuming and require significant expertise of the configuration personnel, while also ensuring that the configuration process is not subject to error, which could otherwise expose the network protected by the security device to attack or other abuse. Therefore, a method or a device for monitoring network security with simpler operation is needed to improve the monitoring efficiency of network security, reduce the configuration threshold, and reduce the labor cost.
Disclosure of Invention
In view of the above technical problems, the present invention provides a network security monitoring method, system, device and storage medium, so as to improve the monitoring efficiency of network security, reduce configuration threshold and reduce labor cost.
In order to realize the purpose, the invention adopts the following technical scheme:
according to an aspect of the present invention, there is provided a network security monitoring method, including the steps of:
automatically selecting a configuration file to identify the protected network according to the type of the protected network;
acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
setting a network security monitoring neural network model, converting the data request and the configuration information into a network security feature vector, inputting the network security feature vector into the network security model, and outputting a corresponding network security protection level; when the network safety monitoring neural network model runs, training the network safety monitoring neural network model through a pre-established network safety monitoring training set so as to assist in correcting the accuracy of the output value of the network safety monitoring neural network model;
judging that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection grade output by the network security feature vector with the configuration information to configure a corresponding network security strategy;
and sending alarm information to a receiving terminal, wherein the receiving terminal can select manual triggering or automatic triggering to execute the network security policy, after the network security policy is executed, converting the new data request into a new network security feature vector, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request is allowed to be accessed into the protected network.
Preferably, when the network security monitoring neural network model operates, the network security monitoring neural network model is trained through a pre-established network security monitoring training set; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of data inserted into the network security monitoring training set; when the input frequency of the network security feature vector is N, inserting the corresponding number of N1 network security monitoring training set data, and adjusting the input frequency of the network security feature vector N and the input number of N1 network security monitoring training set data in real time according to the data request frequency of the actual protected network.
Preferably, the network security policy is composed of at least one sub-policy, which includes but is not limited to: the method comprises an access control strategy, an access conversion strategy, a flow monitoring strategy, a vulnerability repair strategy and a request interception strategy.
Preferably, the protected network is correspondingly provided with a network security device, and the network security device automatically configures according to the network security policy to protect the protected network.
According to another aspect of the present invention, there is provided a network security monitoring system, including:
a configuration module to identify a protected network;
a data request obtaining module, configured to obtain a data request of the protected network, where the data request carries configuration information of the configuration file;
the network security monitoring neural network model module is used for converting the data request and the configuration information into a network security feature vector, inputting the network security feature vector into the network security model and outputting a corresponding network security protection level;
the neural network model auxiliary correction module is used for training the network security monitoring neural network model through a pre-established network security monitoring training set while the network security monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network security monitoring neural network model;
the network security policy configuration module judges that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
the receiving terminal can select manual triggering or automatic triggering to execute the network security policy;
and the secondary verification module is used for converting the new data request into a new network security feature vector after the network security policy is executed, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request is allowed to be accessed into the protected network or not.
Preferably, the system further comprises an alarm module for sending alarm information to the receiving terminal.
According to another aspect of the present invention, a storage medium is provided, on which a computer program is stored, which, when being executed by a processor, performs the steps of a network security monitoring method as described above.
According to still another aspect of the present invention, there is provided an electronic apparatus including:
a processor;
a storage medium having stored thereon a computer program which, when executed by the processor, performs the steps of a network security monitoring method as described above.
The invention has the beneficial effects that:
the invention overcomes the defect that the prior network safety equipment needs to be manually configured by professional engineers in the application scene of the network position during execution. Such configuration can be time consuming and require significant expertise of the configuration personnel, while also ensuring that the configuration process is not error-prone or otherwise subject to attack or other abuse of the network protected by the security device. A network security monitoring method, system, device and storage medium are provided to improve the monitoring efficiency of network security, reduce configuration threshold and reduce labor cost.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flowchart of a network security monitoring method according to an embodiment of the present invention.
Fig. 2 is a block diagram of a network security monitoring system according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
In some of the flows described in the present specification and claims and in the above figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, with the order of the operations, e.g., S100, S200, etc., merely being used to distinguish between various operations, and the order of the operations itself does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.
The network security monitoring method, apparatus and system claimed by the present invention will be further described in detail with reference to the accompanying drawings and specific embodiments. Fig. 1 is a schematic flowchart of a network security monitoring method according to an embodiment of the present invention. Fig. 2 is a block diagram of a network security monitoring system according to an embodiment of the present invention. Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention. Fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
According to an aspect of the present invention, there is provided a network security monitoring method, including the steps of:
s100, automatically selecting a configuration file to identify the protected network according to the type of the protected network;
s200, acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
s300: setting a network security monitoring neural network model, converting the data request and the configuration information into a network security feature vector, inputting the network security feature vector into the network security model, and outputting a corresponding network security protection level; when the network security monitoring neural network model operates, training the network security monitoring neural network model through a pre-established network security monitoring training set so as to assist in correcting the accuracy of the output value of the network security monitoring neural network model;
preferably, when the network security monitoring neural network model operates, the network security monitoring neural network model is trained through a pre-established network security monitoring training set; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of data inserted into the network security monitoring training set; when the input frequency of the network security feature vector is N, inserting the corresponding number of N1 network security monitoring training set data, and adjusting the input frequency of the network security feature vector N and the input number of N1 network security monitoring training set data in real time according to the data request frequency of the actual protected network.
S400, judging that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data through the configuration information; combining the network security protection grade output by the network security feature vector with the configuration information to configure a corresponding network security strategy;
preferably, the network security policy is composed of at least one sub-policy, and the sub-policy includes but is not limited to: the method comprises an access control strategy, an access conversion strategy, a flow monitoring strategy, a bug fixing strategy and a request interception strategy.
S500, sending alarm information to a receiving terminal, wherein the receiving terminal can select manual triggering or automatic triggering to execute the network security policy, after the network security policy is executed, converting the new data request into a new network security feature vector, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request is allowed to be accessed into the protected network.
Preferably, the protected network is correspondingly provided with a network security device, and the network security device automatically configures according to the network security policy to protect the protected network.
As shown in fig. 2, according to another aspect of the present invention, there is provided a network security monitoring system 500, comprising the following modules: a configuration module 501; a data request acquisition module 502; a network security monitoring neural network model module 503; a neural network model assisted correction module 504; a network security policy configuration module 505; a network security policy enforcement module 506; a secondary verification module 507; an alarm module 508.
A configuration module 501 for identifying a protected network;
a data request obtaining module 502, configured to obtain a data request of the protected network, where the data request carries configuration information of the configuration file;
a network security monitoring neural network model module 503, configured to convert the data request and the configuration information into a network security feature vector, input the network security feature vector into the network security model, and output a corresponding network security protection level;
the neural network model auxiliary correction module 504 is used for training the network security monitoring neural network model through a pre-established network security monitoring training set while the network security monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network security monitoring neural network model;
a network security policy configuration module 505, configured to determine, according to the configuration information, that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
a network security policy execution module 506, wherein the receiving terminal can select manual triggering or automatic triggering to execute the network security policy;
and the secondary verification module 507, after the network security policy is executed, converts the new data request into a new network security feature vector, inputs the new network security feature vector into the network security monitoring neural network model, and determines whether the new data request is allowed to access the protected network.
Preferably, the system further comprises an alarm module 508, configured to send alarm information to the receiving terminal.
According to still another aspect of the present invention, there is provided an electronic apparatus including:
a processor;
a storage medium having stored thereon a computer program which, when executed by the processor, performs the steps of a network security monitoring method as described above.
An electronic device 600 in one embodiment in accordance with the application is described below with reference to fig. 4. The electronic device 600 shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processor 610, at least one memory unit 620, a bus 630 that couples various system components including the memory unit 620 and the processor 610, a display unit 640, and the like.
Wherein the storage unit stores program code executable by the processor 610 to cause the processor 610 to perform steps according to various exemplary embodiments of the present application described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, the processor 610 may perform the steps in the above method.
The storage unit 620 may include storage media in the form of volatile memory units, such as a random access memory unit (RAM) 6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which or some combination thereof may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a tenant to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, to name a few.
According to another aspect of the present invention, a storage medium is provided, on which a computer program is stored, which, when being executed by a processor, performs the steps of a network security monitoring method as described above.
Referring to fig. 3, in one embodiment, a program product 800 for implementing one network security monitoring method may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a server. However, those skilled in the art will appreciate that the program product referred to herein is not limited to such, but may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Further, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
In addition, a part of the present application can be applied as a computer program product, for example, computer program instructions, which, when executed by a computer, can invoke or provide the method or technical solution according to the present application through the operation of the computer. Those skilled in the art will appreciate that the forms of computer program instructions that reside on a computer storage medium include, but are not limited to, source files, executable files, installation package files, and the like, and that the manner in which the computer program instructions are executed by a computer includes, but is not limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installed program. In this regard, computer storage media may be any available computer readable storage media or communication media that can be accessed by a computer.
Communication media includes media by which communication signals, including, for example, computer readable instructions, data structures, program modules, or other data, are transmitted from one system to another. Communication media may include conductive transmission media such as cables and wires, e.g., fiber optics, coaxial, and the like, and wireless (non-conductive transmission) media capable of propagating energy waves such as acoustic, electromagnetic, RF, microwave, and infrared. Computer readable instructions, data structures, program modules, or other data may be embodied in a modulated data signal, for example, in a wireless medium such as a carrier wave or similar mechanism such as is embodied as part of spread spectrum techniques. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. The modulation may be analog, digital or hybrid modulation techniques.
By way of example, and not limitation, computer-readable storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. For example, computer-readable storage media include, but are not limited to, volatile memory, such as random access memory (RAM, DRAM, SRAM); and non-volatile memory such as flash memory, various read-only memories (ROM, PROM, EPROM, EEPROM), magnetic and ferromagnetic/ferroelectric memories (MRAM, feRAM); and magnetic and optical storage devices (hard disk, tape, CD, DVD); or other now known media or later developed that can store computer-readable information or data for use by a computer system.
In summary, the present invention overcomes the problem that the existing network security device must be manually configured by a professional engineer in the application scene of the network location when being executed. Such configuration can be time consuming and require significant expertise of the configuration personnel, while also ensuring that the configuration process is not error-prone or otherwise subject to attack or other abuse of the network protected by the security device. A network security monitoring method, system, device and storage medium are provided to improve the monitoring efficiency of network security, reduce configuration threshold and reduce labor cost.
The foregoing is a further detailed description of the invention in connection with specific preferred embodiments and it is not intended to limit the invention to the specific embodiments described. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (8)

1. A network security monitoring method is characterized by comprising the following steps:
automatically selecting a configuration file to identify the protected network according to the type of the protected network;
acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
setting a network security monitoring neural network model, converting the data request and the configuration information into a network security feature vector, inputting the network security feature vector into the network security model, and outputting a corresponding network security protection level; when the network security monitoring neural network model operates, training the network security monitoring neural network model through a pre-established network security monitoring training set so as to assist in correcting the accuracy of the output value of the network security monitoring neural network model;
judging that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection grade output by the network security feature vector with the configuration information to configure a corresponding network security strategy;
and sending alarm information to a receiving terminal, wherein the receiving terminal can select manual triggering or automatic triggering to execute the network security policy, after the network security policy is executed, converting the new data request into a new network security feature vector, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request is allowed to be accessed into the protected network.
2. The network security monitoring method according to claim 1, wherein the network security monitoring neural network model is trained through a pre-established network security monitoring training set while the network security monitoring neural network model is running; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of data inserted into the network security monitoring training set; when the input frequency of the network security feature vector is N, inserting the corresponding number of N1 network security monitoring training set data, and adjusting the input frequency of the network security feature vector N and the input number of N1 network security monitoring training set data in real time according to the data request frequency of the actual protected network.
3. The method according to claim 1, wherein the network security policy is composed of at least one sub-policy, the sub-policy includes but is not limited to: the method comprises an access control strategy, an access conversion strategy, a flow monitoring strategy, a bug fixing strategy and a request interception strategy.
4. The method according to claim 1, wherein a network security device is correspondingly disposed on the protected network, and the network security device automatically configures according to the network security policy to protect the protected network.
5. A network security monitoring system, comprising:
a configuration module to identify a protected network;
a data request obtaining module, configured to obtain a data request of the protected network, where the data request carries configuration information of the configuration file;
the network security monitoring neural network model module is used for converting the data request and the configuration information into a network security feature vector, inputting the network security feature vector into the network security model and outputting a corresponding network security protection level;
the neural network model auxiliary correction module is used for training the network security monitoring neural network model through a pre-established network security monitoring training set while the network security monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network security monitoring neural network model;
the network security policy configuration module judges that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
the receiving terminal can select manual triggering or automatic triggering to execute the network security policy;
and the secondary verification module is used for converting the new data request into a new network security feature vector after the network security policy is executed, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request is allowed to be accessed into the protected network or not.
6. The network security monitoring system of claim 5,
the alarm device also comprises an alarm module used for sending alarm information to the receiving terminal.
7. A storage medium having stored thereon a computer program for performing the steps of a network security monitoring method according to any of claims 1-5 when executed by a processor.
8. An electronic device, characterized in that the electronic device comprises:
a processor;
storage medium having stored thereon a computer program for performing the steps of a network security monitoring method according to any of claims 1-5 when being executed by the processor.
CN202211363935.7A 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium Active CN115604018B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211363935.7A CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211363935.7A CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115604018A true CN115604018A (en) 2023-01-13
CN115604018B CN115604018B (en) 2023-05-05

Family

ID=84850580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211363935.7A Active CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115604018B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935600A (en) * 2015-06-19 2015-09-23 中国电子科技集团公司第五十四研究所 Mobile ad hoc network intrusion detection method and device based on deep learning
CN109379379A (en) * 2018-12-06 2019-02-22 中国民航大学 Based on the network inbreak detection method for improving convolutional neural networks
CN111917781A (en) * 2020-08-05 2020-11-10 湖南匡楚科技有限公司 Intelligent internal malicious behavior network attack identification method and electronic equipment
CN113242218A (en) * 2021-04-23 2021-08-10 葛崇振 Network security monitoring method and system
US20210374271A1 (en) * 2020-05-27 2021-12-02 Hon Hai Precision Industry Co., Ltd. Computing device and model parameters security protection method
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium
CN113965397A (en) * 2021-10-28 2022-01-21 公诚管理咨询有限公司 Credit network security management method, device, computer equipment and storage medium
CN114915496A (en) * 2022-07-11 2022-08-16 广州番禺职业技术学院 Network intrusion detection method and device based on time weight and deep neural network
CN114944961A (en) * 2022-07-01 2022-08-26 广东瑞普科技股份有限公司 Network security protection method, device and system and electronic equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935600A (en) * 2015-06-19 2015-09-23 中国电子科技集团公司第五十四研究所 Mobile ad hoc network intrusion detection method and device based on deep learning
CN109379379A (en) * 2018-12-06 2019-02-22 中国民航大学 Based on the network inbreak detection method for improving convolutional neural networks
US20210374271A1 (en) * 2020-05-27 2021-12-02 Hon Hai Precision Industry Co., Ltd. Computing device and model parameters security protection method
CN111917781A (en) * 2020-08-05 2020-11-10 湖南匡楚科技有限公司 Intelligent internal malicious behavior network attack identification method and electronic equipment
CN113242218A (en) * 2021-04-23 2021-08-10 葛崇振 Network security monitoring method and system
CN113965397A (en) * 2021-10-28 2022-01-21 公诚管理咨询有限公司 Credit network security management method, device, computer equipment and storage medium
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium
CN114944961A (en) * 2022-07-01 2022-08-26 广东瑞普科技股份有限公司 Network security protection method, device and system and electronic equipment
CN114915496A (en) * 2022-07-11 2022-08-16 广州番禺职业技术学院 Network intrusion detection method and device based on time weight and deep neural network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
曹峰;: "基于改进行为特征分析的网络入侵检测研究" *
李培良;: "浅析基于神经网络的网络入侵检测技术" *
王婷;王娜;崔运鹏;李欢;: "基于半监督学习的无线网络攻击行为检测优化方法" *

Also Published As

Publication number Publication date
CN115604018B (en) 2023-05-05

Similar Documents

Publication Publication Date Title
TWI739432B (en) Intelligent risk control decision-making method and system, business processing method and system
CN112351031B (en) Method and device for generating attack behavior portraits, electronic equipment and storage medium
US11022949B2 (en) PLC virtual patching and automated distribution of security context
CN102792307B (en) The system and method for NS software is provided in virtual environment
KR101883400B1 (en) detecting methods and systems of security vulnerability using agentless
Kholidy et al. A finite state hidden markov model for predicting multistage attacks in cloud systems
CN103117993B (en) For the method, apparatus and product of the fire wall for providing Process Control System
US8918885B2 (en) Automatic discovery of system integrity exposures in system code
US11405416B2 (en) Method and device for identifying security threats, storage medium, processor and terminal
EP4104410A1 (en) Security automation system
Kholidy et al. Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems
CN116389027A (en) Payload process detection method and device in cloud environment based on eBPF
WO2021028060A1 (en) Security automation system
CN112134870B (en) Network security threat blocking method, device, equipment and storage medium
CN115604018A (en) Network security monitoring method, system, equipment and storage medium
CN111539644A (en) Network asset risk control method and device
CN113254944B (en) Vulnerability processing method, system, electronic device, storage medium and program product
EP3322131A1 (en) Central switch device
CN111478913B (en) Network intrusion detection method, device and storage medium for power distribution and utilization communication network
CN112769815B (en) Intelligent industrial control safety monitoring and protecting method and system
CN109325346A (en) A kind of intrusion detection method based on linux system
CN201403103Y (en) Network fixation safety management system
CN109474478B (en) Method, device and system for monitoring transmission data abnormity
WO2018004523A1 (en) Plc virtual patching and automated distribution of security context
CN116866091B (en) Firewall protection system, method, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant