CN115604018B - Network security monitoring method, system, equipment and storage medium - Google Patents

Network security monitoring method, system, equipment and storage medium Download PDF

Info

Publication number
CN115604018B
CN115604018B CN202211363935.7A CN202211363935A CN115604018B CN 115604018 B CN115604018 B CN 115604018B CN 202211363935 A CN202211363935 A CN 202211363935A CN 115604018 B CN115604018 B CN 115604018B
Authority
CN
China
Prior art keywords
network security
network
feature vector
data request
security monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211363935.7A
Other languages
Chinese (zh)
Other versions
CN115604018A (en
Inventor
魏书山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Waner Technology Co ltd
Original Assignee
Guangdong Waner Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Waner Technology Co ltd filed Critical Guangdong Waner Technology Co ltd
Priority to CN202211363935.7A priority Critical patent/CN115604018B/en
Publication of CN115604018A publication Critical patent/CN115604018A/en
Application granted granted Critical
Publication of CN115604018B publication Critical patent/CN115604018B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a network security monitoring method, a system, equipment and a storage medium, wherein the method comprises the following steps: identifying a protected network; acquiring a data request of a protected network, wherein the data request carries configuration information of a configuration file; setting a network security monitoring neural network model; training the device while running; judging an input value corresponding to the output network security protection level; combining the network security protection level output by the network security feature vector with configuration information to configure a corresponding network security policy; and sending alarm information to the receiving terminal, triggering network security policy execution, converting the new data request into a new network security feature vector after the execution, inputting the new network security feature vector into a network security monitoring neural network model, and judging whether the new data request allows access to a protected network. The invention can improve the monitoring efficiency of network safety, reduce the configuration threshold and lower the labor cost.

Description

Network security monitoring method, system, equipment and storage medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a network security monitoring method, system, device, and storage medium.
Background
Network security devices, as their name implies, are devices that are dedicated to maintaining network security, just like burglary-resisting doors, to prevent network security problems from occurring, and to avoid loss to individuals, businesses, or governments.
The network safety equipment has the main functions of ensuring the network safety, and the specific functions comprise 1, maintaining the safety of an operation system. 2. And maintaining the security of system information on the network. 3. And maintaining information transmission safety on the network. 4. Security of information content on the network is maintained. The network security devices commonly used at present are WAF application firewalls, IDS intrusion detection systems, IPS intrusion prevention systems, SOC security operation centers, SIEM security information management, vulnerability ScannerScanner vulnerability scanners, UTM unified threat management, DDOS protection, fireWall firewalls and VPN virtual private network virtual private networks.
However, the conventional network security monitoring method must be manually configured by a professional engineer in an application scenario of a network location when being executed. Such configuration can be time consuming and requires high expertise by the configurator, while also ensuring that the configuration process is not error-prone, otherwise exposing the network protected by the security device to attack or other abuse. Therefore, there is a need for a network security monitoring method or device that is simpler and more convenient to operate, so as to improve the monitoring efficiency of network security, reduce the configuration threshold, and reduce the labor cost.
Disclosure of Invention
Aiming at the technical problems, the invention provides a network security monitoring method, a system, equipment and a storage medium, so as to improve the monitoring efficiency of network security, reduce the configuration threshold and reduce the labor cost.
In order to achieve the above purpose, the invention adopts the following technical scheme:
according to an aspect of the present invention, there is provided a network security monitoring method, including the steps of:
automatically selecting a configuration file to identify the protected network according to the type of the protected network;
acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
setting a network security monitoring neural network model, converting the data request and configuration information into network security feature vectors, inputting the network security feature vectors into the network security model, and outputting corresponding network security protection levels; the network safety monitoring neural network model is trained through a pre-established network safety monitoring training set while the network safety monitoring neural network model operates, so that the accuracy of the output value of the network safety monitoring neural network model is corrected in an auxiliary mode;
judging that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
and sending alarm information to a receiving terminal, wherein the receiving terminal can select manual triggering or automatic triggering of the execution of the network security policy, after the execution of the network security policy, converting the new data request into a new network security feature vector, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request allows access to the protected network.
Preferably, the network security monitoring neural network model is trained through a pre-established network security monitoring training set while the network security monitoring neural network model is running; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of the data inserted into the network security monitoring training set; and when the input frequency of the network security feature vector is N, inserting the network security monitoring training set data with the corresponding number of N1, wherein the input frequency N of the network security feature vector and the input number N1 of the network security monitoring training set data are adjusted in real time according to the actual data request frequency of the protected network.
Preferably, the network security policy is comprised of at least one sub-policy including, but not limited to: access control policies, access conversion policies, traffic monitoring policies, vulnerability restoration policies, request interception policies.
Preferably, the protected network is correspondingly provided with a network security device, and the network security device is automatically configured according to the network security policy so as to protect the protected network.
According to another aspect of the present invention, there is provided a network security monitoring system comprising:
a configuration module for identifying a protected network;
a data request acquisition module, configured to acquire a data request of the protected network, where the data request carries configuration information of the configuration file;
the network security monitoring neural network model module is used for converting the data request and the configuration information into network security feature vectors, inputting the network security feature vectors into the network security model and outputting corresponding network security protection levels;
the neural network model auxiliary correction module is used for training the network safety monitoring neural network model through a pre-established network safety monitoring training set when the network safety monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network safety monitoring neural network model;
the network security policy configuration module judges that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
the receiving terminal can select manual triggering or automatic triggering of the network security policy execution;
and the secondary verification module is used for converting the new data request into a new network security feature vector after the network security policy is executed, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request allows access to the protected network.
Preferably, the system also comprises an alarm module for sending alarm information to the receiving terminal.
According to another aspect of the present invention there is provided a storage medium having stored thereon a computer program which when executed by a processor performs the steps of a network security monitoring method as described above.
According to still another aspect of the present invention, there is provided an electronic apparatus including:
a processor;
a storage medium having stored thereon a computer program which, when executed by the processor, performs the steps of a network security monitoring method as described above.
The beneficial effects of the invention are as follows:
the invention overcomes the defects that the prior network security equipment is needed to be manually configured by a professional engineer in the application scene of the network position during execution. Such configuration can be time consuming and requires high expertise by the configurator, while also ensuring that the configuration process is not error-prone, otherwise the network protected by the security device is subject to attack or other abuse. A network security monitoring method, system, device and storage medium are provided to improve the monitoring efficiency of network security, reduce the configuration threshold and reduce the labor cost.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is evident that the drawings in the following description are only some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a flow chart of a network security monitoring method according to an embodiment of the invention.
FIG. 2 is a block diagram of a network security monitoring system in accordance with one embodiment of the present invention.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Fig. 4 is a schematic diagram of a computer-readable storage medium in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
In some of the flows described in the specification and claims of the present invention and in the foregoing figures, a plurality of operations appearing in a particular order are included, but it should be clearly understood that the operations may be performed in other than the order in which they appear herein or in parallel, the sequence numbers of the operations being S100, S200, etc., merely used to distinguish between the various operations, the sequence numbers themselves not representing any order of execution. In addition, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.
The invention relates to a network security monitoring method, a device and a system, which are claimed by the invention, and further elaborated with reference to the accompanying drawings and the specific embodiments. Fig. 1 is a flow chart of a network security monitoring method according to an embodiment of the invention. FIG. 2 is a block diagram of a network security monitoring system in accordance with one embodiment of the present invention. Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the invention. Fig. 4 is a schematic diagram of a computer-readable storage medium in an embodiment of the invention.
According to an aspect of the present invention, there is provided a network security monitoring method, including the steps of:
s100, automatically selecting a configuration file to identify the protected network according to the type of the protected network;
s200, acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
s300: setting a network security monitoring neural network model, converting the data request and configuration information into network security feature vectors, inputting the network security feature vectors into the network security model, and outputting corresponding network security protection levels; the network safety monitoring neural network model is trained through a pre-established network safety monitoring training set while the network safety monitoring neural network model operates, so that the accuracy of the output value of the network safety monitoring neural network model is corrected in an auxiliary mode;
preferably, the network security monitoring neural network model is trained through a pre-established network security monitoring training set while the network security monitoring neural network model is running; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of the data inserted into the network security monitoring training set; and when the input frequency of the network security feature vector is N, inserting the network security monitoring training set data with the corresponding number of N1, wherein the input frequency N of the network security feature vector and the input number N1 of the network security monitoring training set data are adjusted in real time according to the actual data request frequency of the protected network.
S400, judging that an input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
preferably, the network security policy is comprised of at least one sub-policy including, but not limited to: access control policies, access conversion policies, traffic monitoring policies, vulnerability restoration policies, request interception policies.
And S500, sending alarm information to a receiving terminal, wherein the receiving terminal can select manual triggering or automatic triggering of the execution of the network security policy, after the execution of the network security policy, converting the new data request into a new network security feature vector, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request allows access to the protected network.
Preferably, the protected network is correspondingly provided with a network security device, and the network security device is automatically configured according to the network security policy so as to protect the protected network.
As shown in fig. 2, according to another aspect of the present invention, there is provided a network security monitoring system 500, including the following modules: a configuration module 501; a data request acquisition module 502; a network security monitoring neural network model module 503; the neural network model auxiliary correction module 504; a network security policy configuration module 505; a network security policy enforcement module 506; a secondary verification module 507; an alarm module 508.
A configuration module 501 for identifying a protected network;
a data request obtaining module 502, configured to obtain a data request of the protected network, where the data request carries configuration information of the configuration file;
a network security monitoring neural network model module 503, configured to convert the data request and configuration information into a network security feature vector, input the network security feature vector into the network security model, and output a corresponding network security protection level;
the neural network model auxiliary correction module 504 is used for training the network safety monitoring neural network model through a pre-established network safety monitoring training set while the network safety monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network safety monitoring neural network model;
the network security policy configuration module 505 judges that an input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
a network security policy enforcement module 506, where the receiving terminal may select to manually trigger or automatically trigger the network security policy enforcement;
and the secondary verification module 507 converts the new data request into a new network security feature vector after the network security policy is executed, inputs the new network security feature vector into the network security monitoring neural network model, and judges whether the new data request allows access to the protected network.
Preferably, an alarm module 508 is further included for sending alarm information to the receiving terminal.
According to still another aspect of the present invention, there is provided an electronic apparatus including:
a processor;
a storage medium having stored thereon a computer program which, when executed by the processor, performs the steps of a network security monitoring method as described above.
An electronic device 600 in accordance with one embodiment of the present application is described below with reference to fig. 4. The electronic device 600 shown in fig. 4 is merely an example, and should not impose any limitation on the functions and application scope of the embodiments of the present application.
As shown in fig. 4, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processor 610, at least one memory unit 620, a bus 630 connecting the different system components (including the memory unit 620 and the processor 610), a display unit 640, and the like.
Wherein the storage unit stores program code executable by the processor 610 such that the processor 610 performs steps according to various exemplary embodiments of the present application described in the above-described electronic prescription flow processing method section of the present specification. For example, the processor 610 may perform the steps in the above method.
The storage unit 620 may include storage media in the form of volatile storage units, such as Random Access Memory (RAM) 6201 and/or cache memory unit 6202, and may further include Read Only Memory (ROM) 6203.
The storage unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processor, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a tenant to interact with the electronic device 600, and/or any device (e.g., router, modem, etc.) that enables the electronic device 600 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
According to another aspect of the present invention there is provided a storage medium having stored thereon a computer program which when executed by a processor performs the steps of a network security monitoring method as described above.
Referring to fig. 3, in one embodiment, a program product 800 for implementing the one network security monitoring method may employ a portable compact disc read only memory (CD-ROM) and include program code and may run on a server. However, it will be appreciated by those skilled in the art that the program product referred to herein is not limited thereto, and that the computer storage medium may be any tangible medium that can contain, or store the program for use by or in connection with the instruction execution system, apparatus, or device.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, using Application Specific Integrated Circuits (ASIC), a general purpose computer or any other similar hardware device. In one embodiment, the software program of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs of the present application (including associated data structures) may be stored on a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. In addition, some steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
Furthermore, portions of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods or techniques in accordance with the present application by way of operation of the computer. Those skilled in the art will appreciate that the form of computer program instructions present in a computer storage medium includes, but is not limited to, source files, executable files, installation package files, etc., and accordingly, the manner in which computer program instructions are executed by a computer includes, but is not limited to: the computer directly executes the instruction, or the computer compiles the instruction and then executes the corresponding compiled program, or the computer reads and executes the instruction, or the computer reads and installs the instruction and then executes the corresponding installed program. Herein, a computer storage medium may be any available computer readable storage medium or communication medium that can be accessed by a computer.
Communication media includes media whereby a communication signal containing, for example, computer readable instructions, data structures, program modules, or other data, is transferred from one system to another. Communication media may include conductive transmission media such as electrical cables and wires (e.g., optical fibers, coaxial, etc.) and wireless (non-conductive transmission) media capable of transmitting energy waves, such as acoustic, electromagnetic, RF, microwave, and infrared. Computer readable instructions, data structures, program modules, or other data may be embodied as a modulated data signal, for example, in a wireless medium, such as a carrier wave or similar mechanism, such as that embodied as part of spread spectrum technology. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. The modulation may be analog, digital or hybrid modulation techniques.
By way of example, and not limitation, computer-readable storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. For example, computer-readable storage media include, but are not limited to, volatile memory, such as random access memory (RAM, DRAM, SRAM); and nonvolatile memory such as flash memory, various read only memory (ROM, PROM, EPROM, EEPROM), magnetic and ferromagnetic/ferroelectric memory (MRAM, feRAM); and magnetic and optical storage devices (hard disk, tape, CD, DVD); or other now known media or later developed computer-readable information or data that can be stored for use by a computer system.
In summary, the present invention overcomes the existing network security devices, and the manual configuration by a professional engineer is necessary in the application scenario of the network location when executing. Such configuration can be time consuming and requires high expertise by the configurator, while also ensuring that the configuration process is not error-prone, otherwise the network protected by the security device is subject to attack or other abuse. A network security monitoring method, system, device and storage medium are provided to improve the monitoring efficiency of network security, reduce the configuration threshold and reduce the labor cost.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.

Claims (7)

1. The network security monitoring method is characterized by comprising the following steps of:
automatically selecting a configuration file to identify the protected network according to the type of the protected network;
acquiring a data request of the protected network, wherein the data request carries configuration information of the configuration file;
setting a network security monitoring neural network model, converting the data request and configuration information into network security feature vectors, inputting the network security feature vectors into the network security monitoring neural network model, and outputting corresponding network security protection levels; the network safety monitoring neural network model is trained through a pre-established network safety monitoring training set while the network safety monitoring neural network model operates, so that the accuracy of the output value of the network safety monitoring neural network model is corrected in an auxiliary mode;
judging that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
the receiving terminal can select manual triggering or automatic triggering of the execution of the network security policy, after the execution of the network security policy, the new data request is converted into a new network security feature vector, the new network security feature vector is input into the network security monitoring neural network model, and whether the new data request is allowed to be accessed to the protected network is judged;
the network security monitoring neural network model is trained through a pre-established network security monitoring training set while the network security monitoring neural network model operates; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of the data inserted into the network security monitoring training set; and when the input frequency of the network security feature vector is N, inserting the network security monitoring training set data with the corresponding number of N1, wherein the input frequency N of the network security feature vector and the input number N1 of the network security monitoring training set data are adjusted in real time according to the actual data request frequency of the protected network.
2. A network security monitoring method according to claim 1, wherein the network security policy is comprised of at least one sub-policy including, but not limited to: access control policies, access conversion policies, traffic monitoring policies, vulnerability restoration policies, request interception policies.
3. A network security monitoring method according to claim 1, wherein the protected network is provided with a network security device, and the network security device is automatically configured according to the network security policy to protect the protected network.
4. A network security monitoring system, comprising:
a configuration module for identifying a protected network;
the data request acquisition module is used for acquiring a data request of the protected network, wherein the data request carries configuration information of a configuration file;
the network security monitoring neural network model module is used for converting the data request and the configuration information into network security feature vectors, inputting the network security feature vectors into a network security monitoring neural network model and outputting corresponding network security protection levels;
the neural network model auxiliary correction module is used for training the network safety monitoring neural network model through a pre-established network safety monitoring training set when the network safety monitoring neural network model operates so as to assist in correcting the accuracy of the output value of the network safety monitoring neural network model;
the network security monitoring neural network model is trained through a pre-established network security monitoring training set while the network security monitoring neural network model operates; the method comprises the following steps: acquiring the input frequency of the network security feature vector in real time, wherein the input frequency is set to be at least one frequency band, and each frequency band corresponds to the quantity of the data inserted into the network security monitoring training set; when the input frequency of the network security feature vector is N, inserting network security monitoring training set data with the corresponding number of N1, wherein the input frequency N of the network security feature vector and the input number N1 of the network security monitoring training set data are adjusted in real time according to the data request frequency of the actual protected network;
the network security policy configuration module judges that the input value corresponding to the output network security protection level is a network security feature vector or the network security monitoring training set data according to the configuration information; combining the network security protection level output by the network security feature vector with the configuration information to configure a corresponding network security policy;
the receiving terminal can select manual triggering or automatic triggering of the network security policy execution;
and the secondary verification module is used for converting the new data request into a new network security feature vector after the network security policy is executed, inputting the new network security feature vector into the network security monitoring neural network model, and judging whether the new data request allows access to the protected network.
5. A network security monitor system as set forth in claim 4, wherein,
the system also comprises an alarm module which is used for sending alarm information to the receiving terminal.
6. A storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of a network security monitoring method according to any of claims 1-4.
7. An electronic device, the electronic device comprising:
a processor;
a storage medium having stored thereon a computer program which, when executed by the processor, performs the steps of a network security monitoring method as claimed in any of claims 1 to 4.
CN202211363935.7A 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium Active CN115604018B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211363935.7A CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211363935.7A CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115604018A CN115604018A (en) 2023-01-13
CN115604018B true CN115604018B (en) 2023-05-05

Family

ID=84850580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211363935.7A Active CN115604018B (en) 2022-11-02 2022-11-02 Network security monitoring method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115604018B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109379379A (en) * 2018-12-06 2019-02-22 中国民航大学 Based on the network inbreak detection method for improving convolutional neural networks
CN111917781A (en) * 2020-08-05 2020-11-10 湖南匡楚科技有限公司 Intelligent internal malicious behavior network attack identification method and electronic equipment
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium
CN113965397A (en) * 2021-10-28 2022-01-21 公诚管理咨询有限公司 Credit network security management method, device, computer equipment and storage medium
CN114944961A (en) * 2022-07-01 2022-08-26 广东瑞普科技股份有限公司 Network security protection method, device and system and electronic equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935600B (en) * 2015-06-19 2019-03-22 中国电子科技集团公司第五十四研究所 A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning
CN113742738A (en) * 2020-05-27 2021-12-03 富泰华工业(深圳)有限公司 Model parameter safety protection method, safety protection device and computer device
CN113242218A (en) * 2021-04-23 2021-08-10 葛崇振 Network security monitoring method and system
CN114915496B (en) * 2022-07-11 2023-01-10 广州番禺职业技术学院 Network intrusion detection method and device based on time weight and deep neural network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109379379A (en) * 2018-12-06 2019-02-22 中国民航大学 Based on the network inbreak detection method for improving convolutional neural networks
CN111917781A (en) * 2020-08-05 2020-11-10 湖南匡楚科技有限公司 Intelligent internal malicious behavior network attack identification method and electronic equipment
CN113965397A (en) * 2021-10-28 2022-01-21 公诚管理咨询有限公司 Credit network security management method, device, computer equipment and storage medium
CN113965406A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Network blocking method, device, electronic device and storage medium
CN114944961A (en) * 2022-07-01 2022-08-26 广东瑞普科技股份有限公司 Network security protection method, device and system and electronic equipment

Also Published As

Publication number Publication date
CN115604018A (en) 2023-01-13

Similar Documents

Publication Publication Date Title
CN112351031B (en) Method and device for generating attack behavior portraits, electronic equipment and storage medium
US11022949B2 (en) PLC virtual patching and automated distribution of security context
KR101883400B1 (en) detecting methods and systems of security vulnerability using agentless
Kholidy et al. A finite state hidden markov model for predicting multistage attacks in cloud systems
CN112187792A (en) Network information safety protection system based on internet
CN112783518B (en) Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method
CN103117993B (en) For the method, apparatus and product of the fire wall for providing Process Control System
CN110276198B (en) Embedded variable granularity control flow verification method and system based on probability prediction
CN112653654A (en) Security monitoring method and device, computer equipment and storage medium
EP4104410B1 (en) Security automation system with machine learning functions
CN114584405A (en) Electric power terminal safety protection method and system
CN112615858B (en) Internet of things equipment monitoring method, device and system
US20200084235A1 (en) Method and device for identifying security threats, storage medium, processor and terminal
Kholidy et al. Online risk assessment and prediction models for Autonomic Cloud Intrusion srevention systems
CN115604018B (en) Network security monitoring method, system, equipment and storage medium
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
CN113225331A (en) Method, system and device for detecting host intrusion safety based on graph neural network
CN111539644A (en) Network asset risk control method and device
CN112769815B (en) Intelligent industrial control safety monitoring and protecting method and system
CN112437043B (en) Security guarantee method based on bidirectional access control
CN113254936A (en) Terminal safety management and control platform based on brain-like calculation
CN109151051B (en) Data security enhancement method in cloud computing environment
WO2018004523A1 (en) Plc virtual patching and automated distribution of security context
Antonov et al. Method for risk evaluation of functional instability of hardware and software systems under external information technology interference
CN116866091B (en) Firewall protection system, method, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant