CN116471052A - Associated weight type network safety protection system based on cloud computing - Google Patents
Associated weight type network safety protection system based on cloud computing Download PDFInfo
- Publication number
- CN116471052A CN116471052A CN202310283560.1A CN202310283560A CN116471052A CN 116471052 A CN116471052 A CN 116471052A CN 202310283560 A CN202310283560 A CN 202310283560A CN 116471052 A CN116471052 A CN 116471052A
- Authority
- CN
- China
- Prior art keywords
- application program
- network security
- risk assessment
- module
- abnormal operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012502 risk assessment Methods 0.000 claims abstract description 88
- 238000012544 monitoring process Methods 0.000 claims abstract description 56
- 238000000034 method Methods 0.000 claims abstract description 19
- 230000002159 abnormal effect Effects 0.000 claims description 125
- 238000011156 evaluation Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 14
- 238000007726 management method Methods 0.000 claims description 13
- 238000010606 normalization Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 238000003786 synthesis reaction Methods 0.000 claims description 3
- 230000002194 synthesizing effect Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 2
- 230000005856 abnormality Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 4
- 230000006872 improvement Effects 0.000 description 4
- 230000000737 periodic effect Effects 0.000 description 4
- 230000002349 favourable effect Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a cloud computing-based association weight type network security protection system, which particularly relates to the technical field of network security protection, and comprises an application program information acquisition module, an application program information monitoring module, an application program analysis module, an application program risk assessment module, an application program security assessment module, a network security monitoring module and a network security management module; the application information acquisition module is used for acquiring basic information of an application to be online in the target mobile device, finishing application information auditing and establishing an application database to form an application; according to the invention, the application program in the target mobile device is monitored and managed in multiple aspects to form judgment, and the risk assessment index and the safety protection assessment index are traced back based on the judgment result, so that the method is beneficial to rapidly judging the reasons for causing network safety abnormality of the application program, and further is beneficial to improving the network safety protection of the application program by program management personnel.
Description
Technical Field
The invention relates to the technical field of network security protection, in particular to a cloud computing-based association weight type network security protection system.
Background
With the continuous expansion of the scale of mobile internet users, mobile phones, tablets and other mobile hand Internet surfing terminals, the current application malls are quite many, and the whole application mall is chaotic due to the lack of safety supervision of some safety programs of the application mall, after the application programs are downloaded, application mall management staff are used for detecting the application programs, and the detection targets are mainly divided into two types, namely malicious behaviors, wherein the malicious behaviors refer to utilization infringement of the mobile device users and mobile device systems caused by the application programs with some malicious purposes in the mobile device, such as privacy exposure, consumption self-fees or destruction of the mobile device systems and other infringement behaviors; the other is sensitive behavior, namely, equipment ID, position information or SIM card serial number are acquired, and the behavior can not cause direct damage to a system, but the information is stolen by other illegal application programs due to the acquisition of the information, so that a user sends a short message or a multimedia message without knowledge, and potential safety hazards are caused.
At present, the network security protection system collects data through an application program, the application program is audited, and after the auditing is passed, the mobile equipment can download the application program in an application mall to provide services for registered users. In order to improve the network security of the application program, application program management personnel need to check the application program regularly to judge whether the application program is abnormal, if so, the application program is processed in a targeted manner, however, in the existing network security protection, the factors causing the network unsafe are many, and only a single check factor can be judged, so that the judgment in multiple aspects is not achieved, the workload is increased for the application program management personnel, and the efficiency of the network security protection is reduced.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks of the prior art, an embodiment of the present invention provides a cloud computing-based association weight type network security protection system, so as to solve the problems set forth in the above-mentioned background art.
In order to achieve the above purpose, the present invention provides the following technical solutions: the association weight type network security protection system based on cloud computing comprises an application program information acquisition module, an application program information monitoring module, an application program analysis module, an application program risk assessment module, an application program security assessment module, a network security monitoring module and a network security management module;
the application information acquisition module is used for acquiring basic information of an application to be online in the target mobile device, finishing application information auditing and establishing an application database to form an application;
the application program information monitoring module is used for monitoring information of an online application program in the target mobile device, acquiring an application program downloading record in the period and forming a downloading data chart;
the application program analysis module is used for counting abnormal operation conditions of the application program in the target mobile equipment in the period, counting and confirming abnormal operation data and marking the abnormal operation;
the application risk assessment module is used for carrying out risk assessment on the online application of the target mobile equipment, forming a risk assessment index, comparing the risk assessment index with a threshold value, judging whether the threshold value is exceeded or not, and marking abnormal operation factors if the threshold value is exceeded;
the application program safety evaluation module is used for carrying out safety protection evaluation on an online application program in the target mobile equipment, forming a safety protection index, comparing the safety protection index with a threshold value, and if the safety protection index exceeds the threshold value, marking abnormal operation factors;
the network security monitoring module is used for correlating the risk assessment index with the security protection index to form a network security weight coefficient;
the network security management module is used for receiving the network security weight coefficient result to determine the abnormal operation factor of the application program in the target mobile device, transmitting the abnormal operation factor to the cloud server, and improving the network security protection of the application program by the cloud server application program manager.
In a preferred embodiment, the application information acquisition module is connected to an application information monitoring module, the application analysis module is connected to an application information monitoring module and an application risk assessment module, the application security assessment module is connected to an application risk assessment module and a network security monitoring module, and the network security monitoring module is connected to a network security management module.
In a preferred embodiment, the specific content of the application information obtaining module for auditing the application information includes: basic information of an application program to be online is obtained, and preliminary auditing is carried out on the basic information; performing complete testing and performance evaluation on the application program to be online, and establishing an application program database; finishing application verification and authority verification through the performance evaluation result to form an application program; the basic information comprises developer basic information, application program type and application program name, and the information audit is completed by an artificial or intelligent computer.
In a preferred embodiment, the method for monitoring information by the online application in the application information monitoring module specifically includes the following steps:
s101, acquiring all registered user information of an online application program of an application mall in a target mobile device and operation records of the registered user on the online application program, wherein the operation records comprise user registration information, user browsing behavior data obtained in a log and the like;
s102, monitoring the operation of a registered user on an online application program of the target mobile device to form a monitoring record;
s103, acquiring the monitoring record, forming a data chart, and uploading the data chart to a cloud server or a database.
In a preferred embodiment, the specific steps of counting abnormal operation and identification in the application analysis module include the following steps:
s201, recording abnormal operation generated by an online application program in the target mobile device for one day or one week or other time intervals in the period;
s202, carrying out abnormal operation correspondence on the occurrence time of the abnormal operation, the monitoring record of the corresponding time and the account number of the registered user;
s203, judging whether the abnormal operation generated in the period is a new abnormal operation, if so, marking to form an abnormal mark, and storing the abnormal mark in the cloud server.
In a preferred embodiment, the specific steps of the risk assessment index in the application risk assessment module are as follows:
s301, when a registered user logs in an online application program, determining an active proportion Hl of an account;
hl represents the active proportion of the registered user account in the period, yc represents the total number of times the registered user logs in the online application program, and Zq represents the unit period substituted into the account activity calculation formula:wherein zq=24 h;
s302, determining abnormal operation degree Yd of the online application program when a registered user uses the online application program;
s303, monitoring the abnormal information acquisition times of the online application program received by other application programs when the online application program runs, determining the information acquisition duty ratio of the application program received by other application programs, and marking the information acquisition duty ratio as an abnormal information acquisition duty ratio Xz;
s304, carrying out normalization processing on the account active proportion Hl, the abnormal operation degree Yd and the abnormal information acquisition duty ratio Xz, and synthesizing to form a risk assessment index Fg, wherein the calculation formula of the risk assessment index Fg is as follows:
wherein alpha is 1 An influence factor expressed as account liveness, alpha 2 An influence factor expressed as the degree of abnormal operation, alpha 3 And the influence factors expressed as abnormal information acquisition are adjusted by cloud service end application program management personnel according to actual conditions.
S305, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, analyzing whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio of the account number exceed constant values, namely judging whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio exceed the constant values, and improving the judging result.
In a preferred embodiment, the specific steps of the security protection index in the application security assessment module are as follows:
s401, counting the protection data quantity Fs of an application program in the target mobile device from the occurrence start of the first abnormal operation to the end of the last abnormal operation in the period;
s402, periodically detecting an application program in the target mobile equipment, determining the occurrence of sending out safety protection prompt times, recording the safety protection type, and recording the abnormal operation proportion Fz of safety protection treatment;
s403, counting effective safety protection of the target mobile equipment and counting failure rate Sx of the safety protection when the abnormal operation starts and ends in the period;
s404, carrying out normalization processing on the protection data quantity Fs, the safety protection processing occupying abnormal operation proportion Fz and the safety protection failure rate Sx, and then forming a safety protection index Ah of an online application program in the target mobile equipment after synthesis, wherein the judgment formula of the safety protection index Ah is as follows:
wherein beta is 1 Beta and beta 2 The application manager adjusts the parameters according to actual operations so that the parameters can be changed.
S405, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, the online application program is abnormal, and indicating that the online application program has potential safety hazards.
In a preferred embodiment, the specific steps for forming the network security weight coefficient in the network security monitoring module include the following steps:
s501, dividing the present period into equidistant periods and labeled i=1, 2..n-1, n; respectively obtaining a risk assessment index Fg and a safety protection assessment index Ah;
s501, respectively carrying out normalization treatment on the risk assessment index Fg and the safety protection assessment index Ah:
s503, associating the two to form a network security weight coefficient Wa, wherein the association method accords with the following formula:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1;
Wherein lambda is 1 、λ 2 Is the weight.
In a preferred embodiment, the specific method for analyzing the abnormal running factor of the application program in the target mobile device after the network security management module receives the network security weight coefficient result is as follows:
s601, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is higher than the preset network security weight coefficient threshold value, and if so, indicating that the network protection of an application program in the target mobile equipment is safe, wherein excessive processing is not needed temporarily; directly storing the network security result to the cloud server;
s602, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is lower than the preset network security weight coefficient threshold value, if so, indicating that an application program in target mobile equipment needs to enhance protection treatment, and judging whether a risk assessment index and a security protection assessment index are abnormal;
and S603, judging a risk assessment index or a difference value between the safety protection assessment index and a threshold value, if the risk assessment index is higher than the threshold value or the safety protection assessment index is lower than the threshold value, further tracing the reason for abnormal operation, storing the reason and a network safety result to a cloud server, and improving the network safety protection of the application program by a cloud server application program manager.
The invention has the technical effects and advantages that:
(1) According to the method, the risk assessment index is formed after the account number active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio are integrated, the influence factors are adjusted according to actual conditions, the risk hidden danger of the online application program in the target mobile device is comprehensively judged, the cause of the risk hidden danger is determined, and further improvement and protection measures are facilitated for the online application program for application program management staff.
(2) The method comprises the steps that when a registered user runs an online application program, usage data of the registered user during login are collected, after function fitting is carried out by utilizing a safety protection index, a safety protection index model of the online application program in a target mobile device is obtained, whether periodic information theft of the online application program exists or not is judged through the safety protection index model, if the information theft is lower than a preset safety protection index threshold value, a protection scheme in which safety protection occurs is traced back, targeted and periodic safety protection is carried out on the online application program, and the safety feeling of the registered user of the application program is improved;
(3) According to the invention, the risk assessment index and the safety protection assessment index are mutually associated to form a new network safety weight coefficient, and the network safety weight coefficient is compared with the threshold value, so that the application program in the target mobile equipment is monitored and managed in multiple aspects to form judgment, the risk assessment index and the safety protection assessment index are respectively traced back based on the judgment result, and the abnormal operation factors are marked, so that the method is favorable for rapidly judging the reason causing the network safety abnormality of the application program, and further the improvement of the network safety protection of the application program by program management personnel is realized.
Drawings
Fig. 1 is a block diagram of a system architecture of the present invention.
Fig. 2 is a flow chart of the network security protection weight coefficient of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1-2, the present embodiment provides a cloud computing-based association weight type network security protection system, which includes an application information acquisition module, an application information monitoring module, an application analysis module, an application risk assessment module, an application security assessment module, a network security monitoring module, and a network security management module;
the application program information acquisition module is connected with the application program information monitoring module, the application program analysis module is connected with the application program information monitoring module and the application program risk assessment module, the application program safety assessment module is connected with the application program risk assessment module and the network safety monitoring module, and the network safety monitoring module is connected with the network safety management module;
the application information acquisition module is used for acquiring basic information of an application to be online in the target mobile device, finishing application information auditing and establishing an application database to form an application.
In this embodiment, it needs to be specifically described that the specific contents of the application information obtaining module for auditing the information of the application include: basic information of an application program to be online is obtained, and preliminary auditing is carried out on the basic information; performing complete testing and performance evaluation on the application program to be online, and establishing an application program database; and finishing application verification and authority verification through the performance evaluation result to form an application program. The basic information includes developer basic information, application program type, application program name, etc., and the information auditing in this embodiment is completed by an artificial or intelligent computer, without specific limitation.
The application program information monitoring module is used for monitoring information of an online application program in the target mobile device, acquiring an application program downloading record in the period and forming a downloading data chart;
in this embodiment, it is to be specifically described that the method for information monitoring by the online application in the application information monitoring module specifically includes the following steps:
s101, acquiring all registered user information of an online application program of an application mall in a target mobile device and operation records of the registered user on the online application program, wherein the operation records comprise user registration information, user browsing behavior data obtained in a log and the like;
s102, monitoring the operation of a registered user on an online application program of the target mobile device to form a monitoring record;
s103, acquiring the monitoring record, forming a data chart, and uploading the data chart to a cloud server or a database.
In this embodiment, by uploading and saving the monitoring record, when the online application program in the target mobile device generates a network security hidden trouble, the monitoring record is traced back, which is favorable for tracing the network security hidden trouble, sending unsafe information early warning to the application program manager and processing the network security hidden trouble generated by the online application program.
The application program analysis module is used for counting abnormal operation conditions of the application program in the target mobile equipment in the period, counting and confirming abnormal operation data and marking the abnormal operation;
in this embodiment, it is to be specifically described that the specific steps of counting abnormal operation and identifying in the application analysis module include the following steps:
s201, recording abnormal operation generated by an online application program in the target mobile device for one day or one week or other time intervals in the period;
s202, carrying out abnormal operation correspondence on the occurrence time of the abnormal operation, the monitoring record of the corresponding time and the account number of the registered user;
s203, judging whether the abnormal operation generated in the period is a new abnormal operation, if so, marking to form an abnormal mark, and storing the abnormal mark in the cloud server.
In this embodiment, through associating and marking the time when the online application program is abnormal, the monitoring record corresponding to the time, and the abnormal operation generated by the account number of the registered user, the generated abnormal operation is checked in a targeted manner, and if the abnormal operation is a new abnormal operation, the abnormal operation is determined to be a potential safety hazard, and is used as an influencing factor for judging the abnormal operation generated by the online application program in the target mobile device.
The application risk assessment module is used for carrying out risk assessment on the online application of the target mobile equipment, forming a risk assessment index, comparing the risk assessment index with a threshold value, judging whether the threshold value is exceeded or not, and marking abnormal operation factors if the threshold value is exceeded;
in this embodiment, specific steps of the risk assessment index in the application risk assessment module are as follows:
s301, when a registered user logs in an online application program, determining an active proportion Hl of an account;
hl represents the active proportion of the registered user account in the period, yc represents the total number of times the registered user logs in to the online application program, zq represents the unit period substitutionIn the account liveness calculation formula:wherein zq=24 h;
s302, determining abnormal operation degree Yd of the online application program when a registered user uses the online application program;
the abnormal operation degree of the online application program refers to the abnormal operation times of all registered users in the application program using process in one period, wherein the abnormal operation comprises that the information of the registered users is stolen, various application programs are downloaded in a binding mode, advertisements are abnormally jumped out and cannot be closed, the application programs are invaded or invaded into other application program operation spaces, and the like, and the abnormal operation degree is not limited; irregular operation of downloading other application programs or viruses when the application program runs causes the target mobile device to be incapable of being used normally, and the like.
S303, monitoring the abnormal information acquisition times of the online application program received by other application programs when the online application program runs, determining the information acquisition duty ratio of the application program received by other application programs, and marking the information acquisition duty ratio as an abnormal information acquisition duty ratio Xz;
the abnormal information acquisition refers to illegal or abnormal means theft of information under the condition that the information is not allowed by a registered user or an online application program.
S304, carrying out normalization processing on the account active proportion Hl, the abnormal operation degree Yd and the abnormal information acquisition duty ratio Xz, and synthesizing to form a risk assessment index Fg, wherein the calculation formula of the risk assessment index Fg is as follows:
wherein alpha is 1 An influence factor expressed as account liveness, alpha 2 An influence factor expressed as the degree of abnormal operation, alpha 3 And the influence factors expressed as abnormal information acquisition are adjusted by cloud service end application program management personnel according to actual conditions.
S305, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, analyzing whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio of the account number exceed constant values, namely judging whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio exceed the constant values, and improving the judging result.
In this embodiment, the risk assessment index is formed after the account number active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio are integrated, the influence factor is adjusted according to the actual situation, the risk hidden danger of the online application program in the target mobile device is comprehensively judged, the cause of the risk hidden danger is determined, and further improvement and protection measures are facilitated for the online application program for application program management personnel.
The application program safety evaluation module is used for carrying out safety protection evaluation on an online application program in the target mobile equipment, forming a safety protection index, comparing the safety protection index with a threshold value, and if the safety protection index exceeds the threshold value, marking abnormal operation factors;
in this embodiment, it is to be specifically explained that the specific steps of the security protection index in the application security evaluation module are contained as follows:
s401, counting the protection data quantity Fs of an application program in the target mobile device from the occurrence start of the first abnormal operation to the end of the last abnormal operation in the period;
s402, periodically detecting the application program in the target mobile device, and exemplarily detecting the application program in the target mobile device for 7 times in a set period time, determining the occurrence of sending out the safety protection prompt times and recording the safety protection type, wherein the recorded safety protection treatment occupies an abnormal operation proportion Fz;
s403, counting effective safety protection of the target mobile equipment and counting failure rate Sx of the safety protection when the abnormal operation starts and ends in the period;
s404, carrying out normalization processing on the protection data quantity Fs, the safety protection processing occupying abnormal operation proportion Fz and the safety protection failure rate Sx, and then forming a safety protection index Ah of an online application program in the target mobile equipment after synthesis, wherein the judgment formula of the safety protection index Ah is as follows:
wherein beta is 1 Beta and beta 2 The application manager adjusts the parameters according to actual operations so that the parameters can be changed.
S405, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, the online application program is abnormal, and indicating that the online application program has potential safety hazards.
In this embodiment, when the online application is running, the registered user collects the usage data when the registered user logs in, and uses the security protection index to perform function fitting, then obtains the security protection index model of the online application in the target mobile device, determines whether periodic information theft exists in the online application through the security protection index model, and backtracks the protection scheme in which the security protection appears if the security protection index is lower than the preset security protection index threshold, thereby being beneficial to performing targeted and periodic security protection on the online application and improving the security feeling of the registered user of the application.
The network security monitoring module is used for correlating the risk assessment index with the security protection index to form a network security weight coefficient;
in this embodiment, it is to be specifically described that the specific steps for forming the network security weight coefficient in the network security monitoring module include the following steps:
s501, dividing the present period into equidistant periods and labeled i=1, 2..n-1, n; respectively obtaining a risk assessment index Fg and a safety protection assessment index Ah;
s501, respectively carrying out normalization treatment on the risk assessment index Fg and the safety protection assessment index Ah:
s503, associating the two to form a network security weight coefficient Wa, wherein the association method accords with the following formula:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1;
Wherein lambda is 1 、λ 2 For the weights, the settings are adjusted by the manager.
The network security management module is used for receiving the network security weight coefficient result to determine the abnormal operation factor of the application program in the target mobile device, transmitting the abnormal operation factor to the cloud server, and improving the network security protection of the application program by the cloud server application program manager.
In this embodiment, it needs to be specifically described that the specific method for analyzing the abnormal running factor of the application program in the target mobile device after the network security management module receives the network security weight coefficient result is as follows:
s601, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is higher than the preset network security weight coefficient threshold value, and if so, indicating that the network protection of an application program in the target mobile equipment is safe, wherein excessive processing is not needed temporarily; directly storing the network security result to the cloud server;
s602, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is lower than the preset network security weight coefficient threshold value, if so, indicating that an application program in target mobile equipment needs to enhance protection treatment, and judging whether a risk assessment index and a security protection assessment index are abnormal;
and S603, judging a risk assessment index or a difference value between the safety protection assessment index and a threshold value, if the risk assessment index is higher than the threshold value or the safety protection assessment index is lower than the threshold value, further tracing the reason for abnormal operation, storing the reason and a network safety result to a cloud server, and improving the network safety protection of the application program by a cloud server application program manager.
In this embodiment, a new network security weight coefficient is formed by correlating the risk assessment index and the security protection assessment index, and the network security coefficient is compared with a threshold value, so that an application program in the target mobile device is monitored and managed from multiple aspects, a judgment is formed, the risk assessment index and the security protection assessment index are respectively traced back based on the judgment result, and because the abnormal operation factors are marked, the method is favorable for rapidly judging the reason causing the network security abnormality of the application program, and further is an improvement for improving the network security protection of the application program by a program manager.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
Other embodiments or specific implementations of a cloud computing-based association weighting type network security protection system may refer to the above method embodiments, and are not described herein.
Embodiments of the present application may be applied to computer systems/servers that are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the computer system/server include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
A computer system/server may be described in the general context of computer-system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
Finally: the foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (9)
1. The utility model provides a correlation weight type network safety protection system based on cloud calculates which characterized in that: the system comprises an application program information acquisition module, an application program information monitoring module, an application program analysis module, an application program risk assessment module, an application program safety assessment module, a network safety monitoring module and a network safety management module;
the application information acquisition module is used for acquiring basic information of an application to be online in the target mobile device, finishing application information auditing and establishing an application database to form an application;
the application program information monitoring module is used for monitoring information of an online application program in the target mobile device, acquiring an application program downloading record in the period and forming a downloading data chart;
the application program analysis module is used for counting abnormal operation conditions of the application program in the target mobile equipment in the period, counting and confirming abnormal operation data and marking the abnormal operation;
the application risk assessment module is used for carrying out risk assessment on the online application of the target mobile equipment, forming a risk assessment index, comparing the risk assessment index with a threshold value, judging whether the threshold value is exceeded or not, and marking abnormal operation factors if the threshold value is exceeded;
the application program safety evaluation module is used for carrying out safety protection evaluation on an online application program in the target mobile equipment, forming a safety protection index, comparing the safety protection index with a threshold value, and if the safety protection index exceeds the threshold value, marking abnormal operation factors;
the network security monitoring module is used for correlating the risk assessment index with the security protection index to form a network security weight coefficient;
the network security management module is used for receiving the network security weight coefficient result to determine the abnormal operation factor of the application program in the target mobile device, transmitting the abnormal operation factor to the cloud server, and improving the network security protection of the application program by the cloud server application program manager.
2. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the application program information acquisition module is connected with the application program information monitoring module, the application program analysis module is connected with the application program information monitoring module and the application program risk assessment module, the application program safety assessment module is connected with the application program risk assessment module and the network safety monitoring module, and the network safety monitoring module is connected with the network safety management module.
3. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the application information acquisition module is used for auditing specific contents of the application information to be checked and examined, and comprises the following steps: basic information of an application program to be online is obtained, and preliminary auditing is carried out on the basic information; performing complete testing and performance evaluation on the application program to be online, and establishing an application program database; finishing application verification and authority verification through the performance evaluation result to form an application program; the basic information comprises developer basic information, application program type and application program name, and the information audit is completed by an artificial or intelligent computer.
4. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the method for monitoring the information by the online application program in the application program information monitoring module specifically comprises the following steps:
s101, acquiring all registered user information of an online application program of an application mall in a target mobile device and operation records of the registered user on the online application program, wherein the operation records comprise user registration information, user browsing behavior data obtained in a log and the like;
s102, monitoring the operation of a registered user on an online application program of the target mobile device to form a monitoring record;
s103, acquiring the monitoring record, forming a data chart, and uploading the data chart to a cloud server or a database.
5. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the specific steps of counting abnormal operation and identifying in the application program analysis module comprise the following steps:
s201, recording abnormal operation generated by an online application program in the target mobile device for one day or one week or other time intervals in the period;
s202, carrying out abnormal operation correspondence on the occurrence time of the abnormal operation, the monitoring record of the corresponding time and the account number of the registered user;
s203, judging whether the abnormal operation generated in the period is a new abnormal operation, if so, marking to form an abnormal mark, and storing the abnormal mark in the cloud server.
6. The method of the association weight type network security protection system based on cloud computing as claimed in claim 1, wherein the method comprises the following steps: the specific steps of the risk assessment index in the application risk assessment module are as follows:
s301, when a registered user logs in an online application program, determining an active proportion Hl of an account;
hl represents the active proportion of the registered user account in the period, yc represents the total number of times the registered user logs in the online application program, and Zq represents the unit period substituted into the account activity calculation formula:wherein zq=24 h;
s302, determining abnormal operation degree Yd of the online application program when a registered user uses the online application program;
s303, monitoring the abnormal information acquisition times of the online application program received by other application programs when the online application program runs, determining the information acquisition duty ratio of the application program received by other application programs, and marking the information acquisition duty ratio as an abnormal information acquisition duty ratio Xz;
s304, carrying out normalization processing on the account active proportion Hl, the abnormal operation degree Yd and the abnormal information acquisition duty ratio Xz, and synthesizing to form a risk assessment index Fg, wherein the calculation formula of the risk assessment index Fg is as follows:
wherein alpha is 1 An influence factor expressed as account liveness, alpha 2 An influence factor expressed as the degree of abnormal operation, alpha 3 The influence factors expressed as abnormal information acquisition are supposed to be obtained by the cloud serverAnd adjusting by a program manager according to actual conditions.
S305, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, analyzing whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio of the account number exceed constant values, namely judging whether the active proportion, the abnormal operation degree and the abnormal information acquisition duty ratio exceed the constant values, and improving the judging result.
7. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the specific steps of the safety protection index in the application program safety evaluation module are as follows:
s401, counting the protection data quantity Fs of an application program in the target mobile device from the occurrence start of the first abnormal operation to the end of the last abnormal operation in the period;
s402, periodically detecting an application program in the target mobile equipment, determining the occurrence of sending out safety protection prompt times, recording the safety protection type, and recording the abnormal operation proportion Fz of safety protection treatment;
s403, counting effective safety protection of the target mobile equipment and counting failure rate Sx of the safety protection when the abnormal operation starts and ends in the period;
s404, carrying out normalization processing on the protection data quantity Fs, the safety protection processing occupying abnormal operation proportion Fz and the safety protection failure rate Sx, and then forming a safety protection index Ah of an online application program in the target mobile equipment after synthesis, wherein the judgment formula of the safety protection index Ah is as follows:
wherein beta is 1 Beta and beta 2 To change the parameters, the application program is used for managingThe personnel adjust according to the actual operation.
S405, comparing the risk assessment index with a preset risk assessment index threshold, if the risk assessment index is lower than the preset risk assessment index threshold, judging that an online application program in the target mobile device has no temporary safety risk after eliminating various factors, and if the risk assessment index is higher than the preset risk assessment index threshold, the online application program is abnormal, and indicating that the online application program has potential safety hazards.
8. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the specific steps for forming the network security weight coefficient in the network security monitoring module comprise the following steps:
s501, dividing the present period into equidistant periods and labeled i=1, 2..n-1, n; respectively obtaining a risk assessment index Fg and a safety protection assessment index Ah;
s501, respectively carrying out normalization treatment on the risk assessment index Fg and the safety protection assessment index Ah:
s503, associating the two to form a network security weight coefficient Wa, wherein the association method accords with the following formula:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1;
Wherein lambda is 1 、λ 2 Is the weight.
9. The cloud computing-based association weight type network security protection system according to claim 1, wherein: the specific method for analyzing the abnormal operation factors of the application program in the target mobile equipment after the network security management module receives the network security weight coefficient result is as follows:
s601, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is higher than the preset network security weight coefficient threshold value, and if so, indicating that the network protection of an application program in the target mobile equipment is safe, wherein excessive processing is not needed temporarily; directly storing the network security result to the cloud server;
s602, acquiring a network security weight coefficient, comparing the network security weight coefficient with a preset network security weight coefficient threshold value, judging whether the network security weight coefficient is lower than the preset network security weight coefficient threshold value, if so, indicating that an application program in target mobile equipment needs to enhance protection treatment, and judging whether a risk assessment index and a security protection assessment index are abnormal;
and S603, judging a risk assessment index or a difference value between the safety protection assessment index and a threshold value, if the risk assessment index is higher than the threshold value or the safety protection assessment index is lower than the threshold value, further tracing the reason for abnormal operation, storing the reason and a network safety result to a cloud server, and improving the network safety protection of the application program by a cloud server application program manager.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310283560.1A CN116471052A (en) | 2023-03-22 | 2023-03-22 | Associated weight type network safety protection system based on cloud computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310283560.1A CN116471052A (en) | 2023-03-22 | 2023-03-22 | Associated weight type network safety protection system based on cloud computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116471052A true CN116471052A (en) | 2023-07-21 |
Family
ID=87179706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310283560.1A Withdrawn CN116471052A (en) | 2023-03-22 | 2023-03-22 | Associated weight type network safety protection system based on cloud computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471052A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097569A (en) * | 2023-10-19 | 2023-11-21 | 南京怡晟安全技术研究院有限公司 | Network security situation diagnosis method and system based on multi-node relevance |
| CN117395076A (en) * | 2023-12-04 | 2024-01-12 | 长春市元尚欣信息科技有限公司 | Network perception abnormality detection system and method based on big data |
-
2023
- 2023-03-22 CN CN202310283560.1A patent/CN116471052A/en not_active Withdrawn
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097569A (en) * | 2023-10-19 | 2023-11-21 | 南京怡晟安全技术研究院有限公司 | Network security situation diagnosis method and system based on multi-node relevance |
| CN117097569B (en) * | 2023-10-19 | 2023-12-19 | 南京怡晟安全技术研究院有限公司 | Network security situation diagnosis method and system based on multi-node relevance |
| CN117395076A (en) * | 2023-12-04 | 2024-01-12 | 长春市元尚欣信息科技有限公司 | Network perception abnormality detection system and method based on big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116471052A (en) | Associated weight type network safety protection system based on cloud computing | |
| US10878102B2 (en) | Risk scores for entities | |
| US11140056B2 (en) | Flexible and safe monitoring of computers | |
| US7409316B1 (en) | Method for performance monitoring and modeling | |
| Idziorek et al. | Detecting fraudulent use of cloud resources | |
| US20140157352A1 (en) | Apparatus and method for analyzing and monitoring service advertising protocol application traffic, and information protection system using the same | |
| US20100095215A1 (en) | System and method for analyzing internet usage | |
| CN110633893B (en) | Policy effectiveness monitoring method and device and computer equipment | |
| CN116747528B (en) | Game background user supervision method and system | |
| WO2015136624A1 (en) | Application performance monitoring method and device | |
| CN117852003B (en) | Account monitoring early warning management method based on data analysis | |
| CN112163198B (en) | Host login security detection method, system, device and storage medium | |
| CN117370957A (en) | Data security access system based on big data | |
| CN112163222A (en) | Malicious software detection method and device | |
| CN111611519A (en) | Method and device for detecting personal abnormal behaviors | |
| US9235556B2 (en) | Adaptive baseline based on metric values | |
| GB2592132A (en) | Enterprise network threat detection | |
| CN115174205A (en) | Network space safety real-time monitoring method, system and computer storage medium | |
| CN116894247B (en) | Method and system for protecting computer system security | |
| CN113542199B (en) | Network security state evaluation method and server | |
| CN116781431A (en) | API interface abnormal behavior monitoring method based on flow characteristics | |
| CN106506553A (en) | A kind of Internet protocol IP filter methods and system | |
| CN107835174B (en) | Account book anti-fraud system and method based on Internet of things | |
| CN115175174A (en) | Method for realizing probe equipment management and control system based on Internet of things platform | |
| CN114037286A (en) | Big data based automatic sensitive data detection method and system for power dispatching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230721 |
|
| WW01 | Invention patent application withdrawn after publication |