CN116846675A - Monitoring method for system network communication security - Google Patents
Monitoring method for system network communication security Download PDFInfo
- Publication number
- CN116846675A CN116846675A CN202310976943.7A CN202310976943A CN116846675A CN 116846675 A CN116846675 A CN 116846675A CN 202310976943 A CN202310976943 A CN 202310976943A CN 116846675 A CN116846675 A CN 116846675A
- Authority
- CN
- China
- Prior art keywords
- internal system
- enterprise internal
- enterprise
- network
- evaluation coefficient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 90
- 238000012544 monitoring process Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000011156 evaluation Methods 0.000 claims description 135
- 230000005540 biological transmission Effects 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 16
- 230000002159 abnormal effect Effects 0.000 claims description 15
- 238000012797 qualification Methods 0.000 claims description 12
- 230000008859 change Effects 0.000 claims description 5
- 230000009545 invasion Effects 0.000 claims description 3
- 230000008901 benefit Effects 0.000 description 7
- 230000007547 defect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a monitoring method for network communication safety of a system, which relates to the technical field of network communication monitoring, and comprises network flow information acquisition, network flow information monitoring, log information acquisition, log information monitoring, employee information analysis, network communication information monitoring and danger warning prompt.
Description
Technical Field
The invention relates to the technical field of network communication monitoring, in particular to a monitoring method for system network communication safety.
Background
The current society is in the great trend of the development of network communication of the system, the frequent use and the high-speed development of the network communication enable a plurality of users to obtain various convenient communication experiences, people can realize communication without barriers and limitation, cross all transverse ditches, the maximum benefit can be obtained with minimum cost, the cooperative communication among people can be enhanced, the mutual assistance is realized, but the high-speed development of the network is often accompanied with communication unsafe, so that the system network communication needs to be monitored.
1. The prior art mainly monitors network communication in an enterprise internal system, but because of the diversity of enterprise system network personnel, the enterprise system network cannot be completely monitored, so that the enterprise system network is damaged by malicious software to a certain extent, network paralysis can be caused, important enterprise data information can be leaked, a certain benefit is damaged for the enterprise, the competitive advantage of the enterprise is lost, the trust of clients is damaged, and sensitive information can cause great damage to the reputation of the enterprise if the sensitive information is acquired by molecules and is used in illegal activities.
Disclosure of Invention
Aiming at the technical defects, the invention aims to provide a monitoring method for the network communication security of a system.
In order to solve the technical problems, the invention adopts the following technical scheme: the invention provides a monitoring method for system network communication security, which comprises the following steps: step one, obtaining network flow information: the method comprises the steps of obtaining basic parameters of network flow information in an enterprise internal system, wherein the basic parameters of the network flow information comprise network bandwidth, network bytes and network rate;
step two, monitoring network flow information: acquiring basic parameters of corresponding network flow information in the enterprise internal system, further analyzing and obtaining a state evaluation coefficient of the network flow information in the enterprise internal system, judging abnormal conditions of the network flow information in the enterprise internal system, if the network flow information in the enterprise internal system is in an abnormal state, performing step three, and if the network flow information in the enterprise internal system is in a normal state, continuing normal communication transmission;
step three, log information acquisition: if the network flow and the data in the enterprise internal system are in an abnormal state, acquiring corresponding log information in the enterprise internal system, wherein the log information comprises network connection rate, access request times and data transmission time;
step four, monitoring log information: the privacy evaluation coefficient of the log in the enterprise internal system is obtained through analysis by obtaining the corresponding log information in the enterprise internal system, and meanwhile, whether the log is invaded by malicious software is judged, and then the fifth step is executed;
fifthly, staff information analysis: according to the chat times, the chat content depth and the chat time length corresponding to each employee in the enterprise internal system, further analyzing the identity evaluation coefficients corresponding to each employee in the enterprise internal system, and simultaneously according to the IP address information corresponding to each employee login account in the enterprise internal system, further analyzing the address qualification influence coefficients corresponding to each employee in the enterprise internal system, and further analyzing the confidentiality evaluation coefficients of each employee in the enterprise internal system by acquiring the scheduling private file times, the private file date change times and the log information record times corresponding to each employee in the enterprise internal system;
step six, monitoring network communication information: the method comprises the steps of analyzing a security evaluation coefficient of network communication in an enterprise internal system by means of a state evaluation coefficient of network flow information in the enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system and a confidentiality evaluation coefficient of each employee in the enterprise internal system, and judging the optimal state of network communication security in the enterprise internal system;
step seven, dangerous warning prompt: when network communication is in an unsafe state due to malicious software invasion, early warning prompt is carried out.
Preferably, the analyzing obtains a state evaluation coefficient of network traffic information in an enterprise internal system, and the specific analysis process is as follows:
by calculation formulaAnalyzing and obtaining state evaluation coefficient of network flow information in enterprise internal system>,/>、/>、/>Weight factors respectively expressed as corresponding network bandwidth, network byte and network rate in the set enterprise internal system, +.>、/>、/>Respectively expressed as corresponding network bandwidth, network bytes, network rate, and +.>、/>、/>Respectively expressed as corresponding network bandwidth, network byte and network rate in the set enterprise internal system.
Preferably, the specific analysis process for judging the abnormal situation of the network traffic information in the internal system of the enterprise is as follows:
comparing the state evaluation coefficient threshold value of the network flow information in the enterprise internal system with a preset state evaluation coefficient threshold value of the network flow information in the enterprise internal system, judging that the network flow information in the enterprise internal system is abnormal if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is larger than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system, and judging that the network flow in the enterprise internal system can perform normal data communication transmission if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is smaller than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system.
Preferably, the analysis obtains privacy evaluation coefficients of each log in the enterprise internal system, and simultaneously judges whether the log is invaded by malicious software, and the specific analysis process is as follows:
by calculation formulaAnalyzing to obtain privacy evaluation coefficient of log in enterprise internal system>I represents the number of each log, +.>,/>、/>、/>Weight factors respectively expressed as preset network connection rate, access request times and data transmission time in enterprise internal system, +.>、/>、/>Respectively expressed as the set network connection rate, access request times, data transmission time in the enterprise internal system,/>、/>、/>Respectively representing the network connection rate, the access request times and the data transmission time corresponding to the ith log in the enterprise internal system;
comparing the privacy evaluation coefficient threshold value of each log in the enterprise internal system with a preset privacy evaluation coefficient threshold value of each log in the enterprise internal system, if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is different from the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy of the log is revealed and invaded by malicious software, and if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is the same as the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy guarantee of the software is good and not invaded by the malicious software.
Preferably, the analyzing the identity evaluation coefficients corresponding to each employee in the enterprise internal system includes the following specific analysis processes:
by calculation formulaAnalyzing to obtain identity evaluation coefficients corresponding to staff in enterprise internal system>J represents the number of each employee, +.>,/>、/>、/>Respectively representing the chat times, the chat content depth and the chat time corresponding to the jth employee in the enterprise internal system, < + >>、/>、/>Respectively expressed as preset enterprise internal systemWeight factors of chat times, chat content depth and chat time corresponding to all employees in the system, < ->、/>、/>Respectively expressed as the chat times, the chat content depth and the chat time of the reference.
Preferably, the analyzing the address qualification influence coefficient corresponding to each employee in the enterprise internal system includes the following specific analysis process:
extracting target IP address information from IP address information corresponding to each employee login account in the enterprise internal system, comparing the target IP address information with the IP address information corresponding to each employee login account in the enterprise internal system, and if the target IP address information corresponding to a certain employee login account is the same as the IP address information corresponding to the employee login account, marking the login qualification influence coefficient corresponding to each employee in the enterprise internal system asOtherwise, it is marked as +.>Thereby obtaining the address qualification influence coefficient corresponding to each employee in the enterprise internal system>Wherein->The value is +.>Or->And->>/>。
Preferably, the analysis of the secret evaluation coefficients of each employee in the enterprise internal system comprises the following specific analysis processes:
by calculation formulaAnalyzing to obtain security evaluation coefficients of staff in enterprise internal system>,/>、/>、/>Respectively representing the number of times of dispatching private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to each employee in a preset enterprise internal system,、/>、/>respectively expressed as the number of times of dispatching private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to the jth staff in the enterprise internal system,/>、/>、/>Separate tableThe number of scheduled private files, the number of date changes of the private file, and the number of log information records are shown as references.
Preferably, the analyzing the security evaluation coefficient of the network communication in the internal system of the enterprise and judging the optimal state of the security of the network communication in the internal system of the enterprise specifically includes the following steps:
by calculation formulaAnalysis to obtain the security evaluation coefficient of network communication in the enterprise internal system>,/>、/>、/>、/>The system is respectively expressed as a state evaluation coefficient of network flow information in a preset enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system, a weight factor of confidentiality evaluation coefficient of each employee in the enterprise internal system, and a weight factor of->、/>、/>、/>The state evaluation coefficients are respectively expressed as network flow information in the enterprise internal system and privacy evaluation coefficients of logs in the enterprise internal systemThe identity evaluation coefficients corresponding to all employees in the enterprise internal system and the confidentiality evaluation coefficients of all employees in the enterprise internal system;
comparing the safety evaluation coefficient threshold value of the network communication in the enterprise internal system with the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, judging that the network communication in the enterprise internal system is in a safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is larger than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and judging that the network communication in the enterprise internal system is not in the safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is smaller than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and interrupting the communication.
1. Compared with the prior art, the invention has the beneficial effects that: the invention provides a monitoring method for network communication security of a system, which monitors network traffic information, further better analyzes the state of the network traffic in an enterprise system, thereby more accurately monitoring log information, further better analyzing whether the log is invaded by malicious software, further better analyzing employee information, further more comprehensively knowing the identity state of the employee, further better monitoring the network communication information, thereby acquiring the safe network communication, facilitating people to communicate with each other with more safety guarantee, solving the defects in the prior art, better guaranteeing the privacy of communication, ensuring the benefits of the people not to be damaged, better strengthening and developing the own enterprises and advantages, and giving a good impression.
2. According to the method and the system, the log privacy evaluation coefficient in the enterprise internal system is deeply analyzed in log information monitoring, so that the privacy of the log can be better ensured, and meanwhile, the normal running state of the log can be known, so that malicious software can be prevented.
3. The invention carries out deep analysis on the employee information of the enterprise in the enterprise internal system in the employee information analysis, so that the state of each employee can be better and more carefully known, the important file of the enterprise information can be better ensured not to be leaked, and the normal operation of the enterprise is ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of the system structure of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a method for monitoring network communication security of a system includes network traffic information acquisition, network traffic information monitoring, log information acquisition, log information monitoring, employee information analysis, network communication information monitoring, and hazard warning prompt.
The network flow information acquisition is respectively connected with the network flow information monitoring and the log information acquisition, the log information acquisition is respectively connected with the log information monitoring and the employee information analysis, and the employee information analysis is respectively connected with the network communication information monitoring and the danger warning prompt.
Step one, obtaining network flow information: the method comprises the steps of obtaining basic parameters of network flow information in an enterprise internal system, wherein the basic parameters of the network flow information comprise network bandwidth, network bytes and network rate;
the network traffic information may be obtained by a network traffic monitoring tool, for example ntop, wireshark.
Step two, monitoring network flow information: acquiring basic parameters of corresponding network flow information in the enterprise internal system, further analyzing and obtaining a state evaluation coefficient of the network flow information in the enterprise internal system, judging abnormal conditions of the network flow information in the enterprise internal system, if the network flow information in the enterprise internal system is in an abnormal state, performing step three, and if the network flow information in the enterprise internal system is in a normal state, continuing normal communication transmission;
as an optional implementation manner, the analysis obtains a state evaluation coefficient of network traffic information in an internal system of the enterprise, and the specific analysis process is as follows:
by calculation formulaAnalyzing and obtaining state evaluation coefficient of network flow information in enterprise internal system>,/>、/>、/>Weight factors respectively expressed as corresponding network bandwidth, network byte and network rate in the set enterprise internal system, +.>、/>、/>Respectively expressed as corresponding network bandwidth, network bytes, network rate, and +.>、/>、/>Respectively expressed as corresponding network bandwidth, network byte and network rate in the set enterprise internal system.
As an optional implementation manner, the specific analysis process for judging the abnormal situation of the network traffic information in the internal system of the enterprise is as follows:
comparing the state evaluation coefficient threshold value of the network flow information in the enterprise internal system with a preset state evaluation coefficient threshold value of the network flow information in the enterprise internal system, judging that the network flow information in the enterprise internal system is abnormal if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is larger than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system, and judging that the network flow in the enterprise internal system can perform normal data communication transmission if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is smaller than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system.
Step three, log information acquisition: if the network flow and the data in the enterprise internal system are in an abnormal state, acquiring corresponding log information in the enterprise internal system, wherein the log information comprises network connection rate, access request times and data transmission time;
it should be noted that, log information acquisition can be checked in the system log option.
Step four, monitoring log information: the privacy evaluation coefficient of the log in the enterprise internal system is obtained through analysis by obtaining the corresponding log information in the enterprise internal system, and meanwhile, whether the log is invaded by malicious software is judged, and then the fifth step is executed;
as an optional implementation manner, the analysis obtains privacy evaluation coefficients of each log in the internal system of the enterprise, and simultaneously judges whether the log is invaded by malicious software, and the specific analysis process is as follows:
by calculation formulaAnalyzing to obtain privacy evaluation coefficient of log in enterprise internal system>I represents the number of each log, +.>,/>、/>、/>Weight factors respectively expressed as preset network connection rate, access request times and data transmission time in enterprise internal system, +.>、/>、/>Respectively expressed as the set network connection rate, access request times, data transmission time in the enterprise internal system,/>、/>、/>Respectively representing the network connection rate, the access request times and the data transmission time corresponding to the ith log in the enterprise internal system;
comparing the privacy evaluation coefficient threshold value of each log in the enterprise internal system with a preset privacy evaluation coefficient threshold value of each log in the enterprise internal system, if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is different from the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy of the log is revealed and invaded by malicious software, and if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is the same as the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy guarantee of the software is good and not invaded by the malicious software.
Fifthly, staff information analysis: according to the chat times, the chat content depth and the chat time length corresponding to each employee in the enterprise internal system, further analyzing the identity evaluation coefficients corresponding to each employee in the enterprise internal system, and simultaneously according to the IP address information corresponding to each employee login account in the enterprise internal system, further analyzing the address qualification influence coefficients corresponding to each employee in the enterprise internal system, and further analyzing the confidentiality evaluation coefficients of each employee in the enterprise internal system by acquiring the scheduling private file times, the private file date change times and the log information record times corresponding to each employee in the enterprise internal system;
it should be noted that, information corresponding to the staff may be obtained in the background of the system.
As an optional implementation manner, the analysis of the identity evaluation coefficients corresponding to each employee in the enterprise internal system comprises the following specific analysis processes:
by calculation formulaAnalyzing to obtain identity evaluation coefficients corresponding to staff in enterprise internal system>J represents the number of each employee, +.>,/>、/>、/>Respectively representing the chat times, the chat content depth and the chat time corresponding to the jth employee in the enterprise internal system, < + >>、/>、/>Respectively expressed as weight factors of chat times, chat content depth and chat time corresponding to each employee in a preset enterprise internal system, and +.>、/>、/>Respectively expressed as the chat times, the chat content depth and the chat time of the reference.
As an optional implementation manner, the analysis of the address qualification influence coefficient corresponding to each employee in the enterprise internal system comprises the following specific analysis processes:
extracting target IP address information from IP address information corresponding to each employee login account in the enterprise internal system, comparing the target IP address information with the IP address information corresponding to each employee login account in the enterprise internal system, and if the target IP address information corresponding to a certain employee login account is the same as the IP address information corresponding to the employee login account, marking the login qualification influence coefficient corresponding to each employee in the enterprise internal system asOtherwise, it is marked as +.>Thereby obtaining the address qualification influence coefficient corresponding to each employee in the enterprise internal system>Wherein->The value is +.>Or->And->>/>。
As an alternative implementation manner, the security assessment coefficients of each employee in the enterprise internal system are analyzed, and the specific analysis process is as follows:
by calculation formulaAnalyzing to obtain security evaluation coefficients of staff in enterprise internal system>,/>、/>、/>Respectively representing the number of times of dispatching private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to each employee in a preset enterprise internal system,、/>、/>respectively expressed as the number of times of dispatching private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to the jth staff in the enterprise internal system,/>、/>、/>The number of times of scheduling private files, the number of times of date change of private files and the number of times of log information recording are respectively expressed as references.
Step six, monitoring network communication information: the method comprises the steps of analyzing a security evaluation coefficient of network communication in an enterprise internal system by means of a state evaluation coefficient of network flow information in the enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system and a confidentiality evaluation coefficient of each employee in the enterprise internal system, and judging the optimal state of network communication security in the enterprise internal system;
as an optional implementation manner, the analyzing the security evaluation coefficient of the network communication in the internal system of the enterprise and judging the optimal state of the security of the network communication in the internal system of the enterprise specifically includes the following analysis processes:
by calculation formulaAnalysis to obtain the security evaluation coefficient of network communication in the enterprise internal system>,/>、/>、/>、/>The system is respectively expressed as a state evaluation coefficient of network flow information in a preset enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system, a weight factor of confidentiality evaluation coefficient of each employee in the enterprise internal system, and a weight factor of->、/>、/>、/>The system is respectively expressed as a state evaluation coefficient of network flow information in an enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system and a confidentiality evaluation coefficient of each employee in the enterprise internal system;
comparing the safety evaluation coefficient threshold value of the network communication in the enterprise internal system with the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, judging that the network communication in the enterprise internal system is in a safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is larger than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and judging that the network communication in the enterprise internal system is not in the safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is smaller than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and interrupting the communication.
Step seven, dangerous warning prompt: when network communication is in an unsafe state due to malicious software invasion, early warning prompt is carried out.
The invention provides a monitoring method for network communication security of a system, which monitors network traffic information, further better analyzes the state of the network traffic in an enterprise system, thereby more accurately monitoring log information, further better analyzing whether the log is invaded by malicious software, further better analyzing employee information, further more comprehensively knowing the identity state of the employee, further better monitoring the network communication information, thereby acquiring the safe network communication, facilitating people to communicate with each other with more safety guarantee, solving the defects in the prior art, better guaranteeing the privacy of communication, ensuring the benefits of the people not to be damaged, better strengthening and developing the own enterprises and advantages, and giving a good impression.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A method for monitoring the security of network communication of a system, comprising the steps of:
step one, obtaining network flow information: the method comprises the steps of obtaining basic parameters of network flow information in an enterprise internal system, wherein the basic parameters of the network flow information comprise network bandwidth, network bytes and network rate;
step two, monitoring network flow information: acquiring basic parameters of corresponding network flow information in the enterprise internal system, further analyzing and obtaining a state evaluation coefficient of the network flow information in the enterprise internal system, judging abnormal conditions of the network flow information in the enterprise internal system, if the network flow information in the enterprise internal system is in an abnormal state, performing step three, and if the network flow information in the enterprise internal system is in a normal state, continuing normal communication transmission;
step three, log information acquisition: if the network flow and the data in the enterprise internal system are in an abnormal state, acquiring corresponding log information in the enterprise internal system, wherein the log information comprises network connection rate, access request times and data transmission time;
step four, monitoring log information: the privacy evaluation coefficient of the log in the enterprise internal system is obtained through analysis by obtaining the corresponding log information in the enterprise internal system, and meanwhile, whether the log is invaded by malicious software is judged, and then the fifth step is executed;
fifthly, staff information analysis: according to the chat times, the chat content depth and the chat time length corresponding to each employee in the enterprise internal system, further analyzing the identity evaluation coefficients corresponding to each employee in the enterprise internal system, and simultaneously according to the IP address information corresponding to each employee login account in the enterprise internal system, further analyzing the address qualification influence coefficients corresponding to each employee in the enterprise internal system, and further analyzing the confidentiality evaluation coefficients of each employee in the enterprise internal system by acquiring the scheduling private file times, the private file date change times and the log information record times corresponding to each employee in the enterprise internal system;
step six, monitoring network communication information: the method comprises the steps of analyzing a security evaluation coefficient of network communication in an enterprise internal system by means of a state evaluation coefficient of network flow information in the enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system and a confidentiality evaluation coefficient of each employee in the enterprise internal system, and judging the optimal state of network communication security in the enterprise internal system;
step seven, dangerous warning prompt: when network communication is in an unsafe state due to malicious software invasion, early warning prompt is carried out.
2. The method for monitoring network communication security of system according to claim 1, wherein the analyzing obtains a state evaluation coefficient of network traffic information in an internal system of the enterprise, and the specific analyzing process is as follows:
by calculation formulaAnalyzing and obtaining state evaluation coefficient of network flow information in enterprise internal system>,/>、/>、/>Weight factors respectively expressed as corresponding network bandwidth, network byte and network rate in the set enterprise internal system, +.>、/>、/>Respectively expressed as corresponding network bandwidth, network bytes, network rate, and +.>、/>、/>Respectively expressed as corresponding in set enterprise internal systemNetwork bandwidth, network bytes, network rate.
3. The method for monitoring network communication security of system according to claim 1, wherein the specific analysis process for determining abnormal conditions of network traffic information in the internal system of the enterprise is as follows:
comparing the state evaluation coefficient threshold value of the network flow information in the enterprise internal system with a preset state evaluation coefficient threshold value of the network flow information in the enterprise internal system, judging that the network flow information in the enterprise internal system is abnormal if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is larger than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system, and judging that the network flow in the enterprise internal system can perform normal data communication transmission if the state evaluation coefficient threshold value of the network flow information in the enterprise internal system is smaller than the state evaluation coefficient threshold value of the network flow information in the preset enterprise internal system.
4. The method for monitoring network communication security of system according to claim 1, wherein the analysis obtains privacy evaluation coefficients of each log in the internal system of the enterprise, and simultaneously judges whether the log is invaded by malicious software, and the specific analysis process is as follows:
by calculation formulaAnalyzing to obtain privacy evaluation coefficient of log in enterprise internal system>I represents the number of each log, +.>,/>、/>、/>Weight factors respectively expressed as preset network connection rate, access request times and data transmission time in enterprise internal system, +.>、/>、/>Respectively expressed as the set network connection rate, the access request times and the data transmission time in the enterprise internal system,、/>、/>respectively representing the network connection rate, the access request times and the data transmission time corresponding to the ith log in the enterprise internal system;
comparing the privacy evaluation coefficient threshold value of each log in the enterprise internal system with a preset privacy evaluation coefficient threshold value of each log in the enterprise internal system, if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is different from the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy of the log is revealed and invaded by malicious software, and if the privacy evaluation coefficient threshold value of a certain log in the enterprise internal system is the same as the privacy evaluation coefficient threshold value of each log in the preset enterprise internal system, judging that the privacy guarantee of the software is good and not invaded by the malicious software.
5. The method for monitoring network communication security of system according to claim 1, wherein the analyzing the identity evaluation coefficients corresponding to each employee in the system in the enterprise comprises the following steps:
by calculation formulaAnalyzing to obtain identity evaluation coefficients corresponding to staff in enterprise internal system>J represents the number of each employee, +.>,/>、/>、/>Respectively representing the chat times, the chat content depth and the chat time corresponding to the jth employee in the enterprise internal system, < + >>、/>、/>Respectively expressed as weight factors of chat times, chat content depth and chat time corresponding to each employee in a preset enterprise internal system, and +.>、/>、/>Respectively expressed as the chat times, the chat content depth and the chat time of the reference.
6. The method for monitoring network communication security of system according to claim 5, wherein the analyzing the address qualification influence coefficient corresponding to each employee in the system in the enterprise comprises the following steps:
extracting target IP address information from IP address information corresponding to each employee login account in the enterprise internal system, comparing the target IP address information with the IP address information corresponding to each employee login account in the enterprise internal system, and if the target IP address information corresponding to a certain employee login account is the same as the IP address information corresponding to the employee login account, marking the login qualification influence coefficient corresponding to each employee in the enterprise internal system asOtherwise, it is marked as +.>Thereby obtaining the address qualification influence coefficient corresponding to each employee in the enterprise internal system>Wherein->The value is +.>Or->And->>/>。
7. The method for monitoring network communication security of system according to claim 5, wherein the analyzing the secret evaluation coefficients of each employee in the internal system of the enterprise comprises the following steps:
by calculation formulaAnalyzing to obtain security evaluation coefficients of staff in enterprise internal system>,/>、/>、/>Respectively representing the number of times of scheduling private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to each employee in a preset enterprise internal system as weight factors of ∈>、、/>Respectively expressed as the number of times of dispatching private files, the number of times of changing the date of the private files and the number of times of recording log information corresponding to the jth staff in the enterprise internal system,/>、/>、/>The number of times of scheduling private files, the number of times of date change of private files and the number of times of log information recording are respectively expressed as references.
8. The method for monitoring the security of network communication in a system according to claim 1, wherein the analyzing the security evaluation coefficient of the network communication in the internal system of the enterprise and determining the optimal state of the security of the network communication in the internal system of the enterprise comprises the following steps:
by calculation formulaAnalysis to obtain the security evaluation coefficient of network communication in the enterprise internal system>,/>、/>、/>、/>The system is respectively expressed as a state evaluation coefficient of network flow information in a preset enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system, a weight factor of confidentiality evaluation coefficient of each employee in the enterprise internal system, and a weight factor of->、/>、/>、/>The system is respectively expressed as a state evaluation coefficient of network flow information in an enterprise internal system, a privacy evaluation coefficient of a log in the enterprise internal system, an identity evaluation coefficient corresponding to each employee in the enterprise internal system and a confidentiality evaluation coefficient of each employee in the enterprise internal system;
comparing the safety evaluation coefficient threshold value of the network communication in the enterprise internal system with the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, judging that the network communication in the enterprise internal system is in a safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is larger than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and judging that the network communication in the enterprise internal system is not in the safe state if the safety evaluation coefficient threshold value of the network communication in the enterprise internal system is smaller than the set safety evaluation coefficient threshold value of the network communication in the enterprise internal system, and interrupting the communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310976943.7A CN116846675B (en) | 2023-08-04 | 2023-08-04 | Monitoring method for system network communication security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310976943.7A CN116846675B (en) | 2023-08-04 | 2023-08-04 | Monitoring method for system network communication security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116846675A true CN116846675A (en) | 2023-10-03 |
| CN116846675B CN116846675B (en) | 2024-02-20 |
Family
ID=88169093
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310976943.7A Active CN116846675B (en) | 2023-08-04 | 2023-08-04 | Monitoring method for system network communication security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116846675B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117348557A (en) * | 2023-10-30 | 2024-01-05 | 山东鲁抗机电工程有限公司 | Automatic control system and control method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120005743A1 (en) * | 2010-06-30 | 2012-01-05 | Mitsubishi Electric Corporation | Internal network management system, internal network management method, and program |
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN116488939A (en) * | 2023-06-16 | 2023-07-25 | 江西科技学院 | Computer information security monitoring method, system and storage medium |
-
2023
- 2023-08-04 CN CN202310976943.7A patent/CN116846675B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120005743A1 (en) * | 2010-06-30 | 2012-01-05 | Mitsubishi Electric Corporation | Internal network management system, internal network management method, and program |
| CN108063753A (en) * | 2017-11-10 | 2018-05-22 | 全球能源互联网研究院有限公司 | A kind of information safety monitoring method and system |
| CN112261033A (en) * | 2020-10-19 | 2021-01-22 | 北京京航计算通讯研究所 | Network security protection method based on enterprise intranet |
| CN116488939A (en) * | 2023-06-16 | 2023-07-25 | 江西科技学院 | Computer information security monitoring method, system and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117348557A (en) * | 2023-10-30 | 2024-01-05 | 山东鲁抗机电工程有限公司 | Automatic control system and control method |
| CN117348557B (en) * | 2023-10-30 | 2024-03-26 | 山东鲁抗机电工程有限公司 | Automatic control system and control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116846675B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107819771B (en) | Information security risk assessment method and system based on asset dependency relationship | |
| CN107809433B (en) | Asset management method and device | |
| CN116846675B (en) | Monitoring method for system network communication security | |
| CN110543761A (en) | big data analysis method applied to information security field | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| CN112699357A (en) | Big data security system access operation platform and data retrieval method | |
| CN114338105B (en) | Zero trust based system for creating fort | |
| Alfarisi et al. | Risk assessment in fleet management system using OCTAVE allegro | |
| CN112199700B (en) | Safety management method and system for MES data system | |
| CN117292054A (en) | Three-dimensional digital-based intelligent operation and maintenance method and system for power grid | |
| CN117150459A (en) | Zero-trust user identity security detection method and system | |
| CN112214772A (en) | Privilege certificate centralized management and control and service system | |
| CN116305040A (en) | Data security management method for digital platform | |
| CN115514485A (en) | Method for carrying out community correction system data transmission with quantum encryption | |
| CN114676025A (en) | Computer data safety detection system based on internet | |
| CN114037286A (en) | Big data based automatic sensitive data detection method and system for power dispatching | |
| JP4437410B2 (en) | Security management apparatus and program | |
| Shi et al. | The effect evaluation of the network attack based on the fuzzy comprehensive evaluation method | |
| Cho et al. | Detection and response of identity theft within a company utilizing location information | |
| CN117390708B (en) | Privacy data security protection method and system | |
| CN115118509B (en) | Method for detecting authority of debugging files of secondary equipment of transformer substation and safety control device | |
| CN117195273B (en) | Data leakage detection method and device based on time sequence data anomaly detection | |
| CN117811839B (en) | Network security monitoring device and method for monitoring Internet of things equipment | |
| CN116506279A (en) | Cloud computing-based server security monitoring system | |
| Huang | Design of Computer Network Security Defense System Based on Big Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |