CN117118717A - User information threat analysis method and system - Google Patents
User information threat analysis method and system Download PDFInfo
- Publication number
- CN117118717A CN117118717A CN202311119479.6A CN202311119479A CN117118717A CN 117118717 A CN117118717 A CN 117118717A CN 202311119479 A CN202311119479 A CN 202311119479A CN 117118717 A CN117118717 A CN 117118717A
- Authority
- CN
- China
- Prior art keywords
- information
- threat
- user
- data transmission
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 35
- 230000005540 biological transmission Effects 0.000 claims abstract description 31
- 230000000694 effects Effects 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 18
- 230000006399 behavior Effects 0.000 claims description 47
- 238000011156 evaluation Methods 0.000 claims description 18
- 230000006798 recombination Effects 0.000 claims description 9
- 238000005215 recombination Methods 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 4
- 239000012634 fragment Substances 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/165—Combined use of TCP and UDP protocols; selection criteria therefor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a user information threat analysis method and a system, wherein the method comprises the following steps: the terminal obtains basic information of a digital product, and the digital product runs on the terminal; after the user registers the digital product, the digital product feeds back advanced information to the terminal; the terminal allocates a data transmission channel based on the basic information and the advanced information; acquiring activity information from a data transmission channel, and extracting behavior data from the activity information; and establishing an analysis model, analyzing the behavior data, and determining whether the current behavior has network threat or not.
Description
Technical Field
The application relates to the technical field of threat analysis, in particular to a user information threat analysis method and system.
Background
The arrival of the digital age brings great convenience to the work and life of people. In work, the office mode of new generation business such as digital office, digital conference can break the traditional office limitation, and the office efficiency and the intelligent degree are obviously improved. In life, virtual reality games and digital space entertainment can bring brand new immersive sensory experience to people. Also for this reason, more and more users are beginning to use digitized products, and thus, user information security problems of some columns are also brought about. For example, the problems of user information loss, illegal information access, service data theft and the like are endless, and the user information security of the digital product is difficult to monitor at present.
Disclosure of Invention
Aiming at the prior art, the application aims to provide a user information threat analysis method, which mainly solves the technical problem of how to improve the installation efficiency of a motor and equipment ends.
In order to achieve the above object, the technical solution of the embodiment of the present application is as follows: the first aspect of the present application provides a method for threat analysis of user information, the method comprising the steps of:
the terminal obtains basic information of a digital product, and the digital product runs on the terminal;
after the user registers the digital product, the digital product feeds back advanced information to the terminal;
the terminal allocates a data transmission channel based on the basic information and the advanced information;
acquiring activity information from a data transmission channel, and extracting behavior data from the activity information;
and establishing an analysis model, analyzing the behavior data, and determining whether the current behavior has network threat or not.
Optionally, the basic information of the digitized product includes: name, description, icon, screenshot, category, version number, supported operating system version and supported language for different digitized products.
Optionally, the advanced information includes: the user performs a registration operation, the inputted ID, age, and user name obtained after the registration has passed.
Optionally, the terminal allocates a data transmission channel based on the basic information and the advanced information, and specifically includes: the terminal sets a first channel set based on basic information, wherein the first channel set comprises a plurality of first channels, and a specific first channel is selected as a data transmission channel based on advanced information.
Optionally, activity information is obtained from a data transmission channel, and behavior data is extracted from the activity information, which specifically includes: when a user operates through the digital product, the user performs data transmission through a corresponding first channel, acquires a data packet from the first channel as activity information, performs inverse reduction on the data packet to form a reduction result, and extracts behavior data from the reduction result.
Optionally, performing inverse reduction on the data packet to form a reduction result, which specifically includes: and carrying out IP fragment recombination of the data packet according to the network layer protocol IP, and then carrying out TCP/UDP protocol recombination to extract text content from the recombination result to form a restoration result.
Optionally, extracting behavior data from the reduction result specifically includes: the behavior data comprise operation behavior data and destination IP.
Optionally, an analysis model is built, the behavior data is analyzed, and whether the current behavior has a network threat or not is determined, which specifically includes:
comparing the obtained operation behavior data with preset threat operation behaviors, determining the threat level of the operation behaviors, and giving out a first evaluation score;
comparing the obtained target IP with a preset dangerous IP, determining the threat level of the target IP, and giving out a second evaluation score;
and based on the first evaluation score and the second evaluation score, obtaining the comprehensive evaluation score by adopting a combined weighting method.
A second aspect of the present application provides a user information threat analysis system for implementing the user information threat analysis method of any preceding claim, the system comprising a first acquisition module, a second acquisition module, a distribution module, an extraction module, an analysis module,
the first acquisition module is used for acquiring basic information of the digital product;
the second acquisition module is used for acquiring advanced information of the digital product;
the distribution module is used for distributing a data transmission channel based on the basic information and the advanced information; the method comprises the steps of carrying out a first treatment on the surface of the
The extraction module is used for obtaining activity information from the data transmission channel and extracting behavior data from the activity information;
the analysis module is used for establishing an analysis model, analyzing the behavior data and determining whether the current behavior has network threat or not.
The application has the beneficial effects that: according to the user information threat analysis method provided by the application, different data transmission channels are allocated for different users of different digital products, and data packets are extracted from the data transmission channels and behavior data are extracted for analysis, so that whether the current behavior has network threat is determined.
Drawings
FIG. 1 is a flowchart of a method for threat analysis of user information in an embodiment of the application;
FIG. 2 is a flowchart of a user information threat analysis system according to an embodiment of the application:
101 a first acquisition module, 102 a second acquisition module, 103 a distribution module, 104 an extraction module, 105 an analysis module.
Detailed Description
The technical scheme of the application is further elaborated below by referring to the drawings in the specification and the specific embodiments. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. In the following description, reference is made to the expression "some embodiments" which describe a subset of all possible embodiments, but it should be understood that "some embodiments" may be the same subset or a different subset of all possible embodiments and may be combined with each other without conflict.
It will be further understood that when an element is referred to as being "fixed to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "inner," "outer," "left," "right," and the like are used herein for illustrative purposes only and are not meant to be the only embodiment.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes any and all combinations of the associated listed items.
Referring to fig. 1 in combination, a first aspect of the present application provides a method for analyzing threat of user information, the method comprising the following steps:
s1, a terminal acquires basic information of a digital product, wherein the digital product runs on the terminal;
specifically, the digital product in the application comprises various types of application programs, and the basic information comprises: name, description, icon, screenshot, category, version number, supported operating system version and supported language for different digitized products.
S2, after the user registers the digital product, the digital product feeds back advanced information to the terminal;
specifically, the advanced information in the present application includes: the user inputs the ID, age, and user name in the application program obtained after the registration is passed when performing the registration operation of the application program.
S3, the terminal allocates a data transmission channel based on the basic information and the advanced information;
specifically, the terminal sets a first channel set based on basic information, wherein the first channel set comprises a plurality of first channels, and a specific first channel is selected as a data transmission channel based on advanced information. For example, the user performs a registration operation in the application program a, which obtains the user a in the application program a, and the application program a sends the basic information and the advanced information to the terminal, and uses the first channel a as a data transmission channel of the user a in the application program a.
In some embodiments of the present application, another user performs a registration operation in the application a, which obtains the user B in the application a, where the application a sends basic information and advanced information to the terminal, and the first channel B is used as a data transmission channel of the user B in the application a, and further, the first channel a may also be used as a data transmission channel of the user B in the application a.
In some embodiments of the present application, the user performs a registration operation in the application B, which obtains the user C in the application B, and the application B sends the basic information and the advanced information to the terminal, and uses the first channel C as a data transmission channel of the user C in the application B.
The above embodiments are merely illustrative of the present application, and a person skilled in the art may freely determine a combination manner and a data transmission channel according to the technical ideas set forth in the present application.
S4, acquiring activity information from a data transmission channel, and extracting behavior data from the activity information;
when a user operates through the digital product, the user performs data transmission through a corresponding first channel, acquires a data packet from the first channel as activity information, performs inverse reduction on the data packet to form a reduction result, and extracts behavior data from the reduction result.
Performing inverse reduction on the data packet to form a reduction result, which specifically comprises the following steps: and carrying out IP fragment recombination of the data packet according to the network layer protocol IP, and then carrying out TCP/UDP protocol recombination to extract text content from the recombination result to form a restoration result.
Further, extracting behavior data from the reduction result specifically includes: the behavior data comprise operation behavior data and destination IP.
S5, establishing an analysis model, analyzing the behavior data, and determining whether the current behavior has network threat or not.
Specifically, comparing the obtained operation behavior data with preset threat operation behaviors, determining the threat level of the operation behaviors, and giving a first evaluation score;
comparing the obtained target IP with a preset dangerous IP, determining the threat level of the target IP, and giving out a second evaluation score;
and based on the first evaluation score and the second evaluation score, obtaining the comprehensive evaluation score by adopting a combined weighting method. Illustratively, the initial weights of the first and second rating scores are preset, which are calculated by: total evaluation score = first evaluation score x weight 1+ second evaluation score x weight 2.
Referring to fig. 2, a second aspect of the present application provides a user information threat analysis system for implementing the user information threat analysis method of any of the preceding claims, the system comprising a first acquisition module 101, a second acquisition module 102, an allocation module 103, an extraction module 104, an analysis module 105,
the first obtaining module 101 is configured to obtain basic information of a digitized product;
the second obtaining module 102 is configured to obtain advanced information of the digitized product;
the allocation module 103 is configured to allocate a data transmission channel based on the basic information and the advanced information;
the extracting module 104 is configured to obtain activity information from a data transmission channel, and extract behavior data from the activity information.
The analysis module 105 is configured to build an analysis model, analyze the behavior data, and determine whether a current behavior has a network threat.
The foregoing is merely illustrative embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about variations or substitutions within the technical scope of the present application, and the application should be covered. The scope of the application is to be determined by the appended claims.
Claims (9)
1. A method for threat analysis of user information, the method comprising the steps of:
the terminal obtains basic information of a digital product, and the digital product runs on the terminal;
after the user registers the digital product, the digital product feeds back advanced information to the terminal;
the terminal allocates a data transmission channel based on the basic information and the advanced information;
acquiring activity information from a data transmission channel, and extracting behavior data from the activity information;
and establishing an analysis model, analyzing the behavior data, and determining whether the current behavior has network threat or not.
2. The user information threat analysis method of claim 1, wherein the basic information of the digitized product comprises: name, description, icon, screenshot, category, version number, supported operating system version and supported language for different digitized products.
3. The method of claim 1, wherein the advanced information comprises: the user performs a registration operation, the inputted ID, age, and user name obtained after the registration has passed.
4. The method for analyzing threat of user information according to claim 1, wherein the terminal allocates a data transmission channel based on basic information and advanced information, specifically comprising: the terminal sets a first channel set based on basic information, wherein the first channel set comprises a plurality of first channels, and a specific first channel is selected as a data transmission channel based on advanced information.
5. The method for analyzing threat of user information according to claim 1, wherein the activity information is obtained from a data transmission channel, and the behavior data is extracted from the activity information, specifically comprising: when a user operates through the digital product, the user performs data transmission through a corresponding first channel, acquires a data packet from the first channel as activity information, performs inverse reduction on the data packet to form a reduction result, and extracts behavior data from the reduction result.
6. The method for analyzing threat of user information of claim 5, wherein performing inverse reduction on the data packet to form a reduction result specifically comprises: and carrying out IP fragment recombination of the data packet according to the network layer protocol IP, and then carrying out TCP/UDP protocol recombination to extract text content from the recombination result to form a restoration result.
7. The method for analyzing threat of user information according to claim 6, wherein extracting behavior data from the restored result comprises: the behavior data comprise operation behavior data and destination IP.
8. The method for analyzing threat of user information according to claim 7, wherein establishing an analysis model, analyzing the behavior data, and determining whether a current behavior has a network threat comprises:
comparing the obtained operation behavior data with preset threat operation behaviors, determining the threat level of the operation behaviors, and giving out a first evaluation score;
comparing the obtained target IP with a preset dangerous IP, determining the threat level of the target IP, and giving out a second evaluation score;
and based on the first evaluation score and the second evaluation score, obtaining the comprehensive evaluation score by adopting a combined weighting method.
9. A user information threat analysis system for implementing a user information threat analysis method in accordance with any of claims 1-8, the system comprising a first acquisition module, a second acquisition module, an allocation module, an extraction module, an analysis module,
the first acquisition module is used for acquiring basic information of the digital product;
the second acquisition module is used for acquiring advanced information of the digital product;
the distribution module is used for distributing a data transmission channel based on the basic information and the advanced information;
the extraction module is used for obtaining activity information from the data transmission channel and extracting behavior data from the activity information;
the analysis module is used for establishing an analysis model, analyzing the behavior data and determining whether the current behavior has network threat or not.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311119479.6A CN117118717B (en) | 2023-09-01 | 2023-09-01 | User information threat analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311119479.6A CN117118717B (en) | 2023-09-01 | 2023-09-01 | User information threat analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117118717A true CN117118717A (en) | 2023-11-24 |
| CN117118717B CN117118717B (en) | 2024-05-31 |
Family
ID=88805317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311119479.6A Active CN117118717B (en) | 2023-09-01 | 2023-09-01 | User information threat analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117118717B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889430A (en) * | 2006-06-21 | 2007-01-03 | 南京联创网络科技有限公司 | Safety identification control method based on 802.1 X terminal wideband switching-in |
| CN101599963A (en) * | 2009-06-10 | 2009-12-09 | 电子科技大学 | Suspected network threat information screener and Screening Treatment method |
| CN102196440A (en) * | 2010-03-01 | 2011-09-21 | 李青山 | Method and system for network audit and intrusion detection |
| US20140101259A1 (en) * | 2012-10-05 | 2014-04-10 | Opera Solutions, Llc | System and Method for Threat Assessment |
| US20150178496A1 (en) * | 2013-12-19 | 2015-06-25 | Tobias M. Kohlenberg | Protection system including machine learning snapshot evaluation |
| US20160156655A1 (en) * | 2010-07-21 | 2016-06-02 | Seculert Ltd. | System and methods for malware detection using log analytics for channels and super channels |
| KR101813798B1 (en) * | 2016-08-03 | 2018-01-02 | 서동진 | System for providing the using information of field experience learning place and method thereof |
| CN109474586A (en) * | 2018-10-31 | 2019-03-15 | 施勇 | A kind of advanced duration threat analysis method based on user behavior analysis |
| CN109995740A (en) * | 2018-01-02 | 2019-07-09 | 国家电网公司 | Threat detection method based on depth protocal analysis |
| CN111639033A (en) * | 2020-06-03 | 2020-09-08 | 厦门力含信息技术服务有限公司 | Software security threat analysis method and system |
| CN111800412A (en) * | 2020-07-01 | 2020-10-20 | 中国移动通信集团有限公司 | Advanced sustainable threat tracing method, system, computer equipment and storage medium |
| CN112671800A (en) * | 2021-01-12 | 2021-04-16 | 江苏天翼安全技术有限公司 | Method for threat quantification enterprise risk value |
| CN112738118A (en) * | 2020-12-30 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Network threat detection method, device, system, electronic equipment and storage medium |
| KR20210083936A (en) * | 2019-12-27 | 2021-07-07 | 주식회사 디플랫폼 | System for collecting cyber threat information |
| CN114499957A (en) * | 2021-12-24 | 2022-05-13 | 广州电力设计院有限公司 | Network information security dynamic evaluation system and method thereof |
| CN115168895A (en) * | 2022-07-08 | 2022-10-11 | 哈尔滨汇谷科技有限公司 | User information threat analysis method and server combined with artificial intelligence |
| CN115694994A (en) * | 2022-10-31 | 2023-02-03 | 北京天融信网络安全技术有限公司 | Threat analysis method and device based on multi-level information fusion |
-
2023
- 2023-09-01 CN CN202311119479.6A patent/CN117118717B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1889430A (en) * | 2006-06-21 | 2007-01-03 | 南京联创网络科技有限公司 | Safety identification control method based on 802.1 X terminal wideband switching-in |
| CN101599963A (en) * | 2009-06-10 | 2009-12-09 | 电子科技大学 | Suspected network threat information screener and Screening Treatment method |
| CN102196440A (en) * | 2010-03-01 | 2011-09-21 | 李青山 | Method and system for network audit and intrusion detection |
| US20160156655A1 (en) * | 2010-07-21 | 2016-06-02 | Seculert Ltd. | System and methods for malware detection using log analytics for channels and super channels |
| US20140101259A1 (en) * | 2012-10-05 | 2014-04-10 | Opera Solutions, Llc | System and Method for Threat Assessment |
| US20150178496A1 (en) * | 2013-12-19 | 2015-06-25 | Tobias M. Kohlenberg | Protection system including machine learning snapshot evaluation |
| KR101813798B1 (en) * | 2016-08-03 | 2018-01-02 | 서동진 | System for providing the using information of field experience learning place and method thereof |
| CN109995740A (en) * | 2018-01-02 | 2019-07-09 | 国家电网公司 | Threat detection method based on depth protocal analysis |
| CN109474586A (en) * | 2018-10-31 | 2019-03-15 | 施勇 | A kind of advanced duration threat analysis method based on user behavior analysis |
| KR20210083936A (en) * | 2019-12-27 | 2021-07-07 | 주식회사 디플랫폼 | System for collecting cyber threat information |
| CN111639033A (en) * | 2020-06-03 | 2020-09-08 | 厦门力含信息技术服务有限公司 | Software security threat analysis method and system |
| CN111800412A (en) * | 2020-07-01 | 2020-10-20 | 中国移动通信集团有限公司 | Advanced sustainable threat tracing method, system, computer equipment and storage medium |
| CN112738118A (en) * | 2020-12-30 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Network threat detection method, device, system, electronic equipment and storage medium |
| CN112671800A (en) * | 2021-01-12 | 2021-04-16 | 江苏天翼安全技术有限公司 | Method for threat quantification enterprise risk value |
| CN114499957A (en) * | 2021-12-24 | 2022-05-13 | 广州电力设计院有限公司 | Network information security dynamic evaluation system and method thereof |
| CN115168895A (en) * | 2022-07-08 | 2022-10-11 | 哈尔滨汇谷科技有限公司 | User information threat analysis method and server combined with artificial intelligence |
| CN115694994A (en) * | 2022-10-31 | 2023-02-03 | 北京天融信网络安全技术有限公司 | Threat analysis method and device based on multi-level information fusion |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117118717B (en) | 2024-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106686395B (en) | live illegal video detection method and system | |
| CN102185856B (en) | Team organizing video method, device and system used in team organizing game | |
| CN104965695B (en) | The method and apparatus of analog subscriber real-time operation | |
| CN104615658B (en) | A kind of method for determining user identity | |
| CN102185862A (en) | Communication method, device and system of online game system | |
| CN109218390A (en) | User's screening technique and device | |
| CN105577670B (en) | A kind of warning system hitting library attack | |
| CN105607997A (en) | Background service test method, apparatus and system for software product | |
| CN111026969A (en) | Content recommendation method and device, storage medium and server | |
| CN108388388A (en) | Interaction content display methods and device | |
| CN109847340A (en) | A kind of information processing method, device, equipment and medium | |
| CN107256276A (en) | A kind of mobile App content safeties acquisition methods and equipment based on cloud platform | |
| CN104967698B (en) | A kind of method and apparatus crawling network data | |
| CN104184656B (en) | A kind of method for information display and application server | |
| CN117118717B (en) | User information threat analysis method and system | |
| CN105871989A (en) | Live broadcast video obtaining method and device | |
| CN107844562B (en) | Intelligent consultation service method | |
| CN108270753A (en) | The method and device of logging off users account | |
| CN103530087A (en) | Plot command executing method and device | |
| CN106549856B (en) | A kind of method and apparatus sending feedback data | |
| CN108335401A (en) | Share lottery system based on social software platform | |
| CN106604309A (en) | Method and system for hiding SSID of wireless access device | |
| CN116567609A (en) | User information association backfill method, device, equipment and storage medium | |
| CN111714899A (en) | Real-time game fighting system and method | |
| CN105553982A (en) | Security detection method and system for router and router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |