CN117395066B - Network security monitoring system and method - Google Patents
Network security monitoring system and method Download PDFInfo
- Publication number
- CN117395066B CN117395066B CN202311479682.4A CN202311479682A CN117395066B CN 117395066 B CN117395066 B CN 117395066B CN 202311479682 A CN202311479682 A CN 202311479682A CN 117395066 B CN117395066 B CN 117395066B
- Authority
- CN
- China
- Prior art keywords
- website
- information
- monitored
- preset
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 85
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000004044 response Effects 0.000 claims description 30
- 238000013475 authorization Methods 0.000 claims description 13
- 239000000725 suspension Substances 0.000 claims description 7
- 230000006870 function Effects 0.000 description 8
- 230000015654 memory Effects 0.000 description 8
- 238000001514 detection method Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000019771 cognition Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 230000007115 recruitment Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application is applicable to the field of computers, and provides a network security monitoring system and a network security monitoring method, wherein the network security monitoring method comprises the following steps: identifying all terminals connected with the routing equipment, limiting and receiving first website information of the terminals to be monitored, wherein all the terminals comprise the terminals to be monitored; judging whether the first website information is related to a preset website or not; if the first website information is not associated with a preset website, converting the first website information into the preset website, and responding to the preset website; when at least second website information which is from the terminal to be monitored and is not associated with the preset website is monitored again in the preset period, the first input characteristic information and the second input characteristic information are compared when the first website information and the second website information are input into the terminal to be monitored.
Description
Technical Field
The invention belongs to the field of computers, and particularly relates to a network security monitoring system and method.
Background
Network security is a practice for protecting critical systems and sensitive information from digital attacks, also known as Information Technology (IT) security. Network security measures are intended to combat threats to networked systems and applications, whether those threats originate from within or outside the enterprise.
Currently, for some users, the basic security cognition of some networks is lacking, or the security requirements of enterprises on network access are high, so that the access behaviors of the users on websites can be limited; however, when a user fails to input a non-allowed website or a monitored terminal is not used by the user, a security protection mechanism is directly triggered, so that the use of the monitored terminal by the user (possibly a non-monitored user) is immediately limited, which is inaccurate in practice and affects the experience of the non-monitored user.
Disclosure of Invention
An objective of the embodiments of the present invention is to provide a network security monitoring system and method, which aims to solve the problems set forth in the background art.
The embodiment of the invention is realized in such a way that, on the one hand, a network security monitoring method comprises the following steps:
Identifying all terminals connected with the routing equipment, limiting and receiving first website information of the terminals to be monitored, wherein all the terminals comprise the terminals to be monitored;
Judging whether the first website information is related to a preset website or not;
if the first website information is not associated with a preset website, converting the first website information into the preset website, and responding to the preset website;
When at least second website information which is not related to the preset website and comes from the terminal to be monitored is monitored again in the preset period, comparing the first input characteristic information and the second input characteristic information when the first website information and the second website information are input into the terminal to be monitored;
when the first input characteristic information and the second input characteristic information meet the preset similar conditions, indicating the routing equipment to suspend responding to request information from a terminal to be monitored, wherein the request information comprises a website connection request;
and monitoring a user of the terminal to be monitored, and determining whether to release the pause response to the request information according to the monitoring result.
As still further aspects of the present invention, identifying all terminals connected to the routing device, and defining to receive the first website information of the terminal to be monitored includes:
Identifying all terminals successfully connected with the routing equipment, wherein all terminals comprise terminals to be monitored;
An input time period prompt is sent to a terminal to be monitored, and the input time period prompt is used for prompting to receive and identify first website information within an input time period;
and uniformly collecting the first website information of the terminal to be monitored in the input period.
As still further aspects of the present invention, the determining whether the first website information is associated with a preset website includes:
identifying whether the first website information contains a preset website;
If not, judging that the first website information is not related to a preset website;
Or collecting the interface association website of the preset website, identifying whether the first website information contains the interface association website, and if not, judging that the first website information is not associated with the preset website.
As a further aspect of the present invention, the method further includes:
receiving remote authorization information of a main user to a terminal to be monitored;
And based on the remote authorization information, when the website input interface of the terminal to be monitored is detected to be opened, starting to read input characteristic information, wherein the input characteristic information comprises at least one of touch screen handwriting force, typing speed and typing force.
As a further aspect of the present invention, the comparing the first input feature information and the second input feature information when the first website information and the second website information are input to the terminal to be monitored includes:
performing single-item comparison on the first input characteristic information and the second input characteristic information to judge a comparison result;
when at least one item of the first input characteristic information and the second input characteristic information accords with a single item setting threshold value, judging that the first input characteristic information and the second input characteristic information meet a preset similar condition.
As a further aspect of the present invention, the monitoring, by the user of the terminal to be monitored, determining whether to cancel the suspension response to the request information according to the monitoring result includes:
Acquiring the positioning of a terminal to be monitored according to the remote authorization information;
acquiring characteristic information of a user to be monitored, which is provided by a main user, and generating a monitoring instruction according to the positioning and the characteristic information;
the monitoring instruction is sent to the routing equipment, the routing equipment is instructed to inquire the online monitoring equipment covering the positioning, the monitoring instruction is forwarded to the online monitoring equipment, so that the online monitoring equipment performs online comparison on a user scene at the positioning position based on the characteristic information, and the comparison result is fed back to the routing equipment;
When the comparison result shows that the user at the positioning position does not accord with the characteristic information, the pause response of the routing equipment to the request information is released;
And when the comparison result shows that the user at the positioning position accords with the characteristic information, maintaining a pause response of the routing equipment to the request information.
As a further aspect of the present invention, in another aspect, a network security monitoring system, the system includes:
The identification and definition module is used for identifying all terminals connected with the routing equipment, defining and receiving first website information of the terminals to be monitored, wherein all the terminals comprise the terminals to be monitored;
the judging module is used for judging whether the first website information is related to a preset website or not;
the conversion and response module is used for converting the first website information into a preset website and responding to the preset website if the first website information is not related to the preset website;
the comparison module is used for comparing the first input characteristic information and the second input characteristic information when the first website information and the second website information are input into the terminal to be monitored when the second website information which is not related to the preset website and comes from the terminal to be monitored is monitored at least once again in the preset period;
The forbidden response module is used for indicating the routing equipment to pause responding to the request information from the terminal to be monitored when the first input characteristic information and the second input characteristic information meet the preset similar conditions, wherein the request information comprises a website connection request;
And the monitoring and releasing determining module is used for monitoring a user of the terminal to be monitored and determining whether to release the pause response to the request information according to the monitoring result.
Optionally, the identifying and defining module includes:
The identification unit is used for identifying all terminals successfully connected with the routing equipment, wherein all terminals comprise terminals to be monitored;
The prompt sending unit is used for sending an input period prompt to the terminal to be monitored, wherein the input period prompt is used for prompting that the first website information is received and identified in the input period;
A condition collection unit for uniformly collecting first website information of the terminal to be monitored in the input period
The network security monitoring system and the network security monitoring method provided by the embodiment of the invention can realize the security detection of the user to be monitored based on the network provided by the routing equipment, and allow a trial and error opportunity to exist, namely, when the first website information is not associated with a preset website, the first website information is converted into the preset website, and the preset website is responded, namely, under the condition that the first time is possible to be input by mistake, the first website information is converted into the preset website, meanwhile, when the first input characteristic information and the second input characteristic information meet the preset similar condition, the routing equipment is instructed to pause responding to the request information from the terminal to be monitored, so that the user of the terminal to be monitored is convenient to monitor, and if the user does not accord with the setting of monitoring; the suspension response of the routing device to the request information should be continued; if the network is the latter, the pause response of the routing equipment to the request information is released, namely the network can log in the desired website after the terminal to be monitored is connected with the routing equipment, the use experience of the user not to be monitored is not affected, and the network impact of the network address not preset under the terminal to be monitored is avoided, so that the network use safety is ensured.
Drawings
Fig. 1 is a main flow chart of a network security monitoring method.
Fig. 2 is a flowchart of identifying all terminals connected to a routing device in a network security monitoring method, and defining a first website information for receiving a terminal to be monitored.
Fig. 3 is a flowchart of a network security monitoring method for determining whether the first website information is related to a preset website.
Fig. 4 is a flowchart of comparing first input feature information and second input feature information when the first website information and the second website information are input to a terminal to be monitored in a network security monitoring method.
Fig. 5 is a flowchart of a network security monitoring method for determining whether to cancel a suspension response to the request information according to a monitoring result.
Fig. 6 is a main structural diagram of a network security monitoring system.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Specific implementations of the invention are described in detail below in connection with specific embodiments.
The network security monitoring system and the network security monitoring method provided by the invention solve the technical problems in the background technology.
As shown in fig. 1, a main flow chart of a network security monitoring method according to an embodiment of the present invention is provided, where the network security monitoring method includes:
step S10: identifying all terminals connected with the routing equipment, limiting and receiving first website information of the terminals to be monitored, wherein all the terminals comprise the terminals to be monitored;
The routing equipment realizes connection between all terminals and websites and information feedback of the websites to all terminals; the terminal to be monitored may be used by a user to be monitored set by a master user; limiting the receiving, for example, selecting a terminal to be monitored from the terminals based on equipment identification, and then sending an input period prompt to the terminal to be monitored, wherein the prompt prompts that a current user (possibly the user to be monitored) of the terminal to be monitored inputs first website information only in the input period; receiving first website information of a terminal to be monitored within a limited period;
When the routing equipment collects the first website information, the first website information of a plurality of terminals to be monitored can be intensively identified and processed;
step S11: judging whether the first website information is related to a preset website or not;
Step S12: if the first website information is not associated with a preset website, converting the first website information into the preset website, and responding to the preset website;
the preset websites are websites set by a main user, the interfaces of the preset websites are also linked to some websites, the websites are also subjected to security verification, the first website information does not contain interface-associated websites or preset websites, and the first website information is judged to be not associated with the preset websites;
step S13: when at least second website information which is not related to the preset website and comes from the terminal to be monitored is monitored again in the preset period, comparing the first input characteristic information and the second input characteristic information when the first website information and the second website information are input into the terminal to be monitored;
The preset time period starts to count from the first receiving of the first website information; at least monitoring again, namely when the second website information of the terminal to be monitored is monitored at least twice within the preset period and is not related to the preset website, comparing the first input characteristic information and the second input characteristic information when the first website information and the second website information are input into the terminal to be monitored, and actually, starting to read the input characteristic information, such as touch screen writing force, when a website input interface of the terminal to be monitored is opened; writing handwriting;
Step S14: when the first input characteristic information and the second input characteristic information meet the preset similar conditions, indicating the routing equipment to suspend responding to request information from a terminal to be monitored, wherein the request information comprises a website connection request;
if the first input characteristic information and the second input characteristic information meet the preset similarity condition, if the touch screen writing force of the front and rear two times is not different, and/or the writing similarity reaches a preset threshold value, the fact that the same user is input based on the end to be monitored for the front and rear two times is preliminarily determined; at this time, the router is instructed to suspend responding to the request information from the terminal to be monitored, namely, when the terminal to be monitored wants to log in a website through the network connected with the router, the router cannot respond to the request information;
step S15: and monitoring a user of the terminal to be monitored, and determining whether to release the pause response to the request information according to the monitoring result.
The monitoring is mainly to monitor whether a user is a user to be monitored or other legal users in a use area under the condition that the user is the same user input based on the end to be monitored for two times before and after preliminary identification, and if the user is the former user, the user to be monitored is indicated that the website information input by the user to be monitored for at least two times is not related to a preset website, and the monitoring setting is not met; the suspension response of the routing device to the request information should be continued; if the network is the latter, the pause response of the routing equipment to the request information is released, namely the terminal to be monitored can log in a desired website after being connected with the routing equipment, the use experience of a user not to be monitored is not affected, the network impact of the network not preset to the network address to be monitored under the terminal to be monitored can be avoided, and the network use safety is ensured;
When the method is applied, the security detection of the user to be monitored based on the network provided by the routing equipment can be realized, and one error trial and error opportunity is allowed to exist, namely, when the first website information is not associated with a preset website, the first website information is converted into the preset website, and the preset website is responded, namely, under the condition that the first time is possible to be input by mistake, the first website information is converted into the preset website, meanwhile, when the first input characteristic information and the second input characteristic information meet the preset similar condition, the routing equipment is instructed to pause responding to the request information from the terminal to be monitored, so that the user of the terminal to be monitored can conveniently monitor, and if the user does not accord with the setting of monitoring; the suspension response of the routing device to the request information should be continued; if the network is the latter, the pause response of the routing equipment to the request information is released, namely the network can log in the desired website after the terminal to be monitored is connected with the routing equipment, the use experience of the user not to be monitored is not affected, and the network impact of the network address not preset under the terminal to be monitored is avoided, so that the network use safety is ensured.
As shown in fig. 2, as a preferred embodiment of the present invention, the identifying all terminals connected to the routing device, and defining the first website information of the terminal to be monitored includes:
step S101: identifying all terminals successfully connected with the routing equipment, wherein all terminals comprise terminals to be monitored;
Step S102: an input time period prompt is sent to a terminal to be monitored, and the input time period prompt is used for prompting to receive and identify first website information within an input time period;
step S103: and uniformly collecting the first website information of the terminal to be monitored in the input period.
It can be understood that the terminal connected to the routing device verifies the device identifier through the password login mechanism, selects the terminal to be monitored from the terminals based on the device identifier, and then sends an input period prompt to the terminal to be monitored to prompt the current user (possibly the user to be monitored) of the terminal to be monitored to input the first website information only in the input period; when the routing equipment collects the first website information, the first website information of a plurality of terminals to be monitored can be identified and processed in a centralized manner, and website login of the terminals to be monitored based on the routing equipment in all the terminals is not influenced; (a prompt for avoiding the input period may be sent to the non-monitoring terminal, that is, the website information of the non-monitoring terminal is received in the non-input period).
As shown in fig. 3, as a preferred embodiment of the present invention, the determining whether the first website information is associated with a preset website includes:
step S111: identifying whether the first website information contains a preset website;
step S112: if not, judging that the first website information is not related to a preset website;
or step S113: and collecting the interface association website of the preset website, identifying whether the first website information comprises the interface association website, and if not, judging that the first website information is not associated with the preset website.
The preset websites are websites set by a main user and are generally used for safe login, learning, special use and the like of the user to be monitored; the interface of the preset website is also linked to some websites which are displayed on the interface of the preset website and are subjected to security verification, for example, the employment service platform of college students is linked to recruitment websites of some universities and the like; therefore, the first website information does not contain an interface associated website or a preset website, and the first website information is judged to be not associated with the preset website.
As a preferred embodiment of the present invention, the method further comprises:
The steps are as follows: receiving remote authorization information of a main user to a terminal to be monitored;
the steps are as follows: and based on the remote authorization information, when the website input interface of the terminal to be monitored is detected to be opened, starting to read input characteristic information, wherein the input characteristic information comprises at least one of touch screen handwriting force, typing speed and typing force.
The method comprises the steps that a main user has absolute authority on a terminal to be monitored, after remote authorization information is acquired, the remote authorization information is sent to the terminal to be monitored, so that a function of reading input characteristic information is started or kept in a background of the terminal to be monitored, and the function is not displayed on an interface of the terminal to be monitored; specifically, the function comprises at least one of detecting the opening touch force, detecting the speed of a virtual keyboard or a real keyboard and monitoring the typing force; the corresponding detection is directly acquired through a corresponding sensor or monitoring software;
as shown in fig. 4, further, the comparing the first input feature information and the second input feature information when the first website information and the second website information are input to the terminal to be monitored includes:
Step S131: performing single-item comparison on the first input characteristic information and the second input characteristic information to judge a comparison result;
Step S132: when at least one item of the first input characteristic information and the second input characteristic information accords with a single item setting threshold value, judging that the first input characteristic information and the second input characteristic information meet a preset similar condition.
In combination with the above embodiment, when at least one of the touch screen handwriting force, the typing speed and the typing force in the first input feature information and the second input feature information is within the corresponding single set threshold value, it is determined that the first input feature information and the second input feature information meet the preset similar condition, and at this time, the same user is input based on the to-be-monitored terminal in the first and the second times of preliminary determination.
As shown in fig. 5, as a preferred embodiment of the present invention, the monitoring the user of the terminal to be monitored, determining whether to release the pause response to the request information according to the monitoring result includes:
step S151: acquiring the positioning of a terminal to be monitored according to the remote authorization information;
The remote authorization of the main user can directly acquire the positioning; namely, the terminal to be monitored feeds back and positions;
step S152: acquiring characteristic information of a user to be monitored, which is provided by a main user, and generating a monitoring instruction according to the positioning and the characteristic information;
The user of the terminal to be monitored should be the user to be monitored under the supervision of the main user, and is familiar with the relevant conditions of the current user to be monitored; the feature information provided by the main user comprises at least one item of face information and clothing information; a monitoring instruction generated according to the positioning and characteristic information;
step S153: the monitoring instruction is sent to the routing equipment, the routing equipment is instructed to inquire the online monitoring equipment covering the positioning, the monitoring instruction is forwarded to the online monitoring equipment, so that the online monitoring equipment performs online comparison on a user scene at the positioning position based on the characteristic information, and the comparison result is fed back to the routing equipment;
the online state routing equipment of the online monitoring equipment can be obtained by monitoring, and a plurality of online monitoring equipment are arranged in a use area of the terminal to be monitored; selecting one of them; the online monitoring equipment receives the monitoring instruction to start to aim the monitoring lens at the positioning position and identify online so as to identify whether the relevant information of the user in the user scene at the positioning position accords with at least one item of face information and clothing information;
step S154: when the comparison result shows that the user at the positioning position does not accord with the characteristic information, the pause response of the routing equipment to the request information is released;
Disagreement, i.e. when selecting face recognition, no other information needs to be seen; the face recognition failure is regarded as non-coincidence; when the clothing information is selected, detecting whether the clothing image of the user at the positioning position and a preset image in the clothing information accord with preset similarity, if not, judging that the user at the positioning position does not accord with the characteristic information;
Under the situation, the user is considered to be not a user to be monitored in the use area, but other legal users, such as relatives and the like, the pause response of the routing equipment to the request information is relieved at the moment, namely, the terminal to be monitored can log in a desired website after being connected with the routing equipment, the use experience of the user not to be monitored is not influenced, the network impact of the network not preset to the terminal to be monitored can be avoided, and the network use safety is ensured;
Step S155: and when the comparison result shows that the user at the positioning position accords with the characteristic information, maintaining a pause response of the routing equipment to the request information.
When the face recognition is successful, the face recognition is considered to be consistent; or detecting that the clothing image of the user at the positioning position accords with the preset similarity with the preset image in the clothing information, and considering that the user at the positioning position accords with the characteristic information; at the moment, the user at the positioning position is considered to be the user to be monitored; under the condition, the user is considered to be a user to be monitored in the using area, and the website information input at least twice is not associated with a preset website and does not accord with the setting of monitoring; the pause response of the routing device to the request information should be kept, namely, the website input is invalid after the routing device is connected;
The method ensures that the website login behavior of the user to be monitored is controlled based on the website after the terminal to be monitored is connected with the network, and after the pause response of the routing equipment to the request information is maintained, if the user needs to log in the website of the preset website again, the re-authorization of the main user needs to be obtained, in addition, when the comparison result shows that the user at the positioning position does not accord with the characteristic information, the pause response of the routing equipment to the request information is relieved, and the continuous use of the user not to be monitored is not influenced. No manual monitoring is required, and other use functions of the terminal to be monitored are not limited.
As another preferred embodiment of the present invention, as shown in fig. 6, in another aspect, a network security monitoring system includes:
An identifying and defining module 100, configured to identify all terminals connected to the routing device, and define to receive first website information of the terminals to be monitored, where all terminals include the terminals to be monitored;
The judging module 200 is configured to judge whether the first website information is associated with a preset website;
The conversion and response module 300 is configured to convert the first website information into a preset website if the first website information is not associated with the preset website, and respond to the preset website;
The comparison module 400 is configured to compare the first input feature information and the second input feature information when the first website information and the second website information are input to the terminal to be monitored, when at least the second website information, which is not associated with the preset website, from the terminal to be monitored is monitored again within the preset period;
the forbidden response module 500 is configured to instruct the routing device to suspend responding to request information from the terminal to be monitored when the first input feature information and the second input feature information meet a preset similar condition, where the request information includes a website connection request;
The monitoring and releasing determining module 600 is configured to monitor a user of the terminal to be monitored, and determine whether to release the pause response to the request information according to the monitoring result.
As an alternative aspect of the present invention, the identifying and defining module 100 includes:
The identification unit is used for identifying all terminals successfully connected with the routing equipment, wherein all terminals comprise terminals to be monitored;
The prompt sending unit is used for sending an input period prompt to the terminal to be monitored, wherein the input period prompt is used for prompting that the first website information is received and identified in the input period;
and the condition collecting unit is used for uniformly collecting the first website information of the terminal to be monitored in the input period.
It should be noted that, referring to the description of the specific implementation of a network security monitoring method in the foregoing embodiment, the system corresponds to the implementation method of the method completely, and will not be described herein.
The embodiment of the invention provides a network security monitoring method, and provides a network security monitoring system based on the network security monitoring method, which can realize the security detection of a user to be monitored based on a network provided by a routing device, and allow a first error testing opportunity to exist, namely, when the first website information is not associated with a preset website, the first website information is converted into the preset website, and the preset website is responded, namely, under the condition that the first website information is possibly input by mistake, the first website information is converted into the preset website, meanwhile, when the first input characteristic information and the second input characteristic information meet the preset similar condition, the routing device is instructed to pause responding to request information from a terminal to be monitored, so that the user of the terminal to be monitored is convenient to monitor, and if the user does not accord with the setting of monitoring; the suspension response of the routing device to the request information should be continued; if the network is the latter, the pause response of the routing equipment to the request information is released, namely the network can log in the desired website after the terminal to be monitored is connected with the routing equipment, the use experience of the user not to be monitored is not affected, and the network impact of the network address not preset under the terminal to be monitored is avoided, so that the network use safety is ensured.
In order to be able to load the method and system described above to function properly, the system may include more or less components than those described above, or may combine some components, or different components, in addition to the various modules described above, for example, may include input and output devices, network access devices, buses, processors, memories, and the like.
The Processor may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the above system, and various interfaces and lines are used to connect the various parts.
The memory may be used to store a computer and a system program and/or module, and the processor may perform the various functions described above by running or executing the computer program and/or module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as an information acquisition template presentation function, a product information distribution function, etc.), and the like. The storage data area may store data created according to the use of the berth status display system (e.g., product information acquisition templates corresponding to different product types, product information required to be released by different product providers, etc.), and so on. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.
Claims (5)
1. A method of network security monitoring, the method comprising:
Identifying all terminals connected with the routing equipment, limiting and receiving first website information of the terminals to be monitored, wherein all the terminals comprise the terminals to be monitored;
Judging whether the first website information is related to a preset website or not;
if the first website information is not associated with a preset website, converting the first website information into the preset website, and responding to the preset website;
When at least second website information which is not related to the preset website and comes from the terminal to be monitored is monitored again in the preset period, comparing the first input characteristic information and the second input characteristic information when the first website information and the second website information are input into the terminal to be monitored;
when the first input characteristic information and the second input characteristic information meet the preset similar conditions, indicating the routing equipment to suspend responding to request information from a terminal to be monitored, wherein the request information comprises a website connection request;
Monitoring a user of the terminal to be monitored, and determining whether to release the pause response to the request information according to a monitoring result;
the monitoring of the user of the terminal to be monitored, and determining whether to cancel the suspension of the request information according to the monitoring result correspondingly comprise:
Acquiring the positioning of a terminal to be monitored according to the remote authorization information;
acquiring characteristic information of a user to be monitored, which is provided by a main user, and generating a monitoring instruction according to the positioning and the characteristic information;
the monitoring instruction is sent to the routing equipment, the routing equipment is instructed to inquire the online monitoring equipment covering the positioning, the monitoring instruction is forwarded to the online monitoring equipment, so that the online monitoring equipment performs online comparison on a user scene at the positioning position based on the characteristic information, and the comparison result is fed back to the routing equipment;
When the comparison result shows that the user at the positioning position does not accord with the characteristic information, the pause response of the routing equipment to the request information is released;
And when the comparison result shows that the user at the positioning position accords with the characteristic information, maintaining a pause response of the routing equipment to the request information.
2. The network security monitoring method of claim 1, wherein identifying all terminals connected to the routing device, defining to receive the first website information of the terminal to be monitored, comprises:
Identifying all terminals successfully connected with the routing equipment, wherein all terminals comprise terminals to be monitored;
An input time period prompt is sent to a terminal to be monitored, and the input time period prompt is used for prompting to receive and identify first website information within an input time period;
and uniformly collecting the first website information of the terminal to be monitored in the input period.
3. The network security monitoring method according to claim 1, wherein the determining whether the first website information is associated with a preset website comprises:
identifying whether the first website information contains a preset website;
If not, judging that the first website information is not related to a preset website;
Or collecting the interface association website of the preset website, identifying whether the first website information contains the interface association website, and if not, judging that the first website information is not associated with the preset website.
4. A network security monitoring method as claimed in claim 3, wherein the method further comprises:
receiving remote authorization information of a main user to a terminal to be monitored;
And based on the remote authorization information, when the website input interface of the terminal to be monitored is detected to be opened, starting to read input characteristic information, wherein the input characteristic information comprises at least one of touch screen handwriting force, typing speed and typing force.
5. The network security monitoring method of claim 4, wherein comparing the first and second input characteristic information when the first and second website information is input to the terminal to be monitored comprises:
performing single-item comparison on the first input characteristic information and the second input characteristic information to judge a comparison result;
when at least one item of the first input characteristic information and the second input characteristic information accords with a single item setting threshold value, judging that the first input characteristic information and the second input characteristic information meet a preset similar condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311479682.4A CN117395066B (en) | 2023-11-08 | 2023-11-08 | Network security monitoring system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311479682.4A CN117395066B (en) | 2023-11-08 | 2023-11-08 | Network security monitoring system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117395066A CN117395066A (en) | 2024-01-12 |
| CN117395066B true CN117395066B (en) | 2024-06-04 |
Family
ID=89440761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311479682.4A Active CN117395066B (en) | 2023-11-08 | 2023-11-08 | Network security monitoring system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117395066B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685215A (en) * | 2012-04-18 | 2012-09-19 | 华为技术有限公司 | Method, device and system for online monitoring of mobile terminal |
| CN104765993A (en) * | 2015-03-25 | 2015-07-08 | 广东欧珀移动通信有限公司 | Anti-addiction method and device |
| CN105871795A (en) * | 2015-11-16 | 2016-08-17 | 乐视致新电子科技(天津)有限公司 | Internet surfing control method and related device |
| JP2018136795A (en) * | 2017-02-22 | 2018-08-30 | 日本電信電話株式会社 | Control system and control method |
| CN113709310A (en) * | 2021-08-30 | 2021-11-26 | 广西爱学生教育科技有限公司 | Anti-addiction system and anti-addiction method based on time strategy |
-
2023
- 2023-11-08 CN CN202311479682.4A patent/CN117395066B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685215A (en) * | 2012-04-18 | 2012-09-19 | 华为技术有限公司 | Method, device and system for online monitoring of mobile terminal |
| CN104765993A (en) * | 2015-03-25 | 2015-07-08 | 广东欧珀移动通信有限公司 | Anti-addiction method and device |
| CN105871795A (en) * | 2015-11-16 | 2016-08-17 | 乐视致新电子科技(天津)有限公司 | Internet surfing control method and related device |
| JP2018136795A (en) * | 2017-02-22 | 2018-08-30 | 日本電信電話株式会社 | Control system and control method |
| CN113709310A (en) * | 2021-08-30 | 2021-11-26 | 广西爱学生教育科技有限公司 | Anti-addiction system and anti-addiction method based on time strategy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117395066A (en) | 2024-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8532302B2 (en) | System and method for registering a personal computing device to a service processor | |
| US8296574B2 (en) | Failure diagnosis method | |
| KR101494982B1 (en) | Hardware-based human presence detection | |
| MXPA06001211A (en) | End user data activation. | |
| CN114048504A (en) | File processing method and device, electronic equipment and storage medium | |
| US20220021788A1 (en) | Information processing apparatus, information processing method, and storage medium | |
| CN117395066B (en) | Network security monitoring system and method | |
| CN112464176B (en) | Authority management method and device, electronic equipment and storage medium | |
| US9524384B2 (en) | Image output apparatus, image output system, and computer-readable recording medium | |
| JP6053646B2 (en) | Monitoring device, information processing system, monitoring method, and program | |
| CN117131527B (en) | Security access control method and system | |
| CN112425134A (en) | Device, method, program, and recording medium | |
| CN117113379B (en) | User offline authorization management method for information system | |
| US20240152621A1 (en) | Control method and apparatus for safety boot of chip, electronic device and storage medium | |
| JP7205232B2 (en) | Embedded control device and process request authentication method for embedded control device | |
| TW202018626A (en) | System for verifying user identity when processing digital signature and method thereof | |
| US11165733B2 (en) | Information processing system to execute a particular workflow in response to receiving mail | |
| TWM598459U (en) | Device for verifying user's identity when logging in with controlled account | |
| CN114116042B (en) | Command processing method and system for Linux service system | |
| EP3707589B1 (en) | Reinstated print operations | |
| TW202141307A (en) | Device for verifying user identity when supervised account is logged in and method thereof | |
| US7797435B2 (en) | Foregoing user credential collection if sending system is in an unauthenticated mutually exclusive connection state | |
| US20240112445A1 (en) | Continuous use authentication method, device, and recording medium | |
| TR2022017893A2 (en) | A PROCESS SECURITY SYSTEM | |
| CN116233284A (en) | Account sharing method, device, equipment and medium based on sweeping robot |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |