CN117454373A - Software login identity management and access security control method - Google Patents

Software login identity management and access security control method Download PDF

Info

Publication number
CN117454373A
CN117454373A CN202311530269.6A CN202311530269A CN117454373A CN 117454373 A CN117454373 A CN 117454373A CN 202311530269 A CN202311530269 A CN 202311530269A CN 117454373 A CN117454373 A CN 117454373A
Authority
CN
China
Prior art keywords
audit
security
log
safety
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311530269.6A
Other languages
Chinese (zh)
Inventor
胡燕平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Sixie Technology Co ltd
Original Assignee
Shenzhen Sixie Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Sixie Technology Co ltd filed Critical Shenzhen Sixie Technology Co ltd
Priority to CN202311530269.6A priority Critical patent/CN117454373A/en
Publication of CN117454373A publication Critical patent/CN117454373A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses a software login identity management and access security control method, which relates to the technical field of software login and access and comprises the following steps: s101, establishing a user account for resources needing identity management and access security control, and realizing login through identity authentication; s102, defining an access control strategy, defining which resources can be accessed by a user or a user group and in which way, and implementing a password strategy on the access after the definition. When the hidden danger that the potential safety event and the threat cannot be detected in time exists in the safety audit time, the method informs related personnel to know the situation, and carries out operation and maintenance management on the safety audit process in advance, so that the situation that the potential safety event and the threat cannot be detected in time in the safety audit time is effectively avoided, the safety, the compliance and the availability of software login identity management and access are ensured, and meanwhile, the situation that malicious activities exist for a long time due to the fact that no safety audit abnormality is found is greatly reduced.

Description

Software login identity management and access security control method
Technical Field
The invention relates to the technical field of software login and access, in particular to a software login identity management and access security control method.
Background
The purpose of software login identity management and access security control is to ensure the security of computer systems and applications, which typically includes a series of tools, techniques and policies for managing the identity of a user, verifying his identity, authorizing him to access a particular resource, and monitoring his activity. Identity management refers to the process of determining and verifying the identity of a user to ensure that only legitimate users can log into the system, including verification of the user's identity (typically by means of a user name and password, biometric features, smart cards, etc.), and management of the user's identity (e.g., creation, updating, and deletion of user accounts), which may also include single-sign-on and multi-factor authentication to improve login security.
Access security control refers to a process that specifies which resources and in what way the user can access those resources in the system. By efficient software login identity management and access security control, the risk of unauthorized access and data leakage can be reduced, sensitive information protected, system integrity and availability ensured, and compliance with relevant regulatory and compliance requirements, which are critical to maintaining the security of the information system, particularly in the face of ever-increasing network security threats.
In the process of realizing software login identity management and access security control, security audit is a crucial component part for ensuring the security, compliance and availability of software login identity management and access. The security audit system is capable of monitoring user activity in real-time, including login, file access, data modification, etc., by comparing the current activity to a benchmark of normal behavior, the system may detect abnormal or unusual operation, which may be indicative of potential security issues such as unauthorized access or malicious behavior. Illegal access or transmission of sensitive data may also be detected, which helps to prevent data leakage and improper leakage of sensitive information, and second, potential threat signs, such as malware activity, intrusion attempts, and abnormal login attempts, may be identified through security audits. Such information may be used to discover threats early, take appropriate responsive measures such as temporarily locking an account, terminating a session, or triggering an alarm.
The prior art has the following defects: the prior art generally relies on security audit to ensure the security, compliance and availability of software login identity management and access, however, when the security audit process fails to timely detect potential security events and threats, the prior art cannot sense the situation, when obvious anomalies occur in software login identity management and access, anomalies are generally discovered, serious hysteresis exists in the discovery of anomalies, which means that malicious activities (unauthorized access or transmission, etc.) may exist for a long time without being detected, thus greatly increasing potential risks.
The above information disclosed in the background section is only for enhancement of understanding of the background of the disclosure and therefore it may include information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
The invention aims to provide a software login identity management and access security control method, which monitors a security audit process during software login identity management and access security control, when hidden danger of potential security events and threats cannot be detected in time during security audit, gives out an early warning prompt to inform related personnel of knowing the situation, carries out operation and maintenance management on the security audit process in advance, effectively avoids the situation that the potential security events and the threats cannot be detected in time during the security audit, ensures the security, compliance and availability of the software login identity management and access, and greatly reduces the situation that malicious activities exist for a long time due to the fact that security audit abnormality is not found, so as to solve the problems in the background art.
In order to achieve the above object, the present invention provides the following technical solutions: a software login identity management and access security control method comprises the following steps:
S101, establishing a user account for resources needing identity management and access security control, and realizing login through identity authentication;
s102, defining an access control strategy, defining which resources can be accessed by a user or a user group and in which mode, and implementing a password strategy for access after definition;
s103, monitoring user activities through security audit, generating an audit log and alarming abnormal activities of the user;
s104, collecting multiple data information during security audit, including log data stream performance index information and hardware performance parameter information, and processing the log data stream performance index information and the hardware performance parameter information after collection;
s105, establishing a data model for the processed performance index information of the log data stream and the hardware performance parameter information during security audit, and comprehensively analyzing the data model to generate an audit security coefficient;
s106, comparing and analyzing the audit safety coefficient generated during safety audit with a preset audit safety coefficient reference threshold value, generating a high-efficiency audit signal or a low-efficiency audit signal, and sending out an early warning prompt to the low-efficiency audit signal;
and S107, feeding back a result of operation and maintenance management of the security audit to generate an operation and maintenance management signal, and ensuring that the security audit is used for efficiently detecting potential security events and threats through the operation and maintenance management signal.
Preferably, the log data stream performance index information during the safety audit comprises a log generation rate gain index and a log loss rate change index, the hardware performance parameter information during the safety audit comprises a hard disk read-write rate abnormal hiding index, after acquisition, the log generation rate gain index and the log loss rate change index are respectively marked as Γzy and Ω ds, and the hard disk read-write rate abnormal hiding index is marked as ζdx.
Preferably, the logic for log generation rate gain index acquisition is as follows:
s101, acquiring a real-time log backlog rate of a log event in G time during security audit, and calibrating the real-time log backlog rate as gamma Real world
S102, calculating a log generation rate gain index, wherein the calculated expression is as follows: in the formula, [ t ] 1 ,t 2 ]Representing log event entriesTime period of line safety audit time less than log backlog rate reference value, [ t ] 3 ,t 4 ]Time period gamma representing that log event safety audit is greater than or equal to log backlog rate reference value Reference to Representing a log backlog rate reference.
Preferably, the logic for obtaining the log loss rate variation index is as follows:
s201, acquiring actual log loss rates of different time periods in G time when log events are subjected to security audit, and calibrating the actual log loss rates to be omega ds k K represents the number of the actual log loss rate of different time periods in the G time when the log event is subjected to security audit, and k=1, 2, 3, 4, … … and P are positive integers;
s202, calculating a log loss rate standard deviation of a plurality of actual log loss rates acquired in G time through safety audit of log events, and calibrating the log loss rate standard deviation as omega Label (C) Wherein Ω Flat plate Representing the average value of a plurality of actual log loss rates acquired in the time G when the log event is subjected to security audit,
s203, calculating a log loss rate change index, wherein the calculated expression is as follows:
preferably, the logic for obtaining the abnormal hiding index of the hard disk read-write speed is as follows:
s301, acquiring actual hard disk read-write rates of different time periods in G time when log events are acquired for security audit, and taking actual daysThe loss rate of the marks is zeta dx v V represents the numbers of the actual hard disk read-write rates of different periods in the G time when the log event is subjected to security audit, v=1, 2, 3, 4, … … and M, wherein M is a positive integer;
s302, comparing the actual hard disk read-write rate obtained in the G time when the log event is subjected to security audit with a hard disk read-write rate reference value, and recalibrating the actual hard disk read-write rate smaller than the hard disk read-write rate reference value to be zeta dx v' V 'represents the number of the actual hard disk read-write rate which is larger than the hard disk read-write rate reference value and is acquired in the time G when the log event is subjected to security audit, v' =1, 2, 3, 4, … … and M ', M' are positive integers;
s303, calculating a hard disk read-write speed abnormal hiding index, wherein the calculated expression is as follows:
preferably, after obtaining the log generation rate gain index Γzy, the log loss rate variation index Ω ds and the hard disk read-write rate abnormal hiding index ζdx after the security audit is processed, building a data analysis model for comprehensive analysis, and generating an audit security coefficient ψ according to the following formula:wherein alpha, beta and delta are respectively preset proportionality coefficients of a log generation rate gain index gamma zy, a log loss rate change index omega ds and a hard disk read-write rate abnormal hiding index zeta dx, and the alpha, the beta and the delta are all larger than 0.
Preferably, the audit safety coefficient generated during safety audit is compared with a preset audit safety coefficient reference threshold value for analysis, if the audit safety coefficient is larger than the audit safety coefficient reference threshold value, a low-efficiency audit signal is generated, an early warning prompt is sent out to the low-efficiency audit signal, relevant personnel are informed of the situation, if the audit safety coefficient is smaller than or equal to the audit safety coefficient reference threshold value, a high-efficiency audit signal is generated, and the early warning prompt is not sent out to the high-efficiency audit signal.
Preferably, when operation and maintenance management is performed on a security audit process, an analysis set is established by acquiring a plurality of audit security coefficients output in real time during operation and maintenance management, and the analysis set is calibrated as I, and then I= { ψ f F represents the number of audit security coefficients within the analysis set, f=1, 2, 3, 4, … …, u being a positive integer;
calculating an audit safety coefficient standard deviation and an audit safety coefficient average value by analyzing the audit safety coefficients in the collection, and respectively comparing the audit safety coefficient standard deviation and the audit safety coefficient average value with a preset standard deviation reference threshold value and a preset audit safety coefficient reference threshold value to obtain the following comparison analysis results:
if the average value of the audit safety coefficient is greater than or equal to the reference threshold value of the audit safety coefficient, generating an operation and maintenance management failure signal, transmitting the signal to a mobile terminal, prompting through the mobile terminal, and when the operation and maintenance management failure signal is generated during the operation and maintenance management of the safety audit, indicating that the operation and maintenance management of the safety audit fails, and further carrying out the operation and maintenance management;
if the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is larger than the reference threshold value of the standard deviation, generating an operation and maintenance management fluctuation signal, transmitting the signal to a mobile terminal, prompting through the mobile terminal, and when the operation and maintenance management fluctuation signal is generated during the operation and maintenance management of the safety audit, indicating that the stability of the operation and maintenance management of the safety audit is poor, and also needing to further carry out the operation and maintenance management;
If the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is smaller than or equal to the reference threshold value of the standard deviation, an operation and maintenance management success signal is generated, the signal is transmitted to the mobile terminal, the mobile terminal prompts, and when the operation and maintenance management success signal is generated during the operation and maintenance management of the safety audit, the operation and maintenance management of the safety audit is successful, and at the moment, the potential safety event and threat can be efficiently detected during the safety audit.
In the technical scheme, the invention has the technical effects and advantages that:
according to the method, the security audit process during the management of the software login identity and the access security control is monitored, when hidden danger of failing to timely detect a potential security event and threat exists during the security audit, an early warning prompt is sent out to inform related personnel of knowing the situation, the security audit process is operated and managed in advance, the situation that the potential security event and threat fail to be timely detected during the security audit is effectively avoided, the security, compliance and availability of the software login identity management and the access are ensured, and meanwhile the situation that malicious activities exist for a long time due to the fact that security audit abnormality is not found is greatly reduced;
According to the invention, the operation and maintenance management conditions of potential safety audit hazards are comprehensively analyzed by feeding back the operation and maintenance management result of the safety audit, so that the condition that the operation and maintenance management fails or the operation and maintenance management is unstable again after the operation and maintenance management of the potential safety hazards in the safety audit process is avoided, the success of the operation and maintenance management of the potential safety hazards in the safety audit process is ensured, and the efficient detection of potential safety events and threats during the safety audit is ensured.
Drawings
For a clearer description of embodiments of the present application or of the solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments described in the present invention, and that other drawings may be obtained according to these drawings for a person skilled in the art.
FIG. 1 is a flow chart of a method for managing the login identity and controlling the access security of software according to the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these example embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.
The invention provides a software login identity management and access security control method as shown in figure 1, which comprises the following steps:
s101, establishing a user account for resources needing identity management and access security control, and realizing login through identity authentication;
resources which need identity management and access security control include application programs, data, network resources and the like, and the resources are classified so as to better understand the sensitivity and importance of the resources, and a user account is established, including identity information, user names, passwords, rights and roles of users, so that only authorized users can access the system; authentication typically involves the use of a password and another authentication method, such as a short message authentication code, a hardware token, biometric identification, etc.
S102, defining an access control strategy, defining which resources can be accessed by a user or a user group and in which mode, and implementing a password strategy for access after definition;
the method can be used for defining which resources can be accessed by a user or a user group and in which way access can be achieved by adopting an Access Control List (ACL), role-based access control and permission setting, and the strong password strategy can be comprehensively determined by comprehensive password length, complexity requirement, change frequency, password history record and the like, so that the user is ensured to create and maintain a safe password.
S103, monitoring user activities through security audit, generating an audit log and alarming abnormal activities of the user;
the security audit system may analyze the audit log to detect abnormal activity, which may include unauthorized login attempts, illegal access of files, abnormal rights changes, etc., and when the security audit process detects abnormal activity, generate alarms notifying a security administrator or related personnel, which may take various forms, such as emails, text messages, instant messages, etc., to take action quickly.
S104, collecting multiple data information during security audit, including log data stream performance index information and hardware performance parameter information, and processing the log data stream performance index information and the hardware performance parameter information after collection;
the log data stream performance index information during the safety audit comprises a log generation rate gain index and a log loss rate change index, and after acquisition, the log generation rate gain index and the log loss rate change index are respectively calibrated to be Γzy and Ω;
in the process of software login identity management and access security control, log event backlog in the security audit process may result in failure to timely detect potential security events and threats, because backlog of log events can negatively impact performance and efficiency of the audit system, thereby reducing its ability to timely respond to and detect potential threats, the following is a reason for elaborating this problem:
Event processing delay: when log events are backlogged, the system needs to process backlogged events, so that the event processing time is obviously prolonged, the system cannot timely detect the actually-occurring events, and event links can be broken due to delay of event recording and processing;
loss key event: in the event backlog, some important events may be covered or lost because the system cannot handle the new event, while the old event is covered by the new event;
it is difficult to identify malicious activity: logging event backlogs can make it difficult for an audit system to identify malicious activities or abnormal behaviors in time, as these events can be submerged in a large number of backlogged events and thus are not easily perceived;
timing problem: backlog of log events may lead to inaccurate time stamping of the events, confuse the sequence in which the events occur, and complicate analysis and investigation of the events;
alarm delay: the speed at which an audit system generates alarms may be slowed down because the system needs to handle backlogged events, which may delay security administrators taking action to deal with potential threats;
loss of real-time performance: in security audit, real-time performance is critical, because responding to security events in time can alleviate potential risks, event backlog can lose real-time performance, and thus reaction to potential threats is slow;
Therefore, the log event backlog condition of the log event security audit is monitored, and the hidden danger that potential security events and threats cannot be detected in time in the security audit process due to the fact that the log event backlog is abnormal can be found out in time;
the log generation rate gain index acquisition logic is as follows:
s101, acquiring a real-time log backlog rate of a log event in G time during security audit, and calibrating the real-time log backlog rate as gamma Real world
It should be noted that, using a special log monitoring tool or log management system, these tools generally provide a real-time monitoring function, and can display the flow and backlog of the log event in real time, for example, spluk is a popular log management and monitoring tool, which has a powerful real-time analysis and dashboard function, can monitor the arrival speed and real-time backlog rate of the log event and generate an alarm, and for example, graylog is an open-source log management and analysis platform, can provide a real-time dashboard and alarm function, and can monitor the real-time flow and backlog rate of the log event;
s102, calculating a log generation rate gain index, wherein the calculated expression is as follows: in the formula, [ t ] 1 ,t 2 ]Time period [ t ] representing log event security audit time less than log backlog rate reference value 3 ,t 4 ]Time period gamma representing that log event safety audit is greater than or equal to log backlog rate reference value Reference to Representing a log backlog rate reference value;
it should be noted that, firstly, analysis is performed on the past audit data, so as to understand the typical situation of the arrival speed and the processing speed of the log event, thereby determining the backlog rate range under normal conditions, secondly, considering the business requirement and compliance requirement of the organization, different industries and organizations may have different requirements, so that the reference value of the log backlog rate may be different, and the reference value of the log backlog rate needs to be ensured to meet the business requirement and compliance standard, therefore, the setting of the reference value of the log backlog rate is not limited specifically and can be adjusted according to the business requirement;
the calculation expression of the log generation rate gain index shows that the larger the expression value of the log generation rate gain index generated in the G time when the log event is subjected to security audit is, the larger the hidden danger that the security audit process fails to timely detect the potential security event and threat is, and otherwise, the smaller the hidden danger that the security audit process fails to timely detect the potential security event and threat is.
The log loss rate of the log event during the security audit refers to the rate of log events which are not successfully recorded and kept in the audit process, specifically, the log loss rate indicates how many log events which have occurred are not captured and recorded by the audit system or the log management tool or are lost for some reasons, which is a key performance index for evaluating the integrity and the credibility of the audit system;
in the process of software login identity management and access security control, the large log loss rate variation in the security audit process may cause the security audit process to fail to detect potential security events and threats in time, and the following is a reason for elaborating the problem:
loss key event: when the log loss rate varies greatly, the security audit process may lose some important log events, including potential security events and threats, which may include login failure attempts, abnormal access requests, malicious activities, etc., so that failure to record these events will result in failure to timely detect and respond to the potential threats;
event chain interrupts: event logs are typically recorded in time stamps to understand the time sequence in which events occur, when the log loss rate is high, the event chain may be interrupted, the time sequence of events will not be restored, which may complicate event analysis and threat detection, as the relationship between events may not be determinable;
Incomplete event information: the lost event may contain critical information such as an attacker's IP address, access path, user identification, etc., the lack of which would make the event analysis incomplete and unable to identify potential security threats;
alarm delay: when the system is unable to record all events, the generation of alarms may slow down because alarms are typically triggered in dependence on the recorded events, which would result in delayed alarms, making it difficult for security administrators to take action in time;
loss of real-time performance: in security audit, real-time performance is critical, because timely response can reduce the risk of potential threat, when the log loss rate is high, the audit system loses real-time performance and cannot respond immediately after an event occurs, so that the risk of potential threat is increased;
therefore, the log loss rate condition of the log event security audit is monitored, and the hidden danger that potential security events and threats cannot be detected in time in the security audit process due to the fact that the log loss rate is changed greatly can be found out in time;
the log loss rate change index is obtained as follows:
s201, acquiring actual log loss rate of different time periods (the selection of time period is not specifically limited here) in G time when log events are subjected to security audit, and calibrating the actual log loss rate as omega ds k K represents the number of the actual log loss rate of different time periods in the G time when the log event is subjected to security audit, and k=1, 2, 3, 4, … … and P are positive integers;
it should be noted that many monitoring tools and log management systems provide real-time monitoring functions to monitor the arrival rate and processing speed of log events, these tools typically provide dashboards and reports, including log loss rate data, for example, splenk is a powerful log management and monitoring tool that can monitor the arrival rate and processing speed of log events to calculate the real-time log loss rate, splenk also provides dashboards and visualization functions to visually display the log event status;
s202, calculating a log loss rate standard deviation of a plurality of actual log loss rates acquired in G time through safety audit of log events, and calibrating the log loss rate standard deviation as omega Label (C) Then Wherein Ω Flat plate Representing the average value of a plurality of actual log loss rates acquired in the time G when the log event is subjected to security audit,
s203, calculating a log loss rate change index, wherein the calculated expression is as follows:
according to the calculation expression of the log loss rate change index, the larger the expression value of the log loss rate change index generated in the G time when the log event is subjected to security audit is, the larger the hidden danger that the security audit process fails to timely detect the potential security event and threat is, and otherwise, the smaller the hidden danger that the security audit process fails to timely detect the potential security event and threat is.
The hardware performance parameter information during the safety audit comprises a hard disk read-write speed abnormal hiding index, and after acquisition, the hard disk read-write speed abnormal hiding index is marked as zeta dx;
in the process of software login identity management and access security control, the hard disk read-write speed refers to the data read-write speed of a hard disk (magnetic disk) used by an auditing system for recording, storing and retrieving log events, the index represents the performance of the hard disk in the processing of the log events, specifically, the hard disk read-write speed refers to the speed of the hard disk for reading data from a storage medium (usually a magnetic disk drive), in security audit, the speed is usually used for retrieving the log events recorded before for analysis and reporting, and the high read-write speed means that the events before can be retrieved quickly, so that the audit response speed is accelerated; the hard disk write rate refers to the speed at which the hard disk writes data to the storage medium, which is typically used in security auditing to record new log events for subsequent analysis and archiving, and the high write rate can ensure that all events are recorded in time, particularly in a high flow environment;
the small read-write rate of the hard disk may result in the security audit process failing to detect potential security events and threats in time, why this happens is explained in detail below:
Event processing delay: when the hard disk read-write rate is low, the speed of the audit system processing log events can be slowed, meaning that the events take longer to be recorded, stored and analyzed, during which potential security events and threats may have occurred but have not yet been detected or responded to;
event loss: in a high-flow environment, the event loss may be caused by the low hard disk read-write speed, and the audit system may not keep pace with the generation speed of the event, so that some events may be ignored, and the visibility of potential safety events is lost;
incomplete event information: the low hard disk read-write rate may result in incomplete recording of events, which may include partial loss of events, timestamp confusion, lost event details, etc., incomplete event information makes event analysis more difficult, thereby reducing the ability to detect potential threats;
alarm delay: when the event processing speed is low, the alarm generation speed is also slow, which causes delay of the alarm, so that a security manager cannot timely take action to deal with potential security events and threats;
loss of real-time performance: real-time performance is critical to security audit, because timely response can reduce the risk of potential threat, low hard disk read-write speed can cause the audit system to lose real-time performance, and response can not be immediately performed after an event occurs, so that the risk of potential threat is increased;
Therefore, the condition of the hard disk read-write speed when the log event is subjected to security audit is monitored, and the hidden danger that the potential security event and threat cannot be detected in time in the security audit process due to the fact that the hard disk read-write speed is small can be timely found;
the logic for obtaining the hard disk read-write speed abnormal hiding index is as follows:
s301, acquiring actual hard disk read-write rates of different time periods (the selection of time periods is not particularly limited here) in G time when log events are subjected to security audit, and calibrating the actual log loss rate as zeta dx v V represents the numbers of the actual hard disk read-write rates of different periods in the G time when the log event is subjected to security audit, v=1, 2, 3, 4, … … and M, wherein M is a positive integer;
it should be noted that many monitoring tools provide a hard disk performance monitoring function, and may be used to measure the read/write rate of a hard disk in real time, and these tools typically provide a visual dashboard to display performance data of the hard disk, including read and write rates, and some common monitoring tools include SolarWinds, nagios, zabbix, PRGG NeGwork MoniGor, etc., which may be selected as appropriate and then configured to monitor the performance of the hard disk;
S302, comparing the actual hard disk read-write rate obtained in the G time when the log event is subjected to security audit with a hard disk read-write rate reference value, and recalibrating the actual hard disk read-write rate smaller than the hard disk read-write rate reference value to be zeta dx v' V 'represents the number of the actual hard disk read-write rate which is larger than the hard disk read-write rate reference value and is acquired in the time G when the log event is subjected to security audit, v' =1, 2, 3, 4, … … and M ', M' are positive integers;
it should be noted that, by using the performance testing tool, the actual workload is simulated, and the read-write performance of the hard disk is tested, which may include measurement of performance parameters such as continuous read-write rate, random read-write rate, IOPS (input/output operand per second), etc., in the test, different load conditions including low load, typical load and high load may be simulated, so as to determine the performance of the hard disk under different loads, thereby determining the lowest read-write rate of the hard disk, and further determining the read-write rate reference value of the hard disk through the lowest read-write rate of the hard disk;
s303, calculating a hard disk read-write speed abnormal hiding index, wherein the calculated expression is as follows:
the calculation expression of the hard disk read-write speed abnormal hidden index shows that the larger the expression value of the hard disk read-write speed abnormal hidden index generated in the G time when the log event is subjected to security audit is, the larger the hidden danger that the security audit process fails to timely detect the potential security event and threat is, otherwise, the smaller the hidden danger that the security audit process fails to timely detect the potential security event and threat is.
S105, establishing a data model for the processed performance index information of the log data stream and the hardware performance parameter information during security audit, and comprehensively analyzing the data model to generate an audit security coefficient;
after obtaining a log generation rate gain index Γzy, a log loss rate change index Ω ds and a hard disk read-write rate abnormal hiding index ζdx after processing during security audit, building a data analysis model for comprehensive analysis, and generating an audit security coefficient ψ according to the following formula: wherein alpha, beta and delta are respectively preset proportionality coefficients of a log generation rate gain index gamma zy, a log loss rate change index omega ds and a hard disk read-write rate abnormal hiding index zeta dx, and the alpha, the beta and the delta are all larger than 0;
the calculation formula shows that the larger the log generation rate gain index generated in the G time when the log event carries out security audit is, the larger the log loss rate variation index is, and the larger the hard disk read-write rate abnormal hiding index is, namely the larger the representation value of the audit security coefficient psi generated in the G time when the log event carries out security audit is, the larger the hidden danger that the security audit process fails to timely detect the potential security event and threat is, otherwise, the smaller the hidden danger that the security audit process fails to timely detect the potential security event and threat is;
It should be noted that, the selection of the above-mentioned G time is a time period with a relatively short time, and the time in the time period is not limited herein specifically, and may be set according to practical situations, so as to monitor the hidden danger situations that the log event cannot timely detect the potential safety event and threat in the G time when the log event is subjected to the safety audit, thereby monitoring the running situations of the log event in different time periods (in the G time) in real time.
S106, comparing and analyzing the audit safety coefficient generated during safety audit with a preset audit safety coefficient reference threshold value, generating a high-efficiency audit signal or a low-efficiency audit signal, and sending out an early warning prompt to the low-efficiency audit signal;
comparing and analyzing the audit safety coefficient generated during safety audit with a preset audit safety coefficient reference threshold value, if the audit safety coefficient is larger than the audit safety coefficient reference threshold value, generating an low-efficiency audit signal, sending an early warning prompt to the low-efficiency audit signal, informing related personnel of knowing the situation, when the low-efficiency audit signal is generated during safety audit, indicating that potential safety events and potential hazards are not detected in time, informing related personnel of carrying out operation and maintenance management on the safety audit process in time, effectively preventing the situation that the potential safety events and the potential hazards are not detected in time from occurring during safety audit, and if the audit safety coefficient is smaller than or equal to the audit safety coefficient reference threshold value, generating a high-efficiency audit signal, not sending an early warning prompt to the high-efficiency audit signal, and when the high-efficiency audit signal is generated during safety audit, indicating that the safety audit process detects the potential safety events and the potential hazards is higher;
S107, feeding back a result of operation and maintenance management of the security audit to generate an operation and maintenance management signal, and ensuring that the security audit detects potential security events and threats efficiently through the operation and maintenance management signal;
when the security audit time generates an inefficient audit signal, the hidden danger that the security audit process fails to detect the potential security event and threat in time is shown to be large, and related personnel are required to be informed to timely carry out operation and maintenance management on the security audit process at the moment, so that the security audit is ensured to detect the potential security event and threat efficiently;
in order to ensure that the safety audit after maintenance and management carries out efficient detection on potential safety events and threats, the following technical scheme is developed:
when operation and maintenance management is carried out on a security audit process, an analysis set is established by acquiring a plurality of audit security coefficients output in real time during operation and maintenance management, and the analysis set is calibrated as I, and then I= { ψ f F represents the number of audit security coefficients within the analysis set, f=1, 2, 3, 4, … …, u being a positive integer;
calculating an audit safety coefficient standard deviation and an audit safety coefficient average value (the calculation of the audit safety coefficient standard deviation refers to the log loss rate standard deviation and is not described in detail herein) through the audit safety coefficients in the analysis set, and respectively comparing the audit safety coefficient standard deviation and the audit safety coefficient average value with a preset standard deviation reference threshold value and a preset audit safety coefficient reference threshold value for analysis, wherein the comparison analysis results are as follows:
If the average value of the audit safety coefficient is greater than or equal to the reference threshold value of the audit safety coefficient, generating an operation and maintenance management failure signal, transmitting the signal to a mobile terminal, prompting through the mobile terminal, and when the operation and maintenance management failure signal is generated during the operation and maintenance management of the safety audit, indicating that the operation and maintenance management of the safety audit fails, and further carrying out the operation and maintenance management;
if the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is larger than the reference threshold value of the standard deviation, generating an operation and maintenance management fluctuation signal, transmitting the signal to a mobile terminal, prompting by the mobile terminal, and when the operation and maintenance management fluctuation signal is generated during the operation and maintenance management of the safety audit, indicating that the stability of the operation and maintenance management of the safety audit is poor, and performing the safety audit on a log event, wherein the occurrence of the situation that potential safety events and threats cannot be timely detected possibly occurs, and the operation and maintenance management is required to be further performed;
if the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is smaller than or equal to the reference threshold value of the standard deviation, an operation and maintenance management success signal is generated, the signal is transmitted to the mobile terminal, the mobile terminal prompts, and when the operation and maintenance management success signal is generated during the operation and maintenance management of the safety audit, the operation and maintenance management of the safety audit is successful, and at the moment, the potential safety event and threat can be efficiently detected during the safety audit.
According to the method, the security audit process during the management of the software login identity and the access security control is monitored, when hidden danger of failing to timely detect a potential security event and threat exists during the security audit, an early warning prompt is sent out to inform related personnel of knowing the situation, the security audit process is operated and managed in advance, the situation that the potential security event and threat fail to be timely detected during the security audit is effectively avoided, the security, compliance and availability of the software login identity management and the access are ensured, and meanwhile the situation that malicious activities exist for a long time due to the fact that security audit abnormality is not found is greatly reduced;
according to the invention, the operation and maintenance management conditions of potential safety audit hazards are comprehensively analyzed by feeding back the operation and maintenance management result of the safety audit, so that the condition that the operation and maintenance management fails or the operation and maintenance management is unstable again after the operation and maintenance management of the potential safety hazards in the safety audit process is avoided, the success of the operation and maintenance management of the potential safety hazards in the safety audit process is ensured, and the efficient detection of potential safety events and threats during the safety audit is ensured.
The above formulas are all formulas with dimensions removed and numerical values calculated, the formulas are formulas with a large amount of data collected for software simulation to obtain the latest real situation, and preset parameters in the formulas are set by those skilled in the art according to the actual situation.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
While certain exemplary embodiments of the present invention have been described above by way of illustration only, it will be apparent to those of ordinary skill in the art that modifications may be made to the described embodiments in various different ways without departing from the spirit and scope of the invention. Accordingly, the drawings and description are to be regarded as illustrative in nature and not as restrictive of the scope of the invention, which is defined by the appended claims.

Claims (8)

1. A software login identity management and access security control method is characterized by comprising the following steps:
s101, establishing a user account for resources needing identity management and access security control, and realizing login through identity authentication;
s102, defining an access control strategy, defining which resources can be accessed by a user or a user group and in which mode, and implementing a password strategy for access after definition;
s103, monitoring user activities through security audit, generating an audit log and alarming abnormal activities of the user;
s104, collecting multiple data information during security audit, including log data stream performance index information and hardware performance parameter information, and processing the log data stream performance index information and the hardware performance parameter information after collection;
s105, establishing a data model for the processed performance index information of the log data stream and the hardware performance parameter information during security audit, and comprehensively analyzing the data model to generate an audit security coefficient;
s106, comparing and analyzing the audit safety coefficient generated during safety audit with a preset audit safety coefficient reference threshold value, generating a high-efficiency audit signal or a low-efficiency audit signal, and sending out an early warning prompt to the low-efficiency audit signal;
And S107, feeding back a result of operation and maintenance management of the security audit to generate an operation and maintenance management signal, and ensuring that the security audit is used for efficiently detecting potential security events and threats through the operation and maintenance management signal.
2. The method for managing and controlling the login identity of software and accessing security according to claim 1, wherein the log data stream performance index information during security check comprises a log generation rate gain index and a log loss rate variation index, the hardware performance parameter information during security check comprises a hard disk read-write rate abnormal hiding index, after acquisition, the log generation rate gain index and the log loss rate variation index are respectively marked as Γzy and Ω ds, and the hard disk read-write rate abnormal hiding index is marked as ζdx.
3. The method for managing and controlling access security of software login identity according to claim 2, wherein the logic for obtaining the log generation rate gain index is as follows:
s101, acquiring a real-time log backlog rate of a log event in G time during security audit, and calibrating the real-time log backlog rate as gamma Real world
S102, calculating a log generation rate gain index, wherein the calculated expression is as follows: in the formula, [ t ] 1 ,t 2 ]Time period [ t ] representing log event security audit time less than log backlog rate reference value 3 ,t 4 ]Time period gamma representing that log event safety audit is greater than or equal to log backlog rate reference value Reference to Representing a log backlog rate reference.
4. A method for managing and controlling access security of a software login status according to claim 3, wherein the logic for obtaining the log loss rate variation index is as follows:
s201, acquiring actual log loss rates of different time periods in G time when log events are subjected to security audit, and calibrating the actual log loss rates to be omega ds k K represents the number of the actual log loss rate of different time periods in the G time when the log event is subjected to security audit, and k=1, 2, 3, 4, … … and P are positive integers;
s202, calculating a log loss rate standard deviation of a plurality of actual log loss rates acquired in G time through safety audit of log events, and calibrating the log loss rate standard deviation as omega Label (C) Then Wherein Ω Flat plate Representing the average value of a plurality of actual log loss rates acquired in the time G when the log event is subjected to security audit,
s203, calculating a log loss rate change index, wherein the calculated expression is as follows:
5. The method for managing and controlling access security of software login identity according to claim 4, wherein the logic for obtaining the abnormal hiding index of the hard disk read-write rate is as follows:
s301, acquiring actual hard disk read-write rates of different time periods in G time when log events are subjected to security audit, and calibrating the actual log loss rate as zeta dx v V represents the numbers of the actual hard disk read-write rates of different periods in the G time when the log event is subjected to security audit, v=1, 2, 3, 4, … … and M, wherein M is a positive integer;
s302, comparing the actual hard disk read-write rate obtained in the G time when the log event is subjected to security audit with a hard disk read-write rate reference value, and recalibrating the actual hard disk read-write rate smaller than the hard disk read-write rate reference value to be zeta dx v' V 'represents the number of the actual hard disk read-write rate which is larger than the hard disk read-write rate reference value and is acquired in the time G when the log event is subjected to security audit, v' =1, 2, 3, 4, … … and M ', M' are positive integers;
s303, calculating a hard disk read-write speed abnormal hiding index, wherein the calculated expression is as follows:
6. the method for managing and controlling security of software login identity according to claim 5, wherein after obtaining a log generation rate gain index Γzy, a log loss rate change index Ω ds and a hard disk read-write rate exception hidden index ζdx after processing security check, a data analysis model is built for comprehensive analysis Γzy, Ω ds and ζdx to generate an audit security coefficient ψ according to the following formula: Wherein alpha, beta and delta are respectively preset proportionality coefficients of a log generation rate gain index gamma zy, a log loss rate change index omega ds and a hard disk read-write rate abnormal hiding index zeta dx, and the alpha, the beta and the delta are all larger than 0.
7. The method for managing and controlling the login identity of software and accessing security according to claim 6, wherein the audit security coefficient generated during security audit is compared with a preset audit security coefficient reference threshold value, if the audit security coefficient is greater than the audit security coefficient reference threshold value, an inefficient audit signal is generated, and an early warning prompt is sent to the inefficient audit signal to inform the relevant personnel, if the audit security coefficient is less than or equal to the audit security coefficient reference threshold value, a high-efficient audit signal is generated, and the early warning prompt is not sent to the efficient audit signal.
8. The method for managing login identity and controlling access security of software according to claim 7, wherein when managing operation and maintenance of security audit process, an analysis set is established by acquiring a plurality of audit security coefficients output in real time during operation and maintenance management, and the analysis set is calibrated as I, i= { ψ f F represents the number of audit security coefficients within the analysis set, f=1, 2, 3, 4, … …, u being a positive integer;
Calculating an audit safety coefficient standard deviation and an audit safety coefficient average value by analyzing the audit safety coefficients in the collection, and respectively comparing the audit safety coefficient standard deviation and the audit safety coefficient average value with a preset standard deviation reference threshold value and a preset audit safety coefficient reference threshold value to obtain the following comparison analysis results:
if the average value of the audit safety coefficient is greater than or equal to the reference threshold value of the audit safety coefficient, generating an operation and maintenance management failure signal, transmitting the signal to a mobile terminal, prompting through the mobile terminal, and when the operation and maintenance management failure signal is generated during the operation and maintenance management of the safety audit, indicating that the operation and maintenance management of the safety audit fails, and further carrying out the operation and maintenance management;
if the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is larger than the reference threshold value of the standard deviation, generating an operation and maintenance management fluctuation signal, transmitting the signal to a mobile terminal, prompting through the mobile terminal, and when the operation and maintenance management fluctuation signal is generated during the operation and maintenance management of the safety audit, indicating that the stability of the operation and maintenance management of the safety audit is poor, and also needing to further carry out the operation and maintenance management;
If the average value of the audit safety coefficient is smaller than or equal to the reference threshold value of the audit safety coefficient and the standard deviation of the audit safety coefficient is smaller than or equal to the reference threshold value of the standard deviation, an operation and maintenance management success signal is generated, the signal is transmitted to the mobile terminal, the mobile terminal prompts, and when the operation and maintenance management success signal is generated during the operation and maintenance management of the safety audit, the operation and maintenance management of the safety audit is successful, and at the moment, the potential safety event and threat can be efficiently detected during the safety audit.
CN202311530269.6A 2023-11-16 2023-11-16 Software login identity management and access security control method Pending CN117454373A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311530269.6A CN117454373A (en) 2023-11-16 2023-11-16 Software login identity management and access security control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311530269.6A CN117454373A (en) 2023-11-16 2023-11-16 Software login identity management and access security control method

Publications (1)

Publication Number Publication Date
CN117454373A true CN117454373A (en) 2024-01-26

Family

ID=89594765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311530269.6A Pending CN117454373A (en) 2023-11-16 2023-11-16 Software login identity management and access security control method

Country Status (1)

Country Link
CN (1) CN117454373A (en)

Similar Documents

Publication Publication Date Title
CN108268354B (en) Data security monitoring method, background server, terminal and system
JP6863969B2 (en) Detecting security incidents with unreliable security events
EP3158706B1 (en) Ineffective network equipment identification
Nguyen et al. Detecting insider threats by monitoring system call activity
Ye et al. Multivariate statistical analysis of audit trails for host-based intrusion detection
Holm A large-scale study of the time required to compromise a computer system
CN113839935B (en) Network situation awareness method, device and system
CN112926048B (en) Abnormal information detection method and device
CN110879889A (en) Method and system for detecting malicious software of Windows platform
CN110798428A (en) Detection method, system and related device for violent cracking behavior of account
CN116962076A (en) Zero trust system of internet of things based on block chain
Marconato et al. A vulnerability life cycle-based security modeling and evaluation approach
JP2009048317A (en) Security evaluation method, security evaluation apparatus
JP4843546B2 (en) Information leakage monitoring system and information leakage monitoring method
Hu et al. Profiling file repository access patterns for identifying data exfiltration activities
CN116861419A (en) Active defending log alarming method on SSR
CN115550068B (en) Safety auditing method for log information of host
CN115801305B (en) Network attack detection and identification method and related equipment
KR101614809B1 (en) Practice control system of endpoint application program and method for control the same
CN117454373A (en) Software login identity management and access security control method
CN116305290A (en) System log security detection method and device, electronic equipment and storage medium
Wang et al. A framework for security quantification of networked machines
KR102338998B1 (en) System and method for checking log integrity and proving forgery and alteration activity of log through the same
JP4437410B2 (en) Security management apparatus and program
CN114037286A (en) Big data based automatic sensitive data detection method and system for power dispatching

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination