CN117610056A - Method and system for processing unknown user invasion and readable storage medium - Google Patents
Method and system for processing unknown user invasion and readable storage medium Download PDFInfo
- Publication number
- CN117610056A CN117610056A CN202311701287.6A CN202311701287A CN117610056A CN 117610056 A CN117610056 A CN 117610056A CN 202311701287 A CN202311701287 A CN 202311701287A CN 117610056 A CN117610056 A CN 117610056A
- Authority
- CN
- China
- Prior art keywords
- preset
- user
- attribute
- access
- determined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 64
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000012545 processing Methods 0.000 title claims abstract description 24
- 230000009545 invasion Effects 0.000 title description 9
- 230000006698 induction Effects 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 38
- 238000004422 calculation algorithm Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012546 transfer Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 238000003672 processing method Methods 0.000 description 6
- 238000005336 cracking Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 239000004065 semiconductor Substances 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000007480 spreading Effects 0.000 description 2
- 238000003892 spreading Methods 0.000 description 2
- 238000012935 Averaging Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 210000001747 pupil Anatomy 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
A method, system and readable storage medium for processing intrusion of unknown user, in which method, under the condition of determining intrusion of unknown user in preset mode, a target protection object is determined; determining path information of a target protection object; obtaining a storage position of the target protection object according to the path information; determining the attribute of a preset mode; under the condition that the attribute is determined to be the first attribute, storing a preset induction object in a storage position; and transferring the target protection object from the storage position to a preset safety position. When the computer is invaded by an unknown user, the success rate of stealing the user information is reduced, and the safety of the user information is improved.
Description
Technical Field
The application belongs to the field of information security, and particularly relates to a method and a system for processing unknown user invasion and a readable storage medium.
Background
With the continuous development of information technology, from wired telephone, radio station to "mobile phone", computer and global informatization, the globalization of network brings convenience to people. People can know what things happen in the sky without going out. Meanwhile, in the era of the vigorous development of computers nowadays, most of information is stored in the computer. Computers, however, often require a network connection for use, but the network is not very secure and some people or organizations may steal information through the network. Network security has evolved.
In the related art, users may use firewall, intrusion Detection System (IDS), and Intrusion Prevention System (IPS), authentication and access control, encryption and data protection, security patches and updates, and security audit and log monitoring techniques to protect networks and systems from intrusion.
However, the above-mentioned technique is to prevent the unknown user from invading the computer, but in practical application, the unknown user still breaks through the protection technique, for example, the unknown user may use a vulnerability in an operating system, obtain control right to the computer by injecting malicious code or performing unauthorized operation, etc., and enter the computer of the user to steal information, so that the security of the information of the user is greatly reduced.
Disclosure of Invention
The application provides a processing method, a system and a readable storage medium for unknown user invasion, which are used for reducing the success rate of user information being stolen and improving the safety of the user information when a computer is invaded by the unknown user.
In a first aspect, the present application provides a method for processing intrusion of an unknown user, where a target protection object is determined under a condition that the unknown user is determined to intrude in a preset manner; determining path information of the target protection object; obtaining a storage position of the target protection object according to the path information; determining the attribute of the preset mode; under the condition that the attribute is determined to be the first attribute, storing a preset induction object in the storage position; and transferring the target protection object from the storage position to a preset safety position.
By adopting the technical scheme, under the condition that the unknown user is invaded in a preset mode, the target protection object is determined, and the path information and the storage position of the target protection object are obtained. Therefore, the system can conduct targeted protection measures aiming at the target protection object, and the safety and the protection capability of the system are improved. Meanwhile, the method can effectively identify the intrusion mode of the unknown user, take corresponding measures in time to deal with, avoid potential risks and threats, reduce the success rate of the user information being stolen, and improve the safety of the user information.
With reference to some embodiments of the first aspect, in some embodiments, after the transferring the target protected object from the storage location to a preset secure location, the method further includes: under the condition that the attribute is determined to be the second attribute, encrypting the target protection object by using a preset encryption algorithm; obtaining a secret key corresponding to the target protection object according to the preset encryption algorithm; displaying an authentication page in case it is determined that the key is accessed; under the condition that the identity verification page is determined to be filled, verifying whether the access is a preset user or not; displaying the key in case it is determined that the access is the preset user; in the event that it is determined that the access is not the preset user, the authentication page is locked.
By adopting the technical scheme, after the target protection object is transferred from the storage position to the preset safety position, the target protection object is encrypted by using a preset encryption algorithm. The encryption mode can effectively protect confidentiality and privacy of the target protection object and prevent unauthorized access and theft. In addition, the method ensures that only the preset user after authentication can access and acquire the secret key through the display and filling of the authentication page, and improves the access control and the authentication confirmation capability of the system. The success rate of the user information is reduced, and the safety of the user information is improved.
With reference to some embodiments of the first aspect, in some embodiments, after the locking the authentication page in a case where the access is determined not to be the preset user, the method further includes: after a first preset time period passes, unlocking the identity verification page; under the condition that the identity verification page is determined to be filled, verifying whether the access is the preset user or not; displaying the key in case it is determined that the access is the preset user; and in the case that the access is determined not to be the preset user, locking the identity verification page for a second preset time period.
By adopting the technical scheme, after the identity verification page is locked, the identity verification page is unlocked after a certain time. The design can avoid the key frequently attacked by the unknown user to a certain extent, reduce frequent identity verification operation and improve the usability and convenience of the system. Meanwhile, after the identity verification page is filled, the access verification is performed again, so that the identity legitimacy of the visitor can be further ensured, and unauthorized access and data leakage are avoided. Meanwhile, the user can fill in the wrong authentication information for the first time, and the method can enable the user to determine the correct authentication information within a first preset time period. The success rate of the user information is reduced, and the safety of the user information is improved.
With reference to some embodiments of the first aspect, in some embodiments, determining the attribute of the preset manner specifically includes: determining the attribute of the preset mode as a first attribute under the condition that the number of the access file paths is not larger than the preset number and the access times of accessing the access paths is larger than a preset threshold value; in the case that the number of the access file paths is determined to be larger than the preset number and the number of access times of accessing the access paths is determined to be not larger than the preset threshold, determining the attribute of the preset mode as the second attribute
By adopting the technical scheme, the attribute of the preset mode can be accurately determined by extracting the network traffic log and analyzing the data quantity and the transmission destination. The attribute determining method can accurately determine the attribute of the preset mode according to the actual network flow condition, and improves the self-adaptability and adaptability of the system. Meanwhile, according to the determination result of the attribute, whether potential threats and risks exist can be better judged, corresponding safety measures are timely taken, the success rate of the user information being stolen is reduced, and the safety of the user information is improved.
With reference to some embodiments of the first aspect, in some embodiments, after determining the attribute of the preset manner in a case where it is determined that the unknown user intrudes in the preset manner, the method further includes: disconnecting from the network; all passwords are updated immediately every preset time.
By adopting the technical scheme, the timeliness and the safety of the password can be ensured by updating the password immediately every preset time. The timely password updating measure can reduce the risk of cracking or stealing the password, and effectively protect the data and resources of the system. Meanwhile, the periodic updating of the password can also prevent an unknown user from invading the system by monitoring and cracking the password for a long time. The success rate of the user information is reduced, and the safety of the user information is improved.
With reference to some embodiments of the first aspect, in some embodiments, after the updating all passwords immediately every preset time, the method further includes: determining if there is data corruption in the event that it is determined to cut off the intrusion of the unknown user; extracting a data backup under the condition that the data damage is determined; and restoring the data corresponding to the data damage by using the data backup.
By adopting the technical scheme, after the password is updated, possible data corruption is processed and recovered. Judging whether the data is damaged or not, and extracting the data backup for recovery. By using data backup for recovery, the influence of data damage on the normal operation and data integrity of the system can be avoided. The success rate of the user information is reduced, and the safety of the user information is improved.
With reference to some embodiments of the first aspect, in some embodiments, after the extracting the data backup in a case where it is determined that there is a data corruption, the method further includes: judging whether the data backup is infected; if the data backup is infected, deleting the infected data in the data backup to obtain a processed data backup; and restoring the data corresponding to the data damage by using the processed data backup.
By adopting the technical scheme, in the process of recovering the data backup, the data backup is checked to judge whether the data is infected or not. If the data backup is infected, deleting the infected data to obtain the processed data backup. By deleting the infected data, further spreading and corruption of the data by malicious code or viruses can be prevented. And then, restoring the data corresponding to the damaged data by using the processed data backup, so as to ensure the integrity and usability of the data. The success rate of the user information is reduced, and the safety of the user information is improved.
In a second aspect, embodiments of the present application provide a processing system for intrusion by an unknown user, the system comprising: the data processing module is used for averaging all the goods-value price data in the target goods-value price data set in the first time period to obtain a target goods-value price average value;
the data screening module is used for screening and obtaining a target confidence cargo value price data set in the target cargo value price data set in the first time period according to the target cargo value price average value;
the function generating module is used for obtaining a target cargo value price prediction function according to the target confidence cargo value price data set;
The data acquisition module is used for acquiring all the goods value price data in the target goods value price data set in a second time period, wherein the second time period is a preset time period before the current moment, and the second time period is separated from the first time period by a first preset time;
the data calculation module is used for inputting the second time period into the target cargo value price prediction function to obtain a historical predicted cargo value price data set;
the data taking and difference module is used for subtracting all the goods value price data corresponding to one by one in the historical predicted goods value price data set and the target confidence goods value price data set to obtain a plurality of difference values;
the data determining module is used for determining a first number which is not greater than a preset error value and a second number which is greater than the preset error value in a plurality of difference values;
and the cargo value prediction module is used for inputting the current moment into the target cargo value price prediction function under the condition that the first quantity of the target cargo value price prediction function is determined to have the duty ratio larger than the preset weight value, so as to obtain the reference predicted cargo value price data.
In a third aspect, embodiments of the present application provide a processing system for intrusion by an unknown user, the system comprising: one or more processors and memory; the memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that are invoked by the one or more processors to cause the system to perform the method as described in the first aspect and any one of the possible implementations of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium comprising instructions that, when executed on a system, cause the system to perform a method as described in the first aspect and any possible implementation of the first aspect.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
1. the application provides a processing method for unknown user invasion, which comprises the steps of determining a target protection object and obtaining path information and a storage position of the target protection object by determining that the unknown user invades in a preset mode. Therefore, the system can conduct targeted protection measures aiming at the target protection object, and the safety and the protection capability of the system are improved. Meanwhile, the method can effectively identify the intrusion mode of the unknown user, take corresponding measures in time to deal with, avoid potential risks and threats, reduce the success rate of the user information being stolen, and improve the safety of the user information.
2. The application provides a processing method for unknown user invasion, which encrypts a target protection object by using a preset encryption algorithm after transferring the target protection object from a storage position to a preset safety position. The encryption mode can effectively protect confidentiality and privacy of the target protection object and prevent unauthorized access and theft. In addition, the method ensures that only the preset user after authentication can access and acquire the secret key through the display and filling of the authentication page, and improves the access control and the authentication confirmation capability of the system. The success rate of the user information is reduced, and the safety of the user information is improved.
3. The application provides a processing method for unknown user invasion, which unlocks an identity verification page after a certain time. The design can avoid the key frequently attacked by the unknown user to a certain extent, reduce frequent identity verification operation and improve the usability and convenience of the system. Meanwhile, after the identity verification page is filled, the access verification is performed again, so that the identity legitimacy of the visitor can be further ensured, and unauthorized access and data leakage are avoided. Meanwhile, the user can fill in the wrong authentication information for the first time, and the method can enable the user to determine the correct authentication information within a first preset time period. The success rate of the user information is reduced, and the safety of the user information is improved.
Drawings
Fig. 1 is a schematic flow chart of a method for processing an intrusion of an unknown user according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of another method for handling an unknown user intrusion in an embodiment of the present application.
Fig. 3 is a schematic functional module structure of a processing system for intrusion of an unknown user according to an embodiment of the present application.
Fig. 4 is a schematic diagram of a physical device structure of a processing system for intrusion of an unknown user according to an embodiment of the present application.
Detailed Description
The terminology used in the following embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms as well, unless the context clearly indicates to the contrary. It should also be understood that the term "and/or" as used in this application is intended to encompass any or all possible combinations of one or more of the listed items.
The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.
With the continuous development of information technology, from wired telephone, radio station to "mobile phone", computer and global informatization, the globalization of network brings convenience to people. People can know what things happen in the sky without going out. Meanwhile, in the era of the vigorous development of computers nowadays, most of information is stored in the computer. Computers, however, often require a network connection for use, but the network is not very secure and some people or organizations may steal information through the network. Network security has evolved.
In the related art, users may use firewall, intrusion Detection System (IDS), and Intrusion Prevention System (IPS), authentication and access control, encryption and data protection, security patches and updates, and security audit and log monitoring techniques to protect networks and systems from intrusion.
However, the above-listed technology is to prevent the unknown user from invading the computer, but in practical applications, there are some unknown users that can break through the protection technology, for example, the unknown user may use a vulnerability in an operating system, obtain control right to the computer by injecting malicious code or performing unauthorized operation, etc., enter the computer of the user to steal information, so that the security of the information of the user is greatly reduced.
The application provides a processing method, a system and a readable storage medium for unknown user invasion, which are used for reducing the success rate of user information being stolen and improving the safety of the user information when a computer is invaded by the unknown user. The following describes, with reference to fig. 1, a method for processing an unknown user intrusion provided in the present application:
fig. 1 is a schematic flow chart of a method for processing an intrusion of an unknown user according to an embodiment of the present application.
S101, under the condition that an unknown user is determined to invade in a preset mode, determining a target protection object;
when monitoring the computer system and network for signs of abnormal activity, such as an increase in the number of unauthorized accesses, it can be determined that an unknown user has intruded the computer. What way to hack can be determined by detecting if default accounts and passwords, weak passwords, default configurations, not updated in time, patched, etc. are tampered with. Under the condition that an unknown user is determined to invade in a preset mode, a target protection object is determined, wherein the target protection object can be a file with a very high security level preset by the user and the like and has a corresponding identifier, and the target protection object can be determined through the identifier, namely the target protection object is an object which cannot be stolen, but the importance of the file and the like in other computers is not high, and can be stolen. For example, assuming a system with an e-commerce platform, the target protected object may be a database storing personal information of the user. In this case, an unknown user may attempt to invade the database by various means, such as by way of password cracking, SQL (structured query language) injection, etc. To prevent this, it is necessary to determine a target protection object, i.e., a database, as an important point and target of system defense.
S102, determining path information of a target protection object;
the path information refers to the location or access path of the target protected object in the system. In the above example, the path information refers to the storage path of the database in the server. For example, the path information of the database may be "/var/www/html/database/user_info. By determining the path information of the target protection object, the system can accurately position the target protection object and provide necessary basis for the subsequent processing steps.
S103, obtaining a storage position of the target protection object according to the path information;
according to the path information, the system can accurately find the storage position of the target protection object in the file system. In the above example, the storage location of the target protection object may be a specific directory in the hard disk of the server. For example, the storage location of the target protected object may be "/var/www/html/database/". By determining the storage location of the target protected object, the system can operate on it as needed, such as depositing the induced object or transferring to a secure location.
S104, determining the attribute of a preset mode;
specific: determining the attribute of the preset mode as a first attribute under the condition that the number of the access file paths is not larger than the preset number and the access times of accessing the access paths is larger than a preset threshold value; and determining the attribute of the preset mode as a second attribute under the condition that the number of the access file paths is larger than the preset number and the access times of accessing the access paths is not larger than a preset threshold value.
The preset mode attributes comprise a first attribute and a second attribute. The attribute of the preset mode refers to that after the preset mode invades the computer, the target of the preset mode is one or a plurality of specific files or all files are traversed. The first attribute is that the target of the theft is a certain file or a plurality of specific files, and the second attribute is that all files are traversed. There may be different processing methods for different attributes.
S105, storing a preset induction object to a storage position under the condition that the attribute is determined to be the first attribute;
and storing the preset induction object to a storage position under the condition that the attribute is determined to be the first attribute. I.e. the target protection object needs to be protected from theft. These inducement objects may be purpose-built documents, markers or indicators. For example, in the above example, when the attribute of the preset mode is the first attribute, the system will save a file named "password_reader. The file can play a role of inducing an attacker to attract the attacker to invade the target protection object, and can also be used as a basis for monitoring and identifying the invasion behavior of the system.
S106, transferring the target protection object from the storage position to a preset safety position;
To secure the target protected object, the system will transfer it from the original storage location to a preset secure location. This secure location may be an encrypted area inside the system, an offline backup medium, etc. For example, in the above example, the system may transfer the database from the hard disk of the server to an encrypted storage device, such as a USB encryption disk. This prevents an unknown user from obtaining sensitive data by directly accessing the storage locations of the database.
S107, encrypting the target protection object by using a preset encryption algorithm under the condition that the attribute is determined to be the second attribute;
and when the attribute of the preset mode is the second attribute, the system encrypts the target protection object. I.e. the preset pattern will traverse all files. Encryption is the transformation of a target protected object into an unreadable form by using a specific algorithm to protect its confidentiality and integrity. For example, in the above example, when the attribute of the preset manner is the second attribute, the system may encrypt the sensitive data in the database, so as to prevent an attacker from obtaining the data by injecting a malicious SQL statement.
The encryption algorithm may be a symmetric encryption algorithm (e.g., AES), an asymmetric encryption algorithm (e.g., RSA), etc. For example, in the above example, when the attribute of the preset manner is the second attribute, the system may perform AES encryption on the database.
S108, obtaining a secret key corresponding to the target protection object according to a preset encryption algorithm;
according to a preset encryption algorithm, the system can generate a key for decrypting the target protected object. This key may be a symmetric key or an asymmetric key. For example, in the above example, the system generates a symmetric key for decrypting the database according to the AES encryption algorithm.
S109, displaying an identity verification page under the condition that the key is accessed;
whether a key is accessed may be determined by analyzing log records of the system and application, looking up any key-related abnormal activity, such as key usage records, unauthorized access attempts, etc., the log of key access may include log entries, log of key management system, etc. When the system detects that the key is accessed, the system displays an authentication page that requires authentication of the user to ensure that only authorized users have access to the key. For example, in the above example, when the system detects that someone has access to the decryption key of the database, the system will display an authentication page asking the user to enter the correct user name and password.
It should be noted that the authentication information in the authentication page may be other authentication information, such as security, fingerprint, pupil, palmprint, etc., which is not limited herein.
S110, under the condition that the completion of filling of the identity verification page is determined, verifying whether the access is a preset user or not;
the system verifies whether the information filled in by the user on the identity verification page matches the information of the preset user. Only if the verification is passed will the system confirm that the visitor is a preset user. For example, in the above example, the system checks whether the user name and password entered by the user on the authentication page match the preset user information stored in the database.
S111, displaying a key under the condition that the access is determined to be a preset user;
when the information filled in the identity verification page is matched with the information of the preset user, the preset user can be determined to be accessed. If the system confirms that the visitor is a preset user, the system displays the decryption key of the database. So that the user can decrypt the database and operate using the key. For example, in the above example, if the system verifies that it is passing, the system will display the database's decryption key, which the user can use to decrypt the database and perform the relevant operations.
S112, locking the identity verification page under the condition that the access is not the preset user.
When the information filled in the identity verification page is not matched with the information of the preset user, the access is determined not to be the preset user. If the system confirms that the visitor is not the preset user, the system locks the authentication page, preventing further access attempts. This protects the database from unauthorized users accessing sensitive data. For example, in the above example, if the system verification fails, the system will lock the authentication page, preventing the visitor from continuing to attempt to access the database.
The above embodiment has the following advantages:
under the condition that an unknown user invades in a preset mode, a target protection object is determined, and path information and a storage position of the target protection object are obtained. Therefore, the system can conduct targeted protection measures aiming at the target protection object, and the safety and the protection capability of the system are improved. Meanwhile, the method can effectively identify the intrusion mode of the unknown user, take corresponding measures in time to deal with, avoid potential risks and threats, reduce the success rate of the user information being stolen, and improve the safety of the user information.
After transferring the target protected object from the storage location to the preset secure location, the target protected object is encrypted by using a preset encryption algorithm. The encryption mode can effectively protect confidentiality and privacy of the target protection object and prevent unauthorized access and theft. In addition, the method ensures that only the preset user after authentication can access and acquire the secret key through the display and filling of the authentication page, and improves the access control and the authentication confirmation capability of the system. The success rate of the user information is reduced, and the safety of the user information is improved.
By extracting the network traffic log and analyzing the data volume and the transmission destination, the attribute of the preset mode can be accurately determined. The attribute determining method can accurately determine the attribute of the preset mode according to the actual network flow condition, and improves the self-adaptability and adaptability of the system. Meanwhile, according to the determination result of the attribute, whether potential threats and risks exist can be better judged, corresponding safety measures are timely taken, the success rate of the user information being stolen is reduced, and the safety of the user information is improved.
In step S112 of the above embodiment, in the case where it is determined that the access is not the preset user, the authentication page is locked. There are two reasons for the failure of authentication, one is accessed by a location user, and the other is accessed by a preset user but the authentication information is wrongly filled, so that the authentication page is locked. Another method for processing an unknown user intrusion provided in the present application is described below with reference to fig. 2:
fig. 2 is a flow chart of another method for handling an intrusion of an unknown user according to an embodiment of the present application.
S201, unlocking an identity verification page after a first preset time period passes;
The first preset duration refers to a preset time for which the system needs to wait for a period of time to verify the identity of the user after the user accesses the system. During this time, the system is in a locked state and cannot perform authentication. After a first preset time period, the system unlocks the identity verification page, allowing the user to fill in the identity verification information.
For example, a preset period of time of 10 seconds is required to wait for the system to unlock the authentication page. Within these 10 seconds, the user cannot fill out the authentication information. When the 10 second time arrives, the system unlocks the identity verification page, and the user can start filling in the account and the password for identity verification.
S202, under the condition that the completion of filling of the identity verification page is determined, verifying whether access is a preset user or not;
after the user fills out the authentication page, the system needs to verify whether the user's identity is the preset user. The system compares the identity verification information filled in by the user with preset user information to determine the identity of the user.
After the user fills in the account and the password, the system compares the information with the preset user account and password. If the account number and the password filled in by the user are consistent with the preset, the system confirms that the user is the preset user, and the next operation can be performed. If the account number and the password filled in by the user are inconsistent with the preset, the system confirms that the user is not the preset user and needs to take corresponding measures.
S203, displaying a key under the condition that the access is determined to be a preset user;
when the system confirms that the user is the preset user, the system will display the key.
When the account number and the password of the user are consistent with the preset values, the system generates a secret key for encrypting communication and displays the secret key to the user. The user can use the key to carry out subsequent secure communication and operation, and confidentiality and integrity of data are ensured.
S204, locking the identity verification page and continuing for a second preset time period under the condition that the access is determined not to be the preset user.
When the system confirms that the user is not the preset user, the system locks the identity verification page and continues for a second preset time period. During this time, the user cannot fill in the authentication information again.
When the account number and the password of the user are inconsistent with the preset values, the system locks the identity authentication page and waits for a second preset time period. During the period, the user cannot fill in the account and the password again for authentication. Only after the second preset time period is over will the system unlock the authentication page, allowing the user to try again to fill in the authentication information. In some embodiments, the second preset time period may be longer than the first preset time period, so as to alert the user to carefully fill out the authentication information, or prevent the unknown user from continuously attacking.
In the above embodiment, after locking the authentication page, the authentication page is unlocked after a certain time has elapsed. The design can avoid the key frequently attacked by the unknown user to a certain extent, reduce frequent identity verification operation and improve the usability and convenience of the system. Meanwhile, after the identity verification page is filled, the access verification is performed again, so that the identity legitimacy of the visitor can be further ensured, and unauthorized access and data leakage are avoided. Meanwhile, the user can fill in the wrong authentication information for the first time, and the method can enable the user to determine the correct authentication information within a first preset time period. The success rate of the user information is reduced, and the safety of the user information is improved.
In step S112: after locking the authentication page in the event that access is determined not to be a preset user, the unknown user needs to be cut off to continue the intrusion, and it is necessary to determine whether any data is corrupted, specifically: disconnecting from the network; updating all passwords immediately every preset time; determining if there is data corruption in the event that it is determined to cut off the intrusion of the unknown user; extracting a data backup under the condition that the data damage is determined; restoring data corresponding to the data damage by using the data backup; judging whether the data backup is infected; if the data backup is infected, deleting the infected data in the data backup to obtain a processed data backup; and restoring the data corresponding to the data damage by using the processed data backup.
The above embodiment has the following advantages:
by updating the password immediately every preset time, the system can ensure timeliness and security of the password. The timely password updating measure can reduce the risk of cracking or stealing the password, and effectively protect the data and resources of the system. Meanwhile, the periodic updating of the password can also prevent an unknown user from invading the system by monitoring and cracking the password for a long time. The success rate of the user information is reduced, and the safety of the user information is improved.
After the password update, possible data corruption is handled and recovered. Judging whether the data is damaged or not, and extracting the data backup for recovery. By using data backup for recovery, the influence of data damage on the normal operation and data integrity of the system can be avoided. The success rate of the user information is reduced, and the safety of the user information is improved.
In the process of restoring the data backup, the data backup is checked to determine whether the data backup is infected. If the data backup is infected, deleting the infected data to obtain the processed data backup. By deleting the infected data, further spreading and corruption of the data by malicious code or viruses can be prevented. And then, restoring the data corresponding to the damaged data by using the processed data backup, so as to ensure the integrity and usability of the data. The success rate of the user information is reduced, and the safety of the user information is improved.
The system in the embodiments of the present application is described from a modular point of view as follows:
referring to fig. 3, a schematic functional module structure of a processing system for intrusion of an unknown user according to an embodiment of the present application is shown.
The system comprises:
an object determining module 301, configured to determine a target protection object when it is determined that an unknown user invades in a preset manner;
a path determining module 302, configured to determine path information of the target protection object;
a storage determining module 303, configured to obtain a storage location of the target protection object according to the path information;
the attribute determining module 304 is configured to determine an attribute of the preset manner;
a storage object module 305, configured to store a preset induction object to the storage location if the attribute is determined to be the first attribute;
and a transferring object module 306, configured to transfer the target protection object from the storage location to a preset security location.
The system in the embodiment of the present application is described above from the point of view of the modularized functional entity, and the system in the embodiment of the present application is described below from the point of view of hardware processing, please refer to fig. 4, which is a schematic diagram of the entity device structure of the processing system for intrusion of an unknown user provided in the embodiment of the present application.
It should be noted that the structure of the system shown in fig. 4 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present invention.
As shown in fig. 4, the server includes a central processing unit (Central Processing Unit, CPU) 401 that can perform various appropriate actions and processes, such as performing the method in the above-described embodiment, according to a program stored in a Read-Only Memory (ROM) 402 or a program loaded from a storage section 408 into a random access Memory (Random Access Memory, RAM) 403. In the RAM 403, various programs and data required for the system operation are also stored. The CPU 401, ROM402, and RAM 403 are connected to each other by a bus 404. An Input/Output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a camera, an infrared sensor, and the like; an output portion 407 including a liquid crystal display (Liquid Crystal Display, LCD), a speaker, and the like; a storage section 408 including a hard disk or the like; and a communication section 409 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. The drive 410 is also connected to the I/O interface 405 as needed. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 410 as needed, so that a computer program read therefrom is installed into the storage section 408 as needed.
In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 409 and/or installed from the removable medium 411. When executed by a Central Processing Unit (CPU) 401, the computer program performs various functions defined in the present invention.
It should be noted that, the computer readable medium shown in the embodiments of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As another aspect, the present invention also provides a computer-readable storage medium, which may be included in the system described in the above embodiment; or may exist alone without being assembled into the system. The storage medium carries one or more computer programs which, when executed by a processor of a system, cause the system to implement the methods provided in the embodiments described above.
The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
As used in the above embodiments, the term "when …" may be interpreted to mean "if …" or "after …" or "in response to determination …" or "in response to detection …" depending on the context. Similarly, the phrase "at the time of determination …" or "if detected (a stated condition or event)" may be interpreted to mean "if determined …" or "in response to determination …" or "at the time of detection (a stated condition or event)" or "in response to detection (a stated condition or event)" depending on the context.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces, in whole or in part, a flow or function consistent with embodiments of the present application. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc.
Those of ordinary skill in the art will appreciate that implementing all or part of the above-described method embodiments may be accomplished by a computer program to instruct related hardware, the program may be stored in a computer readable storage medium, and the program may include the above-described method embodiments when executed. And the aforementioned storage medium includes: ROM or random access memory RAM, magnetic or optical disk, etc.
Claims (10)
1. A method of handling an unknown user intrusion, comprising:
under the condition that the unknown user is invaded in a preset mode, a target protection object is determined;
determining path information of the target protection object;
obtaining the storage position of the target protection object according to the path information;
determining the attribute of the preset mode;
under the condition that the attribute is determined to be the first attribute, storing a preset induction object into the storage position;
and transferring the target protection object from the storage position to a preset safety position.
2. The method of claim 1, wherein after the transferring the target protected object from the storage location to a preset secure location, the method further comprises:
Encrypting the target protection object by using a preset encryption algorithm under the condition that the attribute is determined to be a second attribute;
obtaining a secret key corresponding to the target protection object according to the preset encryption algorithm;
displaying an authentication page in case it is determined that the key is accessed;
under the condition that the identity verification page is determined to be filled, verifying whether the access is a preset user or not;
displaying the key if it is determined that the access is the preset user;
and locking the identity verification page under the condition that the access is not determined to be the preset user.
3. The method according to claim 2, wherein after said locking of said authentication page in case said access is determined not to be said preset user, said method further comprises:
after a first preset time period passes, unlocking the identity verification page;
under the condition that the completion of the filling of the identity verification page is confirmed, verifying whether the access is the preset user or not;
displaying the key if it is determined that the access is the preset user;
and locking the identity verification page for a second preset duration under the condition that the access is not the preset user.
4. The method according to claim 1, wherein the determining the attribute of the preset manner specifically includes:
extracting an access log;
obtaining access file paths and access times according to the access log;
determining the attribute of the preset mode as a first attribute under the condition that the number of the access file paths is not larger than a preset number and the access times of accessing the access paths is larger than a preset threshold value;
and determining the attribute of the preset mode as a second attribute under the condition that the number of the access file paths is larger than the preset number and the access times of accessing the access paths is not larger than a preset threshold value.
5. The method according to claim 1, wherein after determining the attribute of the preset pattern in case it is determined that an unknown user intrudes in the preset pattern, the method further comprises:
disconnecting from the network;
all passwords are updated immediately every preset time.
6. The method of claim 5, wherein after updating all passwords immediately every preset time, the method further comprises:
determining if there is data corruption if it is determined to cut off the intrusion of the unknown user;
Extracting a data backup under the condition that the data damage is determined;
and restoring the data corresponding to the data damage by using the data backup.
7. The method of claim 6, wherein after extracting the data backup in the event that data corruption is determined, the method further comprises:
judging whether the data backup is infected;
if the data backup is infected, deleting the infected data in the data backup to obtain a processed data backup;
and restoring the data corresponding to the data damage by using the processed data backup.
8. A system for processing an intrusion by an unknown user, comprising:
the object determining module is used for determining a target protection object under the condition that the unknown user is determined to invade in a preset mode;
the path determining module is used for determining path information of the target protection object;
the storage determining module is used for obtaining the storage position of the target protection object according to the path information;
the attribute determining module is used for determining the attribute of the preset mode;
the storage object module is used for storing a preset induction object to the storage position under the condition that the attribute is determined to be the first attribute;
And the transfer object module is used for transferring the target protection object from the storage position to a preset safety position.
9. A system for processing an intrusion by an unknown user, comprising: one or more processors and memory;
the memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that the one or more processors invoke to cause the system to perform the method of any of claims 1-7.
10. A computer readable storage medium comprising instructions which, when run on a system, cause the system to perform the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701287.6A CN117610056A (en) | 2023-12-12 | 2023-12-12 | Method and system for processing unknown user invasion and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701287.6A CN117610056A (en) | 2023-12-12 | 2023-12-12 | Method and system for processing unknown user invasion and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117610056A true CN117610056A (en) | 2024-02-27 |
Family
ID=89946228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311701287.6A Pending CN117610056A (en) | 2023-12-12 | 2023-12-12 | Method and system for processing unknown user invasion and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117610056A (en) |
-
2023
- 2023-12-12 CN CN202311701287.6A patent/CN117610056A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106534148B (en) | Access control method and device for application | |
| US9317851B2 (en) | Secure transaction personal computer | |
| US8782404B2 (en) | System and method of providing trusted, secure, and verifiable operating environment | |
| CN106330984B (en) | Dynamic updating method and device of access control strategy | |
| US7743413B2 (en) | Client apparatus, server apparatus and authority control method | |
| Altuwaijri et al. | Android data storage security: A review | |
| US9288199B1 (en) | Network access control with compliance policy check | |
| CN109409045B (en) | Safety protection method and device for automatic login account of browser | |
| CN101309518A (en) | Method, apparatus and system for protecting information in SIM card | |
| US20150094023A1 (en) | Retroactively Securing a Mobile Device From a Remote Source | |
| CN108959943B (en) | Method, device, apparatus, storage medium and corresponding vehicle for managing an encryption key | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| Sikder et al. | A survey on android security: development and deployment hindrance and best practices | |
| CN111932261A (en) | Asset data management method and device based on verifiable statement | |
| CN115310084A (en) | Tamper-proof data protection method and system | |
| CN111291425B (en) | Chip protection method and device, storage medium and vehicle-mounted chip | |
| US20210319105A1 (en) | Systems and methods for code injection detection | |
| CN112422527A (en) | Safety protection system, method and device of transformer substation electric power monitoring system | |
| US20240163264A1 (en) | Real-time data encryption/decryption security system and method for network-based storage | |
| CN117610056A (en) | Method and system for processing unknown user invasion and readable storage medium | |
| US20200220886A1 (en) | Single Point Secured Mechanism to Disable and Enable the Access to all User Associated Entities | |
| CN111209561B (en) | Application calling method and device of terminal equipment and terminal equipment | |
| KR102086375B1 (en) | System and method for real time prevention and post recovery for malicious software | |
| WO2019235450A1 (en) | Information processing device, information processing method, information processing program, and information processing system | |
| CN105912945A (en) | Safety reinforcing device and operation method of operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |