CN117892289A - Information security engineering depth intelligent monitoring device and detection method - Google Patents
Information security engineering depth intelligent monitoring device and detection method Download PDFInfo
- Publication number
- CN117892289A CN117892289A CN202410032179.2A CN202410032179A CN117892289A CN 117892289 A CN117892289 A CN 117892289A CN 202410032179 A CN202410032179 A CN 202410032179A CN 117892289 A CN117892289 A CN 117892289A
- Authority
- CN
- China
- Prior art keywords
- behavior
- data
- information
- operation behavior
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012806 monitoring device Methods 0.000 title claims abstract description 12
- 238000001514 detection method Methods 0.000 title claims abstract description 9
- 230000006399 behavior Effects 0.000 claims abstract description 103
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 14
- 238000004458 analytical method Methods 0.000 claims abstract description 7
- 230000000903 blocking effect Effects 0.000 claims abstract description 7
- 230000002159 abnormal effect Effects 0.000 claims abstract description 5
- 238000003860 storage Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 4
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an information security engineering depth intelligent monitoring device and a monitoring method, which relate to the technical field of information security, and are characterized by comprising an acquisition unit, a detection unit and a control unit, wherein the acquisition unit is used for acquiring user operation behaviors on an information system and taking the user operation behaviors as operation behaviors to be detected; and the analysis unit is used for confirming whether the operation behavior to be detected belongs to abnormal behavior or not according to the operation behavior to be detected and a pre-constructed normal behavior outline model, blocking the current operation behavior if the operation behavior to be detected belongs to the abnormal behavior, and outputting alarm information. The invention can detect the user operation behavior generated by the information system in real time and monitor whether the information system generates abnormal operation behavior, thereby resisting the attack behavior from the inside and solving the technical problem that the existing information system cannot resist the attack from the inside.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an intelligent monitoring device and a detection method for the depth of information security engineering.
Background
The information system is used as a data management and storage system, and often bears core data of enterprises/departments, such as account information, production data, business data and the like, and once the information is maliciously accessed, leaked or tampered, economic loss of the enterprises can be caused, and social stability is even affected;
for a long time, enterprise organizations often concentrate on main efforts and resources to cope with threats from outside the information system, and most of attacks from outside the enterprise are effectively resisted by means of network security technologies such as firewalls, information encryption, access control and the like. However, the internal threat attacker comes from the security boundary, and the internal threat attacker can avoid the detection of external security devices such as firewalls, so that the existing information system cannot resist the attack from the inside, and a more effective means is required to detect the internal threat.
In the prior art, however, in practical application, when an enterprise personnel communicates with a client, the enterprise personnel cannot know the condition of the client for consulting the transmitted data, so that follow-up cannot be timely performed, and timely and effective follow-up service is provided for the client. And the enterprise personnel can not know whether the client is interested in the sent data, and the enterprise can not provide timely and efficient service and management for the client, so that the development of the enterprise is greatly hindered.
Meanwhile, the harm caused by information (data) leakage caused by the intention or the accident of staff is extremely large and is not prevented, the core competitiveness of an enterprise can be reduced, the reputation of the enterprise is damaged, and the internal safety problem of a visible information system is the primary problem which needs to be solved at present.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an information security engineering deep intelligent monitoring device and a detection method, which can be used for detecting the information security engineering deep intelligent monitoring device. The specific technical scheme is as follows:
information security engineering degree of depth intelligent monitoring device includes:
the information system comprises an acquisition unit, a detection unit and a control unit, wherein the acquisition unit is used for acquiring user operation behaviors on the information system and taking the user operation behaviors as operation behaviors to be detected;
and the analysis unit is used for confirming whether the operation behavior to be detected belongs to abnormal behavior or not according to the operation behavior to be detected and a pre-constructed normal behavior outline model, blocking the current operation behavior if the operation behavior to be detected belongs to the abnormal behavior, and outputting alarm information.
Preferably, the system further comprises an alarm unit for sending the alarm information.
Preferably, the acquisition unit comprises an operating system, a user interface module, a user operation behavior monitoring program and a memory; .
Preferably, the analysis unit is a central processing unit.
The intelligent monitoring method for the depth of the information security engineering comprises the following steps:
acquiring user operation behaviors, and taking the user operation behaviors as operation behaviors to be tested;
determining whether the operation behavior to be detected belongs to abnormal behavior according to a pre-constructed normal behavior outline model;
if the current operation behavior to be detected belongs to the abnormal behavior, stopping the abnormal operation behavior, executing the blocking operation and outputting warning information.
Preferably, the obtaining the user operation behavior and taking the user operation behavior as the operation behavior to be tested includes:
generating a corresponding radar link according to the data uploaded by the user;
transmitting the radar link to other terminal equipment;
and monitoring operation behavior data of other users on the radar link on the other terminal equipment.
Preferably, the step of generating a corresponding radar link according to the data uploaded by the user includes:
generating a unique data identifier for the data;
and adding the unique identification of the data into a preset fixed network address to obtain the radar link.
Preferably, the monitoring operation behavior data of other users on the other terminal devices on the radar link includes: acquiring user information of the other users and the operation behavior data according to clicking operation of the other users on the radar link; and associating the user information with the operation behavior data.
Preferably, before the step of determining whether the operation behavior to be detected belongs to the abnormal behavior according to the pre-constructed normal behavior profile model, the method further includes:
collecting system operation data related to user operation behaviors in the information system, wherein the system operation data comprises an information system operation log, a database connection log, a WEB system access log and an operation system access log;
executing cleaning operation on the system operation data, determining user operation behavior data, and storing the user operation behavior data in a storage module of the information system;
and constructing a normal behavior outline model according to the user operation behavior data.
Compared with the prior art, the invention has the beneficial effects that: the method and the system can detect the user operation behaviors generated by the information system in real time and monitor whether the information system generates abnormal operation behaviors, so that the attack behaviors from the inside can be resisted, and the technical problem that the existing information system cannot resist the attack from the inside is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
FIG. 1 is a schematic diagram of a system of the present invention;
fig. 2 is a flow chart of the method of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
1-2, the invention provides an information security engineering deep intelligent monitoring device, which comprises:
the information system comprises an acquisition unit, a detection unit and a control unit, wherein the acquisition unit is used for acquiring user operation behaviors on the information system and taking the user operation behaviors as operation behaviors to be detected;
and the analysis unit is used for confirming whether the operation behavior to be detected belongs to abnormal behavior or not according to the operation behavior to be detected and a pre-constructed normal behavior outline model, blocking the current operation behavior if the operation behavior to be detected belongs to the abnormal behavior, and outputting alarm information.
Preferably, the system further comprises an alarm unit for sending the alarm information.
As a preferred scheme, the acquisition unit comprises an operating system, a user interface module, a user operation behavior monitoring program and a memory; .
In a further optimized scheme, the analysis unit is a central processing unit.
In addition, the embodiment provides an intelligent monitoring method for the depth of the information security engineering, which comprises the following steps:
acquiring user operation behaviors, and taking the user operation behaviors as operation behaviors to be tested;
determining whether the operation behavior to be detected belongs to abnormal behavior according to a pre-constructed normal behavior outline model;
if the current operation behavior to be detected belongs to the abnormal behavior, stopping the abnormal operation behavior, executing the blocking operation and outputting warning information.
Further optimizing the scheme, the obtaining the user operation behavior and taking the user operation behavior as the operation behavior to be tested includes:
generating a corresponding radar link according to the data uploaded by the user; transmitting the radar link to other terminal equipment; and monitoring operation behavior data of other users on the radar link on the other terminal equipment. So as to provide timely and effective follow-up service, and simultaneously obtain interests and demands of other users according to the monitored operation data, thereby realizing efficient management of other users.
Further optimizing scheme, the step of generating the corresponding radar link according to the data uploaded by the user comprises the following steps:
generating a unique data identifier for the data;
and adding the unique identification of the data into a preset fixed network address to obtain the radar link.
Further optimizing the scheme, the monitoring operation behavior data of other users on the other terminal equipment on the radar link comprises the following steps: acquiring user information of the other users and the operation behavior data according to clicking operation of the other users on the radar link; and associating the user information with the operation behavior data.
Further, according to the above-mentioned method, before the step of determining whether the operation behavior to be detected belongs to the abnormal behavior, the method further includes:
collecting system operation data related to user operation behaviors in the information system, wherein the system operation data comprises an information system operation log, a database connection log, a WEB system access log and an operation system access log;
executing cleaning operation on the system operation data, determining user operation behavior data, and storing the user operation behavior data in a storage module of the information system;
and constructing a normal behavior outline model according to the user operation behavior data.
Those of ordinary skill in the art will appreciate that the elements of the examples described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the elements of the examples have been described generally in terms of functionality in the foregoing description to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the division of the units is merely a logic function division, and there may be other division manners in actual implementation, for example, multiple units may be combined into one unit, one unit may be split into multiple units, or some features may be omitted.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-0nlyMemory (ROM), a random access memory (RAM, randomAccessMemory), a removable hard disk, a magnetic disk, or an optical disk, or the like, which can store program codes.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
Claims (9)
1. Information security engineering degree of depth intelligent monitoring devices, its characterized in that includes:
the information system comprises an acquisition unit, a detection unit and a control unit, wherein the acquisition unit is used for acquiring user operation behaviors on the information system and taking the user operation behaviors as operation behaviors to be detected;
and the analysis unit is used for confirming whether the operation behavior to be detected belongs to abnormal behavior or not according to the operation behavior to be detected and a pre-constructed normal behavior outline model, blocking the current operation behavior if the operation behavior to be detected belongs to the abnormal behavior, and outputting alarm information.
2. The information security engineering deep intelligent monitoring device according to claim 1, further comprising an alarm unit for sending the alarm information.
3. The information security engineering depth intelligent monitoring device of claim 1, further comprising a storage unit for storing data, the storage unit comprising an operating system, a user interface module, a user operation behavior monitoring program, and a memory.
4. The information security engineering depth intelligent monitoring device according to claim 1, wherein the analysis unit is a central processing unit.
5. The intelligent monitoring method for the depth of the information security engineering is characterized by comprising the following steps of:
acquiring user operation behaviors, and taking the user operation behaviors as operation behaviors to be tested;
determining whether the operation behavior to be detected belongs to abnormal behavior according to a pre-constructed normal behavior outline model;
if the current operation behavior to be detected belongs to the abnormal behavior, stopping the abnormal operation behavior, executing the blocking operation and outputting warning information.
6. The method for intelligent monitoring of information security engineering depth according to claim 5, wherein the steps of obtaining the user operation behavior and taking the user operation behavior as the operation behavior to be tested include:
generating a corresponding radar link according to the data uploaded by the user;
transmitting the radar link to other terminal equipment;
and monitoring operation behavior data of other users on the radar link on the other terminal equipment.
7. The method for intelligent monitoring of information security engineering depth according to claim 6, wherein the step of generating the corresponding radar link according to the data uploaded by the user comprises:
generating a unique data identifier for the data;
and adding the unique identification of the data into a preset fixed network address to obtain the radar link.
8. The method for intelligent monitoring of information security engineering according to claim 5, wherein the monitoring of the operational behavior data of the radar link by other users on the other terminal device comprises:
acquiring user information of the other users and the operation behavior data according to clicking operation of the other users on the radar link; and associating the user information with the operation behavior data.
9. The method for intelligent monitoring of information security engineering depth according to claim 5, wherein before the step of determining whether the operation behavior to be detected belongs to an abnormal behavior according to a pre-constructed normal behavior profile model, the method further comprises:
collecting system operation data related to user operation behaviors in the information system, wherein the system operation data comprises an information system operation log, a database connection log, a WEB system access log and an operation system access log;
executing cleaning operation on the system operation data, determining user operation behavior data, and storing the user operation behavior data in a storage module of the information system;
and constructing a normal behavior outline model according to the user operation behavior data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410032179.2A CN117892289A (en) | 2024-01-09 | 2024-01-09 | Information security engineering depth intelligent monitoring device and detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410032179.2A CN117892289A (en) | 2024-01-09 | 2024-01-09 | Information security engineering depth intelligent monitoring device and detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117892289A true CN117892289A (en) | 2024-04-16 |
Family
ID=90645222
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410032179.2A Pending CN117892289A (en) | 2024-01-09 | 2024-01-09 | Information security engineering depth intelligent monitoring device and detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117892289A (en) |
-
2024
- 2024-01-09 CN CN202410032179.2A patent/CN117892289A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jardine et al. | Senami: Selective non-invasive active monitoring for ics intrusion detection | |
US20120284790A1 (en) | Live service anomaly detection system for providing cyber protection for the electric grid | |
CN113098846A (en) | Industrial control flow monitoring method, equipment, storage medium and device | |
CN113824682B (en) | Modularized SCADA security situation sensing system architecture | |
CN103378991A (en) | Online service abnormity monitoring method and monitoring system thereof | |
CN112163198B (en) | Host login security detection method, system, device and storage medium | |
CN111835680A (en) | Safety protection system of industry automatic manufacturing | |
CN111274276A (en) | Operation auditing method and device, electronic equipment and computer-readable storage medium | |
CN114338372A (en) | Network information security monitoring method and system | |
CN109005156A (en) | The shared determination method and device of account | |
CN117478433B (en) | Network and information security dynamic early warning system | |
CN115499840A (en) | Security assessment system and method for mobile internet | |
CN115941317A (en) | Network security comprehensive analysis and situation awareness platform | |
CN116861419B (en) | Active defending log alarming method on SSR | |
CN117792733A (en) | Network threat detection method and related device | |
CN117454373A (en) | Software login identity management and access security control method | |
CN116633594B (en) | Flamingo gateway security system | |
CN111726355A (en) | Network security situation perception system based on big data | |
CN116896476A (en) | Safety evaluation model and method for remote management system of digital energy air compression station | |
JP2005202664A (en) | Unauthorized access integration correspondence system | |
CN117892289A (en) | Information security engineering depth intelligent monitoring device and detection method | |
EP2911362B1 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
KR101973728B1 (en) | Integration security anomaly symptom monitoring system | |
Gao et al. | SIEM: policy-based monitoring of SCADA systems | |
Wang et al. | [Retracted] Industrial Information Security Detection and Protection: Monitoring and Warning Platform Architecture Design and Cryptographic Antitheft Technology System Upgrade |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |