CN117939464A - Override handling system and method based on white list - Google Patents

Override handling system and method based on white list Download PDF

Info

Publication number
CN117939464A
CN117939464A CN202311839461.3A CN202311839461A CN117939464A CN 117939464 A CN117939464 A CN 117939464A CN 202311839461 A CN202311839461 A CN 202311839461A CN 117939464 A CN117939464 A CN 117939464A
Authority
CN
China
Prior art keywords
user
override
server
module
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311839461.3A
Other languages
Chinese (zh)
Inventor
袁誉峰
韩保礼
张晓峰
王雪颖
廖海林
钟少君
朱光耀
宋慧博
裘卫星
汤叶峰
汤东亮
王欢祥
楼新恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Shaoxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202311839461.3A priority Critical patent/CN117939464A/en
Publication of CN117939464A publication Critical patent/CN117939464A/en
Pending legal-status Critical Current

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an override handling system and method based on a white list, comprising a storage module, a server, an analysis module, wireless access point equipment and an override handling module; the storage module is used for storing the first user identity information; the server comprises a communication module and a preprocessing module, wherein the preprocessing module is used for preprocessing the second user identity information received by the communication module to obtain a server access request; the analysis module performs first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result; the wireless access point device is used for carrying out second authentication on the server access request to obtain a second authentication result; and the override handling module is used for executing corresponding override handling operation according to the first authentication result and the second authentication result. The scheme can effectively improve the running safety and stability of the power grid system by combining a double authentication mechanism of the white list user information base and the wireless access point equipment.

Description

Override handling system and method based on white list
Technical Field
The invention relates to the technical field of network security, in particular to an override handling system and method based on a white list.
Background
The untrusted connections among the grid network are mainly: unverified connections may be intercepted or eavesdropped, causing data leakage or security problems. Malware infection: if the user's computer or mobile device is infected with malware, the connection is left untrusted. This may result in the user's data being stolen, privacy being violated or the device being controlled; phishing websites or fake websites that may masquerade as legitimate websites, such as banks, paytables, or social media websites, to obtain sensitive information of users or to fool users into illegal operations. In public networks, where a plurality of different network devices are connected, the network security situation is very complex.
In the operation of the national network, many different network threats are faced, including internal attack, disclosure of private information, network paralysis, tampering with network configuration, unauthorized access, etc. Wherein unauthorized access is not authorized or can avoid access control rights from illegally using network devices and resources, and some sensitive data may be lost or leaked due to unauthorized access information. Meanwhile, the user with the untrustworthy connection can influence the normal use of the user or even interfere the operation of the network service system by illegal means, so that the network system is paralyzed.
Chinese patent, publication No.: CN116707909a, publication date: 2023, 09 and 05 days, discloses a power grid attack risk perception defense method and system; acquiring power grid node state measurement data; and extracting state characteristics of the power grid node state measurement data, detecting the attacked power grid node based on the state characteristics, building an attack defense tree, and determining corresponding system risks when different defense strategies are adopted to determine to execute the defense strategies. Under the challenge of processing the advanced multi-stage attack, the defense strategy is determined and executed by combining the quantized risk analysis result of the power grid node, so that the operation safety of the power grid is ensured. The security detection mode of the invention lacks detection and treatment of unauthorized access information, has larger limitation, and further has lower operation security stability.
Disclosure of Invention
Aiming at the problem that the safety supervision of an unauthorized user is lack in the prior art, so that the safety and stability of a power grid system are lower in operation, the invention provides an unauthorized disposal system and method based on a white list, which are characterized in that a server access request is obtained by determining the white list user and preprocessing second user identity information based on a server, a first authentication result is obtained by performing a first authentication by an analysis module, and a second authentication result is obtained by performing a second authentication by a wireless access point device; the unauthorized access information can be detected and handled by the unauthorized handling operation through the unauthorized handling module based on the first authentication result and the second authentication result, and the unauthorized access and operation of the power grid system can be effectively prevented by combining the double authentication mechanism of the white list user information base and the wireless access point equipment, so that the running safety and stability of the power grid system are improved.
In order to solve the technical problems, the invention adopts the following technical scheme: a whitelist-based override system comprising:
The device comprises a storage module, a server, an analysis module, wireless access point equipment and an override handling module; the storage module is used for storing first user identity information; the server comprises a communication module and a preprocessing module, wherein the preprocessing module is used for preprocessing the second user identity information received by the communication module to obtain a server access request; the analysis module performs first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result; the wireless access point device is used for carrying out second authentication on the server access request to obtain a second authentication result; the override handling module is used for executing corresponding override handling operation according to the first authentication result and the second authentication result.
In the scheme, the problem that the safety and stability of a power grid system are low due to the fact that safety supervision of unauthorized users is lacked in the prior art is solved; the first user identity information is stored through the storage module so as to construct a white list user information base, wherein the white list user information base can be used as a comparison object to intuitively judge whether the second user is in the white list user information base, so that preliminary judgment of the user identity is facilitated, access of unauthorized users is prevented, and the legality of the user identity information is ensured; the server performs format conversion and extracts second user data based on the attribute and the content of the second user identity information, so that the analysis module is favorable for comparing and analyzing the second user data with screening conditions, and the reliability and the accuracy of user information authentication are improved; the analysis module is used for carrying out first authentication on the second user identity information, judging the attribute of the user identity, uploading the server access request to the analysis module for first authentication, reducing the load pressure of the server on data processing, and facilitating the analysis module to directly call the first user identity information from the white list user information base for comparison and analysis; the linkage unit is used for carrying out secondary authentication on the server access request, double authentication of user identity is realized, user attributes are authenticated from multiple angles to improve authentication accuracy, a system is convenient for carrying out server access authorization on users, information assets of the server and the users are protected from being lost or leaked, and the security and stability of system operation are further improved by combining a double authentication mechanism of a white list user information base and wireless access point equipment.
Preferably, the preprocessing module is used for setting screening conditions; the preprocessing module performs format conversion on the second user identity information, extracts the attribute and the content of the second user identity information to obtain second user data, and performs comparison analysis on the second user data and the screening condition to judge the attribute of the second user data.
Preferably, the second user data includes a user address, a user data length, and a user protocol type; the screening conditions include a target protocol type, a target source address, and a target address.
In the scheme, the screening conditions are set through the preprocessing module, the second user identity information can be screened according to the preset screening conditions, the attribute and the content of the second user identity information can be conveniently extracted to obtain second user data, the second user data is compared with the screening conditions for analysis, the attribute of the second user data is further judged, the data quality is guaranteed, the comparison and analysis efficiency is improved, the preliminary judgment is carried out in a faster and more accurate mode, the validity of the user identity information is prevented from being accessed by an unauthorized user, and the reliability and the accuracy of user information authentication are improved.
Preferably, the override handling module comprises a linkage unit and a handling unit; the linkage unit is used for authenticating the server access request; the handling unit is used for triggering the firewall to execute handling operation or uploading access data and writing the access data into the firewall log.
Preferably, the override handling module determines based on the first authentication result, if the first authentication result is a white list user, the handling unit allows the white list user to access the server and upload access data at the same time, and performs second authentication on the server access request based on the linkage unit to obtain a second authentication result; the override handling module judges based on the second authentication result, and if the server access request and the wireless access point equipment authentication are successful, the second user accesses the server; if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
In the scheme, the first authentication result is judged through the analysis module, so that corresponding judgment results can be obtained, and each judgment result corresponds to one override operation; if the first authentication result is the white list user, the processing unit allows the white list user to access the server and upload access data to write the access data into the firewall log, and then performs second authentication with the wireless access point device based on the linkage unit server access request to obtain a second authentication result; if the first authentication result is a non-white list user, the processing unit of the override processing module performs override processing operation; by defining the override handling operation corresponding to the judgment result, the override handling operation can be accurately carried out on the judgment result, the handling efficiency is improved, and the running efficiency of the power grid system is enhanced; the second authentication is carried out on the server access request and the wireless access point equipment through the linkage unit, two conditions can be obtained, and if the server access request and the wireless access point equipment are successfully authenticated, the second user carries out server access; if the server access request and the wireless access point equipment authentication fail, triggering a firewall to execute a handling operation by a handling unit of the override handling module; and carrying out secondary judgment on the identity of the user according to the second authentication result, so that the system can conveniently carry out server access authorization on the user, and the server and the information assets of the user can be protected from being lost or leaked.
Preferably, the override handling method is applied to a override handling system based on a white list, and comprises the following steps:
s1, preprocessing second user identity information based on a server to obtain a server access request and uploading the server access request to an analysis module;
S2, the analysis module carries out first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result;
S3, performing second authentication on the server access request based on the wireless access point equipment to obtain a second authentication result;
and S4, the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result.
In the scheme, the problem that the safety and stability of a power grid system are low due to the fact that safety supervision of unauthorized users is lacked in the prior art is solved; the second user identity information is screened through the preset screening conditions, so that the attribute and the content of the second user identity information can be conveniently extracted to obtain second user data, the analysis module is favorable for comparing and analyzing the second user data with the screening conditions, and the reliability and the accuracy of user information authentication are improved; the first authentication is carried out on the second user identity information through the analysis module, so that the pressure of the server on data processing can be reduced, and the analysis module can conveniently call the first user identity information from the white list user information base directly for comparison and analysis; the wireless access point device performs second authentication on the server access request, so that secondary judgment on the identity of the user is realized, the system is convenient to perform server access authorization on the user while effectively protecting sensitive information, and the server and the information asset of the user are protected from leakage.
Preferably, before the second user identity information is acquired based on the server, the method further comprises the step of constructing a white list user information base based on the first user identity information of the storage module.
In the scheme, the first user identity information is stored in the storage module, and the white list user information base is constructed based on the first user identity information of the storage module, wherein the white list user information base is used as a comparison object to intuitively judge whether the second user is in the white list user information base, so that the comparison efficiency is improved, and the identity of the user can be rapidly and preliminarily judged; meanwhile, the security is improved by constructing the white list user information base, the access authority can be effectively controlled, only specific users are allowed to access the protected resources, so that unauthorized users or malicious software can be prevented from accessing the server, the security of the system is improved, and the legality of user identity information is ensured.
Preferably, the S1 includes:
s11, the server extracts second user data based on second user identity information;
s12, judging whether screening conditions are met based on the second user data, and if the screening conditions are met, generating a server access request and sending the server access request to an analysis module; and if the screening condition is not met, screening out the current second user data.
In the scheme, the format conversion is carried out on the second user identity information through the preprocessing module, so that the user identity information with different formats and different sources can be uniformly converted into a standardized format, and the later data screening and analysis are convenient; the second user identity information is extracted through the preprocessing module, so that the user identity information can be carded, repeated, invalid and error data are removed, and the quality and accuracy of the data are improved; the second user data can be simplified, the subsequent judgment and analysis are convenient, and whether the screening condition is met or not is further judged; the preprocessing module is used for carrying out format conversion and extraction on the user identity information, so that the time and cost of subsequent data processing and analysis can be reduced, and the working efficiency is improved; the second user identity information is extracted, the second user is judged based on screening conditions, the attribute of the user can be primarily judged, and if the user identity information is abnormal, the preprocessing module can timely handle the user identity information, so that the safe and stable operation of the power grid system is ensured.
Preferably, the analysis module performs first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result; and carrying out second authentication on the server access request based on the wireless access point equipment to obtain a second authentication result.
In the scheme, the analysis module carries out interactive authentication on the second user identity information and the first user identity information based on the white list user information base to judge whether the second user is a white list user or not; the first authentication result comprises a white list user or a non-white list user; the second authentication result comprises that the wireless access point device allows the second user to access the server and the wireless access point device does not allow the second user to access the server, and the server access authorization is conveniently performed on the user by the system through the first authentication result and the second authentication result, so that information assets of the server and the user are protected from being lost or leaked.
Preferably, the S4 includes:
The override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result, and comprises the following steps: if the first authentication result is the white list user, allowing the white list user to access the server by the processing unit of the override processing module and uploading access data at the same time, and performing second authentication based on the linkage unit to obtain a second authentication result; and executing corresponding override handling operation based on the second authentication result.
Preferably, the S4 further includes:
Executing a corresponding override operation based on the second authentication result, comprising the steps of:
If the server access request and the wireless access point equipment authentication are successful, the second user performs server access; if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
In the scheme, first authentication is performed firstly, then second authentication is performed based on a first authentication result, and the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result; by combining the dual authentication mechanism of the white list user information base and the wireless access point equipment, the system is convenient for the server access authorization of the user, is beneficial to protecting the information assets of the server and the user from losing or leakage, and improves the safety and stability of the system operation.
The invention has the substantial effects that:
1. performing first authentication through an analysis module, and judging the attribute of the second user; the wireless access point equipment carries out secondary judgment on the identity of the user according to the first authentication result so as to facilitate the system to carry out server access authorization on the user, thereby being beneficial to protecting the information assets of the server and the user from losing or leakage, and further improving the safety and stability of the system operation by combining a double authentication mechanism of a white list user information base and the wireless access point equipment;
2. the second user identity information is extracted through the preprocessing module, so that the user identity information can be carded, repeated, invalid and error data are removed, the quality and accuracy of the data are improved, subsequent judgment and analysis are facilitated, and whether screening conditions are met or not is further judged; the preprocessing module is used for carrying out format conversion and extraction on the user identity information, so that the time and cost of subsequent data processing and analysis can be reduced, and the working efficiency is improved;
3. By constructing the white list user information base, whether the second user is in the white list user information base or not can be intuitively judged by taking the white list user information base as a comparison standard, and preliminary judgment of the user identity is facilitated, so that unauthorized users are prevented from accessing and the legality of the user identity information is ensured.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures.
FIG. 1 is a flow chart of an override method of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and examples, it being understood that the detailed description herein is merely a preferred embodiment of the present invention, which is intended to illustrate the present invention, and not to limit the scope of the invention, as all other embodiments obtained by those skilled in the art without making any inventive effort fall within the scope of the present invention.
Example 1: a whitelist-based override system comprising:
The device comprises a storage module, a server, an analysis module, wireless access point equipment and an override handling module; the storage module is used for storing the first user identity information; the server comprises a communication module and a preprocessing module, wherein the preprocessing module is used for preprocessing the second user identity information received by the communication module to obtain a server access request; the analysis module performs first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result; the wireless access point device is used for carrying out second authentication on the server access request to obtain a second authentication result; the override handling module is used for executing corresponding override handling operation according to the first authentication result and the second authentication result.
In this embodiment, in order to solve the problem that in the prior art, the lack of detection and handling of unauthorized access information in the manner of performing security detection on power grid data results in lower security and stability of power grid operation; in the scheme, the first user identity information is stored through the storage module to construct the white list user information base, wherein the white list user information base is used as a comparison standard to intuitively judge whether the second user is in the white list user information base, so that preliminary judgment of the user identity is facilitated, unauthorized users are prevented from accessing and the legality of the user identity information is ensured; the server performs format conversion and extracts second user data based on the attribute and the content of the second user identity information, so that the analysis module is favorable for comparing and analyzing the second user data with screening conditions, and the reliability and the accuracy of user information authentication are improved; and carrying out first authentication on the second user identity information through an analysis module, then carrying out second authentication on a server access request based on a first authentication result, and carrying out second judgment on the user identity, so that a system can carry out server access authorization on a user, the server and information assets of the user can be protected from losing or leaking, and the safety and the stability of system operation can be further improved through combining a double authentication mechanism of a white list user information base and wireless access point equipment.
Specifically, the preprocessing module is used for setting screening conditions; the preprocessing module performs format conversion on the second user identity information, extracts the attribute and the content of the second user identity information to obtain second user data, and performs comparison analysis on the second user data and the screening condition to judge the attribute of the second user data.
Specifically, the second user data includes a user address, a user data length, and a user protocol type; the screening conditions include a target protocol type, a target source address, and a target address.
In this embodiment, the preprocessing module sets the screening conditions, so that the attribute and the content of the second user identity information can be conveniently extracted to obtain the second user data according to the preset screening conditions, and the attribute of the second user data is further judged by comparing and analyzing the second user data with the screening conditions, so that the data quality is ensured, the comparing and analyzing efficiency is improved, the preliminary judgment is performed in a faster and more accurate mode, the validity of the user identity information is prevented from being ensured by the access of an unauthorized user, and the reliability and the accuracy of the user information authentication are improved.
It will be appreciated that there are several conversion methods for the format conversion of the second user identity information, such as: format conversion software, online conversion tools, etc., are used, which can automatically complete format conversion; the format conversion can also be implemented by writing code using programming languages such as Python, java, etc., which is relatively flexible.
It can be appreciated that the second user identity information conversion extraction has several conversion methods, such as a keyword extraction method, where the keyword extraction is used to identify a set related word or phrase from the text; for example: and identifying and extracting the mobile phone number, word partition and keywords of the user.
It will be appreciated that the second user data comprises: user address, user source address, user data length, user protocol type, physical layer link address, network layer link address, etc.; the screening conditions included: a target protocol type, a target source address, a target address, etc.; the second user identity information includes: user mobile phone number, short message content word segmentation, part of speech standard, word partition, keywords, IP address, etc.
When the second user identity information which needs to access the server is sent to the server according to a specified format, the communication module of the server receives the second user identity information, the preprocessing module of the server preprocesses the received content, the preprocessing process comprises the steps of carrying out format conversion and extraction on a user mobile phone number, a short message content word segmentation, a part-of-speech standard, a word partition, a keyword, an IP address and the like to obtain a user address of the second user, and carrying out comparison and analysis on the attribute of the second user data by taking screening conditions (a target address, a source address, a target data length, a protocol type, a physical layer link address, a network layer link address and the like) as reference indexes.
Specifically, the override handling module comprises a linkage unit and a handling unit; the linkage unit is used for authenticating the server access request; the handling unit is used for triggering the firewall to execute handling operation or uploading access data and writing the access data into the firewall log.
Specifically, the override handling module judges based on a first authentication result, if the first authentication result is a white list user, the handling unit allows the white list user to access the server and upload access data at the same time, and performs second authentication on the server access request based on the linkage unit to obtain a second authentication result; the override handling module judges based on a second authentication result, and if the server access request and the wireless access point equipment are successfully authenticated, the second user accesses the server; if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
In this embodiment, the analysis module determines the first authentication result, so as to obtain corresponding determination results, where each determination result corresponds to an override operation; if the first authentication result is the white list user, the processing unit allows the white list user to access the server and upload access data to write the access data into the firewall log, and then performs second authentication with the wireless access point device based on the linkage unit server access request to obtain a second authentication result; if the first authentication result is a non-white list user, the processing unit of the override processing module performs override processing operation; by defining the override handling operation corresponding to the judgment result, the override handling operation can be accurately carried out on the judgment result, the handling efficiency is improved, and the running efficiency of the power grid system is enhanced; the second authentication is carried out on the server access request and the wireless access point equipment through the linkage unit, two conditions can be obtained, and if the server access request and the wireless access point equipment are successfully authenticated, the second user carries out server access; if the server access request and the wireless access point equipment authentication fail, triggering a firewall to execute a handling operation by a handling unit of the override handling module; and carrying out secondary judgment on the identity of the user according to the second authentication result, so that the system can conveniently carry out server access authorization on the user, and the server and the information assets of the user can be protected from being lost or leaked.
It will be appreciated that a wireless Access Point device (AP) is an Access Point of a wireless network, i.e., a "hot spot". The method mainly comprises a route switching access integrated device and a pure access point device, wherein the integrated device executes access and route work, and the pure access device is only responsible for the access of a wireless client; pure access devices are often used as extensions to wireless networks, connecting with other APs or with a master AP to extend wireless coverage, while integrated devices are typically the core of wireless networks. Most wireless APs support multi-user access, data encryption, multi-rate transmission, and the like, and some even provide sophisticated wireless network management functions.
It is understood that a server access request refers to a client (user side) sending a request to a server to obtain or process a particular resource or information. These requests are typically sent via the HTTP protocol, using the HTTP method GET, POST, PUT, DELETE or the like to specify the type and operation of the request. When the client sends a request to the server, the server performs a corresponding operation according to the requested content and the target resource, and returns a response to the client.
The scheme is that the override handling module executes corresponding handling operation by combining a white list user information base and a double authentication mechanism of wireless access point equipment, so that the identity of a requester can be verified, only authorized users can be ensured to access server resources, and unauthorized access and data leakage are prevented; in addition, the authentication mechanism can be combined with authority management, and different access authorities are distributed according to the identity and the roles of the user, so that the server can provide corresponding functions and data according to the roles and the requirements of the user, the adaptability of the system is improved, and the user can use the system conveniently.
As shown in fig. 1, an override handling method, which is applicable to the override handling system based on the white list, comprises the following steps:
s1, preprocessing second user identity information based on a server to obtain a server access request, and uploading the server access request to an analysis module.
Specifically, before the second user identity information is acquired based on the server, the method further comprises the step of constructing a white list user information base based on the first user identity information of the storage module.
In the embodiment, the first user identity information is stored in the storage module, and the white list user information base is constructed based on the first user identity information of the storage module, wherein the white list user information base is used as a comparison object to intuitively judge whether the second user is in the white list user information base, so that the comparison efficiency is improved, and the identity of the user can be quickly and primarily judged; meanwhile, the security is improved by constructing the white list user information base, the access authority can be effectively controlled, only specific users are allowed to access the protected resources, so that unauthorized users or malicious software can be prevented from accessing the server, the security of the system is improved, and the legality of user identity information is ensured.
It can be understood that the first user identity information is a user address, a user source address, a user data length, a user protocol type, a physical layer link address, a network layer link address, etc. of the whitelisted user, and the whitelisted user information base is constructed based on the first user identity information of the storage module.
Constructing a library is a process involving multiple steps, and in particular, constructing a simple library may involve the steps of: determining the data requirement of a white list user information base, and determining which data need to be collected before starting to construct the white list user information base; in the scheme, first user identity information (white list user) needs to be collected and stored in a storage module; collecting data from different sources according to the data requirements of the white list user information base in a plurality of modes, wherein the method can comprise acquiring white list user information from an internal and external system acquisition mode, a data acquisition interface mode and the like; the data collection mode comprises manual input and system acquisition; after the identity information of the white list user is collected, data cleaning is carried out by adopting modes of deleting repeated data and the like, and a proper data storage mode is selected to store the identity information of the white list user. The first user identity information is stored through the storage module and used for constructing a white list user information base, wherein the white list user information base is used as a comparison standard to intuitively judge whether the second user is in the white list user information base, and preliminary judgment of the user identity is facilitated to prevent unauthorized users from accessing and ensure the validity of the user identity information.
Specifically, S1 includes:
s11, the server extracts second user data based on second user identity information;
s12, judging whether screening conditions are met based on the second user data, and if the screening conditions are met, generating a server access request and sending the server access request to an analysis module; and if the screening condition is not met, screening out the current second user data.
In the embodiment, the format conversion of the second user identity information is performed through the preprocessing module, so that the user identity information with different formats and different sources can be uniformly converted into a standardized format, and the later data screening and analysis are convenient; the second user identity information is extracted through the preprocessing module, so that the user identity information can be carded, repeated, invalid and error data are removed, and the quality and accuracy of the data are improved; the second user data can be simplified, the subsequent judgment and analysis are convenient, and whether the screening condition is met or not is further judged; the preprocessing module is used for carrying out format conversion and extraction on the user identity information, so that the time and cost of subsequent data processing and analysis can be reduced, and the working efficiency is improved; the second user identity information is extracted, the second user is judged based on screening conditions, the attribute of the user can be primarily judged, and if the user identity information is abnormal, the preprocessing module can timely handle the user identity information, so that the safe and stable operation of the power grid system is ensured.
It can be understood that when the second user identity information of the server needs to be accessed is sent to the server according to a specified format, the communication module of the server receives the second user identity information, the preprocessing module of the server preprocesses the received content, the preprocessing process includes extracting and format-converting the user mobile phone number, the short message content word segmentation, the part of speech standard, the word partition, the keyword, the IP address and the like to obtain the user address of the second user, the user source address, the user data length, the user protocol type, the physical layer link address, the network layer link address and the like, comparing and analyzing the screening condition (the target address, the source address, the target data length, the protocol type, the physical layer link address, the network layer link address and the like) as a reference index to judge the attribute of the second user data, and when the screening condition is satisfied, generating a server access request and sending the server access request to the analysis module; and when the screening conditions are not met, screening out the current second user data, and performing preliminary screening on the second user by extracting the second user identity information and judging the second user based on the screening conditions so as to improve the running stability of the power grid.
S2, the analysis module carries out first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result.
S3, performing second authentication on the server access request based on the wireless access point equipment to obtain a second authentication result.
In the embodiment, the analysis module carries out interactive authentication on the second user identity information and the first user identity information based on the white list user information base to judge whether the second user is the white list user or not; the first authentication result comprises a white list user or a non-white list user; the second authentication result comprises that the wireless access point device allows the second user to access the server and the wireless access point device does not allow the second user to access the server, and the server access authorization is conveniently performed on the user by the system through the first authentication result and the second authentication result, so that information assets of the server and the user are protected from being lost or leaked.
And S4, the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result.
Specifically, S4 includes:
the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result, and comprises the following steps: if the first authentication result is the white list user, allowing the white list user to access the server by the processing unit of the override processing module and uploading access data at the same time, and performing second authentication based on the linkage unit to obtain a second authentication result; and executing corresponding override handling operation based on the second authentication result.
Specifically, S4 further includes:
executing a corresponding override operation based on the second authentication result, comprising the steps of: if the server access request and the wireless access point equipment authentication are successful, the second user performs server access; if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
In this embodiment, first authentication is performed first, then second authentication is performed based on a first authentication result, and the override handling module performs a corresponding override handling operation according to the first authentication result and the second authentication result; by combining the dual authentication mechanism of the white list user information base and the wireless access point equipment, the system is convenient for the server access authorization of the user, is beneficial to protecting the information assets of the server and the user from losing or leakage, and improves the safety and stability of the system operation.
It can be appreciated that the analysis module performs the first authentication to determine whether the second user is a whitelisted user; and then the wireless access point equipment carries out secondary judgment on the identity of the user according to the first authentication result, so that the system can conveniently carry out server access authorization on the user, the server and the information asset of the user can be protected from losing or leakage, and the safety and the stability of the system operation are further improved by combining a double authentication mechanism of a white list user information base and the wireless access point equipment.
The above embodiments are preferred embodiments of the whitelist-based override system and method of the present invention, and are not intended to limit the scope of the invention, which includes but is not limited to the embodiments, and equivalent changes in shape and structure according to the invention are within the scope of the invention.

Claims (10)

1. The override handling system based on the white list is characterized in that:
the system comprises a storage module, a server, an analysis module, wireless access point equipment and an override handling module;
The storage module is used for storing first user identity information;
The server comprises a communication module and a preprocessing module, wherein the preprocessing module is used for preprocessing the second user identity information received by the communication module to obtain a server access request;
the analysis module performs first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result;
the wireless access point device is used for carrying out second authentication on the server access request to obtain a second authentication result;
the override handling module is used for executing corresponding override handling operation according to the first authentication result and the second authentication result.
2. The whitelist-based override system of claim 1, wherein:
the pretreatment module is used for setting screening conditions;
The preprocessing module performs format conversion on the second user identity information, extracts the attribute and the content of the second user identity information to obtain second user data, and performs comparison analysis on the second user data and the screening condition to judge the attribute of the second user data.
3. The whitelist-based override system of claim 2, wherein:
The second user data comprises a user address, a user data length and a user protocol type;
The screening conditions include a target protocol type, a target source address, and a target address.
4. The whitelist-based override system of claim 1, wherein:
the override handling module comprises a linkage unit and a handling unit;
the linkage unit is used for authenticating the server access request;
the handling unit is used for triggering the firewall to execute handling operation or uploading access data and writing the access data into the firewall log.
5. The whitelist-based override system of claim 4, wherein:
The override handling module judges based on the first authentication result, if the first authentication result is a white list user, the handling unit allows the white list user to access the server and upload access data at the same time, and performs second authentication on the server access request based on the linkage unit to obtain a second authentication result;
The override handling module judges based on the second authentication result, and if the server access request and the wireless access point equipment authentication are successful, the second user accesses the server;
if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
6. An override method for use with a whitelist-based override system as recited in any one of claims 1-5, comprising the steps of:
s1, preprocessing second user identity information based on a server to obtain a server access request and uploading the server access request to an analysis module;
S2, the analysis module carries out first authentication on the second user identity information and the first user identity information based on the white list user information base to obtain a first authentication result;
S3, performing second authentication on the server access request based on the wireless access point equipment to obtain a second authentication result;
and S4, the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result.
7. An override method as recited in claim 6 in which:
Before the second user identity information is acquired based on the server, the method further comprises the step of constructing a white list user information base based on the first user identity information of the storage module.
8. The override method of claim 6, wherein S1 comprises:
s11, the server extracts second user data based on second user identity information;
s12, judging whether screening conditions are met based on the second user data, and if the screening conditions are met, generating a server access request and sending the server access request to an analysis module; and if the screening condition is not met, screening out the current second user data.
9. The override method of claim 6, wherein S4 comprises:
the override handling module executes corresponding override handling operation according to the first authentication result and the second authentication result, and comprises the following steps:
If the first authentication result is the white list user, allowing the white list user to access the server by the processing unit of the override processing module and uploading access data at the same time, and performing second authentication based on the linkage unit to obtain a second authentication result;
And executing corresponding override handling operation based on the second authentication result.
10. The override method of claim 9, wherein S4 comprises:
Executing a corresponding override operation based on the second authentication result, comprising the steps of:
if the server access request and the wireless access point equipment authentication are successful, the second user performs server access;
if the server access request and the wireless access point device authentication fail, the handling unit of the override handling module triggers the firewall to execute the handling operation.
CN202311839461.3A 2023-12-28 2023-12-28 Override handling system and method based on white list Pending CN117939464A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311839461.3A CN117939464A (en) 2023-12-28 2023-12-28 Override handling system and method based on white list

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311839461.3A CN117939464A (en) 2023-12-28 2023-12-28 Override handling system and method based on white list

Publications (1)

Publication Number Publication Date
CN117939464A true CN117939464A (en) 2024-04-26

Family

ID=90763883

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311839461.3A Pending CN117939464A (en) 2023-12-28 2023-12-28 Override handling system and method based on white list

Country Status (1)

Country Link
CN (1) CN117939464A (en)

Similar Documents

Publication Publication Date Title
CN109325351B (en) Security hole automatic verification system based on public testing platform
CN110855676B (en) Network attack processing method and device and storage medium
RU2606564C1 (en) System and method of blocking script execution
CN111651757A (en) Attack behavior monitoring method, device, equipment and storage medium
KR100745044B1 (en) Apparatus and method for protecting access of phishing site
CN110968848B (en) User-based rights management method and device and computing equipment
CN111431753A (en) Asset information updating method, device, equipment and storage medium
JP2018063695A (en) System and method for performing secure online banking transactions
CN112235306B (en) E-commerce account verification method based on cloud security
KR20180074774A (en) How to identify malicious websites, devices and computer storage media
CN113190838A (en) Web attack behavior detection method and system based on expression
CN115374420A (en) Cross-browser high-concurrency data access software system based on face security verification
CN113132329A (en) WEBSHELL detection method, device, equipment and storage medium
CN105243328A (en) Behavioral characteristic based Ferry horse defense method
CN110837646A (en) Risk investigation device of unstructured database
CN114745145B (en) Business data access method, device and equipment and computer storage medium
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
CN116418587B (en) Data cross-domain switching behavior audit trail method and data cross-domain switching system
CN110417578B (en) Abnormal FTP connection alarm processing method
CN115150137B (en) Redis-based high-frequency access early warning method and device
CN114866247B (en) Communication method, device, system, terminal and server
CN107294994B (en) CSRF protection method and system based on cloud platform
KR102258965B1 (en) Method and device for classifying range of web attack types by using information on method field of http protocol and information on content-type field of http protocol
CN113194088B (en) Access interception method, device, log server and computer readable storage medium
CN117939464A (en) Override handling system and method based on white list

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination