CN117978421A - Computer network data safety intelligent protection system based on internet - Google Patents
Computer network data safety intelligent protection system based on internet Download PDFInfo
- Publication number
- CN117978421A CN117978421A CN202311529865.2A CN202311529865A CN117978421A CN 117978421 A CN117978421 A CN 117978421A CN 202311529865 A CN202311529865 A CN 202311529865A CN 117978421 A CN117978421 A CN 117978421A
- Authority
- CN
- China
- Prior art keywords
- computer
- protection
- authorized
- software
- computer network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 72
- 238000004458 analytical method Methods 0.000 claims abstract description 66
- 238000011156 evaluation Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims description 64
- 230000002159 abnormal effect Effects 0.000 claims description 27
- 238000004891 communication Methods 0.000 claims description 25
- 238000013475 authorization Methods 0.000 claims description 24
- 238000004519 manufacturing process Methods 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 14
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013441 quality evaluation Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an internet-based computer network data security intelligent protection system, which relates to the technical field of network data protection and solves the technical problem that in the prior art, active risk early warning and passive risk early warning cannot be carried out on a computer operation process; the active risk early warning unit performs active risk early warning on the computer running process, judges whether network intrusion exists in the computer running process, and the passive risk early warning unit performs passive risk early warning on the computer network running period, and judges whether the computer network data has passive authorized operation risk in the computer running process; and after the protection analysis is completed, the security performance evaluation unit evaluates the security performance of the computer network data.
Description
Technical Field
The invention relates to the technical field of network data protection, in particular to an intelligent computer network data security protection system based on the Internet.
Background
In the big data age, computer network technology has developed rapidly, and the information security of computer networks is followed; to ensure information security, security measures must be actively implemented to protect sensitive information from hackers; computer networks in big data environments must build a perfect security system to protect information of businesses and individuals, especially individuals who need enhanced protection.
However, in the prior art, the computer network data protection stage cannot perform safety detection on the computer operation equipment, so that the influence of the operation equipment on data cannot be eliminated, and meanwhile, active risk early warning and passive risk early warning cannot be performed on the computer operation process, so that the computer network data safety protection efficiency is reduced.
In view of the above technical drawbacks, a solution is now proposed.
Disclosure of Invention
The invention aims to solve the problems and provides an intelligent computer network data security protection system based on the Internet.
The aim of the invention can be achieved by the following technical scheme:
the computer network data safety intelligent protection system based on the Internet comprises a cloud protection platform, wherein the cloud protection platform is in communication connection with an equipment analysis protection unit, an operation safety protection unit and a safety performance evaluation unit;
The equipment analysis protection unit performs equipment analysis on the computer network data, acquires equipment analysis protection coefficients in the running process of the computer, compares and generates equipment running protection signals or equipment running safety signals according to the equipment analysis protection coefficients, and sends the equipment running protection signals or the equipment running safety signals to the cloud protection platform;
The operation protection analysis unit is in communication connection with an active risk early warning unit and a passive risk early warning unit, the active risk early warning unit carries out active risk early warning on the computer operation process, judges whether network intrusion exists in the computer operation process, and the passive risk early warning unit carries out passive risk early warning on the computer network operation period, and judges whether the computer network data has passive authorized operation risk in the computer operation process;
and after the protection analysis is completed, the security performance evaluation unit evaluates the security performance of the computer network data.
As a preferred embodiment of the invention, the operation of the device analysis and protection unit is as follows:
Acquiring a controllable quantity of the temperature rise speed of operating hardware equipment in a computer network data transmission stage in the computer operation process and a maximum adjustable quantity of the data transmission speed corresponding to operating software equipment in the computer network data transmission stage; acquiring the overlapping time length of a controllable quantity reduction period of the temperature rise speed of operating hardware equipment and a maximum adjustable quantity reduction period of the data transmission speed corresponding to operating software equipment in a computer network data transmission stage in the computer operation process; obtaining equipment analysis protection coefficients in the running process of a computer through analysis;
comparing the equipment analysis protection coefficient with an equipment analysis protection coefficient threshold value in the running process of the computer:
if the equipment analysis protection coefficient exceeds the equipment analysis protection coefficient threshold value in the running process of the computer, judging that the equipment analysis is abnormal in the running process of the computer, generating an equipment running protection signal and sending the equipment running protection signal to a cloud protection platform, and after the cloud protection platform receives the equipment running protection signal, running the current running computer for a whole time and checking computer network data; if the equipment analysis protection coefficient does not exceed the equipment analysis protection coefficient threshold value in the computer operation process, judging that equipment analysis is normal in the computer operation process, generating an equipment operation safety signal and sending the equipment safety protection signal to the cloud protection platform.
As a preferred embodiment of the present invention, the active risk early warning unit operates as follows:
Acquiring a computer operation period, dividing the computer operation period into a data pre-production period and a data post-production period according to computer network data generation time, monitoring the computer operation period, acquiring the authorization quantity of computer network data background access software corresponding to the data pre-production period and corresponding authorization software names, monitoring the types of the authorization software in real time in the computer operation period, acquiring the corresponding authorization time of the corresponding increased authorization software if the quantity of the monitoring types of the authorization software is increased, and simultaneously acquiring whether the authorization action of a computer administrator terminal exists at the corresponding authorization time for execution, and judging whether the type of the authorization software is increased without abnormality if the authorization software exists and the names of the authorization software are consistent; otherwise, if the authorized software is not present or the authorized software names are consistent, judging that the type of the authorized software is abnormal in addition, and controlling the operation of the computer.
As a preferred embodiment of the present invention, the specific control process is as follows:
if the current abnormal moment is in the data pre-production period, analyzing background software for establishing communication connection in the data pre-production period, and if the background software for establishing communication connection does not have data generation at the front end of the software in the current data pre-production period or transmission data of a communication connection terminal outside a current computer network at the background software for establishing communication connection is generated, calibrating the corresponding background software as risk software, simultaneously generating a software communication protection signal and sending the software communication protection signal and the corresponding risk software to a cloud protection platform; if the background software for establishing communication connection has data generation at the front end of the software in the current data pre-production period and transmission data of the communication connection terminal is generated except for the current computer network, the corresponding background software is marked as safety software, and meanwhile, a software communication safety signal is generated and sent to the cloud protection platform.
As a preferred embodiment of the present invention, the passive risk early warning unit operates as follows:
Collecting and analyzing all authorized operation moments in a computer operation period, acquiring the interval duration between an authorized clicking interface corresponding to the authorized operation moment of a computer administrator and an adjacent clicking interface popup window in the computer operation period and the area overlapping area between an authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and a habit clicking area of the clicking interface corresponding to the administrator, and comparing the interval duration between the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the adjacent clicking interface popup window in the computer operation period and the area overlapping area between the authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the habit clicking area of the clicking interface corresponding to the administrator with a popup window interval duration threshold range and an area overlapping area threshold respectively.
As a preferred embodiment of the invention, if the interval duration of the window of the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface in the computer operation period is lower than the minimum value of the interval duration threshold range of the window, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area in which the administrator is used to click the clicking interface exceeds the area overlapping area threshold, a short-time misoperation signal is generated and sent to the cloud protection platform;
if the time length of the interval between the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface in the computer operation period is higher than the minimum value of the interval duration threshold range of the popup window, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area where the clicking interface is used to click corresponding to the administrator exceeds the area overlapping area threshold, generating a long-time misoperation signal and sending the long-time misoperation signal to the cloud protection platform;
and if the window interval time of the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface is the minimum value of the window interval time threshold range in the computer operation time, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area in which the clicking interface is used to click by the administrator does not exceed the area overlapping area threshold, generating an operation qualified signal and sending the operation qualified signal to the cloud protection platform.
As a preferred implementation mode of the invention, after receiving the short-time misoperation signal, the cloud protection platform carries out security assessment on the authorized terminal of the computer at the current authorized moment and pauses data transmission in a security assessment stage, after receiving the long-time misoperation signal, the cloud protection platform assesses the running network speed of the computer at the current authorized moment, if the network speed assessment is normal, the cloud protection platform carries out data transmission monitoring on the current authorized terminal, and if the network speed assessment is abnormal, the cloud protection platform does not monitor the current authorized terminal.
As a preferred embodiment of the invention, the safety performance evaluation unit operates as follows:
acquiring the frequency of abnormal interruption of data transmission link transmission in the process of protecting computer network data and the data volume ratio of successful access completion of an unauthorized end of transmission data in the process of protecting computer network data, and comparing the frequency with an interruption frequency threshold and a data volume ratio threshold respectively:
If the frequency of abnormal interruption of data transmission link transmission exceeds the threshold of interruption frequency, or the data volume ratio of the unauthorized end for transmitting data in the computer network data protection exceeds the threshold of data volume ratio, generating an operation protection low-efficiency signal and sending the operation protection low-efficiency signal to the cloud protection platform; if the frequency of abnormal interruption of data transmission link transmission in the computer network data protection process does not exceed the interruption frequency threshold, and the data volume ratio of the data volume of successfully completing access by the data transmission unauthorized end in the computer network data protection process does not exceed the data volume ratio threshold, generating an operation protection high-efficiency signal and sending the operation protection high-efficiency signal to the cloud protection platform.
Compared with the prior art, the invention has the beneficial effects that:
1. In the invention, the computer network data is subjected to equipment analysis, whether the operation equipment has influence in the operation process of the computer network data is judged, the influence on the safety of the computer network data is avoided, the fault risk of the computer network operation equipment is reduced, and the early warning is conveniently carried out in time to reduce the influence on the computer network data.
2. In the invention, the active risk early warning is carried out on the computer operation process, and whether network intrusion exists in the computer operation process is judged, so that the security evaluation is carried out on the computer network data, the security reduction of the computer network data caused by external active intrusion in the real-time operation process is avoided, the active protection is carried out in time, and the intrusion influence of the computer network data is reduced; and (3) carrying out passive risk early warning in the computer network operation period, judging whether the computer network data has a passive authorization operation risk in the computer operation process, thereby causing abnormal computer authorization, causing false authorization of a computer network communication terminal, affecting the safety of the computer network data, and reducing the data transmission efficiency of the computer network.
3. In the invention, the security evaluation is carried out on the authorized terminal of the computer at the current authorized moment, the data transmission is suspended in the security evaluation stage, the running network speed of the computer at the current authorized moment is evaluated after the long-time misoperation signal is received, the data transmission monitoring is carried out on the current authorized terminal if the network speed evaluation is normal, and the monitoring is not carried out on the current authorized terminal if the network speed evaluation is abnormal.
Drawings
The present invention is further described below with reference to the accompanying drawings for the convenience of understanding by those skilled in the art.
FIG. 1 is a block diagram of the overall principle of the invention;
fig. 2 is a functional block diagram of an operational safety protection unit of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
Referring to fig. 1, an internet-based computer network data security intelligent protection system includes a cloud protection platform, wherein the cloud protection platform is communicatively connected with an equipment analysis protection unit, an operation security protection unit and a security performance evaluation unit;
In the computer network operation process, the cloud protection platform generates equipment analysis protection signals and sends the equipment analysis protection signals to the equipment analysis protection unit, and after the equipment analysis protection unit receives the equipment analysis protection signals, equipment analysis is carried out on computer network data to judge whether the operation equipment has influence in the computer network data operation process, so that the influence on the computer network data safety is avoided, the fault risk of the computer network operation equipment is reduced, and early warning is conveniently carried out in time to reduce the influence on the computer network data;
Acquiring controllable quantity of temperature rise speed of operating hardware equipment in a computer network data transmission stage in the computer operation process and maximum adjustable quantity of data transmission speed corresponding to operating software equipment in the computer network data transmission stage, and respectively marking the controllable quantity of temperature rise speed of the operating hardware equipment in the computer network data transmission stage in the computer operation process and the maximum adjustable quantity of data transmission speed corresponding to the operating software equipment in the computer network data transmission stage as WFK and SDK; acquiring the overlapping duration of a controllable quantity reduction period of the temperature rise speed of the operating hardware equipment in a data transmission stage of a computer network in the operation process of the computer and a maximum adjustable quantity reduction period of the data transmission speed corresponding to the operating software equipment, and marking the overlapping duration of the controllable quantity reduction period of the temperature rise speed of the operating hardware equipment in the data transmission stage of the computer network in the operation process of the computer and the maximum adjustable quantity reduction period of the data transmission speed corresponding to the operating software equipment as CDS;
by the formula Obtaining an equipment analysis protection coefficient G in the running process of a computer, wherein f1, f2 and f3 are preset proportional coefficients, f1 is more than f2 and more than f3 is more than 1, beta is an error correction factor, and the value is 1.24;
Comparing the equipment analysis protection coefficient G with an equipment analysis protection coefficient threshold value in the running process of the computer:
If the equipment analysis protection coefficient G exceeds the equipment analysis protection coefficient threshold value in the running process of the computer, judging that the equipment analysis is abnormal in the running process of the computer, generating an equipment running protection signal and sending the equipment running protection signal to a cloud protection platform, and after the cloud protection platform receives the equipment running protection signal, running the computer on the whole, and checking the computer network data;
if the equipment analysis protection coefficient G does not exceed the equipment analysis protection coefficient threshold value in the running process of the computer, judging that equipment analysis is normal in the running process of the computer, generating an equipment running safety signal and sending the equipment safety protection signal to the cloud protection platform;
The cloud protection platform generates an operation protection analysis signal and sends the operation protection analysis signal to an operation protection analysis unit, and referring to fig. 2, the operation protection analysis unit is connected with an active risk early-warning unit and a passive risk early-warning unit in a communication manner;
the active risk early warning unit carries out active risk early warning on the computer operation process, judges whether network intrusion exists in the computer operation process, thereby carrying out security assessment on computer network data, avoiding security reduction of the computer network data caused by external active intrusion in the real-time operation process, facilitating active protection in time and reducing intrusion influence of the computer network data;
acquiring a computer operation period, dividing the computer operation period into a data pre-production period and a data post-production period according to computer network data generation time, monitoring the computer operation period, acquiring the authorization quantity of computer network data background access software corresponding to the data pre-production period and corresponding authorization software names, monitoring the types of the authorization software in real time in the computer operation period, acquiring the corresponding authorization time of the corresponding increased authorization software if the quantity of the monitoring types of the authorization software is increased, and simultaneously acquiring whether the authorization action of a computer administrator terminal exists at the corresponding authorization time for execution, and judging whether the type of the authorization software is increased without abnormality if the authorization software exists and the names of the authorization software are consistent; otherwise, if the authorized software names are not present or are consistent, judging that the authorized software types are increased and abnormal, controlling the operation of the computer, analyzing background software for establishing communication connection in the data pre-production period if the current abnormal moment is in the data pre-production period, and calibrating corresponding background software as risk software if the background software for establishing communication connection does not have data generation at the front end of the software in the current data pre-production period or transmission data of a communication connection terminal except for the current computer network is not generated, and simultaneously generating a software communication protection signal and sending the software communication protection signal and the corresponding risk software to the cloud protection platform; if the background software for establishing communication connection has data generation at the front end of the software in the current data pre-production period and transmission data of a communication connection terminal is generated except for the current computer network, the corresponding background software is marked as safety software, and meanwhile, a software communication safety signal is generated and sent to the cloud protection platform;
The passive risk early warning unit carries out passive risk early warning on the computer network in the operation period of the computer network, judges whether the computer network data has the risk of passive authorization operation in the operation process of the computer, thereby causing abnormal authorization of the computer, causing false authorization of a computer network communication terminal, affecting the safety of the computer network data, and reducing the data transmission efficiency of the computer network;
Collecting and analyzing all authorized operation moments in a computer operation period, acquiring the interval duration between an authorized clicking interface corresponding to the authorized operation moment of a computer administrator and an adjacent clicking interface popup window in the computer operation period and the area overlapping area between an authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and a habit clicking area of the clicking interface corresponding to the administrator, and comparing the interval duration between the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the adjacent clicking interface popup window in the computer operation period and the area overlapping area between the authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the habit clicking area of the clicking interface corresponding to the administrator with a popup window interval duration threshold range and an area overlapping area threshold respectively:
if the interval duration of the computer administrator authorized operation time corresponding to the authorized clicking interface and the adjacent clicking interface in the computer operation period is lower than the minimum value of the interval duration threshold range of the popup windows, and the area overlapping area of the authorized area in the computer administrator authorized operation time corresponding to the authorized clicking interface and the area in which the administrator is used to click the corresponding clicking interface exceeds the area overlapping area threshold, judging that the administrator authorized operation is abnormal, generating a short-time misoperation signal and sending the short-time misoperation signal to the cloud protection platform;
If the time length of the interval between the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface in the computer operation period is higher than the minimum value of the interval time length threshold range of the popup window, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area in which the clicking interface is used to click by the administrator is larger than the area overlapping area threshold, judging that the authorized operation of the administrator is abnormal, generating a long-time misoperation signal and sending the long-time misoperation signal to the cloud protection platform;
If the interval duration of the computer administrator authorization operation time corresponding to the authorization click interface and the adjacent click interface in the computer operation time is the minimum value of the interval duration threshold range of the popup windows, and the area overlapping area of the authorization area in the computer administrator authorization operation time corresponding to the authorization click interface and the area in which the administrator is used to click the interface does not exceed the area overlapping area threshold, judging that the administrator authorization operation is normally executed, generating an operation qualified signal and sending the operation qualified signal to the cloud protection platform;
After receiving the short-time misoperation signals, the cloud protection platform carries out security assessment on an authorized terminal of the computer at the current authorized moment and pauses data transmission in a security assessment stage, after receiving the long-time misoperation signals, the cloud protection platform assesses the running network speed of the computer at the current authorized moment, if the network speed assessment is normal, the cloud protection platform carries out data transmission monitoring on the current authorized terminal, and if the network speed assessment is abnormal, the cloud protection platform does not monitor the current authorized terminal;
the cloud protection platform generates a security performance evaluation signal and sends the security performance evaluation signal to the security performance evaluation unit, the security performance evaluation unit performs security performance evaluation on the computer network data after receiving the security performance evaluation signal, and judges whether the real-time security performance of the computer network data meets the actual requirement, so that the quality evaluation on the operation of the computer is performed, the feasibility detection on the equipment analysis protection and the operation security protection is also performed, and the protection efficiency of the computer network data is further ensured;
Acquiring the frequency of generating abnormal interruption of data transmission link transmission in the process of protecting computer network data and the data volume ratio of successfully completing access by the unauthorized end of transmission data in the process of protecting computer network data, and comparing the frequency of generating abnormal interruption of data transmission link transmission in the process of protecting computer network data and the data volume ratio of successfully completing access by the unauthorized end of transmission data in the process of protecting computer network data with an interruption generating frequency threshold and a data volume ratio threshold respectively:
If the frequency of abnormal interruption of data transmission link transmission in the computer network data protection process exceeds the threshold of interruption frequency, or the data volume ratio of the unauthorized end of transmission data in the computer network data protection process to successfully finish access exceeds the threshold of data volume ratio, judging that the computer operation protection efficiency is low, generating an operation protection inefficiency signal and sending the operation protection inefficiency signal to a cloud protection platform, and after receiving the operation protection inefficiency signal, the cloud protection platform carries out security assessment on all authorized ends of the computer and simultaneously carries out security re-analysis on computer operation equipment and operation time period;
If the frequency of abnormal interruption of data transmission link transmission in the computer network data protection process does not exceed the interruption frequency threshold, and the data volume ratio of the data volume of successful access completion of the data transmission unauthorized end in the computer network data protection process does not exceed the data volume ratio threshold, judging that the computer has high operation protection efficiency, generating an operation protection high-efficiency signal and sending the operation protection high-efficiency signal to the cloud protection platform.
The formulas are all formulas obtained by collecting a large amount of data for software simulation and selecting a formula close to a true value, and coefficients in the formulas are set by a person skilled in the art according to actual conditions;
When the cloud protection platform is used, the equipment analysis protection unit performs equipment analysis on computer network data, acquires equipment analysis protection coefficients in the running process of a computer, compares and generates equipment running protection signals or equipment running safety signals according to the equipment analysis protection coefficients, and sends the equipment running protection signals or the equipment running safety signals to the cloud protection platform; the operation protection analysis unit is in communication connection with an active risk early warning unit and a passive risk early warning unit, the active risk early warning unit carries out active risk early warning on the computer operation process, judges whether network intrusion exists in the computer operation process, and the passive risk early warning unit carries out passive risk early warning on the computer network operation period, and judges whether the computer network data has passive authorized operation risk in the computer operation process; and after the protection analysis is completed, the security performance evaluation unit evaluates the security performance of the computer network data.
The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.
Claims (8)
1. The computer network data safety intelligent protection system based on the Internet is characterized by comprising a cloud protection platform, wherein the cloud protection platform is in communication connection with an equipment analysis protection unit, an operation safety protection unit and a safety performance evaluation unit;
The equipment analysis protection unit performs equipment analysis on the computer network data, acquires equipment analysis protection coefficients in the running process of the computer, compares and generates equipment running protection signals or equipment running safety signals according to the equipment analysis protection coefficients, and sends the equipment running protection signals or the equipment running safety signals to the cloud protection platform;
The operation protection analysis unit is in communication connection with an active risk early warning unit and a passive risk early warning unit, the active risk early warning unit carries out active risk early warning on the computer operation process, judges whether network intrusion exists in the computer operation process, and the passive risk early warning unit carries out passive risk early warning on the computer network operation period, and judges whether the computer network data has passive authorized operation risk in the computer operation process;
and after the protection analysis is completed, the security performance evaluation unit evaluates the security performance of the computer network data.
2. An internet-based computer network data security intelligent protection system according to claim 1, wherein the device analysis protection unit operates as follows:
Acquiring a controllable quantity of the temperature rise speed of operating hardware equipment in a computer network data transmission stage in the computer operation process and a maximum adjustable quantity of the data transmission speed corresponding to operating software equipment in the computer network data transmission stage; acquiring the overlapping time length of a controllable quantity reduction period of the temperature rise speed of operating hardware equipment and a maximum adjustable quantity reduction period of the data transmission speed corresponding to operating software equipment in a computer network data transmission stage in the computer operation process; obtaining equipment analysis protection coefficients in the running process of a computer through analysis;
comparing the equipment analysis protection coefficient with an equipment analysis protection coefficient threshold value in the running process of the computer:
if the equipment analysis protection coefficient exceeds the equipment analysis protection coefficient threshold value in the running process of the computer, judging that the equipment analysis is abnormal in the running process of the computer, generating an equipment running protection signal and sending the equipment running protection signal to a cloud protection platform, and after the cloud protection platform receives the equipment running protection signal, running the current running computer for a whole time and checking computer network data; if the equipment analysis protection coefficient does not exceed the equipment analysis protection coefficient threshold value in the computer operation process, judging that equipment analysis is normal in the computer operation process, generating an equipment operation safety signal and sending the equipment safety protection signal to the cloud protection platform.
3. The internet-based computer network data security intelligent protection system according to claim 1, wherein the active risk early warning unit operates as follows:
Acquiring a computer operation period, dividing the computer operation period into a data pre-production period and a data post-production period according to computer network data generation time, monitoring the computer operation period, acquiring the authorization quantity of computer network data background access software corresponding to the data pre-production period and corresponding authorization software names, monitoring the types of the authorization software in real time in the computer operation period, acquiring the corresponding authorization time of the corresponding increased authorization software if the quantity of the monitoring types of the authorization software is increased, and simultaneously acquiring whether the authorization action of a computer administrator terminal exists at the corresponding authorization time for execution, and judging whether the type of the authorization software is increased without abnormality if the authorization software exists and the names of the authorization software are consistent; otherwise, if the authorized software is not present or the authorized software names are consistent, judging that the type of the authorized software is abnormal in addition, and controlling the operation of the computer.
4. The intelligent protection system for computer network data security based on the Internet of claim 3, wherein the specific control process is as follows:
if the current abnormal moment is in the data pre-production period, analyzing background software for establishing communication connection in the data pre-production period, and if the background software for establishing communication connection does not have data generation at the front end of the software in the current data pre-production period or transmission data of a communication connection terminal outside a current computer network at the background software for establishing communication connection is generated, calibrating the corresponding background software as risk software, simultaneously generating a software communication protection signal and sending the software communication protection signal and the corresponding risk software to a cloud protection platform; if the background software for establishing communication connection has data generation at the front end of the software in the current data pre-production period and transmission data of the communication connection terminal is generated except for the current computer network, the corresponding background software is marked as safety software, and meanwhile, a software communication safety signal is generated and sent to the cloud protection platform.
5. The internet-based computer network data security intelligent protection system according to claim 1, wherein the passive risk early warning unit operates as follows:
Collecting and analyzing all authorized operation moments in a computer operation period, acquiring the interval duration between an authorized clicking interface corresponding to the authorized operation moment of a computer administrator and an adjacent clicking interface popup window in the computer operation period and the area overlapping area between an authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and a habit clicking area of the clicking interface corresponding to the administrator, and comparing the interval duration between the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the adjacent clicking interface popup window in the computer operation period and the area overlapping area between the authorized area in the authorized clicking interface corresponding to the authorized operation moment of the computer administrator and the habit clicking area of the clicking interface corresponding to the administrator with a popup window interval duration threshold range and an area overlapping area threshold respectively.
6. The internet-based computer network data security intelligent protection system according to claim 5, wherein if the interval duration between the computer administrator authorized operation time corresponding to the authorized click interface and the adjacent click interface popup window is lower than the minimum value of the interval duration threshold range of the popup window in the computer operation time, and the area overlapping area of the authorized area in the computer administrator authorized operation time corresponding to the authorized click interface and the area in which the administrator is used to click the interface corresponding to the click interface exceeds the area overlapping area threshold, a short-time misoperation signal is generated and sent to the cloud protection platform;
if the time length of the interval between the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface in the computer operation period is higher than the minimum value of the interval duration threshold range of the popup window, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area where the clicking interface is used to click corresponding to the administrator exceeds the area overlapping area threshold, generating a long-time misoperation signal and sending the long-time misoperation signal to the cloud protection platform;
and if the window interval time of the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the adjacent clicking interface is the minimum value of the window interval time threshold range in the computer operation time, and the area overlapping area of the authorized area in the authorized clicking interface corresponding to the authorized operation time of the computer administrator and the area in which the clicking interface is used to click by the administrator does not exceed the area overlapping area threshold, generating an operation qualified signal and sending the operation qualified signal to the cloud protection platform.
7. The intelligent protection system for computer network data security based on internet of claim 6, wherein the cloud protection platform performs security assessment on the authorized terminal of the computer at the current authorized time after receiving the short-time misoperation signal, pauses data transmission in the security assessment stage, assesses the running network speed of the computer at the current authorized time after receiving the long-time misoperation signal, performs data transmission monitoring on the current authorized terminal if the network speed assessment is normal, and does not monitor the current authorized terminal if the network speed assessment is abnormal.
8. An internet-based computer network data security intelligent protection system according to claim 1, wherein the security performance evaluation unit operates as follows:
acquiring the frequency of abnormal interruption of data transmission link transmission in the process of protecting computer network data and the data volume ratio of successful access completion of an unauthorized end of transmission data in the process of protecting computer network data, and comparing the frequency with an interruption frequency threshold and a data volume ratio threshold respectively:
If the frequency of abnormal interruption of data transmission link transmission exceeds the threshold of interruption frequency, or the data volume ratio of the unauthorized end for transmitting data in the computer network data protection exceeds the threshold of data volume ratio, generating an operation protection low-efficiency signal and sending the operation protection low-efficiency signal to the cloud protection platform; if the frequency of abnormal interruption of data transmission link transmission in the computer network data protection process does not exceed the interruption frequency threshold, and the data volume ratio of the data volume of successfully completing access by the data transmission unauthorized end in the computer network data protection process does not exceed the data volume ratio threshold, generating an operation protection high-efficiency signal and sending the operation protection high-efficiency signal to the cloud protection platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311529865.2A CN117978421A (en) | 2023-11-16 | 2023-11-16 | Computer network data safety intelligent protection system based on internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311529865.2A CN117978421A (en) | 2023-11-16 | 2023-11-16 | Computer network data safety intelligent protection system based on internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117978421A true CN117978421A (en) | 2024-05-03 |
Family
ID=90856330
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311529865.2A Pending CN117978421A (en) | 2023-11-16 | 2023-11-16 | Computer network data safety intelligent protection system based on internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117978421A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040068559A1 (en) * | 2002-10-04 | 2004-04-08 | Shaw Terry D. | Method for detection of unauthorized computer system usage |
| WO2008041915A2 (en) * | 2006-10-04 | 2008-04-10 | Behaviometrics Ab | Security system and method for detecting intrusion in a computerized system |
| KR101720273B1 (en) * | 2015-10-23 | 2017-04-10 | 한국정보통신주식회사 | A terminal for providing banking services, a method for operating the terminal, a server for providing banking services and a method for operatin the server |
| CN108769019A (en) * | 2018-05-29 | 2018-11-06 | 深圳智达机械技术有限公司 | A kind of smart home security protection system |
| CN109412902A (en) * | 2018-12-19 | 2019-03-01 | 国网山西省电力公司 | A kind of intelligent monitoring method of power dispatch data network system, storage equipment, terminal and system |
| CN113536243A (en) * | 2021-07-09 | 2021-10-22 | 益世信息技术(杭州)有限公司 | Enterprise internal software use management system based on authority analysis |
| CN115333849A (en) * | 2022-08-25 | 2022-11-11 | 青岛远洋船员职业学院 | Computer network safety intrusion detection system |
| CN115967646A (en) * | 2022-12-20 | 2023-04-14 | 安徽国防科技职业学院 | Internet-based computer network data security intelligent protection system |
-
2023
- 2023-11-16 CN CN202311529865.2A patent/CN117978421A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040068559A1 (en) * | 2002-10-04 | 2004-04-08 | Shaw Terry D. | Method for detection of unauthorized computer system usage |
| WO2008041915A2 (en) * | 2006-10-04 | 2008-04-10 | Behaviometrics Ab | Security system and method for detecting intrusion in a computerized system |
| KR101720273B1 (en) * | 2015-10-23 | 2017-04-10 | 한국정보통신주식회사 | A terminal for providing banking services, a method for operating the terminal, a server for providing banking services and a method for operatin the server |
| CN108769019A (en) * | 2018-05-29 | 2018-11-06 | 深圳智达机械技术有限公司 | A kind of smart home security protection system |
| CN109412902A (en) * | 2018-12-19 | 2019-03-01 | 国网山西省电力公司 | A kind of intelligent monitoring method of power dispatch data network system, storage equipment, terminal and system |
| CN113536243A (en) * | 2021-07-09 | 2021-10-22 | 益世信息技术(杭州)有限公司 | Enterprise internal software use management system based on authority analysis |
| CN115333849A (en) * | 2022-08-25 | 2022-11-11 | 青岛远洋船员职业学院 | Computer network safety intrusion detection system |
| CN115967646A (en) * | 2022-12-20 | 2023-04-14 | 安徽国防科技职业学院 | Internet-based computer network data security intelligent protection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3158706B1 (en) | Ineffective network equipment identification | |
| CN108429651B (en) | Flow data detection method and device, electronic equipment and computer readable medium | |
| CN116488939B (en) | Computer information security monitoring method, system and storage medium | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| US20060034305A1 (en) | Anomaly-based intrusion detection | |
| US7672283B1 (en) | Detecting unauthorized wireless devices in a network | |
| US20180288074A1 (en) | Identifying malware-suspect end points through entropy changes in consolidated logs | |
| KR100617310B1 (en) | Apparatus for detecting abnormality of traffic in network and method thereof | |
| KR100466214B1 (en) | method and recorded media for security grade to measure the network security condition | |
| KR20180107789A (en) | Wire and wireless access point for analyzing abnormal action based on machine learning and method thereof | |
| CN111556473A (en) | Abnormal access behavior detection method and device | |
| KR102083028B1 (en) | System for detecting network intrusion | |
| CN112153081A (en) | Method for detecting abnormal state of industrial network | |
| CN117978421A (en) | Computer network data safety intelligent protection system based on internet | |
| CN114301796B (en) | Verification method, device and system for prediction situation awareness | |
| CN113726724B (en) | Method and gateway for evaluating and detecting security risk of home network environment | |
| KR20220014796A (en) | System and Method for Identifying Compromised Electronic Controller Using Intentionally Induced Error | |
| US20150363596A1 (en) | Securing a shared serial bus | |
| CN117811839B (en) | Network security monitoring device and method for monitoring Internet of things equipment | |
| CN113454956A (en) | Communication terminal device, communication control method, and communication control program | |
| JP7290168B2 (en) | Management device, network monitoring system, determination method, communication method, and program | |
| CN111314878B (en) | Intelligent online vehicle situation sensing method and system based on SoEKS | |
| Elrawy et al. | Modelling and Analysing Security Threats Targeting Protective Relay Operations in Digital Substations | |
| CN117390707B (en) | Data security detection system and detection method based on data storage equipment | |
| Kim et al. | Network traffic anomaly detection based on ratio and volume analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |