[go: up one dir, main page]

CN115001839A - Information security protection system and method based on Internet big data - Google Patents

Information security protection system and method based on Internet big data Download PDF

Info

Publication number
CN115001839A
CN115001839A CN202210702128.7A CN202210702128A CN115001839A CN 115001839 A CN115001839 A CN 115001839A CN 202210702128 A CN202210702128 A CN 202210702128A CN 115001839 A CN115001839 A CN 115001839A
Authority
CN
China
Prior art keywords
codes
big data
module
identification module
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210702128.7A
Other languages
Chinese (zh)
Inventor
史忠全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong Ronghe Computer Technology Co ltd
Original Assignee
Nantong Ronghe Computer Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong Ronghe Computer Technology Co ltd filed Critical Nantong Ronghe Computer Technology Co ltd
Priority to CN202210702128.7A priority Critical patent/CN115001839A/en
Publication of CN115001839A publication Critical patent/CN115001839A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B7/00Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00
    • G08B7/06Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00 using electric transmission, e.g. involving audible and visible signalling through the use of sound and light sources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an information security protection system and method based on internet big data, the invention firstly identifies malicious codes by setting an attack code category identification module, then matches through a big data platform, if the malicious codes are matched, alarms and reminds, when the malicious codes can not be determined after matching with the big data platform, the codes are output to a virtual execution system, the codes are executed through each operating system of the virtual execution system, then the output result of the codes is judged, whether the attacks exist or not, if the attacks exist, the alarms are carried out, if the attacks exist, the alarms are not carried out normally, and the codes and the output result are uploaded to a server and interact with the big data platform, the hidden aggressive codes can be extracted according to the executed result, the information security protection is greatly improved, the follow-up similar aggressive codes can be ensured by uploading to the big data platform, the alarm is directly given, so that the next processing time is greatly reduced.

Description

Information security protection system and method based on internet big data
Technical Field
The invention relates to the technical field of internet big data information security protection, in particular to an information security protection system and method based on internet big data.
Background
The network security refers to the capability of preventing attacks, intrusions, interferences, damages, illegal use and accidents on the network by taking necessary measures, so that the network is in a stable and reliable operation state, and the integrity, confidentiality and availability of network data are guaranteed. Currently known offensive codes are easy to determine and process, and when some variant offensive codes appear, if the system is directly accessed, the system is damaged or information is leaked, and a great hidden danger of information security exists.
Disclosure of Invention
The invention aims to provide an information security protection system and method based on internet big data, wherein before a result is output, codes are executed through each operating system of a virtual execution system, whether aggressivity exists or not is judged, meanwhile, the codes are uploaded to a big data platform, hidden aggressivity codes can be extracted according to the executed result, the information security protection performance is greatly improved, the follow-up similar aggressivity codes can be ensured by uploading the codes to the big data platform, an alarm is directly given, the next processing time is greatly shortened, and the problems in the background technology are solved.
In order to achieve the purpose, the invention provides the following technical scheme: the processor is respectively connected with the data receiving module, the data sending module, the attack code category identification module, the virtual execution system and the alarm module, the data receiving module and the data sending module are respectively connected with the Internet, the attack code category identification module is also connected with a server, and the server is connected with the big data platform.
Preferably, the information security protection system based on internet big data provided by the invention is characterized in that the attack code category identification module is composed of a phishing code identification module, a man-in-the-middle attack code identification module, an SQL injection code identification module, a DDoS attack code identification module, a malicious software code identification module, a social engineering code identification module, an XSS attack code identification module and a password attack code identification module.
Preferably, the information security protection system based on the internet big data provided by the invention is characterized in that the virtual execution system adopts a plurality of independent operating systems, each operating system has an independent IP address, an independent space, an independent CPU resource, an independent execution program and an independent system configuration, and each operating system executes the attack code independently.
Preferably, the information security protection system based on the internet big data provided by the invention is characterized in that the alarm module is also respectively connected with the sound module and the display module.
Preferably, the information security protection system based on the internet big data provided by the invention is characterized in that the processor executes in both directions with the virtual execution system, the server and the attack code type identification module.
Preferably, the information security protection system based on the internet big data provided by the invention is implemented in a unidirectional way by the processor, the alarm module, the data receiving module and the data sending module.
Preferably, the method of the information security protection system based on the internet big data provided by the invention comprises the following steps:
the method comprises the following steps: the output information is sent to the Internet through a data sending module, the searched feedback information is received through a data receiving module through the Internet and executed through a processor to obtain an information code;
step two: matching the acquired information codes through a server, performing interactive matching on the server and a big data platform, performing type identification on the codes through an attack code type identification module, judging whether the codes are malicious codes, sending an alarm by an alarm module when the information codes are attack codes, and executing a third step when the information codes cannot be identified;
step three: the codes are respectively sent to each operating system of the virtual execution system, and each operating system independently executes the codes and outputs execution results;
step four: when the output results of any one or more operating systems are in an attacked state, the alarm module gives an alarm, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server, and when the output results of all operating systems are safe, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server.
Compared with the prior art, the invention has the beneficial effects that:
the invention firstly identifies the malicious code by setting an attack code category identification module, then matches the malicious code by a big data platform, if the malicious code is matched, alarms and reminds, if the malicious code cannot be determined after being matched with the big data platform, the code is output to a virtual execution system, the code is executed by each operating system of the virtual execution system, then the output result of the code is judged whether the code is aggressive, if the malicious code is aggressive, the alarm is not given, if the malicious code is normal, the code and the output result are both uploaded to a server and interacted with the big data platform, the mode executes the code by each operating system of the virtual execution system before the result is output, judges whether the code is aggressive or not and simultaneously uploads the code to the big data platform, and hidden aggressive code can be extracted according to the executed result, the information security protection is greatly improved, follow-up attack codes similar to the attack codes can be guaranteed through uploading to the big data platform, the alarm is directly carried out, and the next processing time is greatly reduced.
Drawings
FIG. 1 is a schematic view of a frame structure according to the present invention;
FIG. 2 is a schematic diagram of a virtual execution system;
fig. 3 is a schematic structural diagram of an attack code class identification module.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without any creative effort belong to the protection scope of the present invention;
referring to fig. 1-3, the present invention provides a technical solution: an information security protection system based on internet big data comprises a processor, a data receiving module, a data sending module, a virtual execution system, an attack code type identification module and a big data platform, wherein the processor is respectively connected with the data receiving module, the data sending module, the attack code type identification module, the virtual execution system and an alarm module, the data receiving module and the data sending module are respectively connected with the internet, the attack code type identification module is also connected with a server, the server is connected with the big data platform, the processor is in bidirectional execution with the virtual execution system, the server and the attack code type identification module, the processor, the alarm module, the data receiving module and the data sending module are in unidirectional execution, and the alarm module is also respectively connected with a sound module and a display module to ensure that prompt can be realized.
The attack code type identification module is composed of a phishing code identification module, a man-in-the-middle attack code identification module, an SQL injection code identification module, a DDoS attack code identification module, a malicious software code identification module, a social engineering code identification module, an XSS attack code identification module and a password attack code identification module.
Phishing is a social project that steals some sensitive and important data of users. The data may be any of credit card details, login credentials, etc.
Man-in-the-middle attacks, typically, communication occurs between a user and a server to send and request the required data. However, when an attacker interferes with the communication and gains control over it, it is referred to as a man-in-the-middle attack.
SQL injection, also known as structured query language injection, is a popular type of network attack. In this attack, an attacker inserts malicious code to gain access to database tables.
DDoS attacks, which use distributed denial of service attacks to make users unable to access a website. Basically, DDoS attacks target system resources and send large amounts of traffic or floods on servers that cannot be handled.
Malware consists of two words. Malware is software that is intentionally created by hackers to compromise/steal computers, servers, or complete network data.
Social engineering is an art used by attackers to obtain trust in victims. Once the victim is familiar with and begins to share his personal information, such as date of birth, cell phone number, and family details. Once the hacker has obtained all the personal details of the victim, it becomes easier to hack into the account.
In XSS, an attacker injects malicious code/scripts into the database. Thus, an attacker can control the web site as soon as it is launched on the victim device.
Password attack, everyone knows that the password is critical to accessing the account. If someone knows your password, they can easily break the security without encountering any difficulty. This is why most hackers will lock your password so that they can access your account and steal your data.
The virtual execution system adopts a plurality of independent operating systems, each operating system has independent IP address, space, CPU resource, executive program and system configuration, and each operating system executes attack codes independently.
A method of an information security protection system based on internet big data comprises the following steps:
the method comprises the following steps: the output information is sent to the Internet through a data sending module, the searched feedback information is received through a data receiving module through the Internet, and the feedback information is executed through a processor to obtain an information code;
step two: matching the acquired information codes through a server, performing interactive matching on the server and a big data platform, performing type identification on the codes through an attack code type identification module, judging whether the codes are malicious codes, sending an alarm by an alarm module when the information codes are attack codes, and executing a third step when the information codes cannot be identified;
step three: the codes are respectively sent to each operating system of the virtual execution system, and each operating system independently executes the codes and outputs execution results;
step four: when the output results of any one or more operating systems are in an attacked state, the alarm module gives an alarm, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server, and when the output results of all operating systems are safe, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server.
The invention firstly identifies the malicious code by setting an attack code category identification module, then matches the malicious code by a big data platform, if the malicious code is matched, alarms and reminds, if the malicious code cannot be determined after being matched with the big data platform, the code is output to a virtual execution system, the code is executed by each operating system of the virtual execution system, then the output result of the code is judged whether the code is aggressive, if the malicious code is aggressive, the alarm is not given, if the malicious code is normal, the code and the output result are both uploaded to a server and interacted with the big data platform, the mode executes the code by each operating system of the virtual execution system before the result is output, judges whether the code is aggressive or not and simultaneously uploads the code to the big data platform, and hidden aggressive code can be extracted according to the executed result, the information security protection is greatly improved, follow-up attack codes similar to the attack codes can be guaranteed through uploading to the big data platform, the alarm is directly carried out, and the next processing time is greatly reduced.
The invention is not described in detail, but is well known to those skilled in the art.
Finally, it is to be noted that: although the present invention has been described in detail with reference to examples, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (7)

1. The utility model provides an information security protection system based on internet big data which characterized in that: the system comprises a processor, a data receiving module, a data sending module, a virtual execution system, an attack code type identification module and a big data platform, wherein the processor is respectively connected with the data receiving module, the data sending module, the attack code type identification module, the virtual execution system and an alarm module, the data receiving module and the data sending module are respectively connected with the Internet, the attack code type identification module is also connected with a server, and the server is connected with the big data platform.
2. The information security protection system based on the internet big data as claimed in claim 1, wherein: the attack code category identification module is composed of a phishing code identification module, a man-in-the-middle attack code identification module, an SQL injection code identification module, a DDoS attack code identification module, a malicious software code identification module, a social engineering code identification module, an XSS attack code identification module and a password attack code identification module.
3. The information security protection system based on the internet big data as claimed in claim 1, wherein: the virtual execution system adopts a plurality of independent operating systems, each operating system has independent IP address, space, CPU resource, executive program and system configuration, and each operating system executes attack codes independently.
4. The information security protection system based on the internet big data as claimed in claim 1, wherein: the alarm module is also respectively connected with the sound module and the display module.
5. The information security protection system based on the internet big data as claimed in claim 1, wherein: the processor executes in two directions with the virtual execution system, the server and the attack code type identification module.
6. The information security protection system based on the internet big data as claimed in claim 1, wherein: the processor, the alarm module, the data receiving module and the data sending module are all executed in a single direction.
7. The method of the internet big data based information security protection system according to claim 1, wherein: the method comprises the following steps:
the method comprises the following steps: the output information is sent to the Internet through a data sending module, the searched feedback information is received through a data receiving module through the Internet, and the feedback information is executed through a processor to obtain an information code;
step two: matching the acquired information codes through a server, performing interactive matching on the server and a big data platform, performing type identification on the codes through an attack code type identification module, judging whether the codes are malicious codes, sending an alarm by an alarm module when the information codes are attack codes, and executing a third step when the information codes cannot be identified;
step three: the codes are respectively sent to each operating system of the virtual execution system, and each operating system independently executes the codes and outputs execution results;
step four: when the output results of any one or more operating systems are in an attacked state, the alarm module gives an alarm, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server, and when the output results of all operating systems are safe, the output results and codes are processed by the processor and then uploaded to the server and are adapted to the big data platform through the server.
CN202210702128.7A 2022-06-21 2022-06-21 Information security protection system and method based on Internet big data Withdrawn CN115001839A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210702128.7A CN115001839A (en) 2022-06-21 2022-06-21 Information security protection system and method based on Internet big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210702128.7A CN115001839A (en) 2022-06-21 2022-06-21 Information security protection system and method based on Internet big data

Publications (1)

Publication Number Publication Date
CN115001839A true CN115001839A (en) 2022-09-02

Family

ID=83036737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210702128.7A Withdrawn CN115001839A (en) 2022-06-21 2022-06-21 Information security protection system and method based on Internet big data

Country Status (1)

Country Link
CN (1) CN115001839A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117909978A (en) * 2024-03-14 2024-04-19 福建银数信息技术有限公司 Analysis management method and system based on big data security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117909978A (en) * 2024-03-14 2024-04-19 福建银数信息技术有限公司 Analysis management method and system based on big data security

Similar Documents

Publication Publication Date Title
US11212305B2 (en) Web application security methods and systems
US10623442B2 (en) Multi-factor deception management and detection for malicious actions in a computer network
US11140150B2 (en) System and method for secure online authentication
CN110290148B (en) Defense method, device, server and storage medium for WEB firewall
Khan et al. Prioritizing the multi-criterial features based on comparative approaches for enhancing security of IoT devices
CN113645234B (en) Honeypot-based network defense method, system, medium and device
Chen et al. Detection and prevention of cross-site scripting attack with combined approaches
CN113556343B (en) DDoS attack defense method and device based on browser fingerprint identification
CN110874470A (en) Method and device for predicting network space security based on network attack
CN115550002B (en) A smart home remote control method and related device based on TEE
Jain et al. A literature review on machine learning for cyber security issues
CN106888091A (en) Trustable network cut-in method and system based on EAP
Yang et al. Context-aware phishing-resistant authentication for federated identity in Internet of Things platforms
CN115001839A (en) Information security protection system and method based on Internet big data
AU2022201610A1 (en) Dynamic cryptographic polymorphism (DCP) system and method
CN111563274B (en) Security guarantee system based on government affair big data
Harshavardan et al. Secure practices to prevent cyber attacks in e-commerce sites
Zhao et al. Detection and Defense of XSS Attack Script Based on Machine Learning
CN118677661B (en) Threat information detection method and device, electronic equipment and storage medium
Zhang Security issues and defences for Internet of Things
Pîrnău General Aspects of some Causes of Web Application Vulnerabilities
Faisal et al. Cluster‐Based Antiphishing (CAP) Model for Smart Phones
Abdiyeva et al. TECHNIQUES TO PREVENT BROKEN AUTHENTICATION ATTACK
Venkatesh et al. Binary Protector: Intrusion Detection in Multitier Web Applications
Saini et al. A taxonomy of browser attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20220902

WW01 Invention patent application withdrawn after publication