[go: up one dir, main page]

CN118828514A - A smart terminal security risk assessment system and method - Google Patents

A smart terminal security risk assessment system and method Download PDF

Info

Publication number
CN118828514A
CN118828514A CN202410758038.9A CN202410758038A CN118828514A CN 118828514 A CN118828514 A CN 118828514A CN 202410758038 A CN202410758038 A CN 202410758038A CN 118828514 A CN118828514 A CN 118828514A
Authority
CN
China
Prior art keywords
behavior
security risk
network
network traffic
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410758038.9A
Other languages
Chinese (zh)
Other versions
CN118828514B (en
Inventor
刘晓峻
李杨
肖碧波
彭书瑞
李晶
朱国威
马凯
徐守志
付荣
代荡荡
朱佳
冯浩
刘畅
邱爽
王捷
严雄兵
田里
孙蓉
赵凌楚
刘永林
刘远
谭茗铎
赵娴真
彭潇潼
蒋承骥
曹一凡
张艳珍
顾中铭
陈凌俊
李海莹
周建宇
魏齐巍
洪薇
洪健
姚强
吴涛
陈朝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yangzhong Jushi Information Technology Co ltd
Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd
Original Assignee
Hubei Yangzhong Jushi Information Technology Co ltd
Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Yangzhong Jushi Information Technology Co ltd, Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd filed Critical Hubei Yangzhong Jushi Information Technology Co ltd
Priority to CN202410758038.9A priority Critical patent/CN118828514B/en
Publication of CN118828514A publication Critical patent/CN118828514A/en
Application granted granted Critical
Publication of CN118828514B publication Critical patent/CN118828514B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明属于智能终端技术领域,具体涉及一种智能终端安全风险评估系统及方法。该发明,通过结合了网络流量、系统日志、用户操作和网络延迟等多方面的数据,提供了一个全面的安全评估视角,能够更准确地识别异常行为和潜在威胁,通过实时采集和分析当前网络流量数据和应用行为,可以及时发现和响应新的安全威胁,增强了智能终端的安全防护能力,通过设定正常行为的评估区间,能有效识别出超出正常范围的异常行为,减少误报率,提高评估的准确性,利用历史网络流量数据进行对比分析,能够更好地理解当前行为的异常性,为安全评估提供了重要的参考依据,能够根据不同智能终端和应用场景动态调整评估标准和参数,提高了评估的适应性和灵活性。

The present invention belongs to the field of intelligent terminal technology, and specifically relates to an intelligent terminal security risk assessment system and method. The invention provides a comprehensive security assessment perspective by combining data from multiple aspects such as network traffic, system logs, user operations, and network delays, and can more accurately identify abnormal behaviors and potential threats. By real-time collection and analysis of current network traffic data and application behaviors, new security threats can be discovered and responded to in a timely manner, and the security protection capabilities of intelligent terminals can be enhanced. By setting the evaluation interval of normal behavior, abnormal behaviors beyond the normal range can be effectively identified, the false alarm rate can be reduced, and the accuracy of the assessment can be improved. By using historical network traffic data for comparative analysis, the abnormality of the current behavior can be better understood, providing an important reference for security assessment, and the evaluation criteria and parameters can be dynamically adjusted according to different intelligent terminals and application scenarios, improving the adaptability and flexibility of the assessment.

Description

Intelligent terminal security risk assessment system and method
Technical Field
The invention belongs to the technical field of intelligent terminals, and particularly relates to an intelligent terminal security risk assessment system and method.
Background
With rapid development and popularization of information technology, intelligent terminal equipment has been extended to various aspects of life of people, such as smart phones, tablet computers, vehicle-mounted intelligent terminals and the like, and has been widely applied to daily life and work of people. These devices carry a great deal of personal and business information, and while providing convenience services to people, the increasing complexity of their functionality and interaction with external environments also face increasing security threats and risks. Because the intelligent terminal equipment has high interconnectivity and complexity, once the security holes and hidden dangers of the intelligent terminal equipment are maliciously utilized, a series of serious consequences such as user data leakage, equipment control, network attack and the like can be caused.
The intelligent terminal security risk assessment is an important means for guaranteeing information security, and has attracted wide attention in the industry and academia. Traditional terminal security risk assessment methods often focus on assessment of single components or functions, lack of comprehensive consideration on overall security of a system, and enable assessment results to be inaccurate and comprehensive, so that potential security threats are difficult to effectively identify.
Disclosure of Invention
The invention aims to provide the intelligent terminal security risk assessment method, which can effectively improve the identification and response capability of the potential security risk of the intelligent terminal through comprehensive and multidimensional data analysis and provide powerful technical support for the security protection of the intelligent terminal.
The technical scheme adopted by the invention is as follows:
An intelligent terminal security risk assessment method, comprising:
collecting application program behaviors of the intelligent terminal;
judging whether the application program behavior is in a preset application program behavior evaluation interval, if not, marking the application program behavior as the application program behavior to be evaluated;
Collecting network flow data corresponding to the behavior of an application program to be evaluated, wherein the network flow data comprises historical network flow data and current network flow data;
calculating network flow fluctuation parameters according to historical network flow data and current network flow data corresponding to the behavior of the application program to be evaluated;
Acquiring a system log corresponding to the network data to be evaluated, and acquiring behavior deviation parameters of user operation records and application program behaviors according to the system log;
Acquiring abnormal frequency of the behavior of the application program to be evaluated;
acquiring network delay data of the application program behavior to be evaluated, and acquiring network delay fluctuation parameters according to the network delay data;
And judging the security risk of the intelligent terminal according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter.
In a preferred embodiment, the step of determining whether the application behavior is within the preset application behavior evaluation interval, if not, marking the application behavior as the application behavior to be evaluated includes:
acquiring a standard application program behavior evaluation interval;
judging whether the application program behavior is in a standard application program behavior evaluation interval or not;
If the application program behavior is in the standard application program behavior evaluation interval, judging that the application program behavior of the intelligent terminal is normal;
if the application program behavior is not in the standard application program behavior evaluation interval, judging that the application program behavior of the intelligent terminal is abnormal, and marking the application program behavior as the application program behavior to be evaluated.
In a preferred embodiment, the step of calculating the network traffic fluctuation parameter according to the historical network traffic data and the current network traffic data corresponding to the behavior of the application program to be evaluated includes:
acquiring historical network flow parameters according to historical network flow data corresponding to the behavior of the application program to be evaluated;
acquiring current network flow parameters according to current network flow data corresponding to the behavior of the application program to be evaluated;
Acquiring a network flow fluctuation function;
The historical network flow parameters and the current network flow parameters are input into a network flow fluctuation function, and the output result is marked as the network flow fluctuation parameters.
In a preferred embodiment, the step of obtaining the abnormal frequency of the behavior of the application to be evaluated includes:
Acquiring the number of times that the application program behaviors of the intelligent terminal are marked as the application program behaviors to be evaluated;
acquiring duration time of each evaluation of application program behaviors;
And acquiring the abnormal frequency of the behavior of the application program to be evaluated according to the times and the duration of the behavior of the application program to be evaluated.
In a preferred embodiment, the step of acquiring network delay data of the application program to be evaluated, and acquiring the network delay fluctuation parameter according to the network delay data includes:
acquiring network delay data of the behavior of the application program to be evaluated;
acquiring a plurality of network delay parameters according to the network delay data;
acquiring a network delay fluctuation function;
a plurality of network delay parameters are input into the network delay fluctuation function, and the output result is marked as the network delay fluctuation parameter.
In a preferred embodiment, the step of determining the security risk of the intelligent terminal according to the network traffic fluctuation parameter, the behavior deviation parameter, the abnormal frequency, and the network delay fluctuation parameter includes:
Calculating a security risk parameter according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter;
Acquiring a standard safety risk threshold;
Judging whether the safety risk parameter exceeds a standard safety risk threshold value;
if the security risk parameter exceeds the standard security risk threshold, judging that the intelligent terminal has security risk;
and if the security risk parameter does not exceed the standard security risk threshold, judging the security of the intelligent terminal.
In a preferred embodiment, the step of calculating the security risk parameter according to the network traffic fluctuation parameter, the behavior deviation parameter, the anomaly frequency, and the network delay fluctuation parameter includes:
acquiring a security risk function;
Inputting the fluctuation parameters according to the network flow, the behavior deviation parameters, the abnormal frequency and the network delay into the security risk function, and marking the output result as the security risk parameter.
In a preferred embodiment, after the step of determining whether the security risk parameter exceeds the standard security risk threshold, the method further includes:
acquiring a security risk level table, wherein the security risk level table comprises a plurality of security risk assessment intervals and security risk levels corresponding to each security risk assessment interval;
Acquiring a target security risk assessment interval according to the security risk parameters exceeding the standard security risk threshold;
and acquiring a corresponding security risk level from the security risk level table according to the target security risk assessment interval.
The invention also provides an intelligent terminal security risk assessment system, which is used for the intelligent terminal security risk assessment method, and comprises the following steps:
the behavior module is used for collecting the application program behavior of the intelligent terminal;
the judging module is used for judging whether the application program behavior is in a preset application program behavior evaluation interval or not, and if not, marking the application program behavior as the application program behavior to be evaluated;
The network flow module is used for collecting network flow data corresponding to the application program behavior to be evaluated, wherein the network flow data comprises historical network flow data and current network flow data;
the flow fluctuation module is used for calculating network flow fluctuation parameters according to historical network flow data and current network flow data corresponding to the behavior of the application program to be evaluated;
The deviation module is used for acquiring a system log corresponding to the network data to be evaluated, and acquiring behavior deviation parameters of user operation records and application program behaviors according to the system log;
the frequency module is used for acquiring abnormal frequency of the behavior of the application program to be evaluated;
The network delay module is used for acquiring network delay data of the application program behavior to be evaluated and acquiring network delay fluctuation parameters according to the network delay data;
and the risk judging module is used for judging the security risk of the intelligent terminal according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter.
And, an intelligent terminal security risk assessment terminal, comprising:
One or more processors;
a storage device having one or more programs stored thereon;
and when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the intelligent terminal security risk assessment method.
The invention has the technical effects that:
According to the invention, through combining various data such as network flow, system logs, user operation, network delay and the like, a comprehensive safety evaluation view angle is provided, abnormal behaviors and potential threats can be identified more accurately, new safety threats can be found and responded in time by collecting and analyzing current network flow data and application behaviors in real time, the safety protection capability of the intelligent terminal is enhanced, abnormal behaviors beyond a normal range can be effectively identified by setting an evaluation interval of the normal behaviors, the false alarm rate is reduced, the evaluation accuracy is improved, the historical network flow data is utilized for comparison and analysis, the abnormality of the current behaviors can be understood better, an important reference basis is provided for safety evaluation, evaluation standards and parameters can be dynamically adjusted according to different intelligent terminals and application scenes, and the evaluation adaptability and flexibility are improved.
Drawings
FIG. 1 is a flow chart of a method provided by the present invention;
Fig. 2 is a block diagram of a system provided by the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one preferred embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Further, the present invention will be described in detail with reference to the drawings, which are only examples for convenience of illustration, and should not limit the scope of the present invention.
Referring to fig. 1, a security risk assessment method for an intelligent terminal is provided, including:
s1, acquiring application program behaviors of an intelligent terminal;
s2, judging whether the application program behavior is in a preset application program behavior evaluation interval, and if not, marking the application program behavior as the application program behavior to be evaluated;
S3, collecting network flow data corresponding to the behavior of the application program to be evaluated, wherein the network flow data comprise historical network flow data and current network flow data;
S4, calculating network flow fluctuation parameters according to historical network flow data and current network flow data corresponding to the behavior of the application program to be evaluated;
s5, acquiring a system log corresponding to the network data to be evaluated, and acquiring behavior deviation parameters of user operation records and application program behaviors according to the system log;
S6, acquiring abnormal frequency of the behavior of the application program to be evaluated;
s7, acquiring network delay data of the application program behavior to be evaluated, and acquiring network delay fluctuation parameters according to the network delay data;
And S8, judging the security risk of the intelligent terminal according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter.
In the steps S1 to S8, the behavior data of all the applications on the intelligent terminal are collected, the data may include the starting, closing, accessing resources, requesting rights, etc. of the applications, the collected behavior of the applications is compared with the preset evaluation standard, if a certain behavior exceeds the preset normal behavior interval, the collected behavior is marked as the behavior of the application to be evaluated, the potential abnormal behavior is filtered out by setting the reasonable behavior interval, the network traffic data related to the behavior of the application to be evaluated is collected, the data includes the historical network traffic data and the current network traffic data, the change condition of the network traffic in different time periods is analyzed and calculated, the network traffic fluctuation parameters are generated, the abnormal network activities such as data leakage or malicious communication can be helped to be identified, the user operation record is obtained through the system log, comparing the behavior deviation parameter with the behavior of the application program, detecting the abnormal difference between the user behavior and the behavior of the application program, revealing the potential risk behavior, counting the abnormal occurrence frequency of the behavior of the application program to be evaluated, if a certain abnormal behavior frequently occurs, indicating that a higher security risk exists, collecting network delay data, calculating the fluctuation condition of the network delay, wherein the abnormal fluctuation of the network delay possibly indicates network attack or other abnormal conditions, comprehensively evaluating the security risk of the intelligent terminal by combining the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter, and analyzing the data of multiple dimensions, can more accurately identify the potential security threat, and presuming that a certain application program behavior on a certain intelligent terminal is marked as the behavior to be evaluated by analyzing the network flow data, the method is characterized in that the method is found to be frequently communicated with a foreign server in a non-working period, the network flow fluctuation of the communication is large, meanwhile, a system log shows that a user does not carry out corresponding operation authorization, the abnormal frequency of the application program behavior is higher than that of other application programs, the network delay of the application program behavior is abnormal in the communication period, the parameters are synthesized, the application program is judged to have high safety risks, namely, the intelligent terminal possibly involves data leakage or is implanted with malicious codes, an overall safety evaluation view angle is provided by combining data in multiple aspects such as network flow, the system log, user operation and network delay, the comprehensive safety evaluation view angle can be provided, abnormal behaviors and potential threats can be more accurately identified, new safety threats can be timely found and responded by collecting and analyzing current network flow data and application behaviors in real time, the safety protection capability of the intelligent terminal is enhanced, the abnormal behaviors beyond the normal range can be effectively identified by setting an evaluation interval of the normal behaviors, the false alarm rate is reduced, the evaluation accuracy is improved, the comparison analysis is carried out by utilizing historical network flow data, the abnormality of the current behaviors can be better understood, important reference basis is provided for safety evaluation, the intelligent terminal and the intelligent terminal can be applied to dynamically adjust the parameters and adapt to the evaluation standards according to different evaluation standards.
The step of judging whether the application program behavior is in the preset application program behavior evaluation interval or not, if not, marking the application program behavior as the application program behavior to be evaluated, includes:
S201, acquiring a standard application program behavior evaluation interval;
s202, judging whether the application program behavior is in a standard application program behavior evaluation interval;
If the application program behavior is in the standard application program behavior evaluation interval, judging that the application program behavior of the intelligent terminal is normal;
if the application program behavior is not in the standard application program behavior evaluation interval, judging that the application program behavior of the intelligent terminal is abnormal, and marking the application program behavior as the application program behavior to be evaluated.
In the steps S201 to S202, the application behavior evaluation interval is obtained based on analysis and statistics of a large number of normal application behavior data, and generally includes a range of behavior parameters, such as CPU usage rate, memory occupancy, network traffic, accessed system resources, permission requests, etc., and this evaluation interval is used as a benchmark to determine whether the application behavior is normal, the behavior data of the current application will be compared with a preset standard evaluation interval, if the application behavior is within the standard evaluation interval, it is determined that the behavior is normal, i.e. the application behavior of the intelligent terminal does not exceed the normal range, no further evaluation is required, if the application behavior exceeds the standard evaluation interval, it is determined that the behavior is abnormal and marked as an application behavior to be evaluated, by establishing the standard application behavior evaluation interval, normal and abnormal behaviors can be effectively distinguished, the setting of the standard interval is based on statistical analysis of a large amount of data, so as to accurately reflect the normal behavior pattern of most application, thereby improving the accuracy of evaluation, realizing automatic detection and judgment, automatically recognizing the abnormal behavior by comparing the application behavior with the standard evaluation interval, reducing manual intervention, improving the efficiency, if the application behavior is set up based on the high-level and the real-time performance of the application is improved, and the situation can be adjusted based on the new evaluation rule, and the abnormal behavior can be further evaluated by setting and the normal evaluation, and the abnormal condition can be evaluated based on the condition is set and the normal evaluation, and the condition can be adjusted by the condition is improved, and the normal evaluation is marked, and has been improved by the normal and the normal condition has been evaluated, the evaluation method has dynamic adaptability and can cope with different application scenes and changing security threats.
The step of calculating the network flow fluctuation parameter according to the historical network flow data and the current network flow data corresponding to the behavior of the application program to be evaluated comprises the following steps:
s401, acquiring historical network flow parameters according to historical network flow data corresponding to the behavior of an application program to be evaluated;
S402, acquiring current network flow parameters according to current network flow data corresponding to the behavior of the application program to be evaluated;
s403, acquiring a network flow fluctuation function;
s404, inputting the historical network flow parameters and the current network flow parameters into a network flow fluctuation function, and marking the output result as the network flow fluctuation parameters.
In steps S401 to S404, historical network traffic data related to the behavior of the application to be evaluated is collected, which typically includes network traffic information over a period of time, such as the number, size, transmission frequency, connection duration, etc., parameters describing the historical network traffic, such as average traffic, peak traffic, traffic fluctuations, etc., are extracted by analyzing the historical data, current network traffic data related to the network activity of the behavior of the application to be evaluated at the current point in time is collected, current network traffic parameters are extracted, similar to the historical network traffic parameters, including current average traffic, peak traffic, real-time traffic fluctuations, etc., a network traffic fluctuation function is defined for calculating and comparing the changes of the historical and current network traffic data, which may be statistical-based methods, such as standard deviation, variance, or machine-learning-based methods, such as time series analysis models, anomaly detection algorithms, etc., the network traffic fluctuation function isWherein B is represented as a network flow fluctuation parameter, i is represented as a number of a historical network flow fluctuation parameter, n is represented as a total number of the historical network flow fluctuation parameters, W i is represented as an ith historical network flow fluctuation parameter, W max is represented as a maximum value of the historical network flow fluctuation parameter, W min is represented as a minimum value of the historical network flow fluctuation parameter, W d is represented as a current network flow fluctuation parameter, the historical network flow parameter and the current network flow parameter are input into a network flow fluctuation function, the fluctuation parameter of the network flow is calculated through the function, the fluctuation parameter reflects the change condition of the current network flow relative to the historical flow, if the change is obvious, the existence of a safety risk is possibly indicated, abnormal network activity can be accurately identified through comparing the historical and current network flow data, for example, the network flow of an application program in a specific time period suddenly increases and possibly indicates that the application program is carrying out abnormal data transmission or is attacked, the network flow fluctuation function can be adjusted and optimized according to different application scenes and network environments, so as to dynamically adapt to different application requirements, flexible safety assessment is provided, current network flow data are collected and analyzed in real time and compared with historical data, potential network safety threat can be found and responded in time, safety protection capability is improved, normal network flow fluctuation can be effectively filtered by introducing the historical network flow parameter as a comparison reference, the possibility of false alarm is reduced, an alarm is triggered only when the historical mode is deviated significantly, the historical and current multi-dimensional network flow parameters are combined, and comprehensive analysis is carried out, the network behavior characteristics of the application program can be more comprehensively known, and the accuracy of risk assessment is improved.
The step of obtaining the abnormal frequency of the behavior of the application program to be evaluated comprises the following steps:
S601, acquiring the number of times that the application program behaviors of the intelligent terminal are marked as the application program behaviors to be evaluated;
S602, acquiring duration time of each evaluation of application program behaviors;
s603, acquiring abnormal frequencies of the behavior of the application program to be evaluated according to the times and the duration of the behavior of the application program to be evaluated.
In the above steps S601 to S603, the number of times the application behavior in the intelligent terminal is marked as the application behavior to be evaluated is recorded, and whenever an abnormality of an application behavior is detected, that is, when the abnormality exceeds a preset evaluation criterion interval, the behavior is marked as the application behavior to be evaluated, and the number of times is counted, and the duration time of each time the application behavior is marked as the application behavior to be evaluated, which refers to the time interval from the time the behavior is marked as the application behavior to be evaluated until the state of the behavior is confirmed to be normal or the processing is completed, is counted, the abnormality frequency of the application behavior to be evaluated is calculated by analyzing the recorded number of times and duration time of the application behavior marked as the application behavior to be evaluated, which reflects the degree of the abnormality of the application behavior in the intelligent terminal, that is, the degree of occurrence of the abnormality behavior frequently, the abnormal frequency of the application program behavior to be evaluated can be obtained by dividing the frequency of the application program behavior to be evaluated by the duration of the application program behavior to be evaluated, the potential abnormal behavior in the intelligent terminal can be timely found by monitoring and recording the frequency of the application program behavior marked to be evaluated, the finding speed of the abnormal behavior is improved, the abnormal degree of the application program behavior in the intelligent terminal can be quantified by calculating the occurrence frequency of the abnormal behavior, the higher the frequency is, the more frequent the abnormal behavior is represented, the higher the risk is, the quantified data of the abnormal frequency can provide decision basis for a security manager, they can take corresponding security measures such as strengthening monitoring, adjusting authority, updating defense strategies and the like according to the level of the abnormal frequency, the trend and mode of the abnormal behavior can be found by continuously recording and analyzing the abnormal frequency, and further, the safety strategy and the protective measures are optimized, the safety of the intelligent terminal is improved, the abnormal behavior can be processed by more precisely distributing resources through quantitative evaluation of abnormal frequency, the resource waste and false alarm are avoided, and the operation efficiency is improved.
The step of obtaining the network delay data of the application program behavior to be evaluated and obtaining the network delay fluctuation parameter according to the network delay data comprises the following steps:
s701, acquiring network delay data of an application program behavior to be evaluated;
s702, acquiring a plurality of network delay parameters according to network delay data;
S703, obtaining a network delay fluctuation function;
S704, inputting a plurality of network delay parameters into the network delay fluctuation function, and marking the output result as the network delay fluctuation parameter.
In the above steps S701 to S704, network delay data of the application program behavior to be evaluated is collected, where the network delay refers to time required for the data from the transmitting end to the receiving end, including transmission delay, queuing delay, processing delay, etc., for measuring network performance, and a plurality of network delay parameters, such as average delay, maximum delay, minimum delay, delay variation range, etc., are calculated by analyzing the network delay data, where the parameters may reflect the network delay characteristics of the application program behavior to be evaluated, a network delay fluctuation function is defined, and used to calculate and compare the variation situation of the network delay data, where the function may be based on statistical methods, such as standard deviation and variance, or based on machine learning methods, such as time sequence analysis model, anomaly detection algorithm, etc., and the network delay fluctuation function isWherein Y is denoted as a network delay fluctuation parameter, a is denoted as a number of network delay fluctuation, m is denoted as a total number of network delay fluctuation, C a is denoted as an a-th network flow fluctuation parameter, a plurality of obtained network delay parameters are input into a network delay fluctuation function for processing, the fluctuation parameter of the network delay is calculated through the function, the parameter reflects the change condition of the current network delay relative to the historical delay, if the change is obvious, the existence of security risk is possibly indicated, the network delay data and the calculation network delay fluctuation parameter are analyzed, the abnormal behavior of the network delay, such as suddenly increased delay or unstable delay condition, can be identified, thereby the potential security risk is timely found, the network performance of the intelligent terminal can be monitored in real time, the network problem is found and timely processed, the user experience is improved, the abnormal network delay fluctuation can be the sign of network attack or abnormal flow, the damage caused by the network attack can be prevented, the security of the intelligent terminal and the user can be protected, the network condition can be better understood through analyzing the network delay data and the fluctuation parameter, the network condition is reasonably distributed, the network resource is improved, the network utilization rate and the network resource is improved, the network environment is well adapted to the network condition is changed according to the network environment, and the network environment is dynamically and the network condition is dynamically changed.
The step of judging the security risk of the intelligent terminal according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter comprises the following steps:
s801, calculating a security risk parameter according to a network flow fluctuation parameter, a behavior deviation parameter, an abnormal frequency and a network delay fluctuation parameter;
s802, acquiring a standard security risk threshold;
S803, judging whether the safety risk parameter exceeds a standard safety risk threshold value;
if the security risk parameter exceeds the standard security risk threshold, judging that the intelligent terminal has security risk;
and if the security risk parameter does not exceed the standard security risk threshold, judging the security of the intelligent terminal.
In the steps S801 to S803, a plurality of security indexes such as the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter are comprehensively considered, a comprehensive security risk parameter is generated by calculating through a certain algorithm or model, the parameter can comprehensively reflect the security risk degree of the intelligent terminal, a standard security risk threshold is preset, the threshold is obtained by comprehensively considering factors such as the security policy, the service requirement and the risk assessment result, the threshold is used as a security risk judging standard, the calculated security risk parameter is compared with the standard security risk threshold, and if the security risk parameter exceeds the standard security risk threshold, the intelligent terminal is indicated to have security risk; otherwise, if the security risk parameter does not exceed the standard security risk threshold, the intelligent terminal is determined to be secure, the security condition of the intelligent terminal can be more comprehensively evaluated by comprehensively considering a plurality of security indexes such as network flow fluctuation, behavior deviation, abnormal frequency, network delay and the like, the one-sided performance caused by a single index is avoided, whether the intelligent terminal has security risk can be accurately judged according to the preset standard security risk threshold, errors caused by subjective judgment are avoided, the security risk can be timely found by calculating the security risk parameter in real time and comparing with the standard security risk threshold, quick response and processing are realized, the security performance is improved, the tolerance range of the security risk can be controlled to a certain extent according to the setting of the standard security risk threshold, the security management is more controllable, the intelligent security decision can be realized by regularly updating the standard security risk threshold and adjusting according to the latest security information and risk evaluation result, and the adaptability and the flexibility of the security performance are improved.
The step of calculating the security risk parameter according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter comprises the following steps:
s8011, acquiring a security risk function;
S8012, inputting the fluctuation parameters according to the network flow fluctuation, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter into a security risk function, and marking the output result as the security risk parameter.
In the steps S8011 to S8012, a security risk function is defined, and this function is used to comprehensively consider a plurality of security indexes such as a network flow fluctuation parameter, a behavior deviation parameter, an abnormal frequency, and a network delay fluctuation parameter, to calculate a comprehensive security risk parameter, where the security risk function may be defined according to a specific requirement and a security policy, may be a simple weighted sum function, or may be a complex machine learning model, the security risk function is a=b×x×p×y, where a is denoted as a security risk parameter, X is denoted as a behavior deviation parameter, P is denoted as an abnormal frequency, and a plurality of security indexes according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency, and the network delay fluctuation parameter are input as functions to the security risk function to perform calculation, the safety risk function comprehensively considers the input parameters and outputs a safety risk parameter for evaluating the safety risk degree of the intelligent terminal, the safety risk of the intelligent terminal can be evaluated more comprehensively and accurately by inputting a plurality of safety indexes into the safety risk function for comprehensive calculation, the limitation caused by a single index can be avoided, the comprehensiveness and the accuracy of evaluation are improved, the safety risk function can be adjusted and optimized according to real-time safety information and environmental change, the safety risk function has certain self-adaptability, thus the safety evaluation is more targeted and time-sensitive, the safety risk parameter is taken as an evaluation result, decision support can be provided for safety managers, corresponding safety strategies and countermeasures can be formulated according to the size and the change trend of the safety risk parameter, the safety management efficiency and the decision accuracy are improved, by continuously optimizing the safety risk function and combining real-time safety data and feedback information, the accuracy and the effectiveness of safety evaluation can be continuously optimized, and the safety protection capability of the intelligent terminal is improved.
After the step of determining whether the security risk parameter exceeds the standard security risk threshold, the method further includes:
S804, acquiring a security risk level table, wherein the security risk level table comprises a plurality of security risk assessment intervals and security risk levels corresponding to the security risk assessment intervals;
S805, acquiring a target security risk assessment interval according to security risk parameters exceeding a standard security risk threshold;
s806, acquiring a corresponding security risk level from the security risk level table according to the target security risk assessment interval.
In the steps S804 to S806, a security risk level table is prepared, which includes a plurality of security risk assessment intervals and security risk levels corresponding to each security risk assessment interval, the level table is obtained by comprehensively considering factors such as security policies, future terminal security check-up and risk assessment results, etc., security risk parameters exceeding a standard security risk threshold are matched with the security risk assessment intervals in the security risk level table, the destination security risk assessment interval in which the current security risk parameter is located is determined, the interval can be determined according to the size of the security risk parameter, the security risk degree of the current intelligent terminal is reflected, the corresponding security risk level is obtained in the security risk level table according to the destination security risk assessment interval, the security risk level is reflected in the security risk level table, the security state of the current intelligent terminal is generally including high risk, medium risk and low risk level, and also more detailed division is possible, the security risk assessment results of the security risk assessment can be standardized by preparing the security risk level table, the security risk assessment can be more objective and accurate, the security manager can understand and make the security risk level and decision according to the security risk level can be obtained from the security level table, the corresponding security risk level can be obtained from the security risk level table, the security risk level can be rapidly obtained in the security risk level assessment risk level table can be obtained by comprehensively according to the security risk level, the security risk level of the security risk level is obtained by comprehensively knowing the security risk level, the security risk level is better and the security risk level can be clearly known by the security risk level and security risk level has a risk level can be clearly and security risk level has a better risk level, the security risk level table is a dynamically updated resource, and can be continuously optimized and perfected according to actual conditions so as to adapt to different security risk assessment requirements and environmental changes.
Referring to fig. 2, the invention further provides an intelligent terminal security risk assessment system, which is used for the above intelligent terminal security risk assessment method, and includes:
the behavior module is used for collecting the application program behavior of the intelligent terminal;
the judging module is used for judging whether the application program behavior is in a preset application program behavior evaluation interval or not, and if not, marking the application program behavior as the application program behavior to be evaluated;
The network flow module is used for collecting network flow data corresponding to the application program behavior to be evaluated, wherein the network flow data comprises historical network flow data and current network flow data;
the flow fluctuation module is used for calculating network flow fluctuation parameters according to historical network flow data and current network flow data corresponding to the behavior of the application program to be evaluated;
The deviation module is used for acquiring a system log corresponding to the network data to be evaluated, and acquiring behavior deviation parameters of user operation records and application program behaviors according to the system log;
the frequency module is used for acquiring abnormal frequency of the behavior of the application program to be evaluated;
The network delay module is used for acquiring network delay data of the application program behavior to be evaluated and acquiring network delay fluctuation parameters according to the network delay data;
and the risk judging module is used for judging the security risk of the intelligent terminal according to the network flow fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter.
The above-mentioned behavior module is responsible for gathering the application program behavior data of the intelligent terminal, including the running situation of the application program, user operation behavior, etc., judge the application program behavior gathered according to the application program behavior assessment interval of the default, mark as waiting to assess the application program behavior if the behavior is not in the interval, the network flow module gathers the network traffic data corresponding to waiting to assess the application program behavior, including historical network traffic data and current network traffic data, provide data support for subsequent security risk assessment, according to the historical and current network traffic data, the fluctuation parameter of the network traffic of flow calculation module, be used for assessing stability and abnormal situation of the network traffic, the deviation module obtains the system log corresponding to waiting to assess the network data, obtain the deviation parameter of user operation record and application program behavior through the analysis system log, help assess the normality of the application program behavior, namely act as being marked as waiting to assess the number of times of the application program behavior, and the duration of each behavior, the network delay module is responsible for obtaining the network delay data of waiting to assess the application program behavior, and calculate the network delay parameter of the network delay according to the data, be used for network delay stability and the network delay, be used for the network delay and the network delay, if the network delay and the fluctuation parameter of the network delay and the current network risk have exceeded the network risk has been calculated, the network risk has been exceeded, the network risk has been judged according to the condition of the network risk performance, the network delay parameter is calculated, the network risk has been judged, and the network risk has been exceeded, and the network risk has been judged, the system can collect data in real time and conduct security risk assessment, helps users to find potential security problems in time, can intelligently judge the security conditions of the intelligent terminal through a preset security risk threshold value and a risk level table, and early warn and process security risks exceeding the threshold value, and is designed in a modularized mode, so that the intelligent terminal has certain flexibility and customizability, can be configured and expanded according to different application scenes and requirements, and a final security risk judging result provides decision support for security management staff to help the security management staff to formulate corresponding security strategies and measures to ensure the security of the intelligent terminal.
And, an intelligent terminal security risk assessment terminal, comprising:
One or more processors;
a storage device having one or more programs stored thereon;
and when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the intelligent terminal security risk assessment method.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention. Structures, devices and methods of operation not specifically described and illustrated herein, unless otherwise indicated and limited, are implemented according to conventional means in the art.

Claims (10)

1.一种智能终端安全风险评估方法,其特征在于,包括:1. A method for assessing security risks of smart terminals, comprising: 采集智能终端的应用程序行为;Collect application behavior of smart terminals; 判断应用程序行为是否位于预设的应用程序行为评估区间内,若不位于,则标记为待评估应用程序行为;Determine whether the application behavior is within a preset application behavior evaluation interval. If not, mark it as an application behavior to be evaluated. 采集待评估应用程序行为对应的网络流量数据,其中,所述网络流量数据包括历史网络流量数据和当前网络流量数据;Collecting network traffic data corresponding to the behavior of the application to be evaluated, wherein the network traffic data includes historical network traffic data and current network traffic data; 根据待评估应用程序行为对应的历史网络流量数据和当前网络流量数据计算网络流量波动参数;Calculate network traffic fluctuation parameters based on historical network traffic data and current network traffic data corresponding to the behavior of the application to be evaluated; 获取待评估网络数据对应的系统日志,并根据系统日志获取用户操作记录与应用程序行为的行为偏差参数;Obtain the system log corresponding to the network data to be evaluated, and obtain the behavior deviation parameters of the user operation records and application behavior based on the system log; 获取待评估应用程序行为的异常频率;Obtain the abnormal frequency of the application behavior to be evaluated; 获取待评估应用程序行为的网络延迟数据,并根据网络延迟数据获取网络延迟波动参数;Obtain network delay data of the application behavior to be evaluated, and obtain network delay fluctuation parameters based on the network delay data; 根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数判断智能终端的安全风险。The security risks of smart terminals are determined based on network traffic fluctuation parameters, behavior deviation parameters, abnormal frequency, and network delay fluctuation parameters. 2.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述判断应用程序行为是否位于预设的应用程序行为评估区间内,若不位于,则标记为待评估应用程序行为的步骤,包括:2. The smart terminal security risk assessment method according to claim 1, characterized in that the step of determining whether the application behavior is within a preset application behavior assessment interval, and if not, marking it as an application behavior to be assessed, comprises: 获取标准应用程序行为评估区间;Get the standard application behavior evaluation interval; 判断应用程序行为是否位于标准应用程序行为评估区间内;Determine whether the application behavior is within the standard application behavior evaluation range; 若应用程序行为在标准应用程序行为评估区间,则判定智能终端的应用程序行为正常;If the application behavior is within the standard application behavior evaluation range, the application behavior of the smart terminal is determined to be normal; 若应用程序行为不在标准应用程序行为评估区间,则判定智能终端的应用程序行为异常,并标记为待评估应用程序行为。If the application behavior is not within the standard application behavior evaluation range, the application behavior of the smart terminal is determined to be abnormal and marked as application behavior to be evaluated. 3.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述根据待评估应用程序行为对应的历史网络流量数据和当前网络流量数据计算网络流量波动参数的步骤,包括:3. The smart terminal security risk assessment method according to claim 1, characterized in that the step of calculating the network traffic fluctuation parameter according to the historical network traffic data and the current network traffic data corresponding to the behavior of the application to be assessed comprises: 根据待评估应用程序行为对应的历史网络流量数据获取历史网络流量参数;Obtain historical network traffic parameters according to historical network traffic data corresponding to the behavior of the application to be evaluated; 根据待评估应用程序行为对应的当前网络流量数据获取当前网络流量参数;Obtain current network traffic parameters according to current network traffic data corresponding to the behavior of the application to be evaluated; 获取网络流量波动函数;Get the network traffic fluctuation function; 将历史网络流量参数和当前网络流量参数输入至网络流量波动函数中,并将输出结果标记为网络流量波动参数。The historical network traffic parameters and the current network traffic parameters are input into the network traffic fluctuation function, and the output result is marked as the network traffic fluctuation parameter. 4.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述获取待评估应用程序行为的异常频率的步骤,包括:4. The smart terminal security risk assessment method according to claim 1, wherein the step of obtaining the abnormal frequency of the behavior of the application to be assessed comprises: 获取智能终端的应用程序行为被标记为待评估应用程序行为次数;Obtain the number of times that the application behavior of the smart terminal is marked as the application behavior to be evaluated; 获取每次评估应用程序行为的持续时间;Get the duration of each evaluation of application behavior; 根据被标记为待评估应用程序行为次数以及持续时间获取待评估应用程序行为的异常频率。The abnormal frequency of the application behavior to be evaluated is obtained based on the number of times the application behavior is marked as to be evaluated and the duration. 5.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述获取待评估应用程序行为的网络延迟数据,并根据网络延迟数据获取网络延迟波动参数的步骤,包括:5. The smart terminal security risk assessment method according to claim 1, characterized in that the step of obtaining network delay data of the application behavior to be assessed and obtaining network delay fluctuation parameters according to the network delay data comprises: 获取待评估应用程序行为的网络延迟数据;Obtain network latency data for the application behavior to be evaluated; 根据网络延迟数据获取多个网络延迟参数;Obtain multiple network delay parameters according to network delay data; 获取网络延迟波动函数;Get the network delay fluctuation function; 将多个网络延迟参数输入至网络延迟波动函数中,并将输出结果标记为网络延迟波动参数。A plurality of network delay parameters are input into a network delay fluctuation function, and an output result is marked as a network delay fluctuation parameter. 6.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数判断智能终端的安全风险的步骤,包括:6. The smart terminal security risk assessment method according to claim 1, characterized in that the step of judging the security risk of the smart terminal according to the network traffic fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter comprises: 根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数计算安全风险参数;Calculate security risk parameters based on network traffic fluctuation parameters, behavior deviation parameters, abnormal frequency, and network delay fluctuation parameters; 获取标准安全风险阈值;Obtain standard security risk thresholds; 判断安全风险参数是否超过标准安全风险阈值;Determine whether the security risk parameter exceeds the standard security risk threshold; 若安全风险参数超过标准安全风险阈值,则判定智能终端出现安全风险;If the security risk parameter exceeds the standard security risk threshold, it is determined that the smart terminal has a security risk; 若安全风险参数未超过标准安全风险阈值,则判定智能终端安全。If the security risk parameter does not exceed the standard security risk threshold, the smart terminal is judged to be safe. 7.根据权利要求6所述的智能终端安全风险评估方法,其特征在于,所述根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数计算安全风险参数的步骤,包括:7. The smart terminal security risk assessment method according to claim 6, characterized in that the step of calculating the security risk parameter according to the network traffic fluctuation parameter, the behavior deviation parameter, the abnormal frequency and the network delay fluctuation parameter comprises: 获取安全风险函数;Obtaining security risk function; 将根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数输入至安全风险函数中,并将输出结果标记为安全风险参数。The network traffic fluctuation parameters, behavior deviation parameters, abnormal frequency and network delay fluctuation parameters are input into the security risk function, and the output results are marked as security risk parameters. 8.根据权利要求1所述的智能终端安全风险评估方法,其特征在于,所述判断安全风险参数是否超过标准安全风险阈值的步骤之后,还包括:8. The method for assessing security risk of a smart terminal according to claim 1, characterized in that after the step of determining whether the security risk parameter exceeds the standard security risk threshold, it further comprises: 获取安全风险等级表,其中,所述安全风险等级表包括多个安全风险评估区间以及每个安全风险评估区间对应的安全风险等级;Obtaining a security risk level table, wherein the security risk level table includes a plurality of security risk assessment intervals and a security risk level corresponding to each security risk assessment interval; 根据超过标准安全风险阈值的安全风险参数获取目的安全风险评估区间;Obtaining a target security risk assessment interval based on security risk parameters exceeding a standard security risk threshold; 根据目的安全风险评估区间从安全风险等级表中获取对应的安全风险等级。Obtain the corresponding security risk level from the security risk level table according to the target security risk assessment interval. 9.一种智能终端安全风险评估系统,应用于权利要求1至8任意一项所述的智能终端安全风险评估方法,其特征在于,包括:9. A smart terminal security risk assessment system, applied to the smart terminal security risk assessment method according to any one of claims 1 to 8, characterized in that it comprises: 行为模块,用于采集智能终端的应用程序行为;Behavior module, used to collect application behavior of smart terminals; 判断模块,用于判断应用程序行为是否位于预设的应用程序行为评估区间内,若不位于,则标记为待评估应用程序行为;A judgment module, used to judge whether the application behavior is within a preset application behavior evaluation interval, and if not, mark it as an application behavior to be evaluated; 网络流量模块,用于采集待评估应用程序行为对应的网络流量数据,其中,所述网络流量数据包括历史网络流量数据和当前网络流量数据;A network traffic module, used to collect network traffic data corresponding to the behavior of the application program to be evaluated, wherein the network traffic data includes historical network traffic data and current network traffic data; 流量波动模块,用于根据待评估应用程序行为对应的历史网络流量数据和当前网络流量数据计算网络流量波动参数;A traffic fluctuation module, used to calculate network traffic fluctuation parameters based on historical network traffic data and current network traffic data corresponding to the behavior of the application to be evaluated; 偏差模块,用于获取待评估网络数据对应的系统日志,并根据系统日志获取用户操作记录与应用程序行为的行为偏差参数;Deviation module, used to obtain the system log corresponding to the network data to be evaluated, and obtain the behavior deviation parameters of the user operation record and the application behavior according to the system log; 频次模块,用于获取待评估应用程序行为的异常频率;The frequency module is used to obtain the abnormal frequency of the application behavior to be evaluated; 网络延迟模块,用于获取待评估应用程序行为的网络延迟数据,并根据网络延迟数据获取网络延迟波动参数;A network delay module is used to obtain network delay data of the application behavior to be evaluated, and obtain network delay fluctuation parameters based on the network delay data; 风险判定模块,用于根据网络流量波动参数、行为偏差参数、异常频率以及网络延迟波动参数判断智能终端的安全风险。The risk determination module is used to determine the security risk of the smart terminal based on network traffic fluctuation parameters, behavior deviation parameters, abnormal frequency and network delay fluctuation parameters. 10.一种智能终端安全风险评估终端,其特征在于,包括:10. An intelligent terminal security risk assessment terminal, characterized by comprising: 一个或多个处理器;one or more processors; 存储装置,其上存储有一个或多个程序;a storage device having one or more programs stored thereon; 当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现执行权利要求1-8中任意一项所述的智能终端安全风险评估方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the smart terminal security risk assessment method described in any one of claims 1-8.
CN202410758038.9A 2024-06-13 2024-06-13 A smart terminal security risk assessment system and method Active CN118828514B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410758038.9A CN118828514B (en) 2024-06-13 2024-06-13 A smart terminal security risk assessment system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410758038.9A CN118828514B (en) 2024-06-13 2024-06-13 A smart terminal security risk assessment system and method

Publications (2)

Publication Number Publication Date
CN118828514A true CN118828514A (en) 2024-10-22
CN118828514B CN118828514B (en) 2025-02-07

Family

ID=93073989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410758038.9A Active CN118828514B (en) 2024-06-13 2024-06-13 A smart terminal security risk assessment system and method

Country Status (1)

Country Link
CN (1) CN118828514B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119449432A (en) * 2024-11-11 2025-02-14 厦门多多云技术创新研究院有限公司 A network data risk assessment system for computers
CN119484168A (en) * 2025-01-16 2025-02-18 大湾区科技创新服务中心(广州)股份有限公司 A method and system for enterprise environmental risk assessment based on big data
CN119691759A (en) * 2025-02-25 2025-03-25 山东哲远信息科技有限公司 Information security protection method and system applied to electronic information platform
CN119766527A (en) * 2024-12-23 2025-04-04 北京天融信网络安全技术有限公司 Access control method, device, medium and program product based on risk prediction
CN120074947A (en) * 2025-04-23 2025-05-30 山东宏业发展集团有限公司 Intelligent electronic information exchange processing method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160205143A1 (en) * 2013-08-19 2016-07-14 Hewlett Packard Enterprise Development Lp Adaptive network security policies
CN117955712A (en) * 2024-01-19 2024-04-30 江苏智水智能科技有限责任公司 Communication information security risk early warning management and control method and system based on big data
CN118101250A (en) * 2024-01-31 2024-05-28 南京初哆科技有限公司 Network security detection method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160205143A1 (en) * 2013-08-19 2016-07-14 Hewlett Packard Enterprise Development Lp Adaptive network security policies
CN117955712A (en) * 2024-01-19 2024-04-30 江苏智水智能科技有限责任公司 Communication information security risk early warning management and control method and system based on big data
CN118101250A (en) * 2024-01-31 2024-05-28 南京初哆科技有限公司 Network security detection method and system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119449432A (en) * 2024-11-11 2025-02-14 厦门多多云技术创新研究院有限公司 A network data risk assessment system for computers
CN119766527A (en) * 2024-12-23 2025-04-04 北京天融信网络安全技术有限公司 Access control method, device, medium and program product based on risk prediction
CN119766527B (en) * 2024-12-23 2025-12-12 北京天融信网络安全技术有限公司 Access control methods, devices, media, and procedures based on risk prediction
CN119484168A (en) * 2025-01-16 2025-02-18 大湾区科技创新服务中心(广州)股份有限公司 A method and system for enterprise environmental risk assessment based on big data
CN119691759A (en) * 2025-02-25 2025-03-25 山东哲远信息科技有限公司 Information security protection method and system applied to electronic information platform
CN120074947A (en) * 2025-04-23 2025-05-30 山东宏业发展集团有限公司 Intelligent electronic information exchange processing method and system

Also Published As

Publication number Publication date
CN118828514B (en) 2025-02-07

Similar Documents

Publication Publication Date Title
CN118828514B (en) A smart terminal security risk assessment system and method
CN107204876B (en) Network security risk assessment method
CN108429651B (en) Flow data detection method and device, electronic equipment and computer readable medium
US7941855B2 (en) Computationally intelligent agents for distributed intrusion detection system and method of practicing same
CN118337512B (en) A network information intrusion detection and early warning system and method based on deep learning
CN106209856B (en) Method for generating big data security posture map based on trusted computing
CN118972157A (en) A network security intelligent protection method and system based on intrinsic security mechanism
CN117811764A (en) Zero trust network construction method and system
KR20200134143A (en) Integrated monitoring method and system
CN117879963A (en) An intelligent network security system and method based on big data analysis
CN118673500A (en) Intelligent terminal-based risk detection and assessment system and method
CN120029857A (en) A computer security monitoring method and system based on big data
CN120017320A (en) A real-time network security monitoring and protection method and system based on deep learning
CN118233174A (en) A network security abnormal information monitoring method and system
US20250007938A1 (en) Detection of anomalous data exfiltration using intelligent detection thresholds
CN120162785A (en) A malware response system and method based on artificial intelligence
CN119030765A (en) A network data security alarm system based on artificial intelligence
CN120050102A (en) Computer network security analysis method and system based on big data
CN119989353A (en) Computer information security processing method and system based on big data
CN118885466A (en) A database operation behavior identification method and system
CN118590314A (en) Artificial intelligence-based network threat detection method, system and medium
CN119906582B (en) API abnormal access detection and encryption protection method based on behavior analysis
CN119766624B (en) Alarm data reduction method, device, equipment, medium and product
CN120602192B (en) Dynamic encryption network security management system based on federal learning
CN118520472B (en) Computer data safety monitoring method and system based on big data technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant