[go: up one dir, main page]

CN119598441A - A computer data security protection system based on the Internet of Things - Google Patents

A computer data security protection system based on the Internet of Things Download PDF

Info

Publication number
CN119598441A
CN119598441A CN202411572624.0A CN202411572624A CN119598441A CN 119598441 A CN119598441 A CN 119598441A CN 202411572624 A CN202411572624 A CN 202411572624A CN 119598441 A CN119598441 A CN 119598441A
Authority
CN
China
Prior art keywords
authentication
internet
things
module
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411572624.0A
Other languages
Chinese (zh)
Inventor
白红英
李广华
张云飞
梁志成
李晓雪
郭炎
才力干
王胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ordos Institute of Technology
Original Assignee
Ordos Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ordos Institute of Technology filed Critical Ordos Institute of Technology
Priority to CN202411572624.0A priority Critical patent/CN119598441A/en
Publication of CN119598441A publication Critical patent/CN119598441A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Social Psychology (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明涉及计算机安全技术领域,具体涉及一种基于物联网的计算机数据安全防护系统,包括监控模块,用于实时监控物联网终端设备的工作状态和数据传输情况。加密模块,用于利用加密技术对数据传输进行加密处理。认证模块,用于利用密码学技术对用户和终端设备进行身份认证。记录模块,用于根据用户使用习惯动态调节验证层级。授权模块,用于通过多节点共同承担认证与授权任务;将身份认证与授权任务划分为基础认证、中级认证和高级认证。本发明大数据和机器学习技术对用户的登录时间、使用地点和操作习惯进行实时分析,系统能够根据风险等级动态调整认证强度,提高系统的安全性,从而采取措施保护财产和隐私安全。

The present invention relates to the field of computer security technology, and specifically to a computer data security protection system based on the Internet of Things, including a monitoring module for real-time monitoring of the working status and data transmission of Internet of Things terminal devices. An encryption module for encrypting data transmission using encryption technology. An authentication module for performing identity authentication on users and terminal devices using cryptographic technology. A recording module for dynamically adjusting the verification level according to user usage habits. An authorization module for jointly undertaking authentication and authorization tasks through multiple nodes; dividing identity authentication and authorization tasks into basic authentication, intermediate authentication, and advanced authentication. The big data and machine learning technologies of the present invention perform real-time analysis of the user's login time, usage location, and operating habits. The system can dynamically adjust the authentication strength according to the risk level to improve the security of the system, thereby taking measures to protect property and privacy security.

Description

Computer data safety protection system based on internet of things
Technical Field
The invention relates to the technical field of computer security, in particular to a computer data security protection system based on the Internet of things.
Background
With the development of the age, related technical means such as the Internet and big data are actively introduced into various industries, and the wide application of various high and new technologies enables the ways of learning, entertainment, life, consumption and the like of people to be changed greatly. It is also seen that computer network security is increasingly a problem while the internet and large data technology are widely used. The network information security problem not only affects individuals, but also affects enterprises and society. Therefore, technological companies are also paying more attention to network security, and developers are beginning to research the security of computer network information in the big data age.
In the prior art, a single authentication technology is generally adopted for security protection, and the authentication method is generally simpler, so that information is easy to leak or crack by an attacker. For example, an attacker may decoy the user into entering his account number and password by masquerading as a legitimate website or other application, thereby obtaining the user's credential information. Many users tend to use simple, easy-to-remember passwords and use the same password on multiple platforms, as well as other platforms will be affected once the password of one platform is compromised.
In summary, how to solve the problem in the prior art that the information is easily leaked or cracked by an attacker due to the adoption of the single authentication technology for security protection has become a problem to be solved in the present art, and therefore, it is necessary to provide a computer data security protection system based on the internet of things.
Disclosure of Invention
In order to solve the problems, the invention provides the computer data safety protection system based on the Internet of things, which analyzes the login time, the use place and the operation habit of a user in real time through big data and a machine learning technology, and can dynamically adjust the authentication strength according to the risk level to improve the safety of the system so as to take measures to protect property and privacy safety.
In order to achieve the purpose, the technical scheme of the invention is that the computer data security protection system based on the Internet of things comprises a monitoring module, an encryption module, an authentication module, a recording module and an authorization module.
And the monitoring module is used for monitoring the working state and the data transmission condition of the terminal equipment of the Internet of things in real time.
The encryption module is used for encrypting the data transmission by utilizing the encryption technology and simultaneously providing a decryption function.
And the authentication module is used for authenticating the identity of the user and the terminal equipment by utilizing the cryptography technology.
And the recording module is used for dynamically adjusting the verification level according to the use habit of the user and setting different access rights according to the roles and the attributes of the user.
The authorization module is used for jointly bearing authentication and authorization tasks through multiple nodes and dividing the authentication and authorization tasks into basic authentication, medium-level authentication and high-level authentication.
Further, the terminal devices of the internet of things include, but are not limited to, computers, cell phones, tablets, smart watches, and smart homes.
Further, the monitoring module comprises the following units:
And the acquisition unit is used for acquiring physical world data and converting the physical world data into digital signals.
And the network unit is used for transmitting the acquired data by adopting a network security technology.
And the data processing unit is used for analyzing and processing the transmitted data and extracting useful information.
And the application unit is used for establishing a management platform and an operation platform of the actual application according to the user requirements.
Further, network security technologies include network firewalls, intrusion detection systems IDS, and intrusion prevention systems IPS.
Further, the encryption technique adopts symmetric encryption AES and asymmetric encryption RSA algorithms.
Further, cryptographic techniques include digital signature, public key and private key authentication techniques.
Further, the verification hierarchy includes single factor authentication, multi-factor authentication, and biometric authentication.
Further, dynamically adjusting the verification hierarchy includes the steps of:
s1, analyzing behaviors, namely collecting and analyzing login time, use place and operation habit information of a user by utilizing big data and machine learning technology, and constructing a user behavior model.
S2, grouping the users, namely dividing the users into different groups according to the behavior mode of the users, and setting different access rights for each group.
S3, setting the access rights by adopting real-time behavior analysis and biological feature recognition.
Further, in S1, the operation habits include, but are not limited to, typing speed, mouse movement trajectory, keyboard tap mode, and screen sliding speed.
In the authorization module, the single factor is adopted for basic authentication in a low risk scene, the multiple factors are adopted for medium-level authentication in a medium risk scene, and the biological characteristics are adopted for high-level authentication in a high risk scene.
The adoption of the scheme has the following principle and beneficial effects:
1. The invention adjusts the verification mode according to the behavior mode and habit of the user, and the system provides corresponding security measures according to the actual risk level of the user by dynamically adjusting the verification level. The login time, the use place and the operation habit of the user are analyzed in real time through big data and machine learning technology, and the system can discover abnormal behaviors in time, such as abnormal login attempts or data leakage risks, so that measures are taken to protect property and privacy safety.
By combining single factor, multiple factors and biological feature authentication, the system can dynamically adjust the authentication intensity according to the risk level, so that the security of the system is improved, and particularly in a high-risk scene, the biological feature authentication can not be forged almost, and illegal access is effectively prevented. Under the low risk scene, a simple single-factor authentication mode is adopted, so that tedious verification steps encountered by a user in daily use can be reduced, and the operation convenience is improved.
2. According to the invention, the working state and the data transmission condition of the terminal equipment of the Internet of things can be monitored in real time through the monitoring module, and abnormal behaviors can be found in time. Once abnormal behaviors or potential threats are detected, a multi-level response mechanism is immediately triggered, so that the protection safety of the computer is ensured. The data processing unit carries out deep analysis on the collected data, extracts key information and provides data support for the formulation of the security policy. This helps identify potential security vulnerabilities and take precautions in advance.
3. The invention ensures confidentiality and integrity of data in the transmission process by utilizing symmetric encryption AES and asymmetric encryption RSA technologies. The encryption and decryption functions are provided, so that data can be properly protected at a transmitting end and a receiving end, the data is prevented from being intercepted, tampered or leaked halfway, the access of illegal users or equipment is effectively prevented, and the safety of a system is further ensured.
4. According to the invention, a multi-layer defense system is constructed through the network firewall, the IDS and the IPS technologies, so that potential network attacks can be effectively identified and intercepted, and the safety of network data is ensured. According to the network flow and the attack behavior monitored in real time, the network security policy can be dynamically adjusted, and the defending measures are further increased.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a block diagram of a computer data security protection system based on the internet of things in an embodiment of the invention.
Fig. 2 is a block diagram of a monitoring module according to an embodiment of the present invention.
FIG. 3 is a schematic diagram of dynamically adjusting a verification level in an embodiment of the invention.
Detailed Description
The following is a further detailed description of the embodiments:
Example 1:
1-3, the computer data security protection system based on the Internet of things comprises a monitoring module, an encryption module, an authentication module, a recording module and an authorization module. The monitoring module is mainly used for monitoring the working state and the data transmission condition of the terminal equipment of the Internet of things in real time. The encryption module is used for encrypting the data transmission and providing a decryption function. The authentication module is used for carrying out identity authentication on the user and the terminal equipment. The recording module is used for dynamically adjusting the verification level according to the use habit of the user. The authorization module commonly bears authentication and authorization tasks through multiple nodes, and divides the authentication and authorization tasks into basic authentication, medium authentication and high authentication.
The functions of the modules are explained in detail below in turn:
and the monitoring module is used for monitoring the working state and the data transmission condition of the terminal equipment of the Internet of things in real time. The terminal equipment of the Internet of things comprises, but is not limited to, a computer, a mobile phone, a tablet, a smart watch and a smart home, wherein the computer and the mobile phone are selected in the embodiment.
And the encryption module is used for encrypting the data transmission by utilizing the symmetric encryption AES and the asymmetric encryption RSA algorithm and simultaneously providing a decryption function.
And the authentication module is used for carrying out identity authentication on the user and the terminal equipment by utilizing digital signature, public key and private key authentication technology.
Specifically, the monitoring module monitors the working state and the data transmission condition of the terminal equipment of the Internet of things in real time. If the terminal device communicates with the virus website, the monitoring module can detect abnormal data flow or behavior patterns. If the monitoring module is improperly configured or a vulnerability exists, an attacker may bypass monitoring or utilize false data to mask its malicious activity. The encryption module uses symmetric encryption AES and asymmetric encryption RSA algorithm to encrypt data transmission, so as to ensure confidentiality and integrity of the data in the transmission process. The authentication module can encrypt data using a public key before transmitting sensitive information, and only users holding the corresponding private key can decrypt the data.
For example, assume that a user is using a computer and a cell phone to perform a surfing activity. The user attempts to access an unknown website link, possibly a link obtained through mail, social media, or other channels. The monitoring module detects that the user accesses an unknown website and that the website may contain malicious content. The monitoring module triggers an alarm and alerts the user that the website may be unsafe.
Even if the user continues to access the web site, all of the transmitted data will be encrypted by the encryption module. If the website attempts to send malicious code to the user device, the code will be encrypted and thus difficult to execute. If the website requires the user to provide personal information or download certain files, the authentication module may require the user to authenticate the user.
The recording module is used for dynamically adjusting the verification level according to the use habit of the user, wherein the verification level comprises single-factor authentication, multi-factor authentication and biological characteristic authentication, and different access rights are set according to the roles and the attributes of the user.
Wherein dynamically adjusting the verification hierarchy comprises the steps of:
s1, analyzing behaviors, namely collecting and analyzing login time, use place and operation habit information of a user by utilizing big data and machine learning technology, and constructing a user behavior model.
S2, grouping the users, namely dividing the users into different groups according to the behavior mode of the users, and setting different access rights for each group.
S3, setting the access rights by adopting real-time behavior analysis and biological feature recognition.
Specifically, the recording module collects information such as login time, use place, operation habit (such as typing speed, mouse moving track, keyboard knocking mode and screen sliding speed) of a user through big data and machine learning technology. And the system builds a behavior model of the user according to the collected data, and identifies the normal operation mode of the user.
The system classifies users into different groups according to their behavioral patterns. For example, the operation habits of elderly people are significantly different from those of ordinary children. The typing speed and the reading sliding speed of the old are obviously slower than those of the common children.
The recording module divides the users into different groups. The adult is taken as a regular user and has higher trust and access rights, and the child is taken as an occasional user and is classified into a group with lower trust.
For example, a child picks up a adult's cell phone, opens a game and begins playing. The recording module monitors the behavior mode of the user in real time and detects that the current operation habit is inconsistent with the behavior model of the adult. The system dynamically adjusts the verification level according to the detection result, and multi-factor authentication or biological feature authentication is required.
Even if a child can pass verification, the system can still set corresponding access rights according to the roles and attributes of the user. The child is prohibited from making an in-game purchase or recharge. If the child fails to pass the verification or the authority setting and does not allow recharging, the recharging operation cannot be completed. At the same time, the system records this attempt and notifies the adult of information about the abnormal activity.
The authorization module is used for jointly bearing authentication and authorization tasks through multiple nodes and dividing the authentication and authorization tasks into basic authentication, medium-level authentication and high-level authentication.
The method comprises the steps of performing basic authentication by adopting a single factor in a low risk scene, performing medium-level authentication by adopting multiple factors in a medium risk scene, and performing high-level authentication by adopting biological characteristics in a high risk scene.
Specifically, the authorization module is a complex and flexible system responsible for managing access rights based on user identity and environmental factors. The multi-node bears authentication and authorization tasks together, so that the safety and reliability of the system can be enhanced. In the aspect of dividing identity authentication and authorization levels, basic authentication, intermediate authentication and advanced authentication are used as different levels, and dynamic adjustment is carried out according to actual conditions and security requirements.
For example, mr. Tense receives a notification message from a counterfeit bank requesting his immediate login to the bank App for verification. Mr logs in the bank App according to the short message instruction and tries to make a large transfer. The recording module monitors the behavior mode of the user in real time and detects that the current operation habit is inconsistent with the daily behavior model of Mr. Zhang. The system marks the Mr. tensor account as a high risk state. Meanwhile, mr. Tensor is temporarily classified into a user group requiring a higher authentication level according to a preset rule.
The system further requires biometric authentication (such as fingerprint, iris or face recognition) for further verification due to the large transfer amount and abnormal login location. If Mr. fails the biometric authentication, the transfer operation is rejected.
Example 2:
as shown in fig. 2, the difference from the above embodiment is that the monitoring module includes an acquisition unit, a network unit, a data processing unit, and an application unit.
Specifically, the acquisition unit is mainly used for acquiring physical world data and converting the physical world data into digital signals. The network unit is used for transmitting the acquired data by adopting a network security technology, wherein the network security technology comprises a network firewall, an intrusion detection system IDS and an intrusion prevention system IPS. The data processing unit is used for analyzing and processing the transmitted data and extracting useful information. The application unit is used for establishing a management platform and an operation platform of the actual application according to the user requirements.
For example, a user views a screen of a home network camera of a smart home through a smart phone application. The network element ensures the security of data transmission and prevents unauthorized devices from accessing through firewall, IDS, IPS, etc. techniques.
The acquisition unit captures the video stream and converts it into a digital signal. The intrusion detection system IDS detects abnormal traffic or behaviour and sends an alert to the user. When the system detects abnormal activities, the intrusion prevention system IPS actively prevents data transmission and takes measures to prevent data from being stolen.
Through the cooperative work of all the components of the monitoring module, the system can effectively prevent unauthorized data access and protect the privacy security of users. In this example, even if someone tries to steal home privacy over the network, the system can protect the user's home privacy by preventing potentially risky operations through real-time behavioral analysis, intrusion detection and defense mechanisms.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While still being apparent from variations or modifications that may be made by those skilled in the art are within the scope of the invention.

Claims (10)

1. The computer data safety protection system based on the Internet of things is characterized by comprising a monitoring module, an encryption module, an authentication module, a recording module and an authorization module;
the monitoring module is used for monitoring the working state and the data transmission condition of the terminal equipment of the Internet of things in real time;
the encryption module is used for encrypting the data transmission by utilizing an encryption technology and simultaneously providing a decryption function;
the authentication module is used for authenticating the identity of the user and the terminal equipment by utilizing the cryptography technology;
the recording module is used for dynamically adjusting the verification level according to the use habit of the user and setting different access rights according to the roles and the attributes of the user;
The authorization module is used for jointly bearing authentication and authorization tasks through multiple nodes and dividing the authentication and authorization tasks into basic authentication, medium-level authentication and high-level authentication.
2. The internet of things-based computer data security system of claim 1, wherein the internet of things terminal devices include, but are not limited to, computers, cell phones, tablets, smart watches, and smart homes.
3. The internet of things-based computer data security system of claim 2, wherein the monitoring module comprises the following elements:
the acquisition unit is used for acquiring physical world data and converting the physical world data into digital signals;
The network unit is used for transmitting the acquired data by adopting a network security technology;
The data processing unit is used for analyzing and processing the transmitted data and extracting useful information;
and the application unit is used for establishing a management platform and an operation platform of the actual application according to the user requirements.
4. The internet of things-based computer data security system of claim 3, wherein the network security technologies include a network firewall, an intrusion detection system IDS, and an intrusion prevention system IPS.
5. The internet of things-based computer data security protection system according to claim 4, wherein the encryption technology adopts symmetric encryption AES and asymmetric encryption RSA algorithms.
6. The internet of things-based computer data security system of claim 5, wherein the cryptographic techniques include digital signature, public key and private key authentication techniques.
7. The internet of things-based computer data security system of claim 6, wherein the verification hierarchy includes single factor authentication, multi-factor authentication, and biometric authentication.
8. The internet of things-based computer data security system of claim 7, wherein dynamically adjusting the authentication hierarchy comprises the steps of:
S1, behavior analysis, namely collecting and analyzing login time, use place and operation habit information of a user by utilizing big data and a machine learning technology, and constructing a user behavior model;
s2, grouping users, namely dividing the users into different groups according to the behavior mode of the users, and setting different access rights for each group;
s3, setting the access rights by adopting real-time behavior analysis and biological feature recognition.
9. The internet of things-based computer data security system of claim 8, wherein in S1, the operating habits include, but are not limited to, typing speed, mouse movement trajectory, keyboard tapping pattern, and screen sliding speed.
10. The internet of things-based computer data security protection system of claim 9, wherein in the authorization module, single factor is adopted for basic authentication in a low risk scenario, multiple factors are adopted for medium-level authentication in a medium risk scenario, and biological characteristics are adopted for high-level authentication in a high risk scenario.
CN202411572624.0A 2024-11-06 2024-11-06 A computer data security protection system based on the Internet of Things Pending CN119598441A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411572624.0A CN119598441A (en) 2024-11-06 2024-11-06 A computer data security protection system based on the Internet of Things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411572624.0A CN119598441A (en) 2024-11-06 2024-11-06 A computer data security protection system based on the Internet of Things

Publications (1)

Publication Number Publication Date
CN119598441A true CN119598441A (en) 2025-03-11

Family

ID=94829670

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411572624.0A Pending CN119598441A (en) 2024-11-06 2024-11-06 A computer data security protection system based on the Internet of Things

Country Status (1)

Country Link
CN (1) CN119598441A (en)

Similar Documents

Publication Publication Date Title
Xiao et al. Edge computing security: State of the art and challenges
Hashemi et al. Internet of Things backdoors: Resource management issues, security challenges, and detection methods
CN110049021A (en) Data of information system safety protecting method and system
US20100275265A1 (en) System for securing transactions across insecure networks
AU2012318937A1 (en) Secure integrated cyberspace security and situational awareness system
CN118631552B (en) A computer network security protection method
CN116962076A (en) Zero trust system of internet of things based on block chain
Oberoi et al. SURVEY OF VARIOUS SECURITY ATTACKS IN CLOUDS BASED ENVIRONMENTS.
Almaiah et al. Classification of Cybersecurity Threats, Vulnerabilities and Countermeasures in Database Systems.
CN117763525A (en) Mobile terminal information safety protection system and method
Balakrishnan et al. An analysis on keylogger attack and detection based on machine learning
Ghadge Enhancing threat detection in Identity and Access Management (IAM) systems
Kumbhare et al. Security and privacy of biomedical data in IoMT
Maurya et al. Blockchain-powered solution to safeguard iot devices against attacks
Kumar et al. Advance comprehensive analysis for Zigbee network-based IoT system security
Zlatanov Computer security and mobile security challenges
CN118468310A (en) A computer information theft prevention method and system
Kujo Implementing zero trust architecture for identities and endpoints with Microsoft tools
CN119598441A (en) A computer data security protection system based on the Internet of Things
Obodoeze et al. A holistic mobile security framework for Nigeria
Sirajuddin et al. Malware Detection Approaches and Analysis for the Internet of Medical Things Enabled Healthcare Systems
CN112000953A (en) Big data terminal safety protection system
Temdee et al. Security for context-aware applications
Erlich et al. Goals and practices in maintaining information systems security
Samarati et al. Data security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination