[go: up one dir, main page]

CN111541653B - Data communication monitoring system and method - Google Patents

Data communication monitoring system and method Download PDF

Info

Publication number
CN111541653B
CN111541653B CN202010256662.0A CN202010256662A CN111541653B CN 111541653 B CN111541653 B CN 111541653B CN 202010256662 A CN202010256662 A CN 202010256662A CN 111541653 B CN111541653 B CN 111541653B
Authority
CN
China
Prior art keywords
data
client
authority
communication
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010256662.0A
Other languages
Chinese (zh)
Other versions
CN111541653A (en
Inventor
秦继林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute of Commerce and Technology
Original Assignee
Shandong Institute of Commerce and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute of Commerce and Technology filed Critical Shandong Institute of Commerce and Technology
Priority to CN202010256662.0A priority Critical patent/CN111541653B/en
Publication of CN111541653A publication Critical patent/CN111541653A/en
Application granted granted Critical
Publication of CN111541653B publication Critical patent/CN111541653B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B25/00Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems
    • G08B25/01Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium
    • G08B25/08Alarm systems in which the location of the alarm condition is signalled to a central station, e.g. fire or police telegraphic systems characterised by the transmission medium using communication transmission lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Business, Economics & Management (AREA)
  • Emergency Management (AREA)
  • Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data communication monitoring system and a method, comprising the following steps: the system comprises an administrator authority identification unit, a communication authority setting unit, an abnormal data identification unit and a flow monitoring unit. The invention ensures the use safety of the system by identifying the authority of the system administrator; when the client uses the data communication network, the abnormal information in the data stream sent by the client is identified in real time, and after the identification is successful, the communication authority of the corresponding client is closed or the flow monitoring unit is used for limiting the flow of the corresponding client, so that the user experience is ensured, and meanwhile, the safety of the communication network is effectively guaranteed.

Description

一种数据通讯监控系统及方法A data communication monitoring system and method

技术领域technical field

本发明涉及电子通讯技术领域,更具体的说是涉及一种数据通讯监控系统及方法。The present invention relates to the technical field of electronic communication, and more specifically relates to a data communication monitoring system and method.

背景技术Background technique

数据通讯是把数据的处理和传输合为一体,实现数字信息的接收、存储、处理和传输,并对信息流加以控制、校验和管理的一种通讯形式。随着数据通讯网络的不断发展,越来越多的通讯设备已经应用在了工业和日常生活中,大大便利了人们的工作和生活。Data communication is a form of communication that integrates data processing and transmission, realizes the reception, storage, processing and transmission of digital information, and controls, verifies and manages information flow. With the continuous development of data communication networks, more and more communication devices have been applied in industry and daily life, greatly facilitating people's work and life.

伴随着数据通讯的广泛应用,数据通讯的安全问题也日益显现。针对现有的数据通讯网络,经常存在不法人员发起的恶意攻击和破坏的情况,比如通过不停的发送一些异常的数据,恶意的占用网络的流量,或者不时的发送一些带有违法信息的数据,使其在网络中传播。因此,如何加强对数据通讯网络的监控,有效的发现并控制上述恶意行为,从而保证数据通讯的安全,是我们亟待解决的问题。With the wide application of data communication, the security problem of data communication is also becoming more and more obvious. For the existing data communication network, there are often malicious attacks and damages initiated by illegal personnel, such as sending some abnormal data continuously, maliciously occupying network traffic, or sending some data with illegal information from time to time , causing it to propagate across the network. Therefore, how to strengthen the monitoring of the data communication network, effectively discover and control the above-mentioned malicious behaviors, so as to ensure the security of data communication is an urgent problem to be solved.

发明内容Contents of the invention

针对以上问题,本发明的目的在于提供一种数据通讯监控系统及方法,能够有效的发现并监控恶意数据,从而保证数据通讯的安全。In view of the above problems, the purpose of the present invention is to provide a data communication monitoring system and method, which can effectively discover and monitor malicious data, thereby ensuring the security of data communication.

本发明为实现上述目的,通过以下技术方案实现:一种数据通讯监控系统,包括:管理员权限识别单元、通讯权限设置单元、异常数据识别单元和流量监控单元;In order to achieve the above object, the present invention is achieved through the following technical solutions: a data communication monitoring system, comprising: an administrator authority identification unit, a communication authority setting unit, an abnormal data identification unit and a flow monitoring unit;

所述管理员权限识别单元,用于识别系统管理员身份,并向管理员开放对应的权限等级;The administrator authority identification unit is used to identify the identity of the system administrator and open the corresponding authority level to the administrator;

所述通讯权限设置单元,用于设定客户端的通讯网络使用权限;The communication authority setting unit is used to set the communication network usage authority of the client;

所述异常数据识别单元,用于识别客户端发送的数据流中的异常信息,识别成功后,通过通讯权限设置单元禁止相应客户端的通讯权限或通过流量监控单元对相应客户端进行限流;The abnormal data identification unit is used to identify the abnormal information in the data stream sent by the client. After the identification is successful, the communication authority of the corresponding client is prohibited through the communication authority setting unit or the corresponding client is limited through the traffic monitoring unit;

所述流量监控单元,用于监测客户端的数据流量并进行数据流量控制。The flow monitoring unit is used to monitor the data flow of the client and perform data flow control.

进一步,还包括阈值警报单元,Further, a threshold alarm unit is also included,

所述阈值警报单元,用于当流量监控单元监测到客户端的数据流量超过预设阈值后,发出警报信息。The threshold alarm unit is configured to issue an alarm message when the traffic monitoring unit detects that the data traffic of the client exceeds a preset threshold.

进一步,还包括无线通信单元,所述无线通信单元包括SIM卡槽和SIM卡通讯模块,SIM卡槽和SIM卡通讯模块通过SIM卡通讯电路连接,所述SIM卡槽内安装SIM后,用于将通讯监控数据或警报信息通过GSM 网发送至管理员的手持通信终端上。Further, it also includes a wireless communication unit, the wireless communication unit includes a SIM card slot and a SIM card communication module, the SIM card slot and the SIM card communication module are connected through a SIM card communication circuit, and after the SIM is installed in the SIM card slot, it is used for Send communication monitoring data or alarm information to the administrator's handheld communication terminal through the GSM network.

进一步,所述管理员权限认证单元包括:输入模块、存储模块、比对模块和权限开放模块;Further, the administrator authority authentication unit includes: an input module, a storage module, a comparison module and an authority opening module;

所述输入模块用于输入管理员的身份信息和身份校验码;The input module is used to input the administrator's identity information and identity verification code;

所述存储模块用于存储管理员身份信息、对应的身份校验码和权限等级;The storage module is used to store administrator identity information, corresponding identity verification codes and authority levels;

所述比对模块用于多输入的管理员的身份信息和身份校验码与存储模块中的身份信息和身份校验码进行比对,比对成功后锁定对应的权限等级;The identity information and the identity verification code of the administrator who is used for multi-input by the comparison module are compared with the identity information and the identity verification code in the storage module, and the corresponding authority level is locked after the comparison is successful;

所述权限开放模块,用于根据权限信息开放管理员的权限等级。The authority opening module is used to open the authority level of the administrator according to the authority information.

进一步,所述异常数据识别单元包括:Further, the abnormal data identification unit includes:

数据仓库,所述数据仓库内存储有预设的异常数据集;A data warehouse, wherein a preset abnormal data set is stored in the data warehouse;

模型构建模块,用于采用基于神经网络的建模算法为预设的异常数据建立异常数据模型;The model building module is used to establish an abnormal data model for preset abnormal data by adopting a neural network-based modeling algorithm;

数据队列组建模块,用于读取客户端发送的数据流,并建立数据流的数据队列;The data queue building module is used to read the data flow sent by the client and establish the data queue of the data flow;

识别模块,用于加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端。The identification module is used to load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed.

进一步,所述异常数据识别单元还包括:Further, the abnormal data identification unit also includes:

分析模块,用于采用批处理方式对识别模块匹配的的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级。The analysis module is used to perform statistics on the client data matched by the identification module in batch processing to obtain the data size, proportion of abnormal information, and intensity of sensitive information, and obtain the abnormal level of the client according to the preset evaluation standard.

进一步,所述通讯权限设置单元还用于当客户端的异常等级达到第一预设等级后,关闭客户端的通讯网络使用权限;所述流量监控单元还用于当客户端的异常等级达到第二预设等级后,修改客户端的TCP连接限制参数,所述客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。Further, the communication authority setting unit is also used to close the communication network usage authority of the client when the abnormal level of the client reaches the first preset level; the traffic monitoring unit is also used to close the communication network usage authority of the client when the abnormal level of the client reaches the second preset After leveling, modify the TCP connection limit parameter of the client, and the number of TCP connections of the client within the preset time interval is not greater than the TCP connection limit parameter.

相应的,本发明还公开了一种数据通讯监控方法,包括如下步骤:Correspondingly, the present invention also discloses a data communication monitoring method, including the following steps:

S1:识别系统管理员身份,并向管理员开放对应的权限等级;S1: Identify the identity of the system administrator, and open the corresponding authority level to the administrator;

S2:读取客户端发送的数据流,识别数据流中的异常信息;S2: Read the data stream sent by the client, and identify abnormal information in the data stream;

S3:识别成功后,禁止客户端的通讯权限或进行限流,并生成处理结果;S3: After the identification is successful, the client's communication authority is prohibited or the current is limited, and the processing result is generated;

S4:将处理结果通过GSM 网发送至管理员的手持通信终端上。S4: Send the processing result to the administrator's handheld communication terminal through the GSM network.

进一步,所述步骤S2具体包括:Further, the step S2 specifically includes:

S21:读取客户端发送的数据流,并建立数据流的数据队列;S21: Read the data flow sent by the client, and establish a data queue for the data flow;

S22:加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端;S22: Load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed;

S23:采用批处理方式对识别模块匹配的的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级。S23: Use batch processing to count the client data matched by the identification module, obtain the data size, abnormal information ratio, and sensitive information intensity, and obtain the abnormal level of the client according to the preset evaluation standard.

进一步,所述步骤S3具体包括:Further, the step S3 specifically includes:

当客户端的异常等级达到第一预设等级后,关闭客户端的通讯网络使用权限;用于当客户端的异常等级达到第二预设等级后,修改客户端的TCP连接限制参数,使客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。When the abnormality level of the client reaches the first preset level, close the communication network usage authority of the client; it is used to modify the TCP connection limit parameters of the client when the abnormality level of the client reaches the second preset level, so that the client is in the preset The number of TCP connections in the time interval is not greater than the TCP connection limit parameter.

对比现有技术,本发明有益效果在于:本发明提供了及一种数据通讯监控系统及方法,通过识别系统管理员的权限,保证了系统的使用安全;在客户端使用数据通讯网络时,实时识别客户端发送的数据流中的异常信息,识别成功后,通过关闭相应客户端的通讯权限或通过流量监控单元对相应客户端进行限流,在保证用户体验的同时,有效的保障了通讯网络的安全。另外,本发明还设有无线通信单元,能够通过GSM 网与管理员的手持通信终端进行通信,进而可以向管理员发送阈值警报和相应的通信数据。Compared with the prior art, the beneficial effects of the present invention are: the present invention provides a data communication monitoring system and method, which ensures the safety of the system by identifying the authority of the system administrator; when the client uses the data communication network, real-time Identify abnormal information in the data stream sent by the client. After successful identification, close the communication authority of the corresponding client or limit the flow of the corresponding client through the traffic monitoring unit. While ensuring the user experience, the communication network is effectively guaranteed. Safety. In addition, the present invention also has a wireless communication unit, which can communicate with the administrator's hand-held communication terminal through the GSM network, and then can send threshold alarms and corresponding communication data to the administrator.

由此可见,本发明与现有技术相比,具有突出的实质性特点和显著的进步,其实施的有益效果也是显而易见的。It can be seen that, compared with the prior art, the present invention has outstanding substantive features and remarkable progress, and the beneficial effects of its implementation are also obvious.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

附图1是本发明实施例一的系统结构图。Accompanying drawing 1 is a system structure diagram of Embodiment 1 of the present invention.

附图2是本发明实施例二的方法流程图。Accompanying drawing 2 is the method flowchart of embodiment 2 of the present invention.

附图3是本发明实施例三的方法流程图。Accompanying drawing 3 is the method flowchart of embodiment 3 of the present invention.

具体实施方式Detailed ways

下面结合附图对本发明的具体实施方式做出说明。Specific embodiments of the present invention will be described below in conjunction with the accompanying drawings.

实施例一:Embodiment one:

如图1所示一种数据通讯监控系统,包括:管理员权限识别单元、通讯权限设置单元、异常数据识别单元、流量监控单元、阈值警报单元和无线通信单元;As shown in Figure 1, a data communication monitoring system includes: an administrator authority identification unit, a communication authority setting unit, an abnormal data identification unit, a flow monitoring unit, a threshold alarm unit and a wireless communication unit;

所述管理员权限识别单元,用于识别系统管理员身份,并向管理员开放对应的权限等级。管理员权限认证单元包括:输入模块、存储模块、比对模块和权限开放模块;所述输入模块用于输入管理员的身份信息和身份校验码;所述存储模块用于存储管理员身份信息、对应的身份校验码和权限等级;所述比对模块用于多输入的管理员的身份信息和身份校验码与存储模块中的身份信息和身份校验码进行比对,比对成功后锁定对应的权限等级;所述权限开放模块,用于根据权限信息开放管理员的权限等级。The administrator authority identification unit is used to identify the identity of the system administrator and open the corresponding authority level to the administrator. The administrator authority authentication unit includes: an input module, a storage module, a comparison module and an authority opening module; the input module is used to input the administrator's identity information and identity verification code; the storage module is used to store the administrator's identity information , corresponding identity verification code and authority level; the identity information and identity verification code of the administrator who is used for multi-input by the comparison module are compared with the identity information and the identity verification code in the storage module, and the comparison is successful Then lock the corresponding authority level; the authority opening module is used to open the authority level of the administrator according to the authority information.

所述通讯权限设置单元,用于设定客户端的通讯网络使用权限。The communication authority setting unit is used to set the communication network usage authority of the client.

所述异常数据识别单元,用于识别客户端发送的数据流中的异常信息,识别成功后,通过通讯权限设置单元禁止相应客户端的通讯权限或通过流量监控单元对相应客户端进行限流;The abnormal data identification unit is used to identify the abnormal information in the data stream sent by the client. After the identification is successful, the communication authority of the corresponding client is prohibited through the communication authority setting unit or the corresponding client is limited through the traffic monitoring unit;

所述流量监控单元,用于监测客户端的数据流量并进行数据流量控制。The flow monitoring unit is used to monitor the data flow of the client and perform data flow control.

所述阈值警报单元,用于当流量监控单元监测到客户端的数据流量超过预设阈值后,发出警报信息。The threshold alarm unit is configured to issue an alarm message when the traffic monitoring unit detects that the data traffic of the client exceeds a preset threshold.

所述无线通信单元包括SIM卡槽和SIM卡通讯模块,SIM卡槽和SIM卡通讯模块通过SIM卡通讯电路连接,所述SIM卡槽内安装SIM后,用于将通讯监控数据或警报信息通过GSM网发送至管理员的手持通信终端上。The wireless communication unit includes a SIM card slot and a SIM card communication module, and the SIM card slot and the SIM card communication module are connected through a SIM card communication circuit. After installing a SIM in the SIM card slot, it is used to pass communication monitoring data or alarm information GSM network sent to the administrator's handheld communication terminal.

其中,异常数据识别单元包括:Among them, the abnormal data identification unit includes:

数据仓库,所述数据仓库内存储有预设的异常数据集。A data warehouse, wherein a preset abnormal data set is stored in the data warehouse.

模型构建模块,用于采用基于神经网络的建模算法为预设的异常数据建立异常数据模型。The model building module is used for establishing an abnormal data model for preset abnormal data by adopting a neural network-based modeling algorithm.

数据队列组建模块,用于读取客户端发送的数据流,并建立数据流的数据队列。The data queue building module is used to read the data flow sent by the client and build a data queue of the data flow.

识别模块,用于加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端。The identification module is used to load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed.

分析模块,用于采用批处理方式对识别模块匹配的的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级。The analysis module is used to perform statistics on the client data matched by the identification module in batch processing to obtain the data size, proportion of abnormal information, and intensity of sensitive information, and obtain the abnormal level of the client according to the preset evaluation standard.

当客户端的异常等级达到第一预设等级后,通讯权限设置单元关闭客户端的通讯网络使用权限。禁止客户端在一定时间内使用通讯网络。当客户端的异常等级达到第二预设等级后,流量监控单元修改客户端的TCP连接限制参数,所述客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。一旦超过TCP连接限制参数,在一定时间周期内禁止客户端再次TCP连接,当TCP连接数量减少至低于TCP连接限制参数后,开放连接。When the abnormal level of the client reaches the first preset level, the communication authority setting unit closes the communication network usage authority of the client. The client is prohibited from using the communication network within a certain period of time. When the abnormal level of the client reaches the second preset level, the traffic monitoring unit modifies the TCP connection limit parameter of the client, and the number of TCP connections of the client within the preset time interval is not greater than the TCP connection limit parameter. Once the TCP connection limit parameter is exceeded, the client is prohibited from re-TCP connection within a certain period of time. When the number of TCP connections decreases below the TCP connection limit parameter, the connection is opened.

实施例二:Embodiment two:

相应的,如图2所示,本发明还公开了一种数据通讯监控方法,包括如下步骤:Correspondingly, as shown in Figure 2, the present invention also discloses a data communication monitoring method, including the following steps:

S201:识别系统管理员身份,并向管理员开放对应的权限等级。S201: Identify the identity of the system administrator, and open the corresponding authority level to the administrator.

S202:读取客户端发送的数据流,识别数据流中的异常信息。S202: Read the data stream sent by the client, and identify abnormal information in the data stream.

S203:识别成功后,禁止客户端的通讯权限或进行限流,并生成处理结果。S203: After the identification is successful, the communication authority of the client is prohibited or the flow is limited, and a processing result is generated.

S204:将处理结果通过GSM 网发送至管理员的手持通信终端上。S204: Send the processing result to the administrator's handheld communication terminal through the GSM network.

实施例三:Embodiment three:

在上述实施例的基础上,如图3所示,本实施例还还公开了一种数据通讯监控方法,包括如下步骤:On the basis of the above embodiments, as shown in Figure 3, this embodiment also discloses a data communication monitoring method, including the following steps:

S301:识别系统管理员身份,并向管理员开放对应的权限等级。S301: Identify the identity of the system administrator, and open the corresponding authority level to the administrator.

S302:读取客户端发送的数据流,并建立数据流的数据队列。S302: Read the data flow sent by the client, and establish a data queue of the data flow.

S303:加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端。S303: Load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed.

S304:采用批处理方式对识别模块匹配的的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级。S304: Use batch processing to count the client data matched by the identification module, obtain the data size, abnormal information ratio, and sensitive information intensity, and obtain the abnormal level of the client according to the preset evaluation standard.

S305:当客户端的异常等级达到第一预设等级后,关闭客户端的通讯网络使用权限;当客户端的异常等级达到第二预设等级后,修改客户端的TCP连接限制参数,使客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。S305: When the abnormality level of the client reaches the first preset level, close the communication network usage authority of the client; when the abnormality level of the client reaches the second preset level, modify the TCP connection limit parameter of the client so that the client is at the preset The number of TCP connections in the time interval is not greater than the TCP connection limit parameter.

S306:将通讯监控过程数据和警报信息通过GSM 网发送至管理员的手持通信终端上。S306: Send the communication monitoring process data and alarm information to the administrator's handheld communication terminal through the GSM network.

在本发明所提供的几个实施例中,应该理解到,所揭露的系统、系统和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,系统或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed system, system and method can be implemented in other ways. For example, the system embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of systems or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个单元中。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each module may physically exist separately, or two or more modules may be integrated into one unit.

同理,在本发明各个实施例中的各处理单元可以集成在一个功能模块中,也可以是各个处理单元物理存在,也可以两个或两个以上处理单元集成在一个功能模块中。Similarly, each processing unit in each embodiment of the present invention may be integrated into one functional module, or each processing unit may exist physically, or two or more processing units may be integrated into one functional module.

结合附图和具体实施例,对本发明作进一步说明。应理解,这些实施例仅用于说明本发明而不用于限制本发明的范围。此外应理解,在阅读了本发明讲授的内容之后,本领域技术人员可以对本发明作各种改动或修改,这些等价形式同样落于本申请所限定的范围。The present invention will be further described in conjunction with the accompanying drawings and specific embodiments. It should be understood that these examples are only used to illustrate the present invention and are not intended to limit the scope of the present invention. In addition, it should be understood that after reading the content taught by the present invention, those skilled in the art may make various changes or modifications to the present invention, and these equivalent forms also fall within the scope defined in the present application.

Claims (7)

1.一种数据通讯监控系统,其特征在于,包括:管理员权限识别单元、通讯权限设置单元、异常数据识别单元和流量监控单元;1. A data communication monitoring system, characterized in that, comprising: an administrator authority identification unit, a communication authority setting unit, an abnormal data identification unit and a traffic monitoring unit; 所述管理员权限识别单元,用于识别系统管理员身份,并向管理员开放对应的权限等级;The administrator authority identification unit is used to identify the identity of the system administrator and open the corresponding authority level to the administrator; 所述通讯权限设置单元,用于设定客户端的通讯网络使用权限;The communication authority setting unit is used to set the communication network usage authority of the client; 所述异常数据识别单元,用于识别客户端发送的数据流中的异常信息,识别成功后,通过通讯权限设置单元禁止相应客户端的通讯权限或通过流量监控单元对相应客户端进行限流;The abnormal data identification unit is used to identify the abnormal information in the data stream sent by the client. After the identification is successful, the communication authority of the corresponding client is prohibited through the communication authority setting unit or the corresponding client is limited through the traffic monitoring unit; 所述流量监控单元,用于监测客户端的数据流量并进行数据流量控制;The flow monitoring unit is used to monitor the data flow of the client and perform data flow control; 所述异常数据识别单元包括:The abnormal data identification unit includes: 数据仓库,所述数据仓库内存储有预设的异常数据集;A data warehouse, wherein a preset abnormal data set is stored in the data warehouse; 模型构建模块,用于采用基于神经网络的建模算法为预设的异常数据建立异常数据模型;The model building module is used to establish an abnormal data model for preset abnormal data by adopting a neural network-based modeling algorithm; 数据队列组建模块,用于读取客户端发送的数据流,并建立数据流的数据队列;The data queue building module is used to read the data flow sent by the client and establish the data queue of the data flow; 识别模块,用于加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端;The identification module is used to load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed; 所述异常数据识别单元还包括:The abnormal data identification unit also includes: 分析模块,用于采用批处理方式对识别模块匹配的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级;The analysis module is used to perform statistics on the client data matched by the identification module in a batch processing manner, obtain the data size, abnormal information ratio, and sensitive information intensity, and obtain the abnormal level of the client according to the preset evaluation standard; 所述通讯权限设置单元还用于当客户端的异常等级达到第一预设等级后,关闭客户端的通讯网络使用权限;所述流量监控单元还用于当客户端的异常等级达到第二预设等级后,修改客户端的TCP连接限制参数,所述客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。The communication authority setting unit is also used to close the communication network usage authority of the client when the abnormal level of the client reaches the first preset level; , modifying the TCP connection limit parameter of the client, the number of TCP connections of the client within the preset time interval is not greater than the TCP connection limit parameter. 2.根据权利要求1所述的数据通讯监控系统,其特征在于,还包括阈值警报单元,2. The data communication monitoring system according to claim 1, further comprising a threshold alarm unit, 所述阈值警报单元,用于当流量监控单元监测到客户端的数据流量超过预设阈值后,发出警报信息。The threshold alarm unit is configured to issue an alarm message when the traffic monitoring unit detects that the data traffic of the client exceeds a preset threshold. 3.根据权利要求1或2所述的数据通讯监控系统,其特征在于,还包括无线通信单元,所述无线通信单元包括SIM卡槽和SIM卡通讯模块,SIM卡槽和SIM卡通讯模块通过SIM卡通讯电路连接,所述SIM卡槽内安装SIM卡后,用于将通讯监控数据或警报信息通过GSM网发送至管理员的手持通信终端上。3. according to claim 1 or 2 described data communication monitoring systems, it is characterized in that, also comprise wireless communication unit, described wireless communication unit comprises SIM card groove and SIM card communication module, SIM card groove and SIM card communication module pass through The SIM card communication circuit is connected, and after the SIM card is installed in the SIM card slot, it is used to send communication monitoring data or alarm information to the administrator's handheld communication terminal through the GSM network. 4.根据权利要求1所述的数据通讯监控系统,其特征在于,所述管理员权限认证单元包括:输入模块、存储模块、比对模块和权限开放模块;4. The data communication monitoring system according to claim 1, wherein the administrator authority authentication unit comprises: an input module, a storage module, a comparison module and an authority opening module; 所述输入模块用于输入管理员的身份信息和身份校验码;The input module is used to input the administrator's identity information and identity verification code; 所述存储模块用于存储管理员身份信息、对应的身份校验码和权限等级;The storage module is used to store administrator identity information, corresponding identity verification codes and authority levels; 所述比对模块用于对输入的管理员的身份信息和身份校验码与存储模块中的身份信息和身份校验码进行比对,比对成功后锁定对应的权限等级;The comparison module is used to compare the input administrator's identity information and identity verification code with the identity information and identity verification code in the storage module, and lock the corresponding authority level after the comparison is successful; 所述权限开放模块,用于根据权限信息开放管理员的权限等级。The authority opening module is used to open the authority level of the administrator according to the authority information. 5.一种数据通讯监控方法,其特征在于,方法采用如权利要求1至4任意一项所述的数据通讯监控系统,包括如下步骤:5. A data communication monitoring method, characterized in that the method adopts the data communication monitoring system according to any one of claims 1 to 4, comprising the following steps: S1:识别系统管理员身份,并向管理员开放对应的权限等级;S1: Identify the identity of the system administrator, and open the corresponding authority level to the administrator; S2:读取客户端发送的数据流,识别数据流中的异常信息;S2: Read the data stream sent by the client, and identify abnormal information in the data stream; S3:识别成功后,禁止客户端的通讯权限或进行限流,并生成处理结果;S3: After the identification is successful, the client's communication authority is prohibited or the current is limited, and the processing result is generated; S4:将处理结果通过GSM网发送至管理员的手持通信终端上。S4: Send the processing result to the administrator's handheld communication terminal through the GSM network. 6.根据权利要求5所述的数据通讯监控方法,其特征在于,所述步骤S2具体包括:6. The data communication monitoring method according to claim 5, wherein said step S2 specifically comprises: S21:读取客户端发送的数据流,并建立数据流的数据队列;S21: Read the data flow sent by the client, and establish a data queue for the data flow; S22:加载异常数据模型并按照数据队列将数据流与异常数据模型进行逐一匹配,匹配完成后记录数据流对应的客户端;S22: Load the abnormal data model and match the data flow with the abnormal data model one by one according to the data queue, and record the client corresponding to the data flow after the matching is completed; S23:采用批处理方式对识别模块匹配的客户端数据进行统计,得到数据规模、异常信息比例、敏感信息强度,并根据预设的评定标准得出所述客户端的异常等级。S23: Use batch processing to count the client data matched by the identification module, obtain the data size, abnormal information ratio, and sensitive information intensity, and obtain the abnormal level of the client according to the preset evaluation standard. 7.根据权利要求6所述的数据通讯监控方法,其特征在于,所述步骤S3具体包括:7. The data communication monitoring method according to claim 6, wherein said step S3 specifically comprises: 当客户端的异常等级达到第一预设等级后,关闭客户端的通讯网络使用权限;当客户端的异常等级达到第二预设等级后,修改客户端的TCP连接限制参数,使客户端在预设时间间隔内的TCP连接数量不大于TCP连接限制参数。When the abnormality level of the client reaches the first preset level, close the communication network usage authority of the client; when the abnormality level of the client reaches the second preset level, modify the TCP connection limit parameters of the client so that the client will be in the preset time interval The number of TCP connections within is not greater than the TCP connection limit parameter.
CN202010256662.0A 2020-04-02 2020-04-02 Data communication monitoring system and method Active CN111541653B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010256662.0A CN111541653B (en) 2020-04-02 2020-04-02 Data communication monitoring system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010256662.0A CN111541653B (en) 2020-04-02 2020-04-02 Data communication monitoring system and method

Publications (2)

Publication Number Publication Date
CN111541653A CN111541653A (en) 2020-08-14
CN111541653B true CN111541653B (en) 2023-01-24

Family

ID=71974910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010256662.0A Active CN111541653B (en) 2020-04-02 2020-04-02 Data communication monitoring system and method

Country Status (1)

Country Link
CN (1) CN111541653B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112887984B (en) * 2020-12-25 2022-05-17 广州中海电信有限公司 Data monitoring system and method for wireless communication
CN113900687A (en) * 2021-10-11 2022-01-07 上海安吉星信息服务有限公司 Automatic closing control method and device for OTA service data transmission
CN115865981B (en) * 2022-11-29 2024-05-31 宁波奥克斯电气股份有限公司 Air conditioner control data management method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187380A (en) * 2015-08-05 2015-12-23 全球鹰(福建)网络科技有限公司 Secure access method and system
CN107483870A (en) * 2017-08-16 2017-12-15 合肥庆响网络科技有限公司 Internet video communication system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105281981B (en) * 2015-11-04 2019-04-02 北京百度网讯科技有限公司 The data traffic monitoring method and device of network service
FR3061579B1 (en) * 2016-12-29 2020-05-08 David Legeay SECURITY SYSTEM FOR A LOCAL COMPUTER NETWORK
CN108600270A (en) * 2018-05-10 2018-09-28 北京邮电大学 A kind of abnormal user detection method and system based on network log
CN108809974A (en) * 2018-06-07 2018-11-13 深圳先进技术研究院 A kind of Network Abnormal recognition detection method and device
CN110691064B (en) * 2018-09-27 2022-01-04 国家电网有限公司 Safety access protection and detection system for field operation terminal
CN109460675A (en) * 2018-10-26 2019-03-12 温州博盈科技有限公司 A kind of enterprise information security management method
CN110768970B (en) * 2019-10-16 2022-02-25 新华三信息安全技术有限公司 Equipment evaluation and abnormality detection method, device, electronic equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187380A (en) * 2015-08-05 2015-12-23 全球鹰(福建)网络科技有限公司 Secure access method and system
CN107483870A (en) * 2017-08-16 2017-12-15 合肥庆响网络科技有限公司 Internet video communication system

Also Published As

Publication number Publication date
CN111541653A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
CN111541653B (en) Data communication monitoring system and method
US20180337932A1 (en) Cyber-physical security
EP4044546A1 (en) Message processing method, device and apparatus as well as computer readable storage medium
CN112953966A (en) Computer network safety intrusion detection system
CN108833425A (en) A kind of network safety system and method based on big data
CN112149120A (en) Transparent transmission type double-channel electric power Internet of things safety detection system
CN108965251B (en) A cloud-based security mobile phone protection system
CN110650151A (en) Computer network safety remote monitoring device
CN113873512A (en) Internet of things edge gateway security architecture system
EP1502171A1 (en) Method and arrangement for automatically controlling access between a computer and a communication network
CN115632809B (en) Wind control platform system for intelligently identifying abnormal events based on big data
CN114244568B (en) Security access control method, device and equipment based on terminal access behavior
CN107579993A (en) The security processing and device of a kind of network data flow
US20150106921A1 (en) Mobile communicator network routing decision system and method
CN114866310A (en) Malicious encrypted flow detection method, terminal equipment and storage medium
CN113572787A (en) Computer network intelligent monitoring system
CN107294981B (en) Authentication method and equipment
CN114124450A (en) Network security system and method for remote storage battery capacity checking
CN104601578A (en) Recognition method and device for attack message and core device
CN113259376A (en) Control method of Internet of things equipment based on block chain
CN109462617B (en) Method and device for detecting communication behavior of equipment in local area network
TWI676115B (en) System and method for managing certification for cloud service system
CN111753340A (en) USB interface information security prevention and control method and system
CN114329602B (en) Access control method, server, electronic equipment and storage medium
CN114124453B (en) Processing method and device of network security information, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant