[go: up one dir, main page]

CN118101269B - Network security defense method and system based on data analysis - Google Patents

Network security defense method and system based on data analysis Download PDF

Info

Publication number
CN118101269B
CN118101269B CN202410198553.6A CN202410198553A CN118101269B CN 118101269 B CN118101269 B CN 118101269B CN 202410198553 A CN202410198553 A CN 202410198553A CN 118101269 B CN118101269 B CN 118101269B
Authority
CN
China
Prior art keywords
time
access
visiting
data
graph
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410198553.6A
Other languages
Chinese (zh)
Other versions
CN118101269A (en
Inventor
王丽君
雷享
王广河
丁一
王澈
赵璟
高欣怡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HuaiAn Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
HuaiAn Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HuaiAn Power Supply Co of State Grid Jiangsu Electric Power Co Ltd filed Critical HuaiAn Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Priority to CN202410198553.6A priority Critical patent/CN118101269B/en
Publication of CN118101269A publication Critical patent/CN118101269A/en
Application granted granted Critical
Publication of CN118101269B publication Critical patent/CN118101269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了基于数据分析的网络安全防御系统,涉及网络安全技术领域;该发明包括:数据库、数据加密模块、通讯认证模块和加密更新模块;通过对数据进行复杂和随机的加密并进行动态显示和动态更新,使得同一条数据,经过两次加密之后得到的最终密文存在明显的差别,由此以提高数据库内数据的隐蔽性、安全性以及加密更新的智能化管理;通过对来访ip进行认证进行安全认证,能够有效识别和防范潜在的安全威胁,减少安全事故发生的概率;再对已认证状态的来访ip进行安全风险校验,能够对来访ip的访问权限进行限制和管理,避免对企业网络系统的不良影响和损害,实现对来访ip的认证和安全风险管理,进一步确保企业网络系统的安全性和数据的保密性。

The invention discloses a network security defense system based on data analysis, and relates to the technical field of network security; the invention comprises: a database, a data encryption module, a communication authentication module and an encryption update module; by performing complex and random encryption on data and performing dynamic display and dynamic update, the same piece of data has obvious differences in the final ciphertext obtained after being encrypted twice, thereby improving the concealment and security of data in the database and the intelligent management of encryption update; by performing security authentication on the visiting IP address, potential security threats can be effectively identified and prevented, and the probability of security accidents can be reduced; and security risk verification is performed on the visiting IP address in the authenticated state, so that the access rights of the visiting IP address can be restricted and managed, so as to avoid adverse effects and damages on the enterprise network system, realize the authentication and security risk management of the visiting IP address, and further ensure the security of the enterprise network system and the confidentiality of data.

Description

基于数据分析的网络安全防御方法及系统Network security defense method and system based on data analysis

技术领域Technical Field

本发明涉及网络安全技术领域,具体而言,涉及基于数据分析的网络安全防御方法及系统。The present invention relates to the field of network security technology, and in particular to a network security defense method and system based on data analysis.

背景技术Background Art

随着互联网技术迅猛发展,人们可以通过互联网获取各种信息、进行社交活动、网上购物、在线学习等一系列活动,为人们的生活、学习和工作带来了极大的便利;然而,互联网的开放性和全球性也给网络安全带来了挑战,互联网上存在各种安全风险,包括信息泄漏、黑客攻击、病毒传播、网络诈骗等;因此,对于互联网来说,网络安全防御尤为重要;With the rapid development of Internet technology, people can obtain various information, conduct social activities, shop online, learn online and other activities through the Internet, which has brought great convenience to people's life, study and work; however, the openness and globality of the Internet also bring challenges to network security. There are various security risks on the Internet, including information leakage, hacker attacks, virus transmission, network fraud, etc.; therefore, network security defense is particularly important for the Internet;

传统的防御方式主要是基于特定名单(黑名单或者白名单)或规则引擎等技术进行网络安全防御,随着人工智能的发展,网络攻击者的技术越来越强和复杂,例如,通过伪装i p、授信欺诈等绕过传统的防御措施以获取网络授权,对企业网络数据进行恶意获取或者恶意篡改,导致企业遭受严重信息泄漏等网络安全风险。Traditional defense methods are mainly based on specific lists (blacklists or whitelists) or rule engines for network security defense. With the development of artificial intelligence, the technology of network attackers is becoming more and more powerful and complex. For example, they bypass traditional defense measures by disguising IPs and committing credit fraud to obtain network authorization, maliciously obtain or maliciously tamper with corporate network data, causing the company to suffer serious information leakage and other network security risks.

发明内容Summary of the invention

本发明的主要目的在于提供基于数据分析的网络安全防御方法及系统,以克服上述背景技术提到的问题。The main purpose of the present invention is to provide a network security defense method and system based on data analysis to overcome the problems mentioned in the above background technology.

为实现上述目的,根据本发明的一个方面,提供了基于数据分析的网络安全防御系统,该系统包括:数据库、数据加密模块、通讯管理模块和加密更新模块;To achieve the above object, according to one aspect of the present invention, a network security defense system based on data analysis is provided, the system comprising: a database, a data encryption module, a communication management module and an encryption update module;

数据加密模块对数据进行加密并动态显示和动态更新,具体步骤为:The data encryption module encrypts the data and dynamically displays and updates it. The specific steps are as follows:

步骤一:将数据库内数据按照类别进行分类以得到若干条带有时间戳的数据条,将带有时间戳的数据条内的字符与设定的所有字符进行比对以匹配到对应的数值,并将数值按照对应带有时间戳的数据条内的字符顺序进行先后排序以得到带有时间戳的字符序列,识别盐位并将填充盐值填充至盐位得到带有时间戳的一级密文;Step 1: Classify the data in the database according to categories to obtain several data strips with timestamps, compare the characters in the data strips with timestamps with all set characters to match the corresponding values, and sort the values in the order of the characters in the corresponding data strips with timestamps to obtain a character sequence with timestamps, identify the salt position and fill the salt value into the salt position to obtain the first-level ciphertext with timestamps;

步骤二:将带有时间戳的一级密文进行图形转化以得到带有时间戳的二级加密图形;Step 2: converting the primary ciphertext with the timestamp into a graph to obtain a secondary encrypted graph with the timestamp;

步骤三:将带有时间戳的二级密文图形进行动态显示以得到最终密文,其显示具体步骤为:Step 3: Dynamically display the secondary ciphertext graphic with the timestamp to obtain the final ciphertext. The specific steps of display are as follows:

获取相邻两个射线端点的连线长度,将连线长度与设定的所有颜色进行比对以匹配到对应的颜色,将匹配到的颜色填充对应的相邻两条射线组成的以及其端点连线组成的封闭部位中以得到带有时间戳的颜色填充加密图形;计算每个封闭部位的面积,将相邻两个封闭部位的封闭面积进行差值计算以得到相邻差度;将相邻差度与设定的差度区间进行比较分析以将相邻差度分为高度差度、中度差度和低度差度,并将其分别记为C1、C2和C3;分别统计高度差度、中度差度和低度差度的数量,将高度差度、中度差度和低度差度分别进行求和计算以得到高度差值、中度差值和低度差值,并将其分别记为D1、D2和D3;将C1、C2、C3、D1、D2和D3代入设定的公式进行计算以得到旋转角度σ,其中a1、a2、a3、a4和a5分别为设定的比例系数,λ为设定的角度转换系数;将颜色填充加密图形的时间戳转化成一串二进制的数列,并将该数列记为口令数列;依据口令数列控制颜色填充加密图形的动态显示;其中控制步骤具体为:对口令数列中第一个数字进行判定,当口令数列中数字为0时,则控制颜色填充加密图形顺时针方向依据旋转角度进行旋转,当口令数列中数字为1时,则控制填充加密图形逆时方向依据旋转角度进行旋转;直至口令数列中的所有数字判定完毕以完成颜色填充加密图形的动态显示;将动态显示的颜色填充加密图形记为最终密文;Get the length of the line between the endpoints of two adjacent rays, compare the line length with all the set colors to match the corresponding color, and fill the closed part composed of the corresponding two adjacent rays and the line composed of their endpoints with the matched color to obtain a color-filled encrypted graphic with a timestamp; calculate the area of each closed part, and perform difference calculation on the closed areas of two adjacent closed parts to obtain the adjacent difference; compare and analyze the adjacent difference with the set difference interval to divide the adjacent difference into high difference, medium difference and low difference, and record them as C1, C2 and C3 respectively; count the number of high difference, medium difference and low difference respectively, and sum the high difference, medium difference and low difference respectively to obtain the high difference value, medium difference value and low difference value, and record them as D1, D2 and D3 respectively; substitute C1, C2, C3, D1, D2 and D3 into the set formula Calculate to obtain the rotation angle σ, wherein a1, a2, a3, a4 and a5 are respectively set proportional coefficients, and λ is a set angle conversion coefficient; convert the timestamp of the color-filled encrypted figure into a series of binary numbers, and record the series as a password series; control the dynamic display of the color-filled encrypted figure according to the password series; wherein the control step is specifically as follows: determine the first number in the password series, when the number in the password series is 0, control the color-filled encrypted figure to rotate clockwise according to the rotation angle, when the number in the password series is 1, control the filled encrypted figure to rotate counterclockwise according to the rotation angle; until all the numbers in the password series are determined to complete the dynamic display of the color-filled encrypted figure; record the dynamically displayed color-filled encrypted figure as the final ciphertext;

步骤四:设定存在一个更新时长,调取距离当前时间最近的更新指令的生成时刻,当生成时刻与系统当前时刻进行时间差值计算以得到实际间隔时长,当实际间隔时长等于更新时长时,则将数据库内的数据按照步骤一至步骤三的加密步骤进行更新。Step 4: Set an update duration, retrieve the generation time of the update instruction closest to the current time, calculate the time difference between the generation time and the current time of the system to get the actual interval duration. When the actual interval duration is equal to the update duration, update the data in the database according to the encryption steps of steps 1 to 3.

进一步的,识别盐位并将填充盐值填充至盐位得到带有时间戳的一级密文的具体步骤为:Furthermore, the specific steps of identifying the salt position and filling the salt value into the salt position to obtain the first-level ciphertext with a timestamp are:

识别带有时间戳的字符序列中的零,并获取零的数量以及每个零在带有时间戳的字符序列中的位置编号,设置数字1-9的9个随机盐记为Y,其中Y=1或2或3或4或5或6或7或8或9,将带有时间戳的字符序列中每个零所在位置记为盐位,由此可得带有时间戳的字符序列中存在的总盐位以及每个盐位对应的零位置编号记为Bn m,其中,n=1,2,3……N,m和N取值为正整数,N表示的是带有时间戳的字符序列中零的总数量,n表示的是其中任意一个零在带有时间戳的字符序列中的序号;随机任取三个随机盐Y并与位置编号Bn m代入设定的公式进行计算以得到该盐位的填充盐值Tm n,其中α1和α2分别为设定的权重系数,将填充盐值填充至带有时间戳的字符序列中的对应盐位中以得到带有时间戳的一级密文Identify the zeros in the character sequence with a timestamp, and obtain the number of zeros and the position number of each zero in the character sequence with a timestamp, set 9 random salts of numbers 1-9 as Y, where Y = 1 or 2 or 3 or 4 or 5 or 6 or 7 or 8 or 9, and record the position of each zero in the character sequence with a timestamp as the salt position, thereby obtaining the total salt positions in the character sequence with a timestamp and the zero position number corresponding to each salt position as B n m , where n = 1, 2, 3 ... N, m and N are positive integers, N represents the total number of zeros in the character sequence with a timestamp, and n represents the sequence number of any zero in the character sequence with a timestamp; randomly select three random salts Y and substitute them with the position number B n m into the set formula Calculate to obtain the filling salt value T m n of the salt position, where α1 and α2 are the set weight coefficients respectively, and fill the filling salt value into the corresponding salt position in the character sequence with the timestamp to obtain the first-level ciphertext with the timestamp

进一步的,将带有时间戳的一级密文进行图形转化以得到带有时间戳的二级加密图形,其转化具体步骤为:Furthermore, the first-level ciphertext with the timestamp is converted into a graph to obtain a second-level encrypted graph with the timestamp. The specific steps of the conversion are:

统计带有时间戳的一级密文中数字数量,依据数字数量的奇偶性画圆,并将带有时间戳的一级密文中数字分为若干组数值,在圆弧上均匀的引出若干条射线,其射线的长度与对应组的数值相等,其中竖直向上的射线长度与第一组数值相等,与第一组数值相等的长度射线的顺时针方向为与第二组数值相等的长度射线;依次连接相邻射线端点以得到带有时间戳的二级加密图形。Count the number of digits in the first-level ciphertext with a timestamp, draw a circle according to the parity of the number of digits, and divide the digits in the first-level ciphertext with a timestamp into several groups of values, draw several rays evenly on the arc, and the length of the rays is equal to the values of the corresponding group, among which the length of the vertically upward ray is equal to the first group of values, and the clockwise direction of the ray with the same length as the first group of values is the ray with the same length as the second group of values; connect the adjacent ray endpoints in sequence to obtain a second-level encrypted graph with a timestamp.

进一步的,还包括通讯管理模块和加密更新模块;Furthermore, it also includes a communication management module and an encryption update module;

通讯管理模块通过对来访i p进行认证并对已经通过认证的来访i p进行访问权限规范;The communication management module authenticates the visiting IP and regulates the access rights of the authenticated visiting IP.

加密更新模块通过对企业网络来访i p的认证不通过情况进行分析以得到更新时长,并将其发送至数据加密模块。The encryption update module analyzes the authentication failure of the IP accessing the enterprise network to obtain the update duration and sends it to the data encryption module.

进一步的,认证具体过程为:Furthermore, the specific process of authentication is as follows:

识别来访i p状态,当来访i p状态为未认证状态时,则对其进行安全认证,具体为:Identify the visiting IP state. If the visiting IP state is unauthenticated, perform security authentication on it. Specifically:

调取该来访i p的归属信息,并将其转化为归属数值序列,识别归属数值序列中零,并获取零的位置记为间断节点,依据间断节点将归属数值序列分为若干段数段,取一条水平线,将每个数段的圆或者同心圆以相切的方式并按照数段在归属数值序列中的顺序进行绘制;依据数段之前的节点类型进行切割以得到比对图和填充图,将填充图整合成验证请求发送至归属信息对应的i p,当接收到来访i p发送的填充图时,则将其与对应的比对图进行重合比对,若重合比对成功则认证成功,则进行访问权限规范;否则认证不通过,则生成认证不通过指令,并不允许来访i p进入和访问,该来访i p的认证不通过次数增加一次。Retrieve the attribution information of the visiting IP and convert it into an attribution numerical sequence, identify zero in the attribution numerical sequence, obtain the position of zero and record it as a discontinuous node, divide the attribution numerical sequence into several segments according to the discontinuous nodes, take a horizontal line, draw the circle or concentric circles of each segment in a tangential manner and in the order of the segments in the attribution numerical sequence; cut according to the node type before the segment to obtain a comparison graph and a filling graph, integrate the filling graph into a verification request and send it to the IP corresponding to the attribution information, when receiving the filling graph sent by the visiting IP, overlap and compare it with the corresponding comparison graph, if the overlap and comparison are successful, the authentication is successful, and the access permission is specified; otherwise, the authentication fails, and an authentication failure instruction is generated, and the visiting IP is not allowed to enter and access, and the number of authentication failures of the visiting IP increases by one.

进一步的,切割方式为:Furthermore, the cutting method is:

调取间断节点的类型以得到间断节点位置零的数量,并将其记为G1;分别获取间断节点前后两个数段中最大的数值,并将其分别记为G2和G3;利用设定的公式组进行计算以得到每个间断节点的切割参数,其中Gz1为切割线宽,Gz2为切割线长,μ1、μ2分别为设定的线宽和线长转换系数;δ1、δ2、δ3、δ4分别为设定的比例系数;依据切割线宽和切割线长得到该间断节点的切割区域,其中切割区域中心点与该间断节点前后数段对应的图形的切点重合,依据该切割区域进行切割以得到比对图和填充图。Retrieve the type of discontinuous node to obtain the number of discontinuous node position zeros, and record it as G1; obtain the largest value in the two number segments before and after the discontinuous node, and record them as G2 and G3 respectively; use the set formula group Calculation is performed to obtain the cutting parameters of each discontinuous node, where Gz1 is the cutting line width, Gz2 is the cutting line length, μ1 and μ2 are the set line width and line length conversion coefficients respectively; δ1, δ2, δ3, and δ4 are the set proportional coefficients respectively; the cutting area of the discontinuous node is obtained based on the cutting line width and the cutting line length, where the center point of the cutting area coincides with the tangent point of the graphics corresponding to the several segments before and after the discontinuous node, and cutting is performed based on the cutting area to obtain the comparison map and the filling map.

进一步的,访问权限规范的具体步骤为:Furthermore, the specific steps of access rights specification are as follows:

当来访i p状态为已认证状态时,则对其进行安全风险校验以规范来访i p的访问权限;获取认证通过的来访i p的访问记录,其中浏览记录包括次数以及每次访问开始时刻和访问结束时刻,将访问开始时刻和访问结束时刻进行时间差值计算以得到此次访问时长,由此可得每次访问的访问时长记为Wq,其中q=1,2,3……Q,Q取值为正整数,Q表示访问总次数,q为其中任意一次访问;将访问开始时刻作为此次访问时刻,由此可得每次访问的访问时刻;When the state of the visiting IP is authenticated, a security risk check is performed on it to regulate the access rights of the visiting IP; the access records of the authenticated visiting IP are obtained, wherein the browsing records include the number of times and the start and end times of each visit, and the time difference between the start and end times of the visit is calculated to obtain the duration of this visit, thereby obtaining the duration of each visit and recording it as Wq, wherein q = 1, 2, 3 ... Q, Q is a positive integer, Q represents the total number of visits, and q is any one of the visits; the start time of the visit is taken as the time of this visit, thereby obtaining the time of each visit;

以时间为横坐标,以访问时长为纵坐标以得到访问记录变化折线图;将相邻两次访问的访问时刻进行时间差值计算以得到访问间隔,计算相邻两个点之间组成的线段的斜率记为并将其代入设定的公式计算以得到浏览波动值Az,其中为所有斜率均值;Take time as the horizontal axis and access duration as the vertical axis to get the access record change line graph; calculate the time difference between two adjacent access times to get the access interval, and calculate the slope of the line segment between two adjacent points and record it as Substitute it into the set formula Calculate to get the browsing fluctuation value Az, where is the mean of all slopes;

设定每个来访i p的不同身份均对应一个标准访问时长和标准访问间隔,获取来访i p的身份,并将其与设定的所有身份进行比对以匹配到对应的标准访问时长和标准访问间隔,并将其标记为H1和H2;Set a standard access time and a standard access interval for each different identity of the visiting IP, obtain the identity of the visiting IP, and compare it with all the set identities to match the corresponding standard access time and standard access interval, and mark them as H1 and H2;

获取该来访i p的认证不通过次数T,将浏览波动值Az、认证不通过次数T、标准访问时长H1和标准访问间隔H2代入设定的公式进行计算以得到访问风险指数FH,其中f1、f2、f3、f4分别为设定的比例系数;Get the number of authentication failures T of the visiting IP, and substitute the browsing fluctuation value Az, the number of authentication failures T, the standard access time H1 and the standard access interval H2 into the set formula Calculation is performed to obtain the access risk index FH, where f1, f2, f3, and f4 are respectively set proportional coefficients;

其规范来访i p的访问权限过程为:设定存在三个安全风险阈值为:安全风险阈值一和安全风险阈值二,且安全风险阈值一>安全风险阈值二;The process of regulating the access rights of visiting IPs is as follows: setting three security risk thresholds: security risk threshold 1 and security risk threshold 2, and security risk threshold 1>security risk threshold 2;

当访问风险指数大于设定的安全风险阈值一时,则禁止该来访i p进入;When the access risk index is greater than the set security risk threshold of one, the visiting IP is prohibited from entering;

当访问风险指数小于设定的安全风险阈值二,且大于安全风险阈值一时,则限制该来访i p对数据库内数据进行操作。When the access risk index is less than the set security risk threshold of two and greater than the security risk threshold of one, the visiting IP is restricted from operating the data in the database.

进一步的,更新时长计算过程为:Furthermore, the update duration calculation process is:

以采集时刻为横坐标,以认证不通过总次数为横坐标以得到企业网络系统内认证不通过总次数随时间变化曲线图;在认证点的位置作曲线的切线并得到切线表达式,对切线表达式进行求导操作得到该认证点的导数记为Vj,其中j=1,2,3……J,J取值为正整数,J表示的是采集时刻总数,j表示的是其中任意一个采集时刻,将大于零的导数进行求和以得到风险增加度记为P1,将小于零的导数进行求和计算并取绝对值以得到风险降低度记为P2;The collection time is used as the horizontal axis, and the total number of authentication failures is used as the horizontal axis to obtain a curve chart of the total number of authentication failures in the enterprise network system changing with time; a tangent line is drawn at the position of the authentication point to obtain a tangent expression, and the derivative of the authentication point is obtained by derivative operation and recorded as Vj, where j = 1, 2, 3 ... J, J is a positive integer, J represents the total number of collection times, and j represents any one of the collection times. The derivatives greater than zero are summed to obtain the risk increase degree and recorded as P1, and the derivatives less than zero are summed and calculated and the absolute value is taken to obtain the risk reduction degree and recorded as P2;

将导数Vj、风险增加度P1和风险降低度P2代入设定的公式进行计算以得到更新时长Ps,其中c1、c2分别为设定的比例系数,为所有导数均值。Substitute the derivative Vj, risk increase P1 and risk reduction P2 into the set formula Calculate to get the update time Ps, where c1 and c2 are the set proportional coefficients. is the mean of all derivatives.

为实现上述目的,根据本发明的另一个方面,提供了基于数据分析的网络安全防御方法,该方法包括以下步骤:To achieve the above object, according to another aspect of the present invention, a network security defense method based on data analysis is provided, the method comprising the following steps:

S1:将数据库内数据按照类别进行分类,每个类别内均有若干条带有时间戳的数据条,将带有时间戳的数据条内的字符与设定的所有字符进行比对以匹配到对应的数值,并将数值按照对应带有时间戳的数据条内的字符顺序进行先后排序以得到带有时间戳的字符序列;将带有时间戳的字符序列进行去零化和随机盐值填充以得到带有时间戳的一级密文;S1: Classify the data in the database according to categories, each category has several data strips with timestamps, compare the characters in the data strips with timestamps with all set characters to match the corresponding values, and sort the values in the order of the characters in the corresponding data strips with timestamps to obtain a character sequence with timestamps; remove zeros and fill the character sequence with random salt values to obtain a first-level ciphertext with timestamps;

S2:将带有时间戳的一级密文进行图形转化以得到带有时间戳的二级加密图形;S2: converting the primary ciphertext with the timestamp into a graph to obtain a secondary encrypted graph with the timestamp;

S3:将带有时间戳的二级密文图形进行动态显示:获取相邻两个射线端点的连线长度,将连线长度与设定的所有颜色进行比对以匹配到对应的颜色,将匹配到的颜色填充对应的相邻两条射线组成的以及其端点连线组成的封闭部位中以得到带有时间戳的颜色填充加密图形;计算每个封闭部位的面积,并据此进行深化分析以得到旋转角度;将颜色填充加密图形的时间戳转化成一串二进制的数列,并将该数列记为口令数列;依据口令数列和旋转角度控制颜色填充加密图形的动态显示;S3: Dynamically display the secondary ciphertext graphics with timestamps: obtain the length of the line between the endpoints of two adjacent rays, compare the length of the line with all set colors to match the corresponding color, fill the closed part composed of the corresponding two adjacent rays and the line composed of their endpoints with the matched color to obtain a color-filled encrypted graphic with a timestamp; calculate the area of each closed part, and conduct in-depth analysis based on it to obtain the rotation angle; convert the timestamp of the color-filled encrypted graphic into a binary sequence, and record the sequence as a password sequence; control the dynamic display of the color-filled encrypted graphic according to the password sequence and the rotation angle;

S4:设定存在一个更新时长,调取距离当前时间最近的更新指令的生成时刻,当生成时刻与系统当前时刻进行时间差值计算以得到实际间隔时长,当实际间隔时长等于更新时长时,则将数据库内的数据按照步骤S1-S3的加密步骤进行更新;S4: Set an update duration, retrieve the generation time of the update instruction closest to the current time, calculate the time difference between the generation time and the current time of the system to obtain the actual interval duration, and when the actual interval duration is equal to the update duration, update the data in the database according to the encryption steps of steps S1-S3;

S5:对所有来访i p进行认证和访问权限规范,具体为:S5: Authentication and access rights specification for all visiting IPs, specifically:

S51:识别来访i p状态,当来访i p状态为已认证状态,则执行步骤S53;否则执行步骤S52;S51: Identify the visiting IP state. If the visiting IP state is authenticated, execute step S53; otherwise, execute step S52;

S52:将未认证来访ip进行认证,其认证方式为:调取来访i p的归属信息,将归属信息转化成归属数值序列;识别归属数值序列中零,并获取零的位置记为间断节点,依据间断节点将归属数值序列分为若干段数段;取一条水平线,将每个数段的圆或者同心圆以相切的方式并按照数段在归属数值序列中的顺序进行绘制;依据数段之前的节点类型进行切割以得到比对图和填充图,将填充图整合成验证请求发送至归属信息对应的i p,当接收到来访i p发送的填充图时,则将其与对应的比对图进行重合比对,若重合比对成功则认证成功,执行S53;否则认证不通过,执行S6;S52: Authenticate the unauthenticated visiting IP, and the authentication method is as follows: retrieve the attribution information of the visiting IP, and convert the attribution information into an attribution numerical sequence; identify zero in the attribution numerical sequence, and obtain the position of zero as a discontinuous node, and divide the attribution numerical sequence into several segments according to the discontinuous nodes; take a horizontal line, and draw the circle or concentric circles of each segment in a tangential manner and in the order of the segments in the attribution numerical sequence; cut according to the node type before the segment to obtain a comparison map and a filling map, integrate the filling map into a verification request and send it to the IP corresponding to the attribution information, when receiving the filling map sent by the visiting IP, it is overlapped and compared with the corresponding comparison map, if the overlap comparison is successful, the authentication is successful, and S53 is executed; otherwise, the authentication fails, and S6 is executed;

S53:将已认证状态的来访i p进行安全校验分析以得到每个已通过认证的来访ip的安全风险指数;S53: Perform security verification analysis on the authenticated visiting IP to obtain the security risk index of each authenticated visiting IP;

S55:依据安全风险程度规范通过认证的来访i p的访问权限;其规范过程为:设定存在三个安全风险阈值为:安全风险阈值一和安全风险阈值二,且安全风险阈值一>安全风险阈值二;S55: regulating the access rights of the authenticated visiting IP according to the security risk level; the regulation process is: setting three security risk thresholds: security risk threshold 1 and security risk threshold 2, and security risk threshold 1>security risk threshold 2;

当访问风险指数大于设定的安全风险阈值一时,则禁止该来访i p进入;When the access risk index is greater than the set security risk threshold of one, the visiting IP is prohibited from entering;

当访问风险指数小于设定的安全风险阈值二,且大于安全风险阈值一时,则限制该来访i p对数据库内数据进行操作,其中数据操作具体为数据调整,包括数据修改或者数据删除或者数据增加;When the access risk index is less than the set security risk threshold of two and greater than the security risk threshold of one, the visiting IP is restricted from operating the data in the database, where the data operation is specifically data adjustment, including data modification, data deletion or data addition;

S6:生成认证不通过指令,并不允许来访i p进入和访问,则该来访i p的认证不通过次数增加一次;S6: Generate an authentication failure instruction and do not allow the visiting IP to enter and access. The number of authentication failures of the visiting IP increases by one.

S7:通过采集企业网络系统内不同时刻对应的认证不通过总次数,并进行细化分析以得到更新时长,并将更新时长发送至S4。S7: By collecting the total number of authentication failures corresponding to different times in the enterprise network system, and performing detailed analysis to obtain the update duration, the update duration is sent to S4.

本发明的有益效果:Beneficial effects of the present invention:

(1)通过对数据库内数据进行字符匹配、排序、去零化和填充盐值等操作,将数据转化为带有时间戳的一级密文字符序列,并将其转化成带有时间戳的二级加密图形,对带有时间戳的二级加密图形进行颜色填充和量化分析以得到旋转角度;对时间戳进行转化得到口令数列,并依据口令数列和旋转角度控制颜色填充加密图形的动态显示以得到最终密文;同时,通过设定更新时长,当实际间隔时长等于设定的更新时长时,则对数据库内的数据进行加密更新;通过多次加密和更新,每次更新都会生成不同的密文,从而使得攻击者无法通过比对历史密文来识别数据内容,大大降低了数据泄露和非授权访问的风险,实现自动化地管理数据的加密过程,提高数据安全性。(1) By performing character matching, sorting, zeroing and salt filling operations on the data in the database, the data is converted into a first-level ciphertext character sequence with a timestamp, and then converted into a second-level encrypted graphic with a timestamp. The second-level encrypted graphic with a timestamp is color-filled and quantitatively analyzed to obtain the rotation angle; the timestamp is converted to obtain a password series, and the dynamic display of the color-filled encrypted graphic is controlled according to the password series and the rotation angle to obtain the final ciphertext; at the same time, by setting the update time, when the actual interval time is equal to the set update time, the data in the database is encrypted and updated; through multiple encryption and updates, each update will generate a different ciphertext, so that attackers cannot identify the data content by comparing historical ciphertexts, greatly reducing the risk of data leakage and unauthorized access, realizing automatic management of the data encryption process, and improving data security.

(2)通过对来访i p进行认证进行安全认证,能够有效识别和防范潜在的安全威胁,减少安全事故发生的概率;再对已认证状态的来访i p进行安全风险校验,能够对来访ip的访问权限进行限制和管理,避免对企业网络系统的不良影响和损害,实现对来访i p的认证和安全风险管理,进一步确保企业网络系统的安全性和数据的保密性。(2) By authenticating the visiting IPs for security authentication, potential security threats can be effectively identified and prevented, reducing the probability of security accidents. By then performing security risk verification on the authenticated visiting IPs, the access rights of the visiting IPs can be restricted and managed, avoiding adverse effects and damages to the enterprise network system, achieving authentication and security risk management of the visiting IPs, and further ensuring the security of the enterprise network system and the confidentiality of data.

综上所述,本发明能够通过复杂、随机的加密过程和智能化管理,有效地保护数据库的数据安全性和隐私性,减少了数据泄露、篡改和非授权访问的风险。In summary, the present invention can effectively protect the data security and privacy of the database through complex, random encryption processes and intelligent management, reducing the risks of data leakage, tampering and unauthorized access.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

构成本发明的一部分的附图用来提供对本发明的进一步理解,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings constituting a part of the present invention are used to provide a further understanding of the present invention. The exemplary embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the accompanying drawings:

图1是本发明的系统模块连接示意图;FIG1 is a schematic diagram of system module connections of the present invention;

图2是本发明的数据加密的图形转化示意图;FIG2 is a diagram of a graphical transformation of data encryption according to the present invention;

图3是本发明的认证图形的切割方式;FIG3 is a cutting method of the authentication pattern of the present invention;

图4是本发明的访问变化折线图;FIG4 is a line graph of access changes of the present invention;

图5是本发明的通信管理步骤流程示意图。FIG. 5 is a flow chart of the communication management steps of the present invention.

具体实施方式DETAILED DESCRIPTION

需要说明的是,在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本发明。It should be noted that, in the absence of conflict, the embodiments of the present invention and the features in the embodiments can be combined with each other. The present invention will be described in detail below with reference to the accompanying drawings and in combination with the embodiments.

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the scheme of the present invention, the technical scheme in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of the present invention.

需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the specification and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchanged where appropriate, so as to describe the embodiments of the present invention described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device that includes a series of steps or units is not necessarily limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices.

为了使本发明的目的和优点更加清楚明白,下面结合实施例对本发明作进一步描述;应当理解,此处所描述的具体实施例仅仅用于解释本发明,并不用于限定本发明。In order to make the objects and advantages of the present invention more clearly understood, the present invention is further described below in conjunction with embodiments; it should be understood that the specific embodiments described herein are only used to explain the present invention and are not used to limit the present invention.

根据本申请的实施例,提供了基于数据分析的网络安全防御系统,如图1所示,该系统包括;数据库、数据加密模块、通讯认证模块和加密更新模块;According to an embodiment of the present application, a network security defense system based on data analysis is provided, as shown in FIG1 , the system includes: a database, a data encryption module, a communication authentication module and an encryption update module;

数据库内保存有企业的商业数据、隐私数据等需要进行保护的数据;The database contains the company's business data, privacy data and other data that need to be protected;

数据加密模块通过对数据库的数据进行加密保存,具体为:The data encryption module encrypts and saves the data in the database, specifically:

步骤一:将数据库内数据按照类别进行分类,每个类别内均有若干条带有时间戳的数据条,设定存在若干个字符,每个字符均对应一个数值,将带有时间戳的数据条内的字符与设定的所有字符进行比对以匹配到对应的数值,并将数值按照对应带有时间戳的数据条内的字符顺序进行先后排序以得到带有时间戳的字符序列;将带有时间戳的字符序列进行去零化:识别带有时间戳的字符序列中的零,并获取零的数量以及每个零在带有时间戳的字符序列中的位置编号,需要说明的是,位置编号是指从带有时间戳的字符序列中的第一个数字开始计数直至零位置截止的数量;将带有时间戳的字符序列中零的序号记为n,每个零的位置编号记为其中,n=1,2,3……N,m和N取值为正整数,N表示的是带有时间戳的字符序列中零的总数量,n表示的是其中任意一个零在带有时间戳的字符序列中的序号;具体表现为:存在一个字符序列为510647014470,则该字符序列中零的数量为3,其中每个零的位置编号可以记为其中n=1,2,3;m=3,7,12;则表示的是在该带有时间戳的字符序列中第1个零的位置编号为3;则表示的是在该带有时间戳的字符序列中第2个零的位置编号为7;则表示的是在该带有时间戳的字符序列中第3个零的位置编号为12;设置数字1-9的9个随机盐记为Y,其中Y=1或2或3或4或5或6或7或8或9;将带有时间戳的字符序列中每个零所在位置记为盐位,由此可得带有时间戳的字符序列中存在N个盐位,以及每个盐位对应的零位置编号为随机任取三个随机盐通过设定的公式进行计算以得到该盐位的填充盐值其中α1和α2分别为设定的权重系数;将填充盐值填充至带有时间戳的字符序列中的对应盐位中以得到带有时间戳的一级密文;需要说明的是,在密码学中,盐是一个随机数值,用于增加密码的复杂度;%为取模运算;该公式将随机数通过幂运算与和运算,然后对9取模并加1得到的最终结果不仅存在明显的随机性并且不会包含零,因此得到的带有时间戳的一级密文字符序列完成去零化的同时增加带有时间戳的一级密文的随机性,即使同一个字符序列经过填充盐值填充之后也会存在明显不同;Step 1: Classify the data in the database according to categories. Each category has several data strips with timestamps. Set the existence of several characters, each character corresponds to a numerical value, compare the characters in the data strips with timestamps with all the set characters to match the corresponding numerical values, and sort the numerical values in the order of the characters in the corresponding data strips with timestamps to obtain a character sequence with timestamps; remove the character sequence with timestamps: identify the zeros in the character sequence with timestamps, and obtain the number of zeros and the position number of each zero in the character sequence with timestamps. It should be noted that the position number refers to the number counted from the first number in the character sequence with timestamps to the zero position; the serial number of zero in the character sequence with timestamps is recorded as n, and the position number of each zero is recorded as Where n = 1, 2, 3 ... N, m and N are positive integers, N represents the total number of zeros in the character sequence with timestamp, and n represents the sequence number of any zero in the character sequence with timestamp; specifically, if there is a character sequence of 510647014470, the number of zeros in the character sequence is 3, and the position number of each zero can be recorded as Where n = 1, 2, 3; m = 3, 7, 12; This means that the position number of the first zero in the character sequence with the timestamp is 3; This means that the position number of the second zero in the character sequence with the timestamp is 7; It means that the position of the third zero in the character sequence with timestamp is numbered 12; set 9 random salts of numbers 1-9 as Y, where Y = 1 or 2 or 3 or 4 or 5 or 6 or 7 or 8 or 9; record the position of each zero in the character sequence with timestamp as salt position, thus there are N salt positions in the character sequence with timestamp, and the zero position corresponding to each salt position is numbered Randomly select three random salts according to the set formula Calculate the fill salt value for this salt position Where α1 and α2 are respectively the set weight coefficients; the filling salt value is filled into the corresponding salt position in the character sequence with the timestamp to obtain the first-level ciphertext with the timestamp; it should be noted that in cryptography, salt is a random value used to increase the complexity of the password; % is the modulus operation; this formula uses the random number through power operation and sum operation, and then takes the modulus of 9 and adds 1 to obtain the final result. Not only does it have obvious randomness but also does not contain zero. Therefore, the obtained first-level ciphertext character sequence with the timestamp is de-zeroed and the randomness of the first-level ciphertext with the timestamp is increased. Even the same character sequence will be significantly different after being filled with the filling salt value;

步骤二:将带有时间戳的一级密文进行图形转化:统计带有时间戳的一级密文中数字数量,当数字数量为偶数时,则以固定值为半径画圆;将带有时间戳的以及密文以相邻个数字为一组,由此可得到若干组数值;当数字数量为奇数时,则以带有时间戳的一级密文中最后一个数字为半径画圆,将除最后一个数字以外的其他数字以相邻量两个数值为一组,由此可得若干组数值,如图2所示,在圆弧上均匀的引出若干条射线,其射线的长度与对应组的数值相等,其中竖直向上的射线长度与第一组数值相等,与第一组数值相等的长度射线的顺时针方向为与第二组数值相等的长度射线;依次连接相邻射线端点以得到带有时间戳的二级加密图形;Step 2: Convert the first-level ciphertext with timestamp into a graphic: Count the number of digits in the first-level ciphertext with timestamp. When the number of digits is an even number, draw a circle with a fixed value as the radius; group the ciphertext with timestamp into adjacent digits, thereby obtaining several groups of values; when the number of digits is an odd number, draw a circle with the last digit in the first-level ciphertext with timestamp as the radius, group the other digits except the last digit into two adjacent values, thereby obtaining several groups of values, as shown in Figure 2, draw several rays evenly on the arc, the length of the rays is equal to the value of the corresponding group, among which the length of the vertical upward ray is equal to the value of the first group, and the clockwise direction of the ray with the same length as the first group is the ray with the same length as the second group; connect the endpoints of adjacent rays in sequence to obtain the second-level encrypted graph with timestamp;

步骤三:将带有时间戳的二级密文图形进行动态显示:获取相邻两个射线端点的连线长度,设定每个数字均对应一个颜色,将连线长度与设定的所有颜色进行比对以匹配到对应的颜色,将匹配到的颜色填充对应的相邻两条射线组成的以及其端点连线组成的封闭部位中,由此可将每个封闭部位进行颜色填充以得到带有时间戳的颜色填充加密图形;计算每个封闭部位的面积,由此可得每个封闭部位的封闭面积;将相邻两个封闭部位的封闭面积进行差值计算以得到相邻差度;将相邻差度与设定的差度区间进行比较分析,当相邻差度大于设定的差度区间中的最大值时,则将该差度记为高度差度;当相邻差度处于设定的差度区间之内时,则将该差度记为中度差度;当相邻差度小于设定的差度区间中的最小值时,则将该差度记为低度差度;分别统计高度差度、中度差度和低度差度的数量,并将其分别记为C1、C2和C3;将高度差度、中度差度和低度差度分别进行求和计算以得到高度差值、中度差值和低度差值,并将其分别记为D1、D2和D3;利用设定的公式进行计算以得到旋转角度σ,其中a1、a2、a3、a4和a5分别为设定的比例系数,λ为设定的角度转换系数;将颜色填充加密图形的时间戳转化成一串二进制的数列,并将该数列记为口令数列;依据口令数列控制颜色填充加密图形的动态显示;其中控制步骤具体为:对口令数列中第一个数字进行判定,当口令数列中数字为0时,则控制颜色填充加密图形顺时针方向依据旋转角度进行旋转,当口令数列中数字为1时,则控制填充加密图形逆时方向依据旋转角度进行旋转;直至口令数列中的所有数字判定完毕以完成颜色填充加密图形的动态显示;将动态显示的颜色填充加密图形记为最终密文;通过步骤一至步骤三的加密过程实现了数据的混淆和加密,增加了数据的复杂性和随机性;Step 3: Dynamically display the secondary ciphertext graphics with timestamps: obtain the length of the line connecting the endpoints of two adjacent rays, set each number to correspond to a color, compare the length of the line with all the set colors to match the corresponding color, and fill the matched color into the closed part composed of the corresponding two adjacent rays and the line connecting their endpoints, thereby filling each closed part with color to obtain a color-filled encrypted graphic with a timestamp; calculate the area of each closed part, thereby obtaining the closed area of each closed part; calculate the difference between the closed areas of two adjacent closed parts to obtain the adjacent difference; and calculate the adjacent difference. Compare and analyze with the set difference interval. When the adjacent difference is greater than the maximum value in the set difference interval, the difference is recorded as a high difference; when the adjacent difference is within the set difference interval, the difference is recorded as a medium difference; when the adjacent difference is less than the minimum value in the set difference interval, the difference is recorded as a low difference; count the number of high differences, medium differences and low differences respectively, and record them as C1, C2 and C3 respectively; sum the high differences, medium differences and low differences respectively to obtain the high difference value, medium difference value and low difference value, and record them as D1, D2 and D3 respectively; use the set formula Calculation is performed to obtain a rotation angle σ, wherein a1, a2, a3, a4 and a5 are respectively set proportional coefficients, and λ is a set angle conversion coefficient; the timestamp of the color-filled encrypted figure is converted into a binary sequence, and the sequence is recorded as a password sequence; the dynamic display of the color-filled encrypted figure is controlled according to the password sequence; wherein the control step is specifically as follows: the first number in the password sequence is determined, when the number in the password sequence is 0, the color-filled encrypted figure is controlled to rotate clockwise according to the rotation angle, and when the number in the password sequence is 1, the filled encrypted figure is controlled to rotate counterclockwise according to the rotation angle; until all the numbers in the password sequence are determined to complete the dynamic display of the color-filled encrypted figure; the dynamically displayed color-filled encrypted figure is recorded as the final ciphertext; the data obfuscation and encryption are realized through the encryption process from step one to step three, thereby increasing the complexity and randomness of the data;

步骤四:设定存在一个更新时长,调取距离当前时间最近的更新指令的生成时刻,当生成时刻与系统当前时刻进行时间差值计算以得到实际间隔时长,当实际间隔时长等于更新时长时,则将数据库内的数据按照步骤S1-S3的加密步骤进行更新;由步骤一至步骤三可知,同一条数据,经过两次加密之后得到的最终密文存在明显的差别,由此以提高数据库内数据的隐蔽性、安全性以及加密更新的智能化管理,实现对数据保护,有效降低数据泄露和非授权访问的风险;依据动态更新密文的操作,即使攻击者获取了一部分密文,也无法通过比对历史密文来识别数据内容,从而增加了数据的保护级别。Step 4: Set an update duration, retrieve the generation time of the update instruction closest to the current time, calculate the time difference between the generation time and the current time of the system to obtain the actual interval duration, and when the actual interval duration is equal to the update duration, update the data in the database according to the encryption steps of steps S1-S3; It can be seen from steps 1 to 3 that the same data has obvious differences in the final ciphertext obtained after two encryptions, thereby improving the confidentiality and security of the data in the database and the intelligent management of encryption updates, realizing data protection, and effectively reducing the risk of data leakage and unauthorized access; According to the operation of dynamically updating the ciphertext, even if the attacker obtains part of the ciphertext, it is impossible to identify the data content by comparing the historical ciphertext, thereby increasing the data protection level.

通讯管理模块通过对来访ip进行认证并对通过认证的来访i p进行通讯管理,具体为:The communication management module authenticates the visiting IP and manages the communication of the authenticated visiting IP, specifically:

步骤一:识别来访i p状态:从数据库内调取历史来访ip集合,并将该来访ip的与历史来访i p集合进行比对,当历史来访i p集合中并且距离当前时间固定时长内存在该来访ip时,则该来访i p为已认证状态;否则为未认证状态;其中固定时长为一周或半个月或一个月,其具体时长依据技术人员依据需要自行设定;Step 1: Identify the visiting IP status: retrieve the historical visiting IP set from the database, and compare the visiting IP with the historical visiting IP set. If the visiting IP is in the historical visiting IP set and exists within a fixed time from the current time, the visiting IP is in the authenticated state; otherwise, it is in the unauthenticated state; the fixed time is one week, half a month or one month, and the specific time is set by the technician according to the needs;

步骤二:当来访i p状态为未认证状态时,则对其进行安全认证,具体为:Step 2: When the visiting IP status is unauthenticated, perform security authentication on it, specifically:

调取该来访ip的归属信息,其中归属信息包括运营商、注册地址和ip段;设定这些字符均对应一个数值,将运营商、注册地和ip段与设定的字符进行比对以匹配到表示运营商数值序列、表示注册地的注册数值序列以及表示i p段的i p段数值序列;将运营商数值序列、注册数值序列和ip段数值序列进行依次排列以得到表示归属信息的归属数值序列;识别归属数值序列中零,并获取零的位置记为间断节点,其中间断节点分为单节点、双节点、三节点……R节点,其中R取值为正整数,R表示的是该间断节点位置存在零的总数量;当间断节点位置只存在一个零时,则该间断节点为单节点,当间断节点位置存在两个零时,则该间断节点为双节点;当间断节点位置存在三个零时,则该间断节点为三节点;以此类推,当间断节点位置存在R个零时,则该间断节点为R节点;依据间断节点将归属数值序列分为若干段数段,由此可知依据该间断方式得到的每个数段内均不存在零;如图3所示,以数段内的数值为半径画圆以得到圆环或者同心圆;当数段内只存在一个数值时或者存在的数值相等时,则得到的是一个圆;当数段内存在两个以上且数值不相等时,则得到的是一个同心圆;取一条水平线,将每个数段的圆或者同心圆以相切的方式并按照数段在归属数值序列中的顺序进行绘制;依据数段之前的节点类型进行切割以得到比对图和填充图,将填充图整合成验证请求发送至归属信息对应的ip,当接收到来访i p发送的填充图时,则将其与对应的比对图进行重合比对,若重合比对成功则认证成功,执行步骤三;否则认证不通过,执行步骤四;Retrieve the attribution information of the visiting IP, wherein the attribution information includes the operator, the registered address and the IP segment; set these characters to correspond to a numerical value, compare the operator, the registered address and the IP segment with the set characters to match the operator numerical sequence, the registered numerical sequence and the IP segment numerical sequence; arrange the operator numerical sequence, the registered numerical sequence and the IP segment numerical sequence in sequence to obtain the attribution numerical sequence representing the attribution information; identify zeros in the attribution numerical sequence, and obtain the position of zero as a discontinuous node, wherein the discontinuous node is divided into a single node, a double node, a triple node...R node, wherein R is a positive integer, and R represents the total number of zeros at the discontinuous node position; when there is only one zero at the discontinuous node position, the discontinuous node is a single node, when there are two zeros at the discontinuous node position, the discontinuous node is a double node; when there are three zeros at the discontinuous node position, the discontinuous node is a triple node; and so on, when there are R zeros at the discontinuous node position, the discontinuous node is an R node; The belonging numerical sequence is divided into several segments according to the discontinuous nodes, and it can be known that there is no zero in each segment obtained according to the discontinuous method; as shown in Figure 3, a circle is drawn with the value in the segment as the radius to obtain a ring or concentric circles; when there is only one value in the segment or the existing values are equal, a circle is obtained; when there are more than two values in the segment and the values are not equal, a concentric circle is obtained; a horizontal line is taken to draw the circle or concentric circles of each segment in a tangent manner and in the order of the segments in the belonging numerical sequence; according to the node type before the segment, it is cut to obtain a comparison map and a filling map, and the filling map is integrated into a verification request and sent to the IP corresponding to the belonging information. When the filling map sent by the visiting IP is received, it is overlapped and compared with the corresponding comparison map. If the overlap comparison is successful, the authentication is successful and step three is executed; otherwise, the authentication fails and step four is executed;

其中切割方式为:The cutting methods are:

调取间断节点的类型以得到间断节点位置零的数量,并将其记为G1;分别获取间断节点前后两个数段中最大的数值,并将其分别记为G2和G3;利用设定的公式组进行计算以得到每个间断节点的切割参数,其中Gz1为切割线宽,Gz2为切割线长,μ1、μ2分别为设定的线宽和线长转换系数;δ1、δ2、δ3、δ4分别为设定的比例系数;依据切割线宽和切割线长得到该间断节点的切割区域,其中切割区域中心点与该间断节点前后数段对应的图形的切点重合,依据该切割区域进行切割以得到比对图和填充图;Retrieve the type of discontinuous node to obtain the number of discontinuous node position zeros, and record it as G1; obtain the largest value in the two number segments before and after the discontinuous node, and record them as G2 and G3 respectively; use the set formula group Calculation is performed to obtain the cutting parameters of each discontinuous node, where Gz1 is the cutting line width, Gz2 is the cutting line length, μ1 and μ2 are the set line width and line length conversion coefficients respectively; δ1, δ2, δ3, and δ4 are the set proportional coefficients respectively; the cutting area of the discontinuous node is obtained according to the cutting line width and the cutting line length, where the center point of the cutting area coincides with the tangent point of the graphics corresponding to the previous and next segments of the discontinuous node, and cutting is performed according to the cutting area to obtain the comparison map and the filling map;

步骤三:当来访i p状态为已认证状态时,则对其进行安全风险校验以规范来访ip的访问权限;具体为:Step 3: When the visiting IP is in the authenticated state, a security risk check is performed to regulate the access rights of the visiting IP; specifically:

将已认证状态的来访i p进行安全校验以得到每个已通过的来访i p的安全风险程度:Perform security checks on the authenticated visiting IPs to obtain the security risk level of each visiting IP that has passed the security check:

获取认证通过的来访i p的访问记录,其中浏览记录包括次数以及每次访问开始时刻和访问结束时刻,将访问开始时刻和访问结束时刻进行时间差值计算以得到此次访问时长,由此可得每次访问的访问时长记为Wq;将访问开始时刻作为此次访问时刻,由此可得每次访问的访问时刻;如图4所示,以时间为横坐标,以访问时长为纵坐标构建二维直角坐标系,将访问时长按照对应的访问时刻在坐标系中进行描点,采用线段将点依次连接点以得到访问记录变化折线图;将相邻两次访问的访问时刻进行时间差值计算以得到访问间隔,并将其记为其中q=1,2,3……Q,Q取值为正整数,Q表示访问总次数,q为其中任意一次访问;计算相邻两个点之间组成的线段的斜率记为利用设定的公式计算以得到浏览波动值Az,其中为所有斜率均值;Get the access records of the authenticated visiting IP, where the browsing records include the number of times and the start and end times of each visit. Calculate the time difference between the start and end times of the visit to get the duration of this visit, and record the duration of each visit as Wq; take the start time of the visit as the time of this visit, and get the access time of each visit; as shown in Figure 4, construct a two-dimensional rectangular coordinate system with time as the horizontal coordinate and the access time as the vertical coordinate, plot the access time in the coordinate system according to the corresponding access time, and use line segments to connect the points in sequence to get a line graph of the access record changes; calculate the time difference between the access times of two adjacent visits to get the access interval, and record it as Where q = 1, 2, 3 ... Q, Q is a positive integer, Q represents the total number of visits, and q is any one of the visits; the slope of the line segment between two adjacent points is calculated as Using the set formula Calculate to get the browsing fluctuation value Az, where is the mean of all slopes;

设定每个来访i p的不同身份均对应一个标准访问时长和标准访问间隔;具体表现为:当来访i p为企业管理层身份、普通员工身份和游客身份时分别对应一个标准访问时长和标准访问间隔,其中企业管理层身份对应的标准访问时长>普通员工身份对应的标准访问时长>游客身份对应的标准访问时长,且企业管理层身份对应的标准访问间隔<普通员工身份对应的标准访问间隔<游客身份对应的标准访问间隔;需要说明的是,当来访i p的身份等级越低,频繁的进入系统并且浏览时长较长,则存在利用爬虫技术窃取企业信息或者进行攻击的风险比较高;获取来访i p的身份,并将其与设定的所有身份进行比对以匹配到对应的标准访问时长和标准访问间隔,并将其标记为H1和H2;获取该来访i p的认证不通过次数记为T;利用设定的公式进行计算以得到访问风险指数FH,其中f1、f2、f3、f4分别为设定的比例系数;由公式可知,当来访i p的访问间隔时长越接近对应的标准访问时长和标准访问间隔时,则访问风险指数越小,反之则访问风险指数越大;Set a standard access time and a standard access interval for each visiting IP with different identities; specifically, when the visiting IP is the corporate management identity, ordinary employee identity and tourist identity, it corresponds to a standard access time and a standard access interval respectively, wherein the standard access time corresponding to the corporate management identity is greater than the standard access time corresponding to the ordinary employee identity and the standard access time corresponding to the tourist identity, and the standard access interval corresponding to the corporate management identity is less than the standard access interval corresponding to the ordinary employee identity and the standard access interval corresponding to the tourist identity; it should be noted that the lower the identity level of the visiting IP, the more frequently it enters the system and the longer the browsing time, the higher the risk of using crawler technology to steal corporate information or attack; obtain the identity of the visiting IP, and compare it with all the set identities to match the corresponding standard access time and standard access interval, and mark them as H1 and H2; obtain the number of authentication failures of the visiting IP and record it as T; use the set formula Calculate to get the access risk index FH, where f1, f2, f3, and f4 are the set proportional coefficients respectively; from the formula, it can be seen that when the access interval of the visiting IP is closer to the corresponding standard access duration and standard access interval, the access risk index is smaller, and vice versa, the access risk index is larger;

其规范来访i p的访问权限过程为:设定存在三个安全风险阈值为:安全风险阈值一和安全风险阈值二,且安全风险阈值一>安全风险阈值二;The process of regulating the access rights of visiting IPs is as follows: setting three security risk thresholds: security risk threshold 1 and security risk threshold 2, and security risk threshold 1>security risk threshold 2;

当访问风险指数大于设定的安全风险阈值一时,则禁止该来访i p进入;When the access risk index is greater than the set security risk threshold of one, the visiting IP is prohibited from entering;

当访问风险指数小于设定的安全风险阈值二,且大于安全风险阈值一时,则限制该来访i p对数据库内数据进行操作,其中数据操作具体为数据调整,包括数据修改或者数据删除或者数据增加;When the access risk index is less than the set security risk threshold of two and greater than the security risk threshold of one, the visiting IP is restricted from operating the data in the database, where the data operation is specifically data adjustment, including data modification, data deletion or data addition;

当访问风险指数小于设定的安全风险阈值二时,则无其他操作;When the access risk index is less than the set security risk threshold of two, no other operations are performed;

步骤四:生成认证不通过指令,并不允许来访i p进入和访问,则该来访i p的认证不通过次数增加一次;Step 4: Generate an authentication failure instruction and do not allow the visiting IP to enter and access. The number of authentication failures of the visiting IP will increase by one.

通过对来访i p进行认证和安全风险校验,能够有效地识别不安全的访问请求并拒绝或限制它们的访问权限,从而有效地保护了系统的安全性;同时通过自动识别已认证和未认证的来访i p,并对它们进行相应的管理和安全风险校验,大大减少了运维人员的工作量和操作时间,提高了运维效率。By authenticating and verifying the security risks of visiting IPs, it is possible to effectively identify unsafe access requests and deny or restrict their access rights, thereby effectively protecting the security of the system; at the same time, by automatically identifying authenticated and unauthenticated visiting IPs and performing corresponding management and security risk verification on them, it greatly reduces the workload and operation time of operation and maintenance personnel and improves operation and maintenance efficiency.

加密更新模块通过对企业网络来访i p的认证不通过情况进行分析以得到更新时长,将更新时长发送至数据加密模块;其中分析过程具体为:The encryption update module analyzes the authentication failure of the IP access to the enterprise network to obtain the update time, and sends the update time to the data encryption module; the analysis process is as follows:

通过分析企业网络系统内不同采集时刻对应的认证不通过总次数,以采集时刻为横坐标,以认证不通过总次数为横坐标构建二维直角坐标系,将认证不通过总次数按照对应的采集时刻先后输入至坐标系中,将认证不通过总次数在坐标系中的位置记为认证点,采用圆滑的曲线依次连接认证点以得到企业网络系统内认证不通过总次数随时间变化曲线图;在认证点的位置作曲线的切线并得到切线表达式,对切线表达式进行求导操作得到该认证点的导数记为Vj,其中j=1,2,3……J,J取值为正整数,J表示的是采集时刻总数,j表示的是其中任意一个采集时刻;将大于零的导数进行求和以得到风险增加度记为P1,将小于零的导数进行求和计算并取绝对值以得到风险降低度记为P2;利用设定的公式进行计算以得到更新时长Ps,其中c1、c2分别为设定的比例系数,为所有导数均值,并将更新时长发送至S4;由公式可知,当风险增加度P1越大时,说明企业网络系统风险越大,则更新时长越小;当风险降低度P2越大时,说明企业网络系统风险越小,则更新时长越大。By analyzing the total number of authentication failures corresponding to different collection times in the enterprise network system, a two-dimensional rectangular coordinate system is constructed with the collection time as the horizontal coordinate and the total number of authentication failures as the horizontal coordinate. The total number of authentication failures is input into the coordinate system in sequence according to the corresponding collection time, and the position of the total number of authentication failures in the coordinate system is recorded as the authentication point. The authentication points are connected in sequence with a smooth curve to obtain a curve chart of the total number of authentication failures in the enterprise network system over time; a tangent line is drawn at the position of the authentication point to obtain the tangent expression, and the tangent expression is derived to obtain the derivative of the authentication point, which is recorded as Vj, where j = 1, 2, 3...J, J is a positive integer, J represents the total number of collection times, and j represents any one of the collection times; the derivatives greater than zero are summed to obtain the risk increase degree, which is recorded as P1, and the derivatives less than zero are summed and calculated and the absolute value is taken to obtain the risk reduction degree, which is recorded as P2; using the set formula Calculate to get the update time Ps, where c1 and c2 are the set proportional coefficients, is the mean of all derivatives, and the update time is sent to S4; from the formula, it can be seen that when the risk increase degree P1 is larger, it means that the risk of the enterprise network system is greater, and the update time is shorter; when the risk reduction degree P2 is larger, it means that the risk of the enterprise network system is smaller, and the update time is longer.

如图5所示,申请实施例还提供了基于数据分析的网络安全防御方法;该方法包括以下步骤:As shown in FIG5 , the application embodiment also provides a network security defense method based on data analysis; the method comprises the following steps:

S1:将数据库内数据按照类别进行分类,每个类别内均有若干条带有时间戳的数据条,设定存在若干个字符,每个字符均对应一个数值,将带有时间戳的数据条内的字符与设定的所有字符进行比对以匹配到对应的数值,并将数值按照对应带有时间戳的数据条内的字符顺序进行先后排序以得到带有时间戳的字符序列;将带有时间戳的字符序列进行去零化和随机盐值填充以得到带有时间戳的一级密文;S1: Classify the data in the database according to categories, each category has several data strips with timestamps, set a number of characters, each character corresponds to a numerical value, compare the characters in the data strip with timestamps with all set characters to match the corresponding numerical values, and sort the numerical values in the order of the characters in the corresponding data strip with timestamps to obtain a character sequence with timestamps; remove zeros and fill the character sequence with random salt values to obtain a first-level ciphertext with timestamps;

S2:将带有时间戳的一级密文进行图形转化:统计带有时间戳的一级密文中数字数量,当数字数量为偶数时,则以固定值为半径画圆;将带有时间戳的以及密文以相邻个数字为一组,由此可得到若干组数值;当数字数量为奇数时,则以带有时间戳的一级密文中最后一个数字为半径画圆,将除最后一个数字以外的其他数字以相邻量两个数值为一组,由此可得若干组数值,如图2所示,在圆弧上均匀的引出若干条射线,其射线的长度与对应组的数值相等,其中竖直向上的射线长度与第一组数值相等,与第一组数值相等的长度射线的顺时针方向为与第二组数值相等的长度射线;依次连接相邻射线端点以得到带有时间戳的二级加密图形;S2: Convert the first-level ciphertext with timestamp into a graphic: count the number of digits in the first-level ciphertext with timestamp, when the number of digits is an even number, draw a circle with a fixed value as the radius; group the ciphertext with timestamp into adjacent digits, thereby obtaining several groups of values; when the number of digits is an odd number, draw a circle with the last digit in the first-level ciphertext with timestamp as the radius, group the other digits except the last digit into two adjacent values, thereby obtaining several groups of values, as shown in FIG2, draw several rays evenly on the arc, the length of the rays is equal to the value of the corresponding group, wherein the length of the vertically upward ray is equal to the value of the first group, and the clockwise direction of the ray with the same length as the first group is the ray with the same length as the second group; connect the endpoints of adjacent rays in sequence to obtain the second-level encrypted graphic with timestamp;

S3:将带有时间戳的二级密文图形进行动态显示:获取相邻两个射线端点的连线长度,设定每个数字均对应一个颜色,将连线长度与设定的所有颜色进行比对以匹配到对应的颜色,将匹配到的颜色填充对应的相邻两条射线组成的以及其端点连线组成的封闭部位中,由此可将每个封闭部位进行颜色填充以得到带有时间戳的颜色填充加密图形;计算每个封闭部位的面积,由此可得每个封闭部位的封闭面积,并据此进行深化分析以得到旋转角度σ;将颜色填充加密图形的时间戳转化成一串二进制的数列,并将该数列记为口令数列;依据口令数列和旋转角度控制颜色填充加密图形的动态显示;S3: Dynamically display the secondary ciphertext graphics with timestamps: obtain the length of the line connecting the endpoints of two adjacent rays, set each number to correspond to a color, compare the length of the line with all the set colors to match the corresponding color, fill the closed part composed of the corresponding two adjacent rays and the line connecting their endpoints with the matched color, thereby filling each closed part with color to obtain a color-filled encrypted graphic with a timestamp; calculate the area of each closed part, thereby obtaining the closed area of each closed part, and conduct in-depth analysis based on this to obtain the rotation angle σ; convert the timestamp of the color-filled encrypted graphic into a binary series, and record the series as a password series; control the dynamic display of the color-filled encrypted graphic according to the password series and the rotation angle;

S4:设定存在一个更新时长,调取距离当前时间最近的更新指令的生成时刻,当生成时刻与系统当前时刻进行时间差值计算以得到实际间隔时长,当实际间隔时长等于更新时长时,则将数据库内的数据按照步骤S1-S3的加密步骤进行更新;S4: Set an update duration, retrieve the generation time of the update instruction closest to the current time, calculate the time difference between the generation time and the current time of the system to obtain the actual interval duration, and when the actual interval duration is equal to the update duration, update the data in the database according to the encryption steps of steps S1-S3;

S5:对所有来访i p进行认证和访问权限规范,具体为:S5: Authentication and access rights specification for all visiting IPs, specifically:

S51:识别来访i p状态,当来访i p状态为已认证状态,则执行步骤S53;否则执行步骤S52;S51: Identify the visiting IP state. If the visiting IP state is authenticated, execute step S53; otherwise, execute step S52;

S52:将未认证来访i p进行认证,其认证方式为:调取来访i p的归属信息,将归属信息转化成归属数值序列;识别归属数值序列中零,并获取零的位置记为间断节点,依据间断节点将归属数值序列分为若干段数段;取一条水平线,将每个数段的圆或者同心圆以相切的方式并按照数段在归属数值序列中的顺序进行绘制;依据数段之前的节点类型进行切割以得到比对图和填充图,将填充图整合成验证请求发送至归属信息对应的i p,当接收到来访i p发送的填充图时,则将其与对应的比对图进行重合比对,若重合比对成功则认证成功,执行S53;否则认证不通过,执行S6;S52: Authenticate the unauthenticated visiting IP, and the authentication method is as follows: retrieve the attribution information of the visiting IP, and convert the attribution information into an attribution numerical sequence; identify zero in the attribution numerical sequence, obtain the position of zero and record it as a discontinuous node, and divide the attribution numerical sequence into several segments according to the discontinuous nodes; take a horizontal line, draw the circle or concentric circles of each segment in a tangent manner and in the order of the segments in the attribution numerical sequence; cut according to the node type before the segment to obtain a comparison map and a filling map, integrate the filling map into a verification request and send it to the IP corresponding to the attribution information, and when the filling map sent by the visiting IP is received, it is overlapped and compared with the corresponding comparison map. If the overlap comparison is successful, the authentication is successful, and S53 is executed; otherwise, the authentication fails, and S6 is executed;

S53:将已认证状态的来访i p进行安全校验分析以得到每个已通过认证的来访ip的安全风险指数;S53: Perform security verification analysis on the authenticated visiting IP to obtain the security risk index of each authenticated visiting IP;

S55:依据安全风险程度规范通过认证的来访i p的访问权限;其规范过程为:设定存在三个安全风险阈值为:安全风险阈值一和安全风险阈值二,且安全风险阈值一>安全风险阈值二;S55: regulating the access rights of the authenticated visiting IP according to the security risk level; the regulation process is: setting three security risk thresholds: security risk threshold 1 and security risk threshold 2, and security risk threshold 1>security risk threshold 2;

当访问风险指数大于设定的安全风险阈值一时,则禁止该来访i p进入;When the access risk index is greater than the set security risk threshold of one, the visiting IP is prohibited from entering;

当访问风险指数小于设定的安全风险阈值二,且大于安全风险阈值一时,则限制该来访i p对数据库内数据进行操作,其中数据操作具体为数据调整,包括数据修改或者数据删除或者数据增加;When the access risk index is less than the set security risk threshold of two and greater than the security risk threshold of one, the visiting IP is restricted from operating the data in the database, where the data operation is specifically data adjustment, including data modification, data deletion or data addition;

当访问风险指数小于设定的安全风险阈值二时,则无其他操作;When the access risk index is less than the set security risk threshold of two, no other operations are performed;

S6:生成认证不通过指令,并不允许来访i p进入和访问,则该来访i p的认证不通过次数增加一次;S6: Generate an authentication failure instruction and do not allow the visiting IP to enter and access. The number of authentication failures of the visiting IP increases by one.

S7:通过采集企业网络系统内不同时刻对应的认证不通过总次数,并进行细化分析以得到更新时长,并将更新时长发送至S4。S7: By collecting the total number of authentication failures corresponding to different times in the enterprise network system, and performing detailed analysis to obtain the update duration, the update duration is sent to S4.

以上仅为本发明的实施例而已,并不用于限制本发明。对于本领域技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本发明的权利要求范围之内。The above are only embodiments of the present invention and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and variations. Any modification, equivalent substitution, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (7)

1. A network security defense system based on data analysis, comprising: a data encryption module;
the data encryption module encrypts data, dynamically displays and dynamically updates the data, and comprises the following specific steps:
Step one: classifying data in a database according to categories to obtain a plurality of data bars with time stamps, comparing characters in the data bars with the time stamps with all the set characters to match corresponding numerical values, sequencing the numerical values according to the character sequence in the data bars with the time stamps to obtain a character sequence with the time stamps, identifying salt positions, and filling salt values into the salt positions to obtain a first-stage ciphertext with the time stamps; the method comprises the following steps:
Identifying zeros in the character sequence with the time stamp, obtaining the number of the zeros and the position number of each zero in the character sequence with the time stamp, setting 9 random salts with numbers 1-9, and marking the position of each zero in the character sequence with the time stamp as a salt position, so that the total salt position existing in the character sequence with the time stamp and the zero position number corresponding to each salt position can be obtained; randomly taking three random salts and comprehensively analyzing the three random salts and the position numbers to obtain filling salt values of the salt positions, and filling the filling salt values into corresponding salt positions in a character sequence with a time stamp to obtain a first-stage ciphertext with the time stamp;
Step two: performing graphic transformation on the primary ciphertext with the time stamp to obtain a secondary encryption graphic with the time stamp; the method comprises the following steps:
Counting the number of the first-level secret digits with the time stamp, drawing a circle according to the parity of the number, dividing the number of the first-level secret digits with the time stamp into a plurality of groups of numerical values, uniformly leading out a plurality of rays on an arc, wherein the lengths of the rays are equal to the numerical values of the corresponding groups, and the lengths of the rays in the vertical direction are equal to the numerical values of the first group, and the clockwise direction of the length rays equal to the numerical values of the first group is the length rays equal to the numerical values of the second group; sequentially connecting adjacent ray endpoints to obtain a secondary encryption graph with a time stamp;
step three: the method comprises the following steps of dynamically displaying a secondary ciphertext graph with a time stamp to obtain a final ciphertext, wherein the display steps are as follows:
Obtaining the connection line length of two adjacent ray end points, comparing the connection line length with all the set colors to match the corresponding colors, and filling the matched colors into the closed part formed by the two adjacent rays and the end point connection line thereof to obtain a color filling encryption graph with a time stamp; calculating the area of each closed position, and calculating the difference value of the closed areas of two adjacent closed positions to obtain adjacent difference values; comparing and analyzing the adjacent difference with a set difference interval to divide the adjacent difference into a height difference, a middle difference and a low difference; respectively counting the number of the height differences, the middle height differences and the low height differences, respectively carrying out summation calculation on the height differences, the middle height differences and the low height differences to obtain height differences, middle height differences and low height differences, and carrying out formula calculation analysis on the height differences, the middle height differences and the low height differences to obtain rotation angles; converting the time stamp of the color-filled encryption graph into a string of binary series of numbers, and marking the series of numbers as a password series of numbers; controlling dynamic display of color filling encryption graphics according to the password number column; the control steps are as follows: judging the first digit in the password sequence, when the number in the password sequence is 0, controlling the color filling encryption graph to rotate clockwise according to the rotation angle, and when the number in the password sequence is 1, controlling the filling encryption graph to rotate in the reverse time direction according to the rotation angle; until all numbers in the password number column are judged to be finished, the dynamic display of the color filling encryption graph is completed; recording the dynamically displayed color filling encryption graph as a final ciphertext;
Step four: setting an updating time length, calling the generation time of an updating instruction closest to the current time, calculating a time difference value between the generation time and the current time of the system to obtain an actual interval time length, and updating the data in the database according to the encryption steps from the first step to the third step when the actual interval time length is equal to the updating time length.
2. The data analysis-based network security defense system of claim 1 further comprising a communication management module and an encryption update module;
The communication management module authenticates the visiting ip and standardizes the access authority of the visiting ip which passes the authentication;
The encryption updating module analyzes the authentication failure condition of the enterprise network access ip to obtain the updating duration, and sends the updating duration to the data encryption module.
3. The data analysis-based network security defense system of claim 2 wherein the authentication specific process is:
Identifying a visiting ip state, and carrying out security authentication on the visiting ip state when the visiting ip state is in an unauthorized state, wherein the security authentication is specifically as follows:
The attribution information of the visiting ip is called and converted into attribution value sequences, zeros in the attribution value sequences are identified, positions of the zeros are obtained and recorded as intermittent nodes, the attribution value sequences are divided into a plurality of sections according to the intermittent nodes, a horizontal line is taken, and circles or concentric circles of each section are drawn in a tangential mode according to the sequence of the sections in the attribution value sequences; cutting according to the node types before a plurality of sections to obtain a comparison graph and a filling graph, integrating the filling graph into a verification request, sending the verification request to an ip corresponding to attribution information, carrying out repeated comparison on the filling graph sent by a visiting ip and the corresponding comparison graph when the filling graph is received, and carrying out access authority specification if successful authentication is carried out by repeated comparison; if the authentication is not passed, an authentication non-passing instruction is generated, and the access ip is not allowed to enter and access, and the authentication non-passing times of the access ip are increased once.
4. A network security defense system based on data analysis according to claim 3 wherein the cutting means is:
The type of the intermittent node is called to obtain the zero quantity of the intermittent node point, and the zero quantity is marked as G1; respectively obtaining the maximum numerical value in the front and rear sections of the intermittent node, and respectively marking the maximum numerical value as G2 and G3; using a set of formulas Calculating to obtain cutting parameters of each intermittent node, wherein Gz1 is cutting line width, gz2 is cutting line length, and mu 1 and mu 2 are set line width and line length conversion coefficients respectively; δ1, δ2, δ3, and δ4 are set scaling factors, respectively; and obtaining a cutting area of the intermittent node according to the cutting line width and the cutting line length, wherein the center point of the cutting area coincides with the tangent points of the patterns corresponding to the front and rear sections of the intermittent node, and cutting according to the cutting area to obtain a comparison graph and a filling graph.
5. The network security defense system based on data analysis according to claim 2, wherein the specific steps of the access rights specification are:
When the visiting ip state is an authenticated state, performing security risk verification on the visiting ip state to standardize the access authority of the visiting ip; obtaining access records of access ips passing authentication, wherein the browsing records comprise times, access start time and access end time of each time, and performing time difference calculation on the access start time and the access end time to obtain access duration of the time, so that the access duration of each time of access can be obtained; taking the access starting time as the access time of the time, thereby obtaining the access time of each access;
taking time as an abscissa and access time as an ordinate to obtain an access record change line graph; calculating the time difference value of access moments of two adjacent accesses to obtain access intervals, calculating the slope of a line segment formed between two adjacent points, and carrying out formulated calculation and analysis on the slope to obtain a browsing fluctuation value;
Setting different identities of each visiting ip to correspond to a standard access duration and a standard access interval, acquiring the identity of the visiting ip, comparing the identity with all the set identities to match the corresponding standard access duration and standard access interval, acquiring the authentication non-passing times of the visiting ip, and carrying out formulated calculation analysis on the browsing fluctuation value, the authentication non-passing times, the standard access duration and the standard access interval to obtain an access risk index;
The access authority process of the standard visiting ip is as follows: the two security risk thresholds are set as follows: a first safety risk threshold and a second safety risk threshold, wherein the first safety risk threshold is greater than the second safety risk threshold;
When the visit risk index is larger than a set safety risk threshold value, prohibiting the visit ip from entering;
and when the access risk index is larger than the set second safety risk threshold and smaller than the first safety risk threshold, limiting the access ip to operate the data in the database.
6. The data analysis-based network security defense system of claim 2 wherein the update duration calculation process is:
Taking the acquisition time as an abscissa and the total times of failed authentication as an abscissa to obtain a time-dependent change graph of the total times of failed authentication in the enterprise network system; tangent lines of the curve are made at the positions of the authentication points, tangent line expressions are obtained, derivative of the authentication points is obtained by conducting derivation operation on the tangent line expressions, the derivatives larger than zero are summed to obtain risk increase degree, and the derivatives smaller than zero are summed to obtain absolute value so as to obtain risk reduction degree;
And carrying out formulated calculation analysis on the derivative, the risk increase degree and the risk decrease degree to obtain the update duration.
7. The network security defense method based on data analysis is characterized by comprising the following steps:
S1: classifying the data in the database according to categories, wherein each category is internally provided with a plurality of data bars with time stamps, comparing the characters in the data bars with the time stamps with all the set characters to match the corresponding numerical values, and sequencing the numerical values according to the character sequence in the data bars with the time stamps to obtain a character sequence with the time stamps; performing zero removal and random salt value filling on the character sequence with the time stamp to obtain a primary ciphertext with the time stamp; the method comprises the following steps:
Identifying zeros in the character sequence with the time stamp, obtaining the number of the zeros and the position number of each zero in the character sequence with the time stamp, setting 9 random salts with numbers 1-9, and marking the position of each zero in the character sequence with the time stamp as a salt position, so that the total salt position existing in the character sequence with the time stamp and the zero position number corresponding to each salt position can be obtained; randomly taking three random salts and comprehensively analyzing the three random salts and the position numbers to obtain filling salt values of the salt positions, and filling the filling salt values into corresponding salt positions in a character sequence with a time stamp to obtain a first-stage ciphertext with the time stamp;
S2: performing graphic transformation on the primary ciphertext with the time stamp to obtain a secondary encryption graphic with the time stamp; the method comprises the following steps:
Counting the number of the first-level secret digits with the time stamp, drawing a circle according to the parity of the number, dividing the number of the first-level secret digits with the time stamp into a plurality of groups of numerical values, uniformly leading out a plurality of rays on an arc, wherein the lengths of the rays are equal to the numerical values of the corresponding groups, and the lengths of the rays in the vertical direction are equal to the numerical values of the first group, and the clockwise direction of the length rays equal to the numerical values of the first group is the length rays equal to the numerical values of the second group; sequentially connecting adjacent ray endpoints to obtain a secondary encryption graph with a time stamp;
s3: the method comprises the following steps of dynamically displaying a secondary ciphertext graph with a time stamp to obtain a final ciphertext, wherein the display steps are as follows:
Obtaining the connection line length of two adjacent ray end points, comparing the connection line length with all the set colors to match the corresponding colors, and filling the matched colors into the closed part formed by the two adjacent rays and the end point connection line thereof to obtain a color filling encryption graph with a time stamp; calculating the area of each closed position, and calculating the difference value of the closed areas of two adjacent closed positions to obtain adjacent difference values; comparing and analyzing the adjacent difference with a set difference interval to divide the adjacent difference into a height difference, a middle difference and a low difference; respectively counting the number of the height differences, the middle height differences and the low height differences, respectively carrying out summation calculation on the height differences, the middle height differences and the low height differences to obtain height differences, middle height differences and low height differences, and carrying out formula calculation analysis on the height differences, the middle height differences and the low height differences to obtain rotation angles; converting the time stamp of the color-filled encryption graph into a string of binary series of numbers, and marking the series of numbers as a password series of numbers; controlling dynamic display of color filling encryption graphics according to the password number column; the control steps are as follows: judging the first digit in the password sequence, when the number in the password sequence is 0, controlling the color filling encryption graph to rotate clockwise according to the rotation angle, and when the number in the password sequence is 1, controlling the filling encryption graph to rotate in the reverse time direction according to the rotation angle; until all numbers in the password number column are judged to be finished, the dynamic display of the color filling encryption graph is completed; recording the dynamically displayed color filling encryption graph as a final ciphertext;
S4: setting an updating time length, calling the generation time of an updating instruction closest to the current time, calculating a time difference value between the generation time and the current time of the system to obtain an actual interval time length, and updating the data in the database according to the encryption steps of the steps S1-S3 when the actual interval time length is equal to the updating time length;
s5: authentication and access authority specification are carried out on all visiting ips, specifically:
S51: identifying a visiting ip state, and executing step S53 when the visiting ip state is an authenticated state; otherwise, executing step S52;
S52: the authentication method of the unauthorized visitor ip is as follows: the attribution information of the visiting ip is called, and the attribution information is converted into attribution value sequences; identifying zero in the attribution numerical value sequence, acquiring the position of the zero and marking the position as a discontinuous node, and dividing the attribution numerical value sequence into a plurality of sections according to the discontinuous node; drawing a horizontal line, namely drawing circles or concentric circles of each section in a tangential mode according to the sequence of the sections in the attribution numerical value sequence; cutting according to the node types before a plurality of sections to obtain a comparison graph and a filling graph, integrating the filling graph into a verification request, sending the verification request to an ip corresponding to attribution information, carrying out repeated comparison on the filling graph sent by a visiting ip and the corresponding comparison graph when the filling graph is received, and if the repeated comparison is successful, authenticating successfully, and executing S53; otherwise, the authentication is not passed, and S6 is executed;
s53: carrying out security check analysis on the authenticated visiting ips to obtain security risk indexes of each authenticated visiting ip;
s54: access rights of access ips passing authentication are standardized according to security risk degree; the standard process is as follows: the two security risk thresholds are set as follows: a first safety risk threshold and a second safety risk threshold, wherein the first safety risk threshold is greater than the second safety risk threshold;
When the visit risk index is larger than a set safety risk threshold value, prohibiting the visit ip from entering;
When the access risk index is larger than a second set security risk threshold and smaller than a first security risk threshold, the access ip is limited to operate on data in the database, wherein the data operation specifically comprises data adjustment, including data modification, data deletion or data addition;
s6: generating an authentication failing instruction, and not allowing the visiting ip to enter and visit, wherein the authentication failing times of the visiting ip are increased once;
s7: and acquiring total times of failed authentications corresponding to different moments in the enterprise network system, performing refined analysis to obtain updated time length, and sending the updated time length to S4.
CN202410198553.6A 2024-02-22 2024-02-22 Network security defense method and system based on data analysis Active CN118101269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410198553.6A CN118101269B (en) 2024-02-22 2024-02-22 Network security defense method and system based on data analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410198553.6A CN118101269B (en) 2024-02-22 2024-02-22 Network security defense method and system based on data analysis

Publications (2)

Publication Number Publication Date
CN118101269A CN118101269A (en) 2024-05-28
CN118101269B true CN118101269B (en) 2024-10-18

Family

ID=91162853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410198553.6A Active CN118101269B (en) 2024-02-22 2024-02-22 Network security defense method and system based on data analysis

Country Status (1)

Country Link
CN (1) CN118101269B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119128947A (en) * 2024-09-12 2024-12-13 江苏欧胜云科技有限公司 A security protection system based on Internet data transmission encryption

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106940804A (en) * 2017-02-23 2017-07-11 杭州仟金顶卓筑信息科技有限公司 Architectural engineering material management system form data method for automatically inputting
CN113839967A (en) * 2021-11-26 2021-12-24 深圳市聚慧合创信息技术有限公司 Internet of things equipment fraud prevention and control system based on big data technology

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11115184B2 (en) * 2017-05-22 2021-09-07 Micro Focus Llc Format preserving encryption with padding
CN115113821B (en) * 2022-07-07 2023-05-12 北京算讯科技有限公司 5G big data power calculation service system based on quantum encryption
CN117097572A (en) * 2023-10-19 2023-11-21 吉林省东启铭网络科技有限公司 Household Internet of things terminal and operation method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106940804A (en) * 2017-02-23 2017-07-11 杭州仟金顶卓筑信息科技有限公司 Architectural engineering material management system form data method for automatically inputting
CN113839967A (en) * 2021-11-26 2021-12-24 深圳市聚慧合创信息技术有限公司 Internet of things equipment fraud prevention and control system based on big data technology

Also Published As

Publication number Publication date
CN118101269A (en) 2024-05-28

Similar Documents

Publication Publication Date Title
CN109417478A (en) Multilink cryptologic block chain
CN118101269B (en) Network security defense method and system based on data analysis
CN116542637B (en) Government platform safety control method based on computer
CN110674521B (en) Privacy protection evidence management system and method
CN117272349A (en) Method, system and storage medium for protecting security of relational database
CN116561182B (en) Power data storage method and system based on block chain
CN116074123A (en) Method for safely transmitting digital information of Internet of things
CN116032464A (en) A Property Data Encryption System Based on Quantum Communication
CN117332391A (en) Power distribution network data asset security access method and system considering authority hierarchical management and control
CN116633555A (en) A method and system for data collection and interaction of terminal equipment
CN116861485A (en) Student information privacy protection method based on deep learning fusion
CN116702216A (en) Multi-level access control method and device for real estate data
CN118677596A (en) Block chain multi-factor identity verification method based on federal deep learning
CN107194677B (en) Statistical method for bit currency region flow direction
Said et al. A multi-factor authentication-based framework for identity management in cloud applications
CN118551416B (en) Protection method and system for preventing file tampering based on self-adaptive security mechanism
Kamuni et al. Secure energy market against cyber attacks using blockchain
EP2023259B1 (en) Method, computer program and apparatus for controlling access to a computer resource
CN118138312B (en) Intelligent payment port encryption method and system
CN117931937A (en) Block chain-based power grid material product carbon footprint data sharing method and system
CN117407899A (en) Blockchain-based vehicle rental data processing method
CN117648704B (en) Block chain-based data security interaction method, medium and system
CN119004426B (en) Multi-dimension factor safety management system for government affair files
CN118646608B (en) A public service terminal data encryption system and method based on the Internet of Things
CN112235418B (en) Cross-blockchain stable access authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant