CN117879887A - Computer host information transmission supervision system based on artificial intelligence - Google Patents
Computer host information transmission supervision system based on artificial intelligence Download PDFInfo
- Publication number
- CN117879887A CN117879887A CN202311741538.3A CN202311741538A CN117879887A CN 117879887 A CN117879887 A CN 117879887A CN 202311741538 A CN202311741538 A CN 202311741538A CN 117879887 A CN117879887 A CN 117879887A
- Authority
- CN
- China
- Prior art keywords
- data
- unit
- module
- management
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 59
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 20
- 238000007726 management method Methods 0.000 claims abstract description 86
- 238000000034 method Methods 0.000 claims abstract description 54
- 238000004458 analytical method Methods 0.000 claims abstract description 51
- 238000012545 processing Methods 0.000 claims abstract description 29
- 238000001514 detection method Methods 0.000 claims abstract description 25
- 230000000007 visual effect Effects 0.000 claims abstract description 20
- 238000007405 data analysis Methods 0.000 claims abstract description 17
- 230000007123 defense Effects 0.000 claims abstract description 17
- 230000000694 effects Effects 0.000 claims abstract description 12
- 238000005516 engineering process Methods 0.000 claims abstract description 12
- 238000007781 pre-processing Methods 0.000 claims abstract description 12
- 238000012544 monitoring process Methods 0.000 claims description 36
- 230000006399 behavior Effects 0.000 claims description 31
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 21
- 230000005856 abnormality Effects 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 15
- 238000001914 filtration Methods 0.000 claims description 12
- 238000012549 training Methods 0.000 claims description 9
- 238000005070 sampling Methods 0.000 claims description 7
- 238000013475 authorization Methods 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 5
- 230000000903 blocking effect Effects 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 4
- 230000010354 integration Effects 0.000 claims description 4
- 238000011835 investigation Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 230000008260 defense mechanism Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000010801 machine learning Methods 0.000 claims description 3
- 238000005065 mining Methods 0.000 claims description 3
- 238000007619 statistical method Methods 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 9
- 230000008520 organization Effects 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/2433—Single-class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Automation & Control Theory (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a computer host information transmission supervision system based on artificial intelligence, which comprises a main control module, a data acquisition module, a data preprocessing module, a data analysis module, a log record analysis module, an access control module, an anomaly detection defense module, a visual display module, a compliance management module and a management and configuration module, wherein the transmission processing efficiency is improved under the condition of not affecting the overall performance by optimizing an algorithm and using high-performance hardware equipment; the protection of the privacy of the user is enhanced, and the data safety and privacy protection in the transmission supervision process are ensured; the occurrence of false alarm can be reduced by means of advanced data analysis and recognition technology, and the accuracy and reliability of malicious activities are improved; the method provides a simpler and more visual user interface, reduces the complexity of configuration and management, is easier and more convenient to use, and reduces the dependence on professionals.
Description
Technical Field
The invention relates to the technical field of information transmission, in particular to a host computer information transmission supervision system based on artificial intelligence.
Background
The information transmission supervision of the computer host refers to a measure for monitoring and managing information transmission among hosts, and the main purpose of the information transmission supervision is to protect network security and prevent information leakage and network attack;
the information transmission supervision of the computer host comprises monitoring transmission content, managing transmission flow, protecting data security and compliance supervision, and can enhance the security and controllability of information transmission between hosts. Meanwhile, the method can help the organization to discover and cope with potential security risks in time, and ensures that information transmission among hosts meets relevant requirements and policies.
In the prior art, the information transmission supervision of the computer host has the following defects:
1. the treatment efficiency is low: the transmission supervision system may have a certain influence on the performance of the whole system, resulting in a slow transmission speed or an increase in delay;
2. the transmission supervision system needs to monitor and store the transmission content, which may cause problems of user privacy and data security, especially in industries with higher compliance requirements;
3. the false alarm rate is high: because the transmission supervision system needs to analyze and identify the content, the situation of false alarm can be caused, and legal transmission is misjudged as malicious activity, so that normal service operation is affected;
4. the configuration is complex: the installation and configuration of the transmission supervisory system may be relatively complex, require professional personnel to set and adjust, and may present certain difficulties for the average user; therefore, it is necessary to provide an artificial intelligence based information transmission and supervision system for a computer host.
Disclosure of Invention
The invention aims to provide an artificial intelligence-based computer host information transmission supervision system, which improves transmission processing efficiency under the condition of not affecting overall performance by optimizing an algorithm and using high-performance hardware equipment; the protection of the privacy of the user is enhanced, and the data safety and privacy protection in the transmission supervision process are ensured; the occurrence of false alarm can be reduced by means of advanced data analysis and recognition technology, and the accuracy and reliability of malicious activities are improved; the method and the device provide a simpler and more visual user interface, reduce the complexity of configuration and management, make the configuration and management easier and more convenient, and reduce the dependence on professionals so as to solve the problems in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions: an artificial intelligence based computer host information transmission supervision system comprises a main control module: for managing and controlling the operation of the whole system;
and a data acquisition module: collecting information transmission data of a computer host in a network monitoring or host log mode;
and a data preprocessing module: the collected data are cleaned and processed for subsequent analysis and processing;
and a data analysis module: analyzing and threat identification are carried out on the monitored data by using an artificial intelligence algorithm and a model, and the abnormal behavior and risk behavior of the host are identified;
the log record analysis module: recording, analyzing and processing information transmission activities and operation logs of the host, and facilitating subsequent tracing and auditing;
and an access control module: the method is used for carrying out access control on information transmission of a host, limiting and managing ports, protocols and IP addresses, providing an authentication and authorization mechanism and preventing unauthorized access;
abnormality detection defense module: abnormal behavior and attack behavior are detected, a defense mechanism is automatically triggered, and network threats are actively defended in a mode of blocking malicious IP, disconnecting connection and automatically alarming;
visual display module: the monitoring data, analysis results and security decisions of the supervision system are displayed to the user in a visual mode, so that the user can conveniently know the information transmission condition of the host and the protection measures of the system;
compliance management module: ensuring that the aspects of data protection, privacy protection and safety management of the system meet the requirements of laws and regulations and industry standards;
management and configuration module: providing a user interface capable of adding a host, setting monitoring rules, viewing reports and managing user rights, and being used for managing and configuring a system;
the system comprises a data acquisition module, a data preprocessing module, a data analysis module, a log record analysis module, an access control module, an abnormality detection defense module, a visual display module, a compliance management module and a management and configuration module, which are all electrically connected with a main control module.
Preferably, the data acquisition module includes:
network monitoring unit: the network connection condition of the host is obtained in real time through monitoring the network flow;
host log acquisition unit: the method comprises the steps that the method is used for obtaining a log file of a host, wherein the log file of the host comprises an operating system log and an application program log;
port scanning unit: the method comprises the steps of scanning an open port of a host to obtain services and programs running on the host;
data filtering and processing unit: for filtering and processing the collected data and converting the data into a format suitable for subsequent processing and analysis.
Preferably, the data preprocessing module includes:
and a data cleaning unit: the method is used for identifying and removing the collected noise data and improving the accuracy of the subsequent analysis result;
a data format conversion unit: the method is used for converting the data with different formats of the log file and the network flow data into a uniform data format, so that subsequent analysis and processing are facilitated;
data normalization unit: the data from different sources have different value ranges and units, and the unit is used for carrying out normalization processing on the data, converting the data into uniform value ranges and units, so that the data have comparability;
feature selection unit: the method is used for automatically selecting important features by utilizing a feature selection algorithm, so that the dimension and complexity of data are reduced;
and a data sampling unit: in order to improve the training efficiency of the algorithm and the model, the method is used for sampling data and obtaining a balanced training data set.
Preferably, the data analysis module includes:
a data exploration unit: the method is used for carrying out statistical analysis and visual processing on the acquired data, exploring the distribution and relevance of the data, helping to understand the overall situation of the data more deeply, and finding potential modes and trends in the data;
an abnormality detection unit: the method comprises the steps of establishing an anomaly detection model and detecting anomaly values and anomaly behaviors in data;
threat information analysis unit: the method is used for comparing and analyzing the acquired threat information with the existing threat information library to identify potential threats and attack modes;
behavior analysis unit: by analyzing the information transmission behavior of the host, an abnormal behavior and a regular pattern are found;
user portrait construction unit: analyzing the data transmission behavior of the user, constructing a user portrait, and modeling and predicting the behavior of the user;
prediction and early warning unit: and carrying out trend prediction and abnormal behavior early warning based on historical data and a machine learning algorithm.
Preferably, the log record analysis module includes:
the log acquisition unit: the system is used for collecting log information from each data source and carrying out unified storage and management;
log storage management unit: providing a reliable storage and management mechanism, and ensuring that the collected logs are stored safely and reliably;
log analysis and association unit: deep mining and analyzing the collected logs by using various data analysis technologies and algorithms, and extracting valuable information;
abnormality detection alarm unit: the method is used for detecting abnormal behaviors and potential threats in the log through keyword filtering and rule matching technologies;
compliance analysis unit: compliance analysis is carried out on the collected logs, and whether the system accords with related safety strategy and regulation requirements is verified;
an investigation optimizing unit: the system fault and bottleneck recognition method is used for recognizing system faults and bottlenecks, analyzing error information and performance indexes in logs, positioning and solving problems and improving stability and performance of the system.
Preferably, the access control module includes:
an identity verification unit: the identity information of the user is verified, and the identity of the user is ensured to be legal;
a user authorization unit: after the user identity verification is passed, authorizing the user according to the identity and role information of the user;
an access auditing unit: the system is used for recording and auditing the access condition of the user to the system resources and data;
a multi-layer access control unit: and multi-level access control is supported, different levels of access control are carried out on users and resources at different levels, and sensitive data and important functions are ensured to be accessed by authorized users only.
Preferably, the abnormality detection defense module includes:
real-time monitoring unit: for monitoring various behaviors and events in the system in real time;
an abnormality recognition unit: analyzing and identifying the monitored behavior according to predefined rules, models or algorithms;
threat response unit: when the abnormal behavior is identified, corresponding measures are taken to deal with the threat;
threat information analysis unit: the latest threat information is acquired and analyzed through integration with a threat information library or a third party security service provider;
comprehensive defense unit: and the system cooperates with a firewall, an intrusion detection system and an identity authentication system to realize a multi-level comprehensive defense effect.
Preferably, the visual display module includes:
chart and graphic presentation unit: the distribution, comparison and variation trend of the numerical value type and the classified data are shown through various chart forms of a histogram, a line graph, a pie chart and a scatter chart;
map display unit: displaying the geographic data in a space distribution mode through a map form;
filtering and interaction unit: the user can interact with the chart or map through selecting, dragging, zooming in and zooming out operations;
multidimensional display unit: support multidimensional data presentation and analysis.
Preferably, the management and configuration module includes:
system management unit: providing comprehensive management functions of the system, including user account management, authority management and system resource management;
an application management unit: the application program is managed and configured, and the installation, upgrading, configuration and unloading operations of the application program can be realized so as to meet the demands of organizations or users;
device management unit: managing and configuring network equipment, a server and storage equipment;
configuration management unit: helping an administrator manage and alter various configurations;
remote management unit: remote management functionality is provided to enable an administrator to remotely access and manage a system, application, or device.
Compared with the prior art, the invention has the beneficial effects that:
the invention improves the transmission processing efficiency under the condition of not affecting the overall performance by optimizing the algorithm and using high-performance hardware equipment; the protection of the privacy of the user is enhanced, and the data safety and privacy protection in the transmission supervision process are ensured; the occurrence of false alarm can be reduced by means of advanced data analysis and recognition technology, and the accuracy and reliability of malicious activities are improved; the method provides a simpler and more visual user interface, reduces the complexity of configuration and management, is easier and more convenient to use, and reduces the dependence on professionals.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a system block diagram of a data acquisition module of the present invention;
FIG. 3 is a system block diagram of a data preprocessing module of the present invention;
FIG. 4 is a system block diagram of a data analysis module of the present invention;
FIG. 5 is a system block diagram of a log record analysis module of the present invention;
FIG. 6 is a system block diagram of an access control module of the present invention;
FIG. 7 is a system block diagram of an anomaly detection defense module of the present invention;
FIG. 8 is a system block diagram of a visual display module of the present invention;
FIG. 9 is a system block diagram of a management and configuration module of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-9, the present invention provides a technical solution: an artificial intelligence based computer host information transmission supervision system comprises a main control module: for managing and controlling the operation of the whole system;
and a data acquisition module: collecting information transmission data of a computer host in a network monitoring or host log mode;
and a data preprocessing module: the collected data are cleaned and processed for subsequent analysis and processing;
and a data analysis module: analyzing and threat identification are carried out on the monitored data by using an artificial intelligence algorithm and a model, and the abnormal behavior and risk behavior of the host are identified;
the log record analysis module: recording, analyzing and processing information transmission activities and operation logs of the host, and facilitating subsequent tracing and auditing;
and an access control module: the method is used for carrying out access control on information transmission of a host, limiting and managing ports, protocols and IP addresses, providing an authentication and authorization mechanism and preventing unauthorized access;
abnormality detection defense module: abnormal behavior and attack behavior are detected, a defense mechanism is automatically triggered, and network threats are actively defended in a mode of blocking malicious IP, disconnecting connection and automatically alarming;
visual display module: the monitoring data, analysis results and security decisions of the supervision system are displayed to the user in a visual mode, so that the user can conveniently know the information transmission condition of the host and the protection measures of the system;
compliance management module: ensuring that the aspects of data protection, privacy protection and safety management of the system meet the requirements of laws and regulations and industry standards;
management and configuration module: providing a user interface capable of adding a host, setting monitoring rules, viewing reports and managing user rights, and being used for managing and configuring a system;
the system comprises a data acquisition module, a data preprocessing module, a data analysis module, a log record analysis module, an access control module, an abnormality detection defense module, a visual display module, a compliance management module and a management and configuration module, which are all electrically connected with a main control module.
The data acquisition module comprises:
network monitoring unit: the network connection condition of the host is obtained in real time through monitoring the network flow; inbound and outbound connections of the host may be monitored, including TCP/IP and UDP protocols, etc., as well as data transmissions at the transport layer and the application layer.
Host log acquisition unit: the method comprises the steps that the method is used for obtaining a log file of a host, wherein the log file of the host comprises an operating system log and an application program log; these logs record the operation and events of the host and can be used to analyze and monitor the information transfer behavior of the host.
Port scanning unit: the method comprises the steps of scanning an open port of a host to obtain services and programs running on the host; this helps identify potential security risks and vulnerabilities.
Data filtering and processing unit: the system is used for filtering and processing the acquired data, removing noise data and irrelevant information, and converting the data into a format suitable for subsequent processing and analysis.
The threat intelligence collection unit is further provided with: for collecting threat intelligence and data of hacking actions. Potential security threats can be found and responded to in time by comparison with the threat intelligence database.
And the data acquisition module has real-time performance and expandability: the data acquisition module needs to have the capability of acquiring data in real time and can cope with the data acquisition requirement of a large-scale host. At the same time, support extensions are needed to accommodate hosts of different sizes and types.
The data preprocessing module comprises:
and a data cleaning unit: the method is used for identifying and removing the collected noise data, wherein the noise data comprise invalid records, repeated data, missing data and the like, so that the accuracy of a subsequent analysis result is improved;
a data format conversion unit: the method is used for converting the data with different formats of the log file and the network flow data into a uniform data format, so that subsequent analysis and processing are facilitated;
data normalization unit: the data from different sources have different value ranges and units, and the unit is used for carrying out normalization processing on the data, converting the data into uniform value ranges and units, so that the data have comparability;
feature selection unit: the method is used for automatically selecting important features by utilizing a feature selection algorithm, so that the dimension and complexity of data are reduced; for large-scale data sets, there may be a large number of redundant features that are not of great value for analysis and processing.
And a data sampling unit: for large-scale data sets, to improve the training efficiency of algorithms and models, the method is used for data sampling, such as random sampling, oversampling, undersampling, and the like, to obtain a balanced training data set.
The method further comprises a missing data processing unit: during the data acquisition process, there may be cases where data is missing. The data preprocessing module can process missing data in a mode of filling missing values, deleting missing samples and the like so as to ensure the integrity and the accuracy of the data.
The data analysis module comprises:
a data exploration unit: the method is used for carrying out statistical analysis and visual processing on the acquired data, exploring the distribution and relevance of the data, helping to understand the overall situation of the data more deeply, and finding potential modes and trends in the data;
an abnormality detection unit: the method comprises the steps of establishing an anomaly detection model and detecting anomaly values and anomaly behaviors in data; can help discover potential security threats and abnormal behaviors and take measures in time to cope with.
Threat information analysis unit: the method is used for comparing and analyzing the acquired threat information with the existing threat information library to identify potential threats and attack modes; early warning and potential network attack prevention are facilitated.
Behavior analysis unit: by analyzing the information transmission behavior of the host, an abnormal behavior and a regular pattern are found; for example, detect frequent data transfers, abnormal file transfers, etc. of the host, and discover potential data leakage, etc.
User portrait construction unit: analyzing the data transmission behavior of the user, constructing a user portrait, and modeling and predicting the behavior of the user; helping to identify malicious users and provide personalized security policies.
Prediction and early warning unit: and carrying out trend prediction and abnormal behavior early warning based on historical data and a machine learning algorithm. Can help discover potential security threats in advance and take corresponding security measures.
The log record analysis module comprises:
the log acquisition unit: the system is used for collecting log information from each data source and carrying out unified storage and management; the log is collected in real time by configuring the collector or existing log files are scanned and imported periodically.
Log storage management unit: providing a reliable storage and management mechanism, and ensuring that the collected logs are stored safely and reliably; the logs are stored on a local or remote server and provide the functions of log retrieval, archiving, backup and the like.
Log analysis and association unit: deep mining and analyzing the collected logs by using various data analysis technologies and algorithms, and extracting valuable information; by associating logs of different events, potential threats and abnormal behaviors are identified, helping malicious activity detection and security event response.
Abnormality detection alarm unit: the method is used for detecting abnormal behaviors and potential threats in the log through keyword filtering and rule matching technologies; once an anomaly is found, it can trigger alarms and notifications in time to take security measures in time.
Compliance analysis unit: compliance analysis is carried out on the collected logs, and whether the system accords with related safety strategy and regulation requirements is verified; and generating a compliance report, and assisting a security team in compliance audit and management.
An investigation optimizing unit: the system fault and bottleneck recognition method is used for recognizing system faults and bottlenecks, analyzing error information and performance indexes in logs, positioning and solving problems and improving stability and performance of the system.
The access control module comprises:
an identity verification unit: the identity information of the user is verified, and the identity of the user is ensured to be legal; various authentication means, such as user name and password, biometric technology, hardware tokens, etc., may be used to authenticate the user's identity.
A user authorization unit: after the user identity verification is passed, authorizing the user according to the identity and role information of the user; and determining the resources and functions which can be accessed by the user, and giving corresponding rights. Thus, the user can be ensured to only access the needed resources and functions, and information leakage and abuse are avoided.
An access auditing unit: the system is used for recording and auditing the access condition of the user to the system resources and data; and recording the access time, access behavior, accessed resources and other information of the user. Thus, the enterprise can be helped to carry out security monitoring and auditing, and potential security events can be timely discovered and dealt with.
A multi-layer access control unit: and multi-level access control is supported, different levels of access control are carried out on users and resources at different levels, and sensitive data and important functions are ensured to be accessed by authorized users only.
The method further comprises an access control policy management unit: providing management functions of access control policies. An administrator may define and manage access control policies based on the needs of an organization. These policies may include definitions of user roles and permissions, access restriction rules for resources and functions, and the like. Through flexible policy management, fine access control management can be realized.
Security audit and reporting unit: and generating a security audit and report. These reports may include the user's access history, alarm information for abnormal access, rights change records, and the like. This may help the enterprise conduct security auditing and compliance management.
The abnormality detection defense module includes:
real-time monitoring unit: for monitoring various behaviors and events in the system in real time; the various actions and events include network traffic, system logs, user actions, etc. The method uses various monitoring technologies, such as network traffic analysis, behavior analysis, anomaly detection algorithms and the like, to discover anomalies in time.
An abnormality recognition unit: aiming at different types of abnormal behaviors, analyzing and identifying the monitored behaviors according to predefined rules, models or algorithms; such as network attacks, unauthorized access, abnormal system behavior, etc., are identified.
Threat response unit: when the abnormal behavior is identified, corresponding measures are taken to deal with the threat; these measures may include automatically blocking suspicious traffic, notifying an administrator of further investigation, logging relevant, etc.
Threat information analysis unit: the latest threat information is acquired and analyzed through integration with a threat information library or a third party security service provider; the latest threats and attack techniques can be discovered and dealt with in advance.
Comprehensive defense unit: and the system cooperates with a firewall, an intrusion detection system and an identity authentication system to realize a multi-level comprehensive defense effect.
The visual display module comprises:
chart and graphic presentation unit: the distribution, comparison and variation trend of the numerical value type and the classified data are shown through various chart forms of a histogram, a line graph, a pie chart and a scatter chart; the chart can intuitively show the relation and the relative size between the data, and helps a user to quickly obtain core information.
Map display unit: displaying the geographic data in a space distribution mode through a map form; information such as positions, areas, places and the like can be displayed on the map, so that a user is helped to know the geographic characteristics and the spatial relationship of the data.
Filtering and interaction unit: the user can interact with the chart or map through selecting, dragging, zooming in and zooming out operations; and screening and deeply exploring the data according to actual demands, and providing personalized data presentation and analysis functions.
Multidimensional display unit: support multidimensional data presentation and analysis. The user can slice and drill through different dimensions, thereby showing the relationship between the dimensions on the chart or map, helping the user find deeper patterns and associations hidden in the data.
The compliance management module has the following functions:
tracking and updating of laws and regulations and policies: the compliance management module may track and update regulatory and policy requirements applicable to an organization. The system can automatically acquire the latest regulation and policy information and correlate the latest regulation and policy information with the compliance requirements of the organizations, so as to ensure that the organizations always know and obey the latest regulation and policy.
Compliance assessment and risk management: the compliance management module may perform compliance assessment and risk management. It can help organizations evaluate current compliance conditions, identify potential compliance risks, and provide corresponding control and improvement measures. Through integration with the risk management module, the compliance management module may help an organization establish a compliance risk management and control hierarchy.
Compliance file and record management: the compliance management module may manage and store compliance files and records of an organization. It can help organizations create, approve and distribute compliance files, as well as record compliance activities and events. By centrally managing compliance files and records, an organization may better track and prove its compliance.
Compliance training and consciousness improvement: the compliance management module may provide training and awareness enhancement functions to help employees of the organization understand and adhere to compliance requirements. The method can provide resources such as online training courses, knowledge bases, common problem solutions and the like, so that staff can acquire compliance knowledge and can timely solve the compliance problem.
Compliance reporting and monitoring: the compliance management module may generate compliance reports and monitor and track compliance of the organization. It can help organizations understand the overall condition, trend, and performance of compliance and provide immediate alerts and reminders for compliance issues.
The management and configuration module comprises:
system management unit: providing comprehensive management functions of the system, including user account management, authority management and system resource management; the system configuration and monitoring system can be helped by an administrator, and the normal operation of the system is ensured.
An application management unit: the application program is managed and configured, and the installation, upgrading, configuration and unloading operations of the application program can be realized so as to meet the demands of organizations or users;
device management unit: managing and configuring network equipment, a server and storage equipment; the method helps an administrator to perform operations such as parameter configuration, performance monitoring, fault checking and the like on the equipment, and ensures normal operation and efficient utilization of the equipment.
Configuration management unit: helping an administrator manage and alter various configurations; the functions of centralized management of configuration files, automatic management and change control of configuration items and the like are realized, so that the consistency and stability of configuration are ensured.
Remote management unit: remote management functionality is provided to enable an administrator to remotely access and manage a system, application, or device. The system management system can help an administrator manage and configure the system anytime and anywhere, and the management efficiency and response speed are improved.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. An artificial intelligence based computer host information transmission supervision system, which is characterized in that: the device comprises a main control module: for managing and controlling the operation of the whole system;
and a data acquisition module: collecting information transmission data of a computer host in a network monitoring or host log mode;
and a data preprocessing module: the collected data are cleaned and processed for subsequent analysis and processing;
and a data analysis module: analyzing and threat identification are carried out on the monitored data by using an artificial intelligence algorithm and a model, and the abnormal behavior and risk behavior of the host are identified;
the log record analysis module: recording, analyzing and processing information transmission activities and operation logs of the host, and facilitating subsequent tracing and auditing;
and an access control module: the method is used for carrying out access control on information transmission of a host, limiting and managing ports, protocols and IP addresses, providing an authentication and authorization mechanism and preventing unauthorized access;
abnormality detection defense module: abnormal behavior and attack behavior are detected, a defense mechanism is automatically triggered, and network threats are actively defended in a mode of blocking malicious IP, disconnecting connection and automatically alarming;
visual display module: the monitoring data, analysis results and security decisions of the supervision system are displayed to the user in a visual mode, so that the user can conveniently know the information transmission condition of the host and the protection measures of the system;
compliance management module: ensuring that the aspects of data protection, privacy protection and safety management of the system meet the requirements of laws and regulations and industry standards;
management and configuration module: providing a user interface capable of adding a host, setting monitoring rules, viewing reports and managing user rights, and being used for managing and configuring a system;
the system comprises a data acquisition module, a data preprocessing module, a data analysis module, a log record analysis module, an access control module, an abnormality detection defense module, a visual display module, a compliance management module and a management and configuration module, which are all electrically connected with a main control module.
2. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the data acquisition module comprises:
network monitoring unit: the network connection condition of the host is obtained in real time through monitoring the network flow;
host log acquisition unit: the method comprises the steps that the method is used for obtaining a log file of a host, wherein the log file of the host comprises an operating system log and an application program log;
port scanning unit: the method comprises the steps of scanning an open port of a host to obtain services and programs running on the host;
data filtering and processing unit: for filtering and processing the collected data and converting the data into a format suitable for subsequent processing and analysis.
3. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the data preprocessing module comprises:
and a data cleaning unit: the method is used for identifying and removing the collected noise data and improving the accuracy of the subsequent analysis result;
a data format conversion unit: the method is used for converting the data with different formats of the log file and the network flow data into a uniform data format, so that subsequent analysis and processing are facilitated;
data normalization unit: the data from different sources have different value ranges and units, and the unit is used for carrying out normalization processing on the data, converting the data into uniform value ranges and units, so that the data have comparability;
feature selection unit: the method is used for automatically selecting important features by utilizing a feature selection algorithm, so that the dimension and complexity of data are reduced;
and a data sampling unit: in order to improve the training efficiency of the algorithm and the model, the method is used for sampling data and obtaining a balanced training data set.
4. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the data analysis module comprises:
a data exploration unit: the method is used for carrying out statistical analysis and visual processing on the acquired data, exploring the distribution and relevance of the data, helping to understand the overall situation of the data more deeply, and finding potential modes and trends in the data;
an abnormality detection unit: the method comprises the steps of establishing an anomaly detection model and detecting anomaly values and anomaly behaviors in data;
threat information analysis unit: the method is used for comparing and analyzing the acquired threat information with the existing threat information library to identify potential threats and attack modes;
behavior analysis unit: by analyzing the information transmission behavior of the host, an abnormal behavior and a regular pattern are found;
user portrait construction unit: analyzing the data transmission behavior of the user, constructing a user portrait, and modeling and predicting the behavior of the user;
prediction and early warning unit: and carrying out trend prediction and abnormal behavior early warning based on historical data and a machine learning algorithm.
5. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the log record analysis module comprises:
the log acquisition unit: the system is used for collecting log information from each data source and carrying out unified storage and management;
log storage management unit: providing a reliable storage and management mechanism, and ensuring that the collected logs are stored safely and reliably;
log analysis and association unit: deep mining and analyzing the collected logs by using various data analysis technologies and algorithms, and extracting valuable information;
abnormality detection alarm unit: the method is used for detecting abnormal behaviors and potential threats in the log through keyword filtering and rule matching technologies;
compliance analysis unit: compliance analysis is carried out on the collected logs, and whether the system accords with related safety strategy and regulation requirements is verified;
an investigation optimizing unit: the system fault and bottleneck recognition method is used for recognizing system faults and bottlenecks, analyzing error information and performance indexes in logs, positioning and solving problems and improving stability and performance of the system.
6. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the access control module comprises:
an identity verification unit: the identity information of the user is verified, and the identity of the user is ensured to be legal;
a user authorization unit: after the user identity verification is passed, authorizing the user according to the identity and role information of the user;
an access auditing unit: the system is used for recording and auditing the access condition of the user to the system resources and data;
a multi-layer access control unit: and multi-level access control is supported, different levels of access control are carried out on users and resources at different levels, and sensitive data and important functions are ensured to be accessed by authorized users only.
7. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the abnormality detection defense module includes:
real-time monitoring unit: for monitoring various behaviors and events in the system in real time;
an abnormality recognition unit: analyzing and identifying the monitored behavior according to predefined rules, models or algorithms;
threat response unit: when the abnormal behavior is identified, corresponding measures are taken to deal with the threat;
threat information analysis unit: the latest threat information is acquired and analyzed through integration with a threat information library or a third party security service provider;
comprehensive defense unit: and the system cooperates with a firewall, an intrusion detection system and an identity authentication system to realize a multi-level comprehensive defense effect.
8. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the visual display module comprises:
chart and graphic presentation unit: the distribution, comparison and variation trend of the numerical value type and the classified data are shown through various chart forms of a histogram, a line graph, a pie chart and a scatter chart;
map display unit: displaying the geographic data in a space distribution mode through a map form;
filtering and interaction unit: the user can interact with the chart or map through selecting, dragging, zooming in and zooming out operations;
multidimensional display unit: support multidimensional data presentation and analysis.
9. The artificial intelligence based host computer information transmission monitoring system according to claim 1, wherein: the management and configuration module comprises:
system management unit: providing comprehensive management functions of the system, including user account management, authority management and system resource management;
an application management unit: the application program is managed and configured, and the installation, upgrading, configuration and unloading operations of the application program can be realized so as to meet the demands of organizations or users;
device management unit: managing and configuring network equipment, a server and storage equipment;
configuration management unit: helping an administrator manage and alter various configurations;
remote management unit: remote management functionality is provided to enable an administrator to remotely access and manage a system, application, or device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311741538.3A CN117879887A (en) | 2023-12-18 | 2023-12-18 | Computer host information transmission supervision system based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311741538.3A CN117879887A (en) | 2023-12-18 | 2023-12-18 | Computer host information transmission supervision system based on artificial intelligence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117879887A true CN117879887A (en) | 2024-04-12 |
Family
ID=90578279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311741538.3A Pending CN117879887A (en) | 2023-12-18 | 2023-12-18 | Computer host information transmission supervision system based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117879887A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118158567A (en) * | 2024-05-10 | 2024-06-07 | 烽台科技(北京)有限公司 | Data acquisition and analysis method and device for industrial control equipment and storage medium |
-
2023
- 2023-12-18 CN CN202311741538.3A patent/CN117879887A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118158567A (en) * | 2024-05-10 | 2024-06-07 | 烽台科技(北京)有限公司 | Data acquisition and analysis method and device for industrial control equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
| CN113486351A (en) | Civil aviation air traffic control network safety detection early warning platform | |
| CN111800395A (en) | Threat information defense method and system | |
| CN115996146B (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| CN106209826A (en) | A kind of safety case investigation method of Network Security Device monitoring | |
| US9961047B2 (en) | Network security management | |
| CN113642023A (en) | Data security detection model training method, data security detection device and equipment | |
| CN116614277A (en) | Network security supervision system and method based on machine learning and abnormal behavior analysis | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN114640548A (en) | Network security sensing and early warning method and system based on big data | |
| CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| CN113709170A (en) | Asset safe operation system, method and device | |
| CN118101250A (en) | Network security detection method and system | |
| CN117879887A (en) | Computer host information transmission supervision system based on artificial intelligence | |
| Skendžić et al. | Management and monitoring security events in a business organization-siem system | |
| CN118138293A (en) | Water conservancy key information infrastructure network security situation perception platform | |
| CN118018231A (en) | Security policy management method, device, equipment and storage medium for isolation area | |
| CN116859804A (en) | Safety situation monitoring and early warning system for ship manufacturing workshop | |
| CN117670023A (en) | Customer service center call platform data security risk assessment method based on artificial intelligence | |
| CN117521124A (en) | Security management method for multi-source data joint processing, electronic equipment and storage medium | |
| Hakkoymaz | Classifying database users for intrusion prediction and detection in data security | |
| Rinnan | Benefits of centralized log file correlation | |
| CN114037286A (en) | Big data based automatic sensitive data detection method and system for power dispatching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |