CN111885077A - Data security monitoring system - Google Patents

Data security monitoring system Download PDF

Info

Publication number
CN111885077A
CN111885077A CN202010753758.8A CN202010753758A CN111885077A CN 111885077 A CN111885077 A CN 111885077A CN 202010753758 A CN202010753758 A CN 202010753758A CN 111885077 A CN111885077 A CN 111885077A
Authority
CN
China
Prior art keywords
module
data
monitoring
central control
control module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010753758.8A
Other languages
Chinese (zh)
Inventor
李垚俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010753758.8A priority Critical patent/CN111885077A/en
Publication of CN111885077A publication Critical patent/CN111885077A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Alarm Systems (AREA)

Abstract

The invention discloses a data security monitoring system, and relates to the technical field of network security. It includes: the acquisition module is used for acquiring basic data from the server; the storage module is used for storing the basic data from the acquisition module; the monitoring module is used for establishing a data monitoring rule and judging the potential risk according to the rule; the processing module is used for processing the judgment result of the monitoring module and feeding back the judgment result to the central control module; the encryption module is used for encrypting the basic data from the server; the central control module is used for controlling the acquisition module, the storage module, the monitoring module, the processing module and the encryption module; the central control module is respectively connected with the acquisition module, the storage module, the monitoring module, the processing module and the encryption module. The data of the server is effectively monitored through the monitoring module, effective limitation on the IP address can be realized through the processing module, and a stranger is prevented from illegally breaking into the database of the server to access the database.

Description

Data security monitoring system
Technical Field
The invention relates to the technical field of network security, in particular to a data security monitoring system.
Background
With the large-scale popularization of remote office in various industries, more and more users need to be able to use any terminal computer to access a service server which can only be accessed in an office intranet before at any time and any place. In remotely (via various VPN technologies) accessing service data stored in a service server, a user has two typical requirements: on one hand, users have the requirement of storing data for subsequent use; on the other hand, users also have a demand for preventing data leakage. Therefore, it is urgently needed to design a monitoring system suitable for the field of data security.
For example, application number CN201711047168.8 discloses a data security monitoring method and system facing a cloud platform; in the system, a network monitoring module is used for collecting monitoring data of each layer of the cloud platform system and storing the monitoring data into a knowledge base in a lasting mode; the data analysis module is used for analyzing and storing data input by the network monitoring module and called from the knowledge base; the response strategy module is used for selecting an object to be monitored in the next stage according to the quantitative information of the importance of the monitored object input by the data analysis module, analyzing the abnormal degree and predicting the possibility of system failure; the system execution module is used for executing dynamic adjustment of the monitored object and the monitoring period by using the monitoring agent according to the information input by the response strategy module; the knowledge base module is used for recording the load patterns learned in the operation process and the corresponding characteristic vectors so as to characterize the normal operation state of the system, but the system does not limit the accessible IP addresses and user names.
For example, application number CN201610095765.7 discloses a dynamic authorization system for visitors in office buildings, which comprises an integrated control center module, a database module, and a single-person pass gate; at least one access terminal device for information interaction medium, access information and authorization information of external visitors and the dynamic authorization system of the office building visitors; at least one access mobile terminal used for information interaction medium, access information and authorization information of another external visitor and the dynamic authorization system of the visitor in the office building; at least one interactive interface for office personnel, and a visited mobile terminal for realizing information display and authorized operation of external visitors. The system has the characteristics of intelligence, reliability, convenience in operation and the like, realizes strict monitoring and related data recording of the entrance and exit of the external visitors in the office building by performing real-time dynamic authorization management on the external visitors in the office building, and ensures the normal office work, personal safety and property safety of workers in the office building, but the system does not limit accessible IP addresses and user names.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a data security monitoring system, which effectively monitors the data of a server through a monitoring module, and effectively limits an IP address through a processing module, thereby limiting the access authority of an accessor, preventing a stranger from illegally breaking into a database of the server to access, and ensuring the data security of the database.
In order to solve the above problems, the present invention adopts the following technical solutions.
A monitoring system for data security, comprising:
the acquisition module is used for acquiring basic data from the server;
the storage module is used for storing the basic data from the acquisition module;
the monitoring module is used for establishing a data monitoring rule and judging the potential risk according to the rule;
the processing module is used for processing the judgment result of the monitoring module and feeding back the judgment result to the central control module;
the encryption module is used for encrypting the basic data from the server;
the central control module is used for controlling the acquisition module, the storage module, the monitoring module, the processing module and the encryption module;
the central control module is respectively connected with the acquisition module, the storage module, the monitoring module, the processing module and the encryption module;
wherein the base data comprises security log data, risk event data, error event data, and system log data;
wherein the data monitoring rules include the following: the system is used for monitoring and judging risks with clearly defined rules, defining risks exceeding an event baseline as clear events and establishing a normative event record; for risks which are not clearly defined, evaluating the risks by using an event early warning model, and establishing a standard event record for the risks exceeding a threat baseline according to the clearly-defined event;
wherein the encryption algorithm adopted by the encryption module is an MD5 encryption algorithm.
In the data security monitoring system, the acquisition module is connected with the storage module through a primary gateway, and the acquisition module is connected with the central control module through a wireless communication module and a secondary gateway.
In the data security monitoring system, the storage module is connected with an external USB interface through a data transmission line;
the storage module is connected with the central control module through an RS485 communication line;
the storage module is a storage device with large capacity and a plurality of SATA interfaces;
the storage module is further connected with a data backup center, and the data backup center is connected with a cloud processing center.
In the above-mentioned monitoring system for data security, the monitoring module comprises a receiving unit, a judging unit, an output unit and an authorization unit,
the receiving unit is used for receiving basic data from the storage module;
the judging unit is used for judging whether the basic data accords with a data monitoring rule or not;
the output unit is used for outputting prompt information when judging that the basic data is not in the potential risk list;
and the authorization unit is used for authorizing the prompt information to be fed back to the central control module when receiving the prompt information.
In the above monitoring system for data security, the encryption module comprises an encoding module, an interface module and a decoding module,
the encoding module is used for encoding the basic data from the server;
the interface module is used for sending the basic data after the coding processing to the central control module;
the decoding module is used for decoding the basic data received by the central control module.
In the data safety monitoring system, the central control module is provided with a 485 bus and an RS485 bus control module which are connected,
and the RS485 bus control module is used for being connected with a vehicle-mounted network through a CAN bus.
In the above monitoring system for data security, the central control module adopts a device based on an Intelx86 chipset.
The monitoring system for data security further comprises a power supply module,
the power module comprises an AC-DC conversion voltage-reducing device and a power management chip, the AC-DC conversion voltage-reducing device converts introduced 220V alternating current into 12V direct current and supplies the 12V direct current to other modules in the monitoring system for use, the power management chip is used for controlling the AC-DC conversion voltage-reducing device, and the power management chip is connected with the central control module.
In the above-mentioned monitoring system for data security,
the processing module is provided with a protection module, the protection module is provided with a verification terminal, and the verification terminal is used for verifying whether the IP address of the visitor belongs to the IP access rule range of the server.
In the data security monitoring system, the verification terminal comprises an IP verification terminal, an identity card issuing terminal and an IP address database, the IP verification terminal is used for verifying whether the IP of the server visitor meets the requirements of the IP address database, and the identity card issuing terminal is used for issuing the identity card to the server visitor of the server visitor who passes the IP verification terminal.
What needs to be reminded is that, can also set up at least one spare background server and terminal, wherein:
the terminal is used for detecting behavior data of a file system in the terminal operation process, generating a corresponding log file by using the detected behavior data, and writing the log file into a virtual memory disc;
the background server is used for obtaining the log file in the terminal virtual memory disc, performing data analysis on the log file by using a preset analysis rule, generating corresponding alarm information when the log file is determined to have abnormal behavior data based on a data analysis result, and sending the alarm information to a preset target device for outputting so as to prompt a response user to process the abnormal behavior data.
Advantageous effects
Compared with the prior art, the invention has the beneficial effects that:
when the monitoring system for data safety is used specifically, the data transmitted by the server only needs to be collected by the acquisition module, the data is temporarily stored by the storage module, the monitoring module judges and analyzes the temporary data in the storage module according to rules and feeds the judgment and analysis back to the central control module through the processing module, and the central control module determines whether to start the encryption module according to a feedback result. According to the method and the device, the data of the server are effectively monitored through the monitoring module, the effective limitation on the IP address can be realized through the processing module, the access authority of an accessor is limited, a stranger is prevented from illegally breaking into the database of the server to access, and the data safety of the database is guaranteed.
Compared with the prior art, the monitoring module monitors all operation behavior data of the file system in the server and stores the generated basic data into the storage module, so that occupation of IO operation resources is avoided, and the running speed of the central control module is guaranteed; moreover, since the base data (which includes security log data, risk event data, error event data, and system log data) can reflect the operational behavior of the file system in the server. Meanwhile, the data analysis can be carried out on the basic data by utilizing the preset analysis rule by virtue of the judgment unit of the monitoring module, whether the server generates abnormal behavior data or not can be accurately and comprehensively judged, and a worker handling the abnormal behavior data can be timely informed by utilizing the generated alarm information, so that the abnormal behavior data generated by the server can be timely found and processed, and the adverse effect on the operation safety of the server is avoided.
Drawings
FIG. 1 is a control schematic of the data security monitoring system of the present application;
FIG. 2 is a control schematic of the acquisition module and the central control module of the present application;
FIG. 3 is a control schematic of the memory module and central control module of the present application;
FIG. 4 is a control schematic of the monitoring module of the present application.
Detailed Description
The invention is further described below in connection with specific embodiments of the invention.
As shown in fig. 1, the data security monitoring system of the present application includes an acquisition module, a storage module, a monitoring module, a processing module, an encryption module, and a central control module.
As shown in fig. 2, the collecting module is configured to collect basic data from a server; the data acquisition module includes: the device comprises a channel selection unit, an alternative analog switch unit for dividing an input analog signal into two paths of signals, a first conditioning circuit and a second conditioning circuit, wherein the first conditioning circuit and the second conditioning circuit are connected with the output end of the alternative analog switch unit, and the output ends of the first conditioning circuit and the second conditioning circuit are connected with the input end of an AD unit. The connection relation between the acquisition module and other modules is as follows: the acquisition module is connected with the storage module through a primary gateway, and the acquisition module is connected with the central control module through a wireless communication module and a secondary gateway.
It should be noted that: specifically, the first-level gateway and the second-level gateway are set as follows, if the identification information of the first-level gateway and the identification information of the second-level gateway are acquired, and a parameter of a network device under the first-level gateway has "RouterAP", the network device is a gateway device, that is, the gateway device is a second-level gateway device sharing a user account with the first-level gateway. The first-level gateway adopts a CMP320 Tuner/DTMB receiving gateway, manufactured by Weber video technologies, Inc., and needs to be reminded that: the first-level gateway needs to meet the following conditions, support 8 or 16 Tuner clear stream receiving, support setting completion to take effect immediately without restarting, support additional 4 or 8 DTMB signal receiving, and support multi-program stream (MPTS) or single-program stream (SPTS) IP output. The secondary gateway adopts an UTX-3115 intelligent gateway, is produced and manufactured by a Mohua Kunshan manufacturing center, and needs to be reminded that: support 1 xCOM port, 1 xHDMI, 1 x micro HDMI, 1 x VGA, 1 x USB3.0 and 2 x USB 2.0ports, built-in 1 x Half size Mini PCIe (i.e.: Wi-Fi module) and 1 x Full size Mini PCIe expansion slots for mSATA storage.
The wireless communication module comprises a Z-Wave antenna, a Z-Wave module, a protocol conversion module, a Zigbee module and two or more Zigbee antennas; the protocol conversion module is used for protocol conversion between a Zigbee communication network protocol and a Z-Wave communication network protocol, the Zigbee antenna and the Zigbee module are used for receiving and sending Zigbee wireless signals, and the Z-Wave module and the Z-Wave antenna are used for receiving and sending Z-Wave wireless signals; the two or more Zigbee antennas are connected with the Zigbee modules, the Zigbee modules are connected with the protocol conversion module, the protocol conversion module is connected with the Z-Wave module, and the Zigbee modules are multi-input multi-output wireless Zigbee modules.
As shown in fig. 3, the storage module is used for storing the basic data from the acquisition module. The storage module is set as follows: the storage module is connected with an external USB interface through a data transmission line; the storage module is connected with the central control module through an RS485 communication line; the storage module is a storage device with large capacity and a plurality of SATA interfaces; the storage module is further connected with a data backup center, and the data backup center is connected with a cloud processing center. It should be reminded that the memory module has the following structure, which includes an integrated chip U3, a resistor R2 and a resistor R3; the integrated chip U3 is an electric erasable read-only memory of model AT24C02, and is provided with 8 wiring pins of No. 1-8; the No. 6 wiring pin of the integrated chip U3 and one end of the resistor R2 form a common joint because of being collinear; the No. 8 wiring pin of the integrated chip U3 and one end of the resistor R3 form a common joint because of being collinear; the 2 common contacts together form a signal input/output terminal of the data storage module.
As shown in fig. 4, the monitoring module is configured to establish a data monitoring rule, and determine the potential risk according to the rule. The monitoring module is the key module of this application. Wherein the data monitoring rules include the following: the system is used for monitoring and judging risks with clearly defined rules, defining risks exceeding an event baseline as clear events and establishing a normative event record; and for risks which are not clearly defined, evaluating the risks by using an event early warning model, and establishing a standard event record for the risks exceeding the threat baseline according to the clearly-defined events. The monitoring module comprises a receiving unit, a judging unit, an output unit and an authorization unit, wherein the receiving unit is used for receiving basic data from the storage module; the judging unit is used for judging whether the basic data accords with a data monitoring rule or not; the output unit is used for outputting prompt information when judging that the basic data is not in the potential risk list; and the authorization unit is used for authorizing the prompt information to be fed back to the central control module when receiving the prompt information. When the monitoring module is used specifically, the model of the monitoring module is HPSM12K, the monitoring module is manufactured by Shenzhen Haitailin science and technology Limited company, an RS485CAN interface needs to be equipped, the four-remote function is realized through the CAN/RS485 interface, and unattended operation is realized.
And the processing module is used for processing the judgment result of the monitoring module and feeding back the judgment result to the central control module. The processing module is a switching chip based on PEX8648 design. The processing module is provided with a protection module, the protection module is provided with a verification terminal, and the verification terminal is used for verifying whether the IP address of the visitor belongs to the IP access rule range of the server. The verification terminal comprises an IP verification end, an identity card issuing end and an IP address database, wherein the IP verification end is used for verifying whether the IP of the server visitor meets the requirement of the IP address database, and the identity card issuing end is used for issuing the identity card to the server visitor of the IP verification end passer.
The encryption module is used for encrypting the basic data from the server; wherein the encryption algorithm adopted by the encryption module is an MD5 encryption algorithm. The encryption module comprises an encoding module, an interface module and a decoding module, wherein the encoding module is used for encoding basic data from the server; the interface module is used for sending the basic data after the coding processing to the central control module; the decoding module is used for decoding the basic data received by the central control module. Furthermore, the MD5 encryption algorithm involved may take the form: wherein the preset first formula group is:
psxi=(pxi+sxi)mod 1
psyi=(pyi+syi)mod 1
pszi=(pzi+szi)mod 1
pswi=(pwi+swi)mod 1
in the formula, sx, sy, sz, sw are second chaotic sequences, px, py, pz, pw are third chaotic sequences, i is 1, 2, …, mxn is the total number of pixels of a single gray image, M is the number of rows, and N is the number of columns;
the preset second formula group is:
x0i=((((psxi+psyi+3)×(pszi+pswi+3))×80)mod 80)-40
y0i=((((psxi+psyi+3)×(pszi-pswi+3))×80)mod 80)-40
z0i=(((psxi-psyi+3)×(pszi+pswi+3))mod 80)+1
w0i=((((psxi+psyi+3)×(pszi+pswi+3))×500)mod 500)-250
in the formula, psx, psy, psz, and psw are the third chaotic sequence after the first modulo operation, i is 1, 2, …, and M × N.
Preferably, the performing a rounding-down operation on the fourth chaotic sequence to obtain an encrypted password specifically includes:
performing rounding-down operation on the fourth chaotic sequence through a preset third formula group to obtain a first encrypted password, a second encrypted password, a third encrypted password, a fourth encrypted password, a fifth encrypted password and a sixth encrypted password;
wherein the preset third formula group is:
X(i,j)=(floor(((x(i-1)×N+j+500)mod 1)×1013)mod M)+1
Y(i,j)=(floor(((y(i-1)×N+j+500)mod 1)×1013)mod N)+1
Z(i,j)=(floor(((z(i-1)×N+j+500)mod 1)×1013)mod M)+1
W(i,j)=(floor(((w(i-1)×N+j+500)mod 1)×1013)mod N)+1
U(i,j)=(floor(((x(i-1)×N+j+y(i-1)×N+j+500)mod 1)×1013)mod M)+1
V(i,j)=(floor(((z(i-1)×N+j+w(i-1)×N+j+500)mod 1)×1013)mod N)+1
where xi, yi, zi, and wi are the fourth chaotic sequence, i is 1, 2, …, mxn is the number of dots of a single basic data, M is the number of rows, and N is the number of columns.
And the central control module is used for controlling the acquisition module, the storage module, the monitoring module, the processing module and the encryption module. The central control module is provided with a 485 bus and an RS485 bus control module which are connected, and the RS485 bus control module is used for being connected with a vehicle-mounted network through a CAN bus. The central control module employs devices based on the Intelx86 chipset.
The central control module is respectively connected with the acquisition module, the storage module, the monitoring module, the processing module and the encryption module.
Further, the basic data described above substantially includes security log data, risk event data, error event data, and system log data;
also comprises a power supply module which is connected with the power supply module,
the power module comprises an AC-DC conversion voltage-reducing device and a power management chip, the AC-DC conversion voltage-reducing device converts introduced 220V alternating current into 12V direct current and supplies the 12V direct current to other modules in the monitoring system for use, the power management chip is used for controlling the AC-DC conversion voltage-reducing device, and the power management chip is connected with the central control module.
When the monitoring system for data safety is used specifically, the data transmitted by the server only needs to be collected by the acquisition module, the data is temporarily stored by the storage module, the monitoring module judges and analyzes the temporary data in the storage module according to rules and feeds the judgment and analysis back to the central control module through the processing module, and the central control module determines whether to start the encryption module according to a feedback result. According to the method and the device, the data of the server are effectively monitored through the monitoring module, the effective limitation on the IP address can be realized through the processing module, the access authority of an accessor is limited, a stranger is prevented from illegally breaking into the database of the server to access, and the data safety of the database is guaranteed.
In addition, the combination of Cloud Storage also brings a new framework for the application, and Cloud Storage (Cloud Storage) is a system which enables various types of computer Storage equipment accessed to a network to transmit various information to the outside and provides services such as service access, information sharing and the like through an integrated cooperation software technology, a computer network technology is used as a basis, and a distributed Storage technology and a mass data Storage technology are used as cores. The cloud storage is an open network access platform, and its hardware and software devices are numerous, such as servers, clients, network devices, application programs, login interfaces, and so on. Each core hardware device is based on applications and software that provide data storage and data exchange access to users. The cloud storage comprises the following four-level structural system:
(1) a storage layer. The cloud storage system consists of storage equipment, a server and network equipment and is a part of a lower layer foundation in the cloud storage.
(2) And a basic management layer. The layer is a core part of cloud storage, can realize the most important function, not only ensures the functional use of the system and the stable requirement of the system performance, but also can realize the work of encryption, backup and the like of information data.
(3) And an application interface layer. As an important level of application software development, the functions of development, update and upgrade of the application software of the system are provided.
(4) And accessing the layer. The layer is an application program port for client access and information exchange, and the purpose of sharing cloud storage data is achieved.
For most users of cloud storage services, in an open internet and a commercial competitive environment with intense market economy, it is a very important prerequisite that whether a provider providing the cloud storage services can guarantee important information and sensitive data of the users is selected, and the data transmission work is not carried out only on the data. The application scene of the method is that the server side has no credibility, the security of the stored data can be ensured, and the cloud storage can be more widely applied.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
While the invention has been described in further detail in connection with specific embodiments thereof, it will be understood that the invention is not limited thereto, and that various other modifications and substitutions may be made by those skilled in the art without departing from the spirit of the invention, which should be considered to be within the scope of the invention as defined by the appended claims.

Claims (10)

1. A system for monitoring data security, comprising:
the acquisition module is used for acquiring basic data from the server;
the storage module is used for storing the basic data from the acquisition module;
the monitoring module is used for establishing a data monitoring rule and judging the potential risk according to the rule;
the processing module is used for processing the judgment result of the monitoring module and feeding back the judgment result to the central control module;
the encryption module is used for encrypting the basic data from the server;
the central control module is used for controlling the acquisition module, the storage module, the monitoring module, the processing module and the encryption module;
the central control module is respectively connected with the acquisition module, the storage module, the monitoring module, the processing module and the encryption module;
wherein the base data comprises security log data, risk event data, error event data, and system log data;
wherein the data monitoring rules include the following: the system is used for monitoring and judging risks with clearly defined rules, defining risks exceeding an event baseline as clear events and establishing a normative event record; for risks which are not clearly defined, evaluating the risks by using an event early warning model, and establishing a standard event record for the risks exceeding a threat baseline according to the clearly-defined event;
wherein the encryption algorithm adopted by the encryption module is an MD5 encryption algorithm.
2. The system for monitoring data security of claim 1,
the acquisition module is connected with the storage module through a primary gateway, and the acquisition module is connected with the central control module through a wireless communication module and a secondary gateway.
3. The system for monitoring data security of claim 1,
the storage module is connected with an external USB interface through a data transmission line;
the storage module is connected with the central control module through an RS485 communication line;
the storage module is a storage device with large capacity and a plurality of SATA interfaces;
the storage module is further connected with a data backup center, and the data backup center is connected with a cloud processing center.
4. The system for monitoring data security of claim 1,
the monitoring module comprises a receiving unit, a judging unit, an output unit and an authorization unit,
the receiving unit is used for receiving basic data from the storage module;
the judging unit is used for judging whether the basic data accords with a data monitoring rule or not;
the output unit is used for outputting prompt information when judging that the basic data is not in the potential risk list;
and the authorization unit is used for authorizing the prompt information to be fed back to the central control module when receiving the prompt information.
5. The system for monitoring data security of claim 1,
the encryption module comprises an encoding module, an interface module and a decoding module,
the encoding module is used for encoding the basic data from the server;
the interface module is used for sending the basic data after the coding processing to the central control module;
the decoding module is used for decoding the basic data received by the central control module.
6. A system for monitoring data security according to claim 3,
the central control module is provided with a 485 bus and an RS485 bus control module which are connected,
and the RS485 bus control module is used for being connected with a vehicle-mounted network through a CAN bus.
7. The system for monitoring data security of claim 1,
the central control module employs devices based on the Intelx86 chipset.
8. The system for monitoring data security of claim 1,
also comprises a power supply module which is connected with the power supply module,
the power module comprises an AC-DC conversion voltage-reducing device and a power management chip, the AC-DC conversion voltage-reducing device converts introduced 220V alternating current into 12V direct current and supplies the 12V direct current to other modules in the monitoring system for use, the power management chip is used for controlling the AC-DC conversion voltage-reducing device, and the power management chip is connected with the central control module.
9. The system for monitoring data security of claim 1,
the processing module is provided with a protection module, the protection module is provided with a verification terminal, and the verification terminal is used for verifying whether the IP address of the visitor belongs to the IP access rule range of the server.
10. The system for monitoring data security of claim 9,
the verification terminal comprises an IP verification end, an identity card issuing end and an IP address database, wherein the IP verification end is used for verifying whether the IP of the server visitor meets the requirement of the IP address database, and the identity card issuing end is used for issuing the identity card to the server visitor of the IP verification end passer.
CN202010753758.8A 2020-07-31 2020-07-31 Data security monitoring system Pending CN111885077A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010753758.8A CN111885077A (en) 2020-07-31 2020-07-31 Data security monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010753758.8A CN111885077A (en) 2020-07-31 2020-07-31 Data security monitoring system

Publications (1)

Publication Number Publication Date
CN111885077A true CN111885077A (en) 2020-11-03

Family

ID=73204648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010753758.8A Pending CN111885077A (en) 2020-07-31 2020-07-31 Data security monitoring system

Country Status (1)

Country Link
CN (1) CN111885077A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242460A (en) * 2022-06-30 2022-10-25 中国人民解放军63891部队 Cloud platform security architecture and implementation method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108268354A (en) * 2016-12-30 2018-07-10 腾讯科技(深圳)有限公司 Data safety monitoring method, background server, terminal and system
US20180219879A1 (en) * 2017-01-27 2018-08-02 Splunk, Inc. Security monitoring of network connections using metrics data
CN109005161A (en) * 2018-07-18 2018-12-14 安徽云图信息技术有限公司 A kind of data safety monitoring system and its access monitoring method
CN109104414A (en) * 2018-07-18 2018-12-28 安徽云图信息技术有限公司 A kind of data safety monitoring system
CN109508543A (en) * 2018-10-31 2019-03-22 武汉光谷联众大数据技术有限责任公司 A kind of monitoring of data safety and processing unit

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108268354A (en) * 2016-12-30 2018-07-10 腾讯科技(深圳)有限公司 Data safety monitoring method, background server, terminal and system
US20180219879A1 (en) * 2017-01-27 2018-08-02 Splunk, Inc. Security monitoring of network connections using metrics data
CN109005161A (en) * 2018-07-18 2018-12-14 安徽云图信息技术有限公司 A kind of data safety monitoring system and its access monitoring method
CN109104414A (en) * 2018-07-18 2018-12-28 安徽云图信息技术有限公司 A kind of data safety monitoring system
CN109508543A (en) * 2018-10-31 2019-03-22 武汉光谷联众大数据技术有限责任公司 A kind of monitoring of data safety and processing unit

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242460A (en) * 2022-06-30 2022-10-25 中国人民解放军63891部队 Cloud platform security architecture and implementation method thereof
CN115242460B (en) * 2022-06-30 2023-08-25 中国人民解放军63891部队 Cloud platform security architecture system and implementation method thereof

Similar Documents

Publication Publication Date Title
CN101764819B (en) For detecting the method and system of man-in-the-browser attacks
CN110995781B (en) Praise information processing method, device and system
KR100828850B1 (en) Building management system for monitoring site events at buildings
US20100306374A1 (en) Centralized network control
US20070088816A1 (en) System and method for monitoring the status of a bus in a server environment
CN104025516A (en) Systems and methods of remote communication
JP2008077325A (en) Storage device and method for setting storage device
CN102571773A (en) Information security comprehensive audit system and method
CN108966216B (en) Mobile communication method and system applied to power distribution network
CN112615858B (en) Internet of things equipment monitoring method, device and system
TWI296477B (en) Single logon method on a server system and a server system with single logon functionality
CN102291239B (en) Remote authentication method, system, agent component and authentication servers
CN112395172A (en) Visual display method based on application software automation monitoring data
CN112463661A (en) USB device management system and management method
KR102356474B1 (en) Systems that support smart work
CN111400720A (en) Terminal information processing method, system and device and readable storage medium
CN111885077A (en) Data security monitoring system
CN114244568A (en) Security access control method, device and equipment based on terminal access behavior
CN110855660B (en) Power industry network management system based on virtual link
US20170111712A1 (en) Selective delivery state change of valve of remote metering device
CN101931544A (en) Method and system for identifying unauthorized amendment of website content
CN109067836B (en) Power distribution information remote interactive communication system
KR20090001812A (en) System and method for environmental managing as to the multiple monitoring areas
CN1854965B (en) Single accessing method of server system
JP2006202143A (en) Terminal information collection system, terminal information collecting method, central apparatus, and computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20201103

WD01 Invention patent application deemed withdrawn after publication