CN115659351B - Information security analysis method, system and equipment based on big data office - Google Patents

Information security analysis method, system and equipment based on big data office Download PDF

Info

Publication number
CN115659351B
CN115659351B CN202211304919.0A CN202211304919A CN115659351B CN 115659351 B CN115659351 B CN 115659351B CN 202211304919 A CN202211304919 A CN 202211304919A CN 115659351 B CN115659351 B CN 115659351B
Authority
CN
China
Prior art keywords
office
data
software
index
big data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211304919.0A
Other languages
Chinese (zh)
Other versions
CN115659351A (en
Inventor
周江锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Dingshan Information Technology Co ltd
Original Assignee
Nanjing Dingshan Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Dingshan Information Technology Co ltd filed Critical Nanjing Dingshan Information Technology Co ltd
Priority to CN202211304919.0A priority Critical patent/CN115659351B/en
Publication of CN115659351A publication Critical patent/CN115659351A/en
Application granted granted Critical
Publication of CN115659351B publication Critical patent/CN115659351B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to an information security technology, and discloses an information security analysis method based on big data office, which comprises the following steps: acquiring office information of big data office, and extracting office software features, office environment features and office data features of the office information; constructing a software vulnerability scoring model, and inputting office software features into the software vulnerability scoring model to obtain a software vulnerability index of big data office; detecting an environment risk index of big data office according to the office environment characteristics; generating log audit of big data office according to the office data characteristics, and determining the data storage security index of the big data office by using the security level of the log audit; and calculating the information security risk value of big data office according to the software vulnerability index, the environment risk index and the data storage security index. The invention further provides an information security analysis system based on big data office and electronic equipment. The invention can improve the information security of big data office.

Description

Information security analysis method, system and equipment based on big data office
Technical Field
The invention relates to the technical field of information security, in particular to an information security analysis method, an information security analysis system and electronic equipment based on big data office.
Background
With the increasing maturity of internet information technology, mass data application based on big data and cloud computing is increasingly appeared in various industries, and as normal working time can be delayed very much, home office becomes a new choice for people to work, cloud office software is further popularized, but meanwhile, the problem of information security is accompanied, and therefore, the problem of information security needs to be paid attention to.
The existing information security analysis technology for big data office is mostly based on office session and office purpose of big data office to analyze information security. In practical application, the external environment may threaten big data office when working based on big data, and work cannot be performed. Considering only office session content, the way in which information security analysis may be caused is too onesided, and thus security for conducting big data office is low.
Disclosure of Invention
The invention provides an information security analysis method, system and computer readable storage medium based on big data office, which mainly aim to solve the problem of lower information security when big data office is performed.
In order to achieve the above object, the present invention provides an information security analysis method based on big data office, comprising:
acquiring preset office information of big data office, and extracting office software features, office environment features and office data features of the office information;
constructing a software vulnerability scoring model according to preset training data, inputting the office software features into the software vulnerability scoring model to obtain a software vulnerability index of the big data office, wherein the inputting the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office comprises the following steps:
s11, extracting feature data quantity of the office software features by using the following feature quantity calculation formula:
wherein P (k) is the kth feature data amount of the office software feature, k 1 Feature quantity, k, of the software type which is characteristic of the office software 2 The characteristic quantity of the software attribute of the office software characteristic is dk which is a differential function, ω is the weight of the office software characteristic, S is the weight of the software type in the office software characteristic, and f is the weight of the software attribute in the office software characteristic;
S12, collecting the characteristic data quantity as a characteristic data set;
detecting the environmental risk index of the big data office according to the office environment characteristics by using a preset intrusion detection algorithm;
inputting the characteristic data set into the software vulnerability scoring model to obtain the software vulnerability index of the big data office;
generating log audit of the big data office according to the office data characteristics, and determining a data storage security index of the big data office by using the security level of the log audit;
and calculating the information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilation weight algorithm.
Optionally, the constructing a software vulnerability scoring model according to preset training data includes:
extracting a characteristic data set of the training data, arbitrarily selecting one characteristic information in the characteristic data set as a root node, and splitting a left node and a right node on the root node;
distributing the characteristic data set to the left node and the right node to obtain a basic decision tree;
adding a decision tree to the basic decision tree to obtain a standard decision tree;
And inputting the training data into the standard decision tree for training to obtain the software vulnerability scoring model.
Optionally, the detecting the environmental risk index of the big data office according to the office environment feature by using a preset intrusion detection algorithm includes:
extracting a communication flow data packet in the office environment characteristics;
classifying the communication flow data packet by utilizing the intrusion detection algorithm to obtain a classified data packet;
calculating the data record accuracy in the classified data packet by using the following accuracy formula:
wherein A is the classification accuracy and W T Recording, for the correctly classified attacks in the classified data packets, W P K for correctly classifying normal records in the classified data packet T Recording K for the misclassified attacks in the classified data packet P A correct record of the misclassification in the classified data packet;
calculating the data record accuracy in the classified data packet by using the following false alarm rate formula:
wherein B is the classification false alarm rate, K T Recording, W, an attack for misclassification in said classified data packet P Normal records of correct classification in the classified data packet;
and determining the environmental risk index according to the data recording accuracy rate and the data recording accuracy rate.
Optionally, the classifying the communication traffic data packet by using the intrusion detection algorithm to obtain a classified data packet includes:
setting a data category weighting coefficient for the communication flow data packet;
calculating the classified data packet according to the class weighting coefficient by utilizing a decision function in the intrusion detection algorithm:
wherein f (t) represents the t-th classified data packet, n represents the number of support vectors of the communication traffic data packet, σ i Class weighting coefficient representing the ith support vector in said traffic packet, y i Represents the class, k (t.t i ) Is a kernel function.
Optionally, the generating the log audit of the big data office according to the office data feature includes:
extracting behavior data and storage data in the office data characteristics;
determining a behavior log of the big data office according to the behavior data;
determining a storage log of the big data office according to the storage data;
and collecting the behavior log and the storage log as log audit.
Optionally, the determining the data storage security index of the big data office by using the security level of the log audit includes:
Determining the system state of the big data office according to the security level of the log audit;
determining the state weight of the system state by using a preset analytic hierarchy process;
and calculating the data storage safety index according to the state weight.
Optionally, the calculating the information security risk of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilarisation weight algorithm includes:
calculating the information security risk value of the big data office by using the following dissimilation weight algorithm:
wherein F is the information security risk value, M i To influence the factors, M 1 For the software vulnerability index, M 2 For the environmental risk index, M 3 Storing a security index for the data, n being the number of influencing factors, t k Is the weight of the kth influencing factor.
In order to solve the problems, the invention also provides an information security analysis system based on big data office, which comprises an office information acquisition module, a software vulnerability index determination module, an environment risk index determination module, a data storage security index determination module and an information security risk value calculation module, wherein:
The office information acquisition module is used for acquiring preset office information of big data office and extracting office software features, office environment features and office data features of the office information;
the software vulnerability index determining module is used for constructing a software vulnerability scoring model according to preset training data, inputting the office software features into the software vulnerability scoring model and obtaining the software vulnerability index of big data office;
the environment risk index determining module is used for detecting the environment risk index of the big data office according to the office environment characteristics by using a preset intrusion detection algorithm;
the data storage security index determining module is used for generating log audit of the big data office according to the office data characteristics and determining the data storage security index of the big data office by using the security level of the log audit;
the information security risk value calculation module is used for calculating the information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilation weight algorithm.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
At least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the big data office based information security analysis method described above.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the above-mentioned big data office-based information security analysis method.
According to the embodiment of the invention, the software vulnerability index is determined according to the office software characteristics by extracting the office software characteristics, the office environment characteristics and the office data characteristics, so that the vulnerability can be repaired according to the software vulnerability index, and the system is in a safe environment; determining an environment risk index of office according to the office environment characteristics, further judging whether the office network environment has threat or not, and timely discovering and processing potential danger; generating office log audit according to the office data characteristics, determining the storage security index of the office data according to the security level of the log audit, and further judging the security of data storage; according to the software vulnerability index, the environment danger index and the data storage safety index, the information safety risk value in the big data office is calculated, the information safety risk can be found in time, further, treatment measures are taken on the risk, and the safety in the big data office is improved. Therefore, the information security analysis method, the system and the electronic equipment based on big data office can solve the problem of low information security when big data office is carried out.
Drawings
Fig. 1 is a flow chart of an information security analysis method based on big data office according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a software vulnerability score model according to an embodiment of the present application;
FIG. 3 is a flow chart of classifying communication traffic packets according to an embodiment of the present application;
FIG. 4 is a functional block diagram of an information security analysis system based on big data office according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device for implementing the information security analysis method based on big data office according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides an information security analysis method based on big data office. The execution subject of the information security analysis method based on big data office includes, but is not limited to, at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the information security analysis method based on big data office may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (ContentDelivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of an information security analysis method based on big data office according to an embodiment of the invention is shown. In this embodiment, the information security analysis method based on big data office includes:
s1, acquiring preset office information of big data office, and extracting office software features, office environment features and office data features of the office information;
in one practical application scene, after the internet storage technology is continuously developed, the large data is based on the new form of light, centralized and cloud storage of mass information under a everything interconnection mechanism, and the method has the advantages of being large in data quantity, fast in speed, diversified in data type, strong in application in the aspects of large data and office, and capable of being in danger of data information safety, so that the safety of the data information needs to be monitored in real time, and great loss is caused.
In the embodiment of the invention, the office information comprises office software, office network environment, office business type, office behavior and office data sensitivity.
In detail, the preset office information of big data office can be obtained through sentences with data grabbing functions (such as JAVA sentences and Python sentences).
In the embodiment of the invention, the office software features refer to software attributes and software types used in an office, the office environment features refer to network environments in the office process and data transmission paths in the office environment, the office data features refer to office behavior data and office storage data, the office behavior data refer to behaviors operated by users, and the office storage data refer to data generated in the office process and are stored.
In detail, the office software features may be acquired through questionnaires, the office environment features may be acquired through monitoring a network environment, and the office data features may be acquired using logs.
Further, according to the office software features, the environment features and the office data features, information security in the big data office process can be further judged, so that the situation that the information is prevented.
S2, a software vulnerability scoring model is built according to preset training data, and the office software features are input into the software vulnerability scoring model to obtain a software vulnerability index of big data office;
in the embodiment of the invention, the software vulnerability scoring model is used for evaluating the safety coefficient of the software, and the lower the score is, the safer the software is; the higher the score, the more vulnerabilities the software is, the more dangerous the software is.
In the embodiment of the present invention, referring to fig. 2, the constructing a software vulnerability scoring model according to preset training data includes:
s21, extracting a characteristic data set of the training data, arbitrarily selecting one characteristic information in the characteristic data set as a root node, and splitting a left node and a right node on the root node;
s22, distributing the characteristic data set to the left node and the right node to obtain a basic decision tree;
s23, adding a decision tree to the basic decision tree to obtain a standard decision tree;
s24, inputting the training data into the standard decision tree for training to obtain the software vulnerability scoring model.
In detail, the software vulnerability scoring model is a random forest model, wherein the random forest model refers to a classifier which is used for training and predicting samples by utilizing a plurality of trees, and has higher prediction capability. The feature data set refers to feature data related to office software features, such as office software type information, office software attribute information, and the like.
In the embodiment of the invention, the software loophole is a defect that under the influence of factors such as network attack or the like or the software design itself, the software is easy to generate a security loophole, and the defect that causes the security problem of the software system is called the software loophole. The software vulnerability index is used for scoring the software vulnerabilities, the scoring index is high, the software vulnerabilities of the software are represented to be more, and the software is dangerous to use; the scoring index is low, so that software loopholes of the software are fewer, and the software is safer to use.
In the embodiment of the present invention, the inputting the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office includes:
extracting the characteristic data quantity of the office software characteristic by using the following characteristic quantity calculation formula:
wherein P (k) is the kth feature data amount of the office software feature, k 1 Feature quantity, k, of the software type which is characteristic of the office software 2 The characteristic quantity of the software attribute of the office software characteristic is dk which is a differential function, ω is the weight of the office software characteristic, S is the weight of the software type in the office software characteristic, and f is the weight of the software attribute in the office software characteristic;
collecting the characteristic data quantity as a characteristic data set;
and inputting the characteristic data set into the software vulnerability scoring model to obtain the software vulnerability index of the big data office.
In detail, the feature data amount refers to a feature sum of office software, that is, a feature amount of the office software feature. The feature quantity of the software type refers to which domain the used software is in, such as video clip domain, document editing domain, session domain, and the like. The feature quantity of the software attribute comprises a software function attribute and a software quality attribute, wherein the software function attribute refers to the function of the software, and the software quality attribute refers to the availability, repairability, performance and safety of the software.
Specifically, ω in the feature quantity calculation formula may be used to determine the weight of the office software feature, and further determine the importance of the user for performing the data operation using the software, where a higher weight of the office software feature indicates that the user is more important for the data operation of the software, and a lower weight of the office software feature indicates that the user is less important for the data operation of the software. And further, the accuracy and the importance of calculating the characteristic data quantity of the office software characteristic can be improved.
Further, the characteristic data quantity is collected to be a characteristic data set, and the characteristic data set is input into the software vulnerability scoring model to obtain the software vulnerability index of the big data office. When the software vulnerability index is high, the software vulnerability index indicates that the software is more, and the software is dangerous to use; when the software vulnerability index is low, the software vulnerability index indicates that the software is less, and the software is safer to use.
For example, when the feature data amount calculated by the feature amount calculation formula is 15k-3,8k-2, the first feature data amount is 8 when k is 1, and the second feature data amount is 14 when k is 2, that is, the feature data amount of the software type in the office software feature is 8, the feature data amount of the software attribute is 14, and the feature data sets of the feature data amount and the software attribute of the collected software type are {8, 14}, the feature data sets are input into the software vulnerability score model, so as to obtain the software vulnerability index of the large data office.
S3, detecting the environmental risk index of the big data office according to the office environment characteristics by using a preset intrusion detection algorithm;
in the embodiment of the invention, the intrusion detection algorithm is an algorithm for monitoring and analyzing network communication, and the abnormal behavior is identified through active response, so as to generate an alarm and make corresponding response, such as recording evidence for tracking and recovering, disconnecting network connection and the like, so as to judge whether an illegal user intrudes or not, thereby fundamentally preventing a series of losses and damages caused by intrusion and damage to the network.
In the embodiment of the present invention, the detecting the environmental risk index of the big data office according to the office environment feature by using a preset intrusion detection algorithm includes:
extracting a communication flow data packet in the office environment characteristics;
classifying the communication flow data packet by utilizing the intrusion detection algorithm to obtain a classified data packet;
calculating the data record accuracy in the classified data packet by using the following accuracy formula:
wherein A is the classification accuracy and W T Recording, for the correctly classified attacks in the classified data packets, W P K for correctly classifying normal records in the classified data packet T Recording K for the misclassified attacks in the classified data packet P A correct record of the misclassification in the classified data packet;
calculating the data record accuracy in the classified data packet by using the following false alarm rate formula:
wherein B is the classification false alarm rate, K T Recording, W, an attack for misclassification in said classified data packet P Normal records of correct classification in the classified data packet;
and determining the environmental risk index according to the data recording accuracy rate and the data recording accuracy rate.
In detail, the communication traffic data packet refers to a data packet generated in an office environment, that is, a network environment, where data in the communication traffic data packet may include normal data and abnormal data, and the normal data and the abnormal data are classified by using an intrusion detection algorithm to obtain a classification packet of the normal data and a classification packet of the abnormal data.
Specifically, the data packets of normal data are correctly classified in the classified data packets, the data packets of abnormal data are incorrectly classified in the classified data packets, the classification accuracy and the classification false alarm rate of the classified data packets are calculated according to an accuracy formula and a false alarm rate formula, and whether the office environment has abnormal conditions or not is determined according to the attack record and the normal record in the normal data packets and the attack record and the normal record in the abnormal data packets.
Further, the data recording accuracy rate and the data recording accuracy rate are added to obtain an addition result. And determining the environmental risk index according to the addition result. The higher the data recording accuracy is, the lower the data recording false alarm rate is, which means that the lower the environmental risk index is; the lower the data recording accuracy rate is, the higher the data recording false alarm rate is, the higher the environmental risk index is, for example, the data recording accuracy rate is 80%, the data recording false alarm rate is 20%, and the environmental risk index is middle; the data recording accuracy is 50%, and the data recording false alarm rate is 80%, so that the environmental risk index is higher.
In the embodiment of the present invention, referring to fig. 3, the classifying the communication traffic data packet by using the intrusion detection algorithm to obtain a classified data packet includes:
s31, setting a data category weighting coefficient for the communication flow data packet;
s32, calculating the classified data packet according to the class weighting coefficient by utilizing a decision function in the intrusion detection algorithm:
wherein f (t) represents the t thClassifying data packets, n representing the number of support vectors, sigma, of said traffic data packets i Class weighting coefficient representing the ith support vector in said traffic packet, y i Represents the class, k (t.t i ) Is a kernel function.
In detail, the intrusion detection algorithm is a classification process of communication behaviors in an office environment, and is a pattern recognition of communication traffic data packets according to the detection algorithm so as to effectively detect abnormal attack operation. The related intrusion detection algorithms include decision tree classification algorithm, naive Bayesian classification method, artificial neural network, support vector machine and the like. The decision function in the intrusion detection algorithm is based on a support vector machine, divides the communication traffic data packet into single vectors, divides the vectors with the same property together, namely, divides the normal data together, and divides the abnormal data together.
Specifically, the class weighting coefficients in the decision function in the intrusion detection algorithm can remove redundant intrusion detection data information, and reduce complexity and detection time of the intrusion detection algorithm. The kernel function is used for mapping the input space to the high-dimensional characteristic space through nonlinear transformation by a support vector machine, and the kernel function can be used for directly obtaining the inner product of the nonlinear transformation, so that the calculation is greatly simplified, and the intrusion detection capability under the office environment is enhanced. Y in the decision function i E { -1, +1}, i.e. y i =1, representing normal data in the traffic packet, y i = -1, indicating abnormal data in the communication traffic packet.
Further, it is necessary to detect not only an environmental risk index of an office environment but also data generated in an office process, whether the data is safe in a storage area, and thus, the storage safety of the data is analyzed.
S4, generating log audit of the big data office according to the office data characteristics, and determining a data storage security index of the big data office by using the security level of the log audit;
in the embodiment of the invention, the log audit is used for helping a user to monitor and guarantee the operation of an information system better, timely identifying the information such as intrusion attack and internal violations aiming at the information system, and providing necessary information for post analysis, investigation and evidence collection of a security event. The contents of the log audit record include illegal operations on some important data or confidential documents.
In the embodiment of the present invention, the generating the log audit of the big data office according to the office data feature includes:
extracting behavior data and storage data in the office data characteristics;
Determining a behavior log of the big data office according to the behavior data;
determining a storage log of the big data office according to the storage data;
and collecting the behavior log and the storage log as log audit.
In detail, the office data feature includes behavior data, which is a series of operations performed by the user in the office environment, and storage data, which is data stored in the storage area, which is generated by the user in the office environment.
Specifically, the behavior log is a log of a series of operations of recording behavior data, and the storage log is a storage operation of recording some important data or confidential files.
Further, according to the log audit, whether the data are subjected to illegal operation or not can be checked, and if the data are subjected to illegal operation in the log audit, the abnormal attack on the data storage is indicated, namely the data storage is very dangerous.
In the embodiment of the present invention, the determining the data storage security index of the big data office by using the security level of the log audit includes:
determining the system state of the big data office according to the security level of the log audit;
Determining the state weight of the system state by using a preset analytic hierarchy process;
and calculating the data storage safety index according to the state weight.
In detail, when the security level of the log audit is 0 level, the log level is urgent, and the system state is that the system is unavailable; when the security level of the log audit is 3, the log level is an error, and the system state is error information; when the security level of the log audit is 5, the log level is notification, and the system state is normal but very important information. The log audit gives different treatment comments to the dangerous level of the collected information, and when the safety level is urgent and alarming, the system is required to give response and treatment comments immediately. For the general security level lower, the security information is defaulted or no operation processing is performed.
Specifically, the analytic hierarchy process is a decision-making process of decomposing elements related to decision into layers of targets, criteria, schemes and the like and performing qualitative and quantitative analysis, and is a hierarchical weight decision-making analysis process. The system state has states such as system unavailability, immediate processing, serious occurrence, error message, warning message, normal but important information, general information, debugging information and the like, and the state weight of each state is determined by using a hierarchical analysis method, so that the more serious the system state is, the lower the state weight is. And determining the data storage security index according to the state weight.
Further, the data storage security index may be calculated according to the state weight, for example, when the state weight is 0.6, the data storage security index is 60, the data storage security index is medium, when the state weight is 0.1, the data storage security index is 10, the data storage security index is dangerous, when the state weight is 0.9, the data storage security index is 90, and the data storage security index is good.
S5, calculating the information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilation weight algorithm.
In the embodiment of the invention, the dissimilation weight algorithm is used for judging the information security risk of big data office by integrating the software vulnerability index, the environment danger index and the data storage security index.
In the embodiment of the present invention, the calculating the information security risk of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilarization weight algorithm includes:
calculating the information security risk value of the big data office by using the following dissimilation weight algorithm:
Wherein F is the information security risk value, M i To influence the factors, M 1 For the software vulnerability index, M 2 For the environmental risk index, M 3 Storing a security index for the data, n being the number of influencing factors, t k Is the weight of the kth influencing factor.
Illustratively, the software vulnerability index has a weighting factor of 0.3 and a weighting value of 60; the weighting coefficient of the environmental risk index is 0.4, and the weighting value is 50; the weighting coefficient of the data storage security index is 0.6, and the weighting value is 70, so that the information security risk value of the big data office is obtained according to the formula of the dissimilarization weight algorithm.
In detail, when the information security risk value is between 0 and 10, it indicates that the information security of the big data office is in a perfect state, when the information security risk value is between 10 and 30, it indicates that the information security of the big data office is in a good state, when the information security risk value is between 30 and 50, it indicates that the information security of the big data office is in a medium state, and when the information security risk value is between 50 and 100, it indicates that the information security of the big data office is in a very poor state.
According to the embodiment of the invention, the software vulnerability index is determined according to the office software characteristics by extracting the office software characteristics, the office environment characteristics and the office data characteristics, so that the vulnerability can be repaired according to the software vulnerability index, and the system is in a safe environment; determining an environment risk index of office according to the office environment characteristics, further judging whether the office network environment has threat or not, and timely discovering and processing potential danger; generating office log audit according to the office data characteristics, determining the storage security index of the office data according to the security level of the log audit, and further judging the security of data storage; according to the software vulnerability index, the environment danger index and the data storage safety index, the information safety risk value in the big data office is calculated, the information safety risk can be found in time, further, treatment measures are taken on the risk, and the safety in the big data office is improved. Therefore, the information security analysis method, the system and the electronic equipment based on big data office can solve the problem of low information security when big data office is carried out.
Fig. 4 is a functional block diagram of an information security analysis system based on big data office according to an embodiment of the present invention.
The information security analysis system 100 based on big data office of the present invention can be installed in an electronic device. Depending on the implementation function, the information security analysis system 100 based on big data office may include an office information acquisition module 101, a software vulnerability index determination module 102, an environmental risk index determination module 103, a data storage security index determination module 104, and an information security risk value calculation module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the office information obtaining module 101 is configured to obtain preset office information of big data office, and extract office software features, office environment features and office data features of the office information;
the software vulnerability index determining module 102 is configured to construct a software vulnerability scoring model according to preset training data, and input the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office;
The environmental risk index determining module 103 is configured to detect an environmental risk index of the big data office according to the office environment feature by using a preset intrusion detection algorithm;
the data storage security index determining module 104 is configured to generate a log audit of the big data office according to the office data feature, and determine a data storage security index of the big data office by using a security level of the log audit;
the information security risk value calculating module 105 is configured to calculate an information security risk value of the big data office according to the software vulnerability index, the environmental risk index and the data storage security index by using a preset dissimilarisation weight algorithm.
In detail, each module in the information security analysis system 100 based on big data office in the embodiment of the present invention adopts the same technical means as the information security analysis method based on big data office in the above-mentioned fig. 1 to 3 when in use, and can produce the same technical effects, which are not repeated here.
Fig. 5 is a schematic structural diagram of an electronic device for implementing an information security analysis method based on big data office according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program stored in the memory 11 and executable on the processor 10, such as an information security analysis program based on big data offices.
The processor 10 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects respective parts of the entire electronic device using various interfaces and lines, executes or executes programs or modules stored in the memory 11 (for example, executes information security analysis programs based on big data office, etc.), and invokes data stored in the memory 11 to perform various functions of the electronic device and process data.
The memory 11 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 11 may in other embodiments also be an external storage device of the electronic device, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only for storing application software installed in an electronic device and various types of data, such as codes of information security analysis programs based on big data offices, but also for temporarily storing data that has been output or is to be output.
The communication bus 12 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
The communication interface 13 is used for communication between the electronic device and other devices, including a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Only an electronic device having components is shown, and it will be understood by those skilled in the art that the structures shown in the figures do not limit the electronic device, and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for powering the respective components, and the power source may be logically connected to the at least one processor 10 through a power management system, so as to perform functions of charge management, discharge management, and power consumption management through the power management system. The power supply may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The information security analysis program based on big data office stored in the memory 11 in the electronic device 1 is a combination of a plurality of instructions, which when run in the processor 10, can realize:
Acquiring preset office information of big data office, and extracting office software features, office environment features and office data features of the office information;
constructing a software vulnerability scoring model according to preset training data, and inputting the office software features into the software vulnerability scoring model to obtain a software vulnerability index of big data office;
detecting the environmental risk index of the big data office according to the office environment characteristics by using a preset intrusion detection algorithm;
generating log audit of the big data office according to the office data characteristics, and determining a data storage security index of the big data office by using the security level of the log audit;
and calculating the information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilation weight algorithm.
In particular, the specific implementation method of the above instructions by the processor 10 may refer to the description of the relevant steps in the corresponding embodiment of the drawings, which is not repeated herein.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or system capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, system and method may be implemented in other manners. For example, the system embodiments described above are merely illustrative, e.g., the division of the modules is merely a logical function division, and other manners of division may be implemented in practice.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. Multiple units or systems as set forth in the system claims may also be implemented by means of one unit or system in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present application and not for limiting the same, and although the present application has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present application without departing from the spirit and scope of the technical solution of the present application.

Claims (7)

1. An information security analysis method based on big data office, which is characterized by comprising the following steps:
acquiring preset office information of big data office, and extracting office software features, office environment features and office data features of the office information;
constructing a software vulnerability scoring model according to preset training data, inputting the office software features into the software vulnerability scoring model to obtain a software vulnerability index of the big data office, wherein the inputting the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office comprises the following steps:
s11, extracting feature data quantity of the office software features by using the following feature quantity calculation formula:
wherein ,the +.>Individual characteristic data quantity,/->Feature quantity of software type for said office software feature,/->Feature quantity of software attribute for said office software feature,/->As a differential function +.>Weight for the office software feature, +.>Weighting the software type in the office software feature +.>Weights for software attributes in the office software features;
s12, collecting the characteristic data quantity as a characteristic data set;
Inputting the characteristic data set into the software vulnerability scoring model to obtain a software vulnerability index of the big data office;
detecting the environmental risk index of the big data office according to the office environment characteristics by using a preset intrusion detection algorithm, wherein the method comprises the following steps: extracting a communication flow data packet in the office environment characteristics, classifying the communication flow data packet by using the intrusion detection algorithm to obtain a classified data packet, and calculating the classification accuracy in the classified data packet by using the following accuracy formula:
wherein ,for the classification accuracy,/a->Record of attacks for correct classification in said classified data packet,/for said classification data packet>For the number of classificationsNormal record of correct classification in packet, +.>Record of attacks for misclassification in said classified data packet,>a correct record of the misclassification in the classified data packet;
calculating the classified false alarm rate in the classified data packet by using the following false alarm rate formula:
wherein ,for said class false positive rate, +.>Record of attacks for misclassification in said classified data packet,>normal records of correct classification in the classified data packet;
determining the environmental risk index according to the classification accuracy and the classification false alarm rate;
Generating log audit of the big data office according to the office data characteristics, and determining a data storage security index of the big data office by using the security level of the log audit;
calculating an information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilation weight algorithm, wherein the information security risk value comprises the following steps:
calculating the information security risk value of the big data office by using the following dissimilation weight algorithm:
wherein ,for the information security risk value, +.>For influencing factors, ->For the software vulnerability index->For the environmental risk index->Storing a security index for said data, +.>For the number of influencing factors +.>Is->The weight of the influencing factors.
2. The information security analysis method based on big data office as claimed in claim 1, wherein the constructing a software vulnerability scoring model according to preset training data comprises:
extracting a characteristic data set of the training data, arbitrarily selecting one characteristic information in the characteristic data set as a root node, and splitting a left node and a right node on the root node;
Distributing the characteristic data set to the left node and the right node to obtain a basic decision tree;
adding a decision tree to the basic decision tree to obtain a standard decision tree;
and inputting the training data into the standard decision tree for training to obtain the software vulnerability scoring model.
3. The method for analyzing information security based on big data office as claimed in claim 1, wherein classifying the communication traffic data packet by using the intrusion detection algorithm to obtain a classified data packet comprises:
setting a data category weighting coefficient for the communication flow data packet;
calculating the classified data packet according to the class weighting coefficient by utilizing a decision function in the intrusion detection algorithm:
wherein ,indicate->-each said classification packet,>representing the number of support vectors for the communication traffic packets, and (2)>Indicating +.>Class weighting coefficients of the individual support vectors, +.>Indicate->The class of the individual support vectors is defined,is a kernel function.
4. The big data office based information security analysis method of claim 1, wherein the generating a log audit of the big data office from the office data features comprises:
Extracting behavior data and storage data in the office data characteristics;
determining a behavior log of the big data office according to the behavior data;
determining a storage log of the big data office according to the storage data;
and collecting the behavior log and the storage log as log audit.
5. The big data office based information security analysis method of claim 1, wherein the determining the big data office data storage security index using the log audit security level comprises:
determining the system state of the big data office according to the security level of the log audit;
determining the state weight of the system state by using a preset analytic hierarchy process;
and calculating the data storage safety index according to the state weight.
6. The information security analysis system based on big data office is characterized by comprising an office information acquisition module, a software vulnerability index determination module, an environment risk index determination module, a data storage security index determination module and an information security risk value calculation module, wherein:
the office information acquisition module is used for acquiring preset office information of big data office and extracting office software features, office environment features and office data features of the office information;
The software vulnerability index determining module is configured to construct a software vulnerability scoring model according to preset training data, input the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office, wherein the inputting the office software features into the software vulnerability scoring model to obtain the software vulnerability index of the big data office includes:
s11, extracting feature data quantity of the office software features by using the following feature quantity calculation formula:
wherein ,the +.>Individual characteristic data quantity,/->Feature quantity of software type for said office software feature,/->Feature quantity of software attribute for said office software feature,/->As a differential function +.>Weight for the office software feature, +.>In the office software featureWeights of software types->Weights for software attributes in the office software features;
s12, collecting the characteristic data quantity as a characteristic data set;
inputting the characteristic data set into the software vulnerability scoring model to obtain a software vulnerability index of the big data office;
the environmental risk index determining module is configured to detect the environmental risk index of the big data office according to the office environment feature by using a preset intrusion detection algorithm, and includes: extracting a communication flow data packet in the office environment characteristics, classifying the communication flow data packet by using the intrusion detection algorithm to obtain a classified data packet, and calculating the classification accuracy in the classified data packet by using the following accuracy formula:
wherein ,for the classification accuracy,/a->Record of attacks for correct classification in said classified data packet,/for said classification data packet>Normal record for correct classification in said classified data packet,/for said classification data packet>Record of attacks for misclassification in said classified data packet,>correct for misclassification in the classified data packetRecording;
calculating the classified false alarm rate in the classified data packet by using the following false alarm rate formula:
wherein ,for said class false positive rate, +.>Record of attacks for misclassification in said classified data packet,>normal records of correct classification in the classified data packet;
determining the environmental risk index according to the classification accuracy and the classification false alarm rate;
the data storage security index determining module is used for generating log audit of the big data office according to the office data characteristics and determining the data storage security index of the big data office by using the security level of the log audit;
the information security risk value calculation module is configured to calculate an information security risk value of the big data office according to the software vulnerability index, the environment risk index and the data storage security index by using a preset dissimilarisation weight algorithm, and includes:
Calculating the information security risk value of the big data office by using the following dissimilation weight algorithm:
wherein ,for the letterSafety risk value, ->For influencing factors, ->For the software vulnerability index->For the environmental risk index->Storing a security index for said data, +.>For the number of influencing factors +.>Is->The weight of the influencing factors.
7. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the big data office based information security analysis method of any of claims 1 to 5.
CN202211304919.0A 2022-10-24 2022-10-24 Information security analysis method, system and equipment based on big data office Active CN115659351B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211304919.0A CN115659351B (en) 2022-10-24 2022-10-24 Information security analysis method, system and equipment based on big data office

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211304919.0A CN115659351B (en) 2022-10-24 2022-10-24 Information security analysis method, system and equipment based on big data office

Publications (2)

Publication Number Publication Date
CN115659351A CN115659351A (en) 2023-01-31
CN115659351B true CN115659351B (en) 2023-10-03

Family

ID=84992010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211304919.0A Active CN115659351B (en) 2022-10-24 2022-10-24 Information security analysis method, system and equipment based on big data office

Country Status (1)

Country Link
CN (1) CN115659351B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248406B (en) * 2023-03-08 2023-09-01 深圳市亿特宝科技有限公司 Information security storage method and information security device thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114564726A (en) * 2022-03-03 2022-05-31 山东聚合数据服务有限公司 Software vulnerability analysis method and system based on big data office
CN115134099A (en) * 2021-03-22 2022-09-30 ***通信集团江苏有限公司 Network attack behavior analysis method and device based on full flow

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10990683B2 (en) * 2018-05-25 2021-04-27 At&T Intellectual Property I, L.P. Virtual reality for security augmentation in home and office environments

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134099A (en) * 2021-03-22 2022-09-30 ***通信集团江苏有限公司 Network attack behavior analysis method and device based on full flow
CN114564726A (en) * 2022-03-03 2022-05-31 山东聚合数据服务有限公司 Software vulnerability analysis method and system based on big data office

Also Published As

Publication number Publication date
CN115659351A (en) 2023-01-31

Similar Documents

Publication Publication Date Title
CN113965404B (en) Network security situation self-adaptive active defense system and method
CN110620759B (en) Multi-dimensional association-based network security event hazard index evaluation method and system
CN109347801B (en) Vulnerability exploitation risk assessment method based on multi-source word embedding and knowledge graph
CN106790256B (en) Active machine learning system for dangerous host supervision
CN112235283A (en) Vulnerability description attack graph-based network attack evaluation method for power engineering control system
CN114584405B (en) Electric power terminal safety protection method and system
CN116305168B (en) Multi-dimensional information security risk assessment method, system and storage medium
KR102091076B1 (en) Intelligent security control system and method using mixed map alert analysis and non-supervised learning based abnormal behavior detection method
CN114615016B (en) Enterprise network security assessment method and device, mobile terminal and storage medium
CN117220978B (en) Quantitative evaluation system and evaluation method for network security operation model
US20230418943A1 (en) Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same
CN116016198B (en) Industrial control network topology security assessment method and device and computer equipment
CN115001934A (en) Industrial control safety risk analysis system and method
CN115659351B (en) Information security analysis method, system and equipment based on big data office
CN110149303B (en) Party-school network security early warning method and early warning system
CN116112211A (en) Knowledge-graph-based network attack chain reduction method
CN117478433B (en) Network and information security dynamic early warning system
CN113704772B (en) Safety protection processing method and system based on user behavior big data mining
KR20040104853A (en) Risk analysis system for information assets
CN116956148A (en) Power system data interaction security threat information analysis method
CN115664851A (en) Safety management and control method and device based on business behaviors
CN112565221B (en) Vulnerability detection method, device, system and platform
CN117914547A (en) Security situation awareness processing method, system and equipment for built-in data processing unit
CN115913627A (en) Safety protection index optimization method and system for big data information safety
Chrysikos Intrusion detection attack patterns in cloud computing: trust and risk assessment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant