CN112887288B

Movatterモバイル変換

Info

Publication number: CN112887288B
Application number: CN202110069067.0A
Authority: CN
Inventors: 彭瑶
Original assignee: Chongqing Kuihai Digital Technology Co ltd
Current assignee: Chongqing Kuihai Digital Technology Co ltd
Priority date: 2021-01-19
Filing date: 2021-01-19
Publication date: 2022-09-13
Anticipated expiration: 2041-01-19
Also published as: CN112887288A

Abstract

The invention discloses a front-end computer scanning system for E-commerce platform intrusion detection based on the Internet, and relates to the technical field of network security; the problem that the same intrusion data are easy to intrude repeatedly is solved; the system specifically comprises a central processing unit, an intrusion collecting unit for collecting network behavior, safety logs and audit data information, a scanning analysis unit for analyzing the collected data information, an alarm response unit for responding to corresponding measures according to the danger level of the intrusion data to reduce potential safety hazards, a signal cutting unit for directly cutting off and forbidding a network interface of a host when the intrusion data are found to be abnormal, and a database for storing and counting abnormal intrusion data. The invention is convenient for active defense attack, eliminates the condition that the invasion occurs again in the later period of the invasion data, improves the guarantee of information safety by active prevention and control compared with passive defense, and has stronger expansibility, thereby ensuring the safety of electronic commerce.

Description

Internet-based E-commerce platform intrusion detection front-end computer scanning system

Technical Field

The invention relates to the technical field of network security, in particular to a front-end computer scanning system for E-commerce platform intrusion detection based on the Internet.

Background

In the process of continuous development of computer networks, global informatization has become a trend of human development, but computer networks are vulnerable to malware, hackers and other forms of attacks, and enterprises are in the process of development and are necessary to protect autonomous data from security. The main function of electronic commerce is to realize product, service and information transmission on the network, including information requesters, information distribution channels and suppliers, so the competition in the electronic commerce era is different from the traditional business competition, on one hand, the explosive development on information transmission, and on the other hand, the process development. Based on this, the impact of information security is becoming more and more important in e-commerce competition. The main mode of information existence in electronic commerce competition is network data, contract information exists on a network in modern electronic commerce, and therefore the contract information is irreparably modified, and if a safety protection mechanism is not in place, the information is randomly modified after being attacked by a hacker, and the consequences can be known.

Through retrieval, a patent with a Chinese patent application number of CN201711267667.8 discloses a computer network security intrusion detection system, which comprises a control center module, a system response module, a system analysis module, a system exception module, an active scanning module, a data capture module and a data fusion module; the system abnormity module, the system response module and the system analysis module are respectively connected with the control center; the dynamic scanning module, the data capturing module and the data fusion module are respectively connected with the control center module; the system response module, the system analysis module and the system exception module meet and are connected with the active scanning module, the data capturing module and the data fusion module. The computer network security intrusion detection system in the above patent has the following disadvantages: only passive defense can be performed on the intrusion data, and active and reverse investigation actions cannot be performed on the intrusion data, so that the situation that the same intrusion data are repeatedly intruded in the later period is easily caused.

Disclosure of Invention

The invention aims to solve the defects in the prior art, and provides an Internet-based front-end computer scanning system for E-commerce platform intrusion detection.

In order to achieve the purpose, the invention adopts the following technical scheme:

the front-end computer scanning system for the E-commerce platform intrusion detection based on the Internet comprises a central processing unit, an intrusion collection unit, a scanning analysis unit, an alarm response unit, a signal cutting unit, a database and an anti-tracing unit, wherein the intrusion collection unit is used for collecting network behavior, safety logs and audit data information, the scanning analysis unit is used for analyzing the collected data information, the alarm response unit is used for responding corresponding measures and reducing potential safety hazards according to the danger level of the intrusion data, the signal cutting unit is used for directly cutting off and forbidding a network interface of a host when the intrusion data are found to be abnormal, the database is used for storing and counting the abnormal intrusion data, the anti-tracing unit is used for tracing the abnormal intrusion data, and the intrusion collection unit is in communication connection with the scanning analysis unit; the scanning analysis unit is in communication connection with the database; the alarm response unit is in communication connection with the scanning analysis unit; the signal cutting unit is in communication connection with the central processing unit; the central processing unit is in communication connection with the anti-tracing unit.

Preferably: the intrusion collecting unit comprises a network intrusion detection module and a data acquisition module, wherein the network intrusion detection module is used for checking whether behaviors violating the security policy and attack signs exist in the network or the system in real time, and the data acquisition module is used for collecting audit data and providing basic information for scanning analysis.

Preferably: the scanning analysis unit comprises a first scanning module, a second scanning module, an intrusion behavior analysis and comparison module and an intrusion type identification module, wherein the first scanning module comprises a host and a communication data detection block, the host and the communication data detection block are used for accurately positioning and generating an attack behavior on the host and communication data and detecting an attack attempt; the second scanning module comprises a key information data detection center for positioning, detecting and scanning the key information divided by the platform in real time.

Preferably: the intrusion behavior analysis and comparison module compares the collected intrusion data with system program data stored in a database and judges an intrusion intention; the intrusion type identification module judges the security threat of the intrusion data according to the comparison judgment result of the intrusion behavior analysis comparison module and divides the intrusion type grade.

Preferably: the intrusion type level comprises a malicious type continuously attacking files, audit and confidential platform information and a break-in type which has no attack intention and is evacuated rapidly in a short time.

Preferably: the scanning analysis unit also comprises a cooperative scanning module for performing cooperative detection on each node element according to system operation and identifying suspicious behaviors, and a communication security module for performing maintenance scanning work on each node for ensuring communication security and authority.

Preferably: the alarm response unit comprises an automatic feedback module which is set by people and used for automatically replying an execution command aiming at the intrusion condition, and a passive feedback module which is used for waiting for the control command of background personnel and is not in the intrusion condition range set by people, the passive feedback module also comprises an automatic early warning which is used for sending a direct alarm prompt to the background personnel, and the automatic early warning is an audible and visual alarm.

Preferably: the database comprises an information filtering module, an intrusion data induction and statistics module and an intrusion data detection and highlighting module, wherein the information filtering module is a module which performs filtering and noise reduction on intrusion data with classified intrusion type grades transmitted by a scanning analysis unit, removes intrusion data with illegal intrusion and stores malicious intrusion data; the intrusion data induction and statistics module is used for counting all trace information of the malicious intrusion data and performing class division, wherein the class division comprises the same intrusion data and similar intrusion data.

Preferably: the intrusion data detection highlighting module calculates the intrusion times and time of the same intrusion data and similar intrusion data and searches malicious intrusion data which exceed two intrusions within a set time.

Preferably: the anti-tracing unit is used for performing anti-tracing on abnormal intrusion data and feeding the result back to the central processing unit.

The invention has the beneficial effects that:

1. the anti-tracing unit of the invention carries out anti-tracing on abnormal intrusion data detected by the intrusion data detection salient module and feeds back the result to the system, so that the platform knows the intrusion data, is convenient for actively defending against attacks, eliminates the situation that the intrusion data appears again in the later period, improves the guarantee of information safety by active defense compared with passive defense, and has stronger expansibility, thereby ensuring the safety of electronic commerce.

2. The invention collects the information of whether the attack sign exists or not in real time from multiple aspects such as networks and systems through the intrusion collection unit, scans and detects in a serial way from multiple aspects through the first scanning module, the second scanning module, the cooperative scanning module and the communication security module, and when one node fails, the operation of the whole system cannot be influenced.

3. The intrusion behavior analyzing and comparing module compares the collected intrusion data with system program data stored in a database to judge intrusion intentions, the intrusion type identifying module judges the security threat of the intrusion data according to the comparison and judgment result of the intrusion behavior analyzing and comparing module and divides the intrusion type grades, the alarm response unit automatically or passively feeds back alarms according to the intrusion type grades, intrusion information is judged in time, defense is made, and potential safety hazards are reduced.

4. The intrusion data induction and statistics module classifies the malicious intrusion data, the intrusion data detection and highlighting module calculates the intrusion times and time of the same intrusion data and similar intrusion data, and the malicious intrusion data which exceed two intrusions within a set time are searched out, so that the platform can have a basis for timely making active defense.

Drawings

Fig. 1 is a schematic flow chart of a front-end computer scanning system for internet-based e-commerce platform intrusion detection according to the present invention.

Detailed Description

The technical solution of the present patent will be described in further detail with reference to the following embodiments.

Reference will now be made in detail to embodiments of the present patent, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present patent and are not to be construed as limiting the present patent.

Example 1:

a front-end computer scanning system for internet-based e-commerce platform intrusion detection, as shown in fig. 1, comprising a central processing unit, an intrusion collection unit for collecting network behavior, security logs, audit data information and the like, a scanning analysis unit for analyzing the collected data information, an alarm response unit for responding corresponding measures and reducing potential safety hazards according to the danger level of the intrusion data, a signal cut-off unit for directly cutting off and disabling a network interface of a host when the intrusion data are found to be abnormal, a database for storing and counting the abnormal intrusion data, and an anti-tracing unit for tracing the abnormal intrusion data, wherein the intrusion collection unit is in communication connection with the scanning analysis unit; the scanning analysis unit is in communication connection with the database; the alarm response unit is in communication connection with the scanning analysis unit; the signal cutting unit is in communication connection with the central processing unit; the central processing unit is in communication connection with the anti-tracing unit.

The intrusion collecting unit comprises a network intrusion detection module and a data acquisition module, wherein the network intrusion detection module is used for checking whether behaviors violating security policies and attack signs exist in a network or a system in real time, and the data acquisition module is used for collecting audit data and providing basic information for scanning analysis.

The scanning analysis unit comprises a first scanning module, a second scanning module, an intrusion behavior analysis and comparison module and an intrusion type identification module, wherein the first scanning module comprises a host and a communication data detection block, the host and the communication data detection block are used for accurately positioning and generating an attack behavior on the host and communication data and detecting an attack attempt; the second scanning module comprises a key information data detection center for positioning, detecting and scanning the key information divided by the platform in real time; the intrusion behavior analysis and comparison module compares the collected intrusion data with system program data stored in a database and judges the intrusion intention; the intrusion type identification module judges the security threat of the intrusion data according to the comparison judgment result of the intrusion behavior analysis comparison module and divides the intrusion type grade.

Further, the intrusion type level includes a malicious type which continuously attacks platform information such as files, audits, secrets and the like, and a break-in type which has no any attack intention and rapidly withdraws in a short time.

The alarm response unit comprises an automatic feedback module which is set by people and used for automatically replying an execution command aiming at the intrusion condition and a passive feedback module which is used for waiting for a control command of background personnel and is not in the intrusion condition range set by people.

Furthermore, the passive feedback module also comprises an automatic early warning device which can send out direct warning prompt to background personnel, and the automatic early warning device is an audible and visual alarm.

The database comprises an information filtering module, an intrusion data induction and statistics module and an intrusion data detection and highlighting module, wherein the information filtering module is a module which performs filtering and noise reduction on intrusion data with classified intrusion type grades transmitted by a scanning analysis unit, removes intrusion data with illegal intrusion and stores malicious intrusion data; the intrusion data induction and statistics module is used for counting all trace information of the malicious intrusion data and performing class division, wherein the class division comprises the same intrusion data and similar intrusion data; the intrusion data detection salient module calculates the intrusion times and time of the same intrusion data and similar intrusion data, searches malicious intrusion data which exceed two times of intrusion within set time, transmits the malicious intrusion data with the times exceeding the times to the central processing unit through the scanning and analyzing unit, detects and retains intrusion data traces, calculates and summarizes according to the set time, reports the same or similar intrusion data which are invaded for many times to the system, and eliminates the condition that the intrusion data appears again in the later period.

The anti-tracing unit is used for performing anti-tracing on abnormal intrusion data and feeding results back to the central processing unit, so that the platform knows the intrusion data, active defense attack is facilitated, and compared with passive defense, active defense and control improve the guarantee on information safety.

When the system is used, an intrusion collecting unit collects the intrusion problem from multiple aspects such as networks, systems and whether the system has an attack sign or not in real time, the first scanning module generates an attack behavior and intention on a host and communication data through real-time scanning, the second scanning module performs positioning detection scanning on platform key information, the multiple-aspect scanning detection performs scanning detection in a serial way, when one node fails, the operation of the whole system cannot be influenced, the system has higher defense capability, positioning accuracy and high efficiency, an intrusion behavior analysis and comparison module compares the collected intrusion data with system program data stored in a database to judge the intrusion intention, an intrusion type identification module judges the security threat of the intrusion data according to the comparison and judgment result of the intrusion behavior analysis and comparison module and divides the intrusion type grade, the alarm response unit automatically or passively feeds back an alarm aiming at the invasion type grade, the invasion information is judged in time, defense is made, and potential safety hazards are reduced, the invasion data summarization and statistics module classifies malicious invasion data, the invasion data detection and highlighting module calculates the invasion times and time of the same invasion data and similar invasion data, the malicious invasion data which exceed invasion twice within a set time are searched out and sent to the anti-tracing unit, the anti-tracing unit performs anti-tracing on abnormal invasion data, and the result is fed back to the system, so that the platform knows the invasion data, active defense attack is facilitated, the condition that invasion occurs again in the later stage of the invasion data is eliminated, compared with passive defense, active defense and control improve the guarantee on information safety, and the system has strong expansibility, thereby ensuring the safety of electronic commerce.

Example 2:

The intrusion collecting unit comprises a network intrusion detection module and a data acquisition module, wherein the network intrusion detection module is used for checking whether behaviors violating the security policy and attack signs exist in the network or the system in real time, and the data acquisition module is used for collecting audit data and providing basic information for scanning analysis.

The scanning analysis unit also comprises a cooperative scanning module for performing cooperative detection on each node element according to system operation, recognizing suspicious behaviors and a communication security module for performing maintenance scanning work on each node for guaranteeing communication security and authority, so that real-time detection scanning on platform intrusion data is further ensured.

When the system is used, the intrusion collecting unit collects intrusion data from multiple aspects such as networks, systems and whether the intrusion data has an attack sign or not in real time to ensure that an intrusion problem is found at the first time, the first scanning module generates an attack behavior and intention on a host and communication data through real-time scanning, the second scanning module carries out positioning detection scanning on platform key information, each node element is cooperatively detected according to system operation, each node which ensures communication safety and authority is wonderful, the cooperative scanning module and the communication safety module which identify suspicious behaviors are scanned and detected in a serial way through multi-aspect scanning detection, when one node fails, the whole system operation is not influenced, the system has higher defense capability, positioning accuracy and efficiency, the intrusion behavior analyzing and comparing module compares the collected intrusion data with system program data stored in a database, judging intrusion intention, judging safety threat of intrusion data by an intrusion type identification module according to a comparison judgment result of an intrusion behavior analysis comparison module, dividing intrusion type grades, automatically or passively feeding back an alarm aiming at the intrusion type grades by an alarm response unit, judging intrusion information in time, defending and reducing potential safety hazards, classifying the malicious intrusion data by an intrusion data induction statistical module, calculating the intrusion times of the same intrusion data and similar intrusion data by an intrusion data detection salient module in time, searching malicious intrusion data which exceeds two times of intrusion within a set time, sending the malicious intrusion data to a reverse tracing unit, reversely tracing abnormal intrusion data by the reverse tracing unit, feeding back results to a system, enabling a platform to know the intrusion data, facilitating active defense attack and eliminating the situation that the intrusion data appears again in the later period, compared with passive defense, the active prevention and control improves the guarantee of information safety, and has stronger expansibility, thereby guaranteeing the safety of electronic commerce.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered as the technical solutions and the inventive concepts of the present invention within the technical scope of the present invention.

Claims

1. The front-end computer scanning system for the E-commerce platform intrusion detection based on the Internet comprises a central processing unit, an intrusion collection unit, a scanning analysis unit, an alarm response unit, a signal cutting unit, a database and an anti-tracing unit, wherein the intrusion collection unit is used for collecting network behaviors, safety logs and audit data information; the scanning analysis unit is in communication connection with the database; the alarm response unit is in communication connection with the scanning analysis unit; the signal cutting unit is in communication connection with the central processing unit; the central processing unit is in communication connection with the anti-tracing unit; the intrusion collecting unit comprises a network intrusion detecting module and a data collecting module, wherein the network intrusion detecting module is used for detecting whether behaviors violating a security policy and attack signs exist in a network or a system in real time, and the data collecting module is used for collecting audit data and providing basic information for scanning analysis; the scanning analysis unit comprises a first scanning module, a second scanning module, an intrusion behavior analysis and comparison module and an intrusion type identification module, wherein the first scanning module comprises a host and a communication data detection block, the host and the communication data detection block are used for accurately positioning and generating an attack behavior on the host and communication data and detecting an attack attempt; the second scanning module comprises a key information data detection center for positioning, detecting and scanning the key information divided by the platform in real time; the scanning analysis unit also comprises a cooperative scanning module for performing cooperative detection on each node element according to system operation and identifying suspicious behaviors and a communication security module for performing maintenance scanning work on each node for guaranteeing communication security and authority; the alarm response unit comprises an automatic feedback module which is set by people and can automatically reply an execution command aiming at the intrusion condition, and a passive feedback module which waits for a control command of background personnel and is not in the intrusion condition range set by people, the passive feedback module also comprises an automatic early warning which can send out a direct alarm prompt to the background personnel, and the automatic early warning is an audible and visual alarm; the database comprises an information filtering module, an intrusion data induction and statistics module and an intrusion data detection and highlighting module, wherein the information filtering module is a module which performs filtering and noise reduction on intrusion data with classified intrusion type grades transmitted by a scanning analysis unit, removes intrusion data with illegal intrusion and stores malicious intrusion data; the intrusion data induction and statistics module is used for counting all trace information of the malicious intrusion data and performing class division, wherein the class division comprises the same intrusion data and similar intrusion data.

2. The front-end computer scanning system for Internet-based E-commerce platform intrusion detection according to claim 1, wherein the intrusion behavior analysis and comparison module is used for comparing the collected intrusion data with system program data stored in a database to judge an intrusion intention; the intrusion type identification module judges the security threat of the intrusion data according to the comparison judgment result of the intrusion behavior analysis comparison module and divides the intrusion type grade.

3. The internet-based e-commerce platform intrusion detection front-end computer scanning system of claim 2, wherein the intrusion type level includes malicious types of continuous attacks on files, audits, confidential platform information and break-in types of rapid evacuation without any intention of attack and in a short time.

4. The front-end computer scanning system for Internet-based E-commerce platform intrusion detection according to claim 3, wherein the intrusion data detection highlighting module is used for calculating the number and time of intrusions of the same intrusion data and similar intrusion data, and searching malicious intrusion data which exceed two intrusions within a set time.

5. The front-end computer scanning system for Internet-based E-commerce platform intrusion detection according to any one of claims 1-4, wherein the anti-tracing unit is used for performing anti-tracing on abnormal intrusion data and feeding the result back to the central processing unit.