CN115829192B - Digital management system and method for realizing engineering information security supervision - Google Patents
Digital management system and method for realizing engineering information security supervision Download PDFInfo
- Publication number
- CN115829192B CN115829192B CN202310153870.1A CN202310153870A CN115829192B CN 115829192 B CN115829192 B CN 115829192B CN 202310153870 A CN202310153870 A CN 202310153870A CN 115829192 B CN115829192 B CN 115829192B
- Authority
- CN
- China
- Prior art keywords
- information
- management module
- information management
- abnormal
- information transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of engineering information safety supervision, in particular to a digital management system and a digital management method for realizing engineering information safety supervision, wherein the digital management system comprises the steps of carding an information transmission chain network formed by distribution among all information transmission nodes; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network; calculating information transmission risk indexes for each information transmission link respectively; performing anomaly verification judgment on the anomaly account based on output data obtained after the verification user terminal performs data processing operation in the corresponding anomaly information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
Description
Technical Field
The invention relates to the technical field of engineering information safety supervision, in particular to a digital management system and method for realizing engineering information safety supervision.
Background
In recent years, along with the continuous development of information technology, the method is widely applied in various fields, the informationized technology is added into engineering construction, a special information system is constructed, real-time information generated by engineering can be monitored and managed remotely, and in the process of developing a large project with complicated links, only specific conditions and data information of an engineering site can be recorded by means of equipment, so that statistics is carried out by supervisory personnel, and supervision work is accurately carried out.
Therefore, the information digital system constructed on the basis of the large project with the link disc impurities is characterized in that the data quantity stored is huge, the related project data processing links are various, the whole body is often pulled, the accuracy of various data stored in the information digital system is ensured, and the guarantee that all right users are involved in the process of operating the data storage management of the information digital system are correctly or safely logged in is a non-negligible problem.
Disclosure of Invention
The invention aims to provide a digital management system and method for realizing engineering information security supervision, so as to solve the problems in the background art.
In order to solve the technical problems, the invention provides the following technical scheme: a digital management method for implementing engineering information security supervision, the method comprising:
step S100: the system comprises a digital engineering information service management system, a digital engineering information management system and a digital engineering information management system, wherein the digital engineering information service management system is used for respectively capturing various information management modules built when the digital engineering information management system digitally manages engineering information generated in the operation process of various engineering; capturing and identifying input end data and output end data in any information management module; capturing and extracting information transmission nodes among various information management modules, and carding an information transmission chain network formed by distribution among all the information transmission nodes;
step S200: capturing all authority account numbers which are issued when the digital engineering information service management system manages engineering information generated in the operation process of each engineering, and acquiring authority functions contained in each authority account number; acquiring data processing functions which can be realized in each information management module for managing each project;
step S300: judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network;
Step S400: in a transmission chain network after removing related information transmission nodes, identifying a plurality of information transmission links existing in the transmission network based on information transmission directions existing among the information transmission nodes, and calculating information transmission risk indexes for the information transmission links based on authority user intervention conditions and information transmission distribution conditions existing in the information transmission links respectively;
step S500: collecting IP address information of login of each authority account from a historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account; extracting all information management modules with association marks between the abnormal account numbers, and setting all the extracted information management modules as abnormal information management modules;
step S600: based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to abnormal verification on the abnormal account, and carrying out abnormal verification judgment on the abnormal account based on output data obtained after the verification user side carries out data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
Further, step S100 includes:
step S101: if any information management module Mi and any information management module Mj exist, wherein input end data of Mi is Pin (Mi) and output end data is Pout (Mi); the input end data of Mj is Pin (Mj), and the output end data is Pout (Mj); if the information management module Mi of any item and the information management module Mj of any item meet the following conditions: pout (Mi) ∈pin (Mj), or Pout (Mi) =pin (Mj);
step S102: judging that information transmission exists between any information management module Mi and any information management module Mj, and extracting the information transmission existing between any information management module Mi and any information management module Mj as an information transmission node Point: mi- & gtMj; wherein, the arbitrary information management module Mi is an information transmission node Point: at the transmission upstream end in Mi-Mj, any information management module Mj is an information transmission node Point: a transmission downstream end in Mi→Mj;
step S103: capturing and identifying all information transmission existing among all information management modules corresponding to each project, and extracting to obtain all information transmission nodes existing in the running process of each project; and combining the information transmission nodes containing the same information management module to obtain an information transmission chain network formed by distributing all the information transmission nodes.
Further, step S300 includes:
step S301: when a coincidence relation exists between a data processing function in a certain information management module and a permission function contained in a certain permission account, judging that the certain information management module is an information management module with permission user intervention management, carrying out association marking between the certain information management module and the certain permission account, and setting the certain information management module as an information management module with a first category attribute; when no coincidence relation exists between the data processing function in a certain information management module and the authority function contained in any authority account, judging that the certain information management module is an information management module without authority user intervention management, and setting the certain information management module as an information management module with a second category attribute;
if there is a coincidence relation between the data processing function in an information management module and the authority function contained in a certain authority account, it is stated that whether the authority account needs to intervene in the data management activity occurring in the information management module or not in the actual management operation process, the authority account is a direct or potential data security threat object for the data management activity occurring in the information management module, and once the authority account is abnormal, the risk that the data management activity existing in the information management module is maliciously disturbed increases, and the reliability of the data flowing out of the information management module is also greatly reduced;
Step S302: traversing corresponding category attribute information for each information management module contained in a transmission chain network formed in the operation process of each project; extracting information management modules which are distributed in a transmission chain network and belong to a second category attribute as target information management modules;
step S303: locking all information transmission nodes containing each target information management module in a transmission chain network, and removing the target information management module from the transmission chain network as an information transmission node of a transmission upstream end;
the above-mentioned information transmission nodes belonging to the target information management module to the transmission upstream end are eliminated from the corresponding information transmission links, because the target information management module is an information management module which does not have authority for user intervention management, that is, the data management activity occurring in the target information management module does not need human intervention, when the target information management module is used as the transmission upstream end, as the transmission downstream end of the corresponding target information management module, the possibility that the information transmitted from the target information management module is maliciously interfered is extremely low, because the reliability of the data flowing from the target information management module is high.
Further, step S400 includes:
step S401: in a transmission chain network after the related information transmission nodes are removed, a plurality of information transmission links in the same unidirectional transmission direction are identified and extracted; wherein each information transmission link comprises at least one information transmission node; an information management module at the upstream end of transmission in any information transmission node in each information transmission link is set as a1, an information management module at the downstream end of transmission is set as a2, and if Y authority users in authority users with associated marks between a2 in a certain information transmission node have authority functions of Y authority users and simultaneously contain data processing functions corresponding to a1, it is judged that Y authority users in a certain information transmission node have an upper authority supervision function on data processing in a 1;
step S402: accumulating the number N of authority users with associated marks between each information management module in each information transmission link; sequentially numbering all the information transmission nodes in each information transmission link according to the transmission direction, and accumulating the number g of authority users with an upper authority supervision function between an information management module at the transmission upstream end and an information management module at the transmission downstream end for each information transmission node one by one; the number K of information transmission nodes which exist as the transmission upstream end for each information management module in each information transmission link;
Step S403: calculating an information transmission risk index existing in each information transmission link;
R=[(N1+N2+...+NX)*(K1+K2+...+KX)][(g1+g2+...+g(X-1)]
wherein N1, N2, & gt, NX respectively represent the number of authorized users having association marks with the 1 st, 2 nd, & gt, X information management modules in each information transmission link; g1, g2, and g (X-1) respectively represent the number of authorized users having an upper-level authorized monitoring function between the 1 st, 2 nd, and (X-1) information transmission nodes in each information transmission link; k1, K2, & gt, KX represent the number of corresponding information transmission nodes that the 1 st, 2 nd, and X th information management modules exist as transmission upstream ends, respectively.
Further, step S600 includes:
step S601: extracting all the information transmission links correspondingly related to each abnormal information management module respectively, and setting all the information transmission links as risk transmission links; acquiring information transmission risk indexes corresponding to all risk transmission links; capturing authority users with an upper authority supervision function for data processing existing in each abnormal information management module in each risk transmission link, and taking the authority users as verification users for carrying out abnormal verification on abnormal account numbers when each abnormal information management module is operated;
Step S602: if the abnormal account number is extracted from the Q risk transmission links at the same time to a verification user for carrying out abnormal verification on a certain abnormal information management module, the verification user extracted from the risk transmission link with the minimum information transmission risk index is selected as a final verification user for carrying out abnormal verification on the abnormal account number when certain abnormal information management is operated; wherein Q is equal to or greater than 2; capturing an abnormal information management module as an information transmission node when a transmission downstream end exists, respectively extracting output data in the information management module as a transmission upstream end, and taking the output data as data to be checked;
step S603: transmitting the data to be checked to a final checking user for checking the abnormality of the abnormal account when operating the abnormal information management module while transmitting the data to be checked to the abnormal information management module for corresponding data processing operation, operating the final checking user to perform data processing operation in the abnormal information management module based on the data to be checked, feeding back the obtained output data, and taking the output data as calibration data obtained from the final checking user terminal;
step S604: when the output data obtained after the data processing operation of the abnormal account in a certain abnormal information management module is different from the calibration data, judging that the abnormal account is abnormal, and when the output data obtained after the data processing operation of the abnormal account in each abnormal information management module is the same as the calibration data, eliminating a preliminary abnormal conclusion for the abnormal account.
In order to better realize the method, a digital management system is also provided, and the system comprises an information extraction management module, an information transmission chain network carding and extracting module, a permission information extraction management module, a category attribute information identification management module, an information transmission risk index calculation management module, an abnormal account preliminary identification judgment module and an abnormal account verification module;
the information extraction management module is used for respectively capturing each information management module built when the digital engineering information service management system digitally manages engineering information generated in the operation process of each engineering; capturing and identifying input end data and output end data in any information management module;
the information transmission chain network carding and extracting module is used for capturing and extracting the information transmission nodes among the information management modules and carding the information transmission chain network formed by the distribution of all the information transmission nodes;
the authority information extraction management module is used for capturing all authority accounts which are issued when the digital chemical engineering information service management system manages engineering information generated in the operation process of each engineering, and acquiring the authority functions contained in each authority account;
The category attribute information identification management module is used for acquiring data processing functions which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network;
the information transmission risk index calculation management module is used for receiving the data in the category attribute information identification management module, identifying a plurality of information transmission links existing in the transmission network based on the information transmission directions existing among the information transmission nodes, and calculating information transmission risk indexes for the information transmission links based on the intervention condition of authority users existing in the information transmission links and the information transmission distribution condition;
the abnormal account preliminary identification judgment module is used for collecting IP address information of login of each authority account from the historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account;
The abnormal account checking module is used for extracting all information management modules with association marks between the abnormal account checking module and the abnormal account, and setting all the extracted information management modules as abnormal information management modules; based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to abnormal verification on the abnormal account, and carrying out abnormal verification judgment on the abnormal account based on output data obtained after the verification user side carries out data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
Further, the category attribute information identification management module comprises a category attribute information identification unit and an information transmission chain network arrangement unit;
the category attribute information identification unit is used for acquiring data processing functions which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account;
The information transmission chain network arrangement unit is used for arranging the information transmission nodes of the information transmission chain network according to the distribution condition of the category attribute information to which each information management module corresponds in each information transmission node;
further, the abnormal account verification module comprises a verification user extraction unit and an account verification management unit;
the verification user extraction unit is used for extracting all information management modules with association marks with the abnormal account, and setting all the extracted information management modules as abnormal information management modules; based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to the abnormal account and carrying out abnormal verification;
the account checking management unit is used for receiving the data in the checking user extraction unit and carrying out abnormal checking judgment on the abnormal account based on the output data obtained after the checking user side carries out data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
Compared with the prior art, the invention has the following beneficial effects: according to the invention, the information transmission among the information management modules in the operation process of each project is captured and identified, the information security supervision is assisted by utilizing the transmission relation among the information management modules in each information transmission link, the high-sensitivity capturing and identification are carried out on authority users with abnormal conditions, and meanwhile, the authority account judged to be abnormal is timely subjected to abnormal verification, so that the accuracy of data transmission in each link transmission link is improved, the abnormal account is timely checked, and the high security of stored data is ensured.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a flow chart of a digital management method for implementing engineering information security supervision according to the present invention;
FIG. 2 is a schematic diagram of a digital management system for implementing engineering information security supervision according to the present invention;
FIG. 3 is a schematic diagram of embodiment 1 of a digital management method for implementing engineering information security supervision according to the present invention;
fig. 4 is a schematic diagram of embodiment 2 in a digital management method for implementing engineering information security supervision according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-2, the present invention provides the following technical solutions: a digital management method for implementing engineering information security supervision, the method comprising:
step S100: the system comprises a digital engineering information service management system, a digital engineering information management system and a digital engineering information management system, wherein the digital engineering information service management system is used for respectively capturing various information management modules built when the digital engineering information management system digitally manages engineering information generated in the operation process of various engineering; capturing and identifying input end data and output end data in any information management module; capturing and extracting information transmission nodes among various information management modules, and carding an information transmission chain network formed by distribution among all the information transmission nodes;
wherein, step S100 includes:
step S101: if any information management module Mi and any information management module Mj exist, wherein input end data of Mi is Pin (Mi) and output end data is Pout (Mi); the input end data of Mj is Pin (Mj), and the output end data is Pout (Mj); if the information management module Mi of any item and the information management module Mj of any item meet the following conditions: pout (Mi) ∈pin (Mj), or Pout (Mi) =pin (Mj);
step S102: judging that information transmission exists between any information management module Mi and any information management module Mj, and extracting the information transmission existing between any information management module Mi and any information management module Mj as an information transmission node Point: mi- & gtMj; wherein, the arbitrary information management module Mi is an information transmission node Point: at the transmission upstream end in Mi-Mj, any information management module Mj is an information transmission node Point: a transmission downstream end in Mi→Mj;
Step S103: capturing and identifying all information transmission existing among all information management modules corresponding to each project, and extracting to obtain all information transmission nodes existing in the running process of each project; combining the information transmission nodes containing the same information management module to obtain an information transmission chain network formed by distributing all the information transmission nodes;
step S200: capturing all authority account numbers which are issued when the digital engineering information service management system manages engineering information generated in the operation process of each engineering, and acquiring authority functions contained in each authority account number; acquiring data processing functions which can be realized in each information management module for managing each project;
step S300: judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network; wherein, step S300 includes:
Step S301: when a coincidence relation exists between a data processing function in a certain information management module and a permission function contained in a certain permission account, judging that the certain information management module is an information management module with permission user intervention management, carrying out association marking between the certain information management module and the certain permission account, and setting the certain information management module as an information management module with a first category attribute; when no coincidence relation exists between the data processing function in a certain information management module and the authority function contained in any authority account, judging that the certain information management module is an information management module without authority user intervention management, and setting the certain information management module as an information management module with a second category attribute;
step S302: traversing corresponding category attribute information for each information management module contained in a transmission chain network formed in the operation process of each project; extracting information management modules which are distributed in a transmission chain network and belong to a second category attribute as target information management modules;
step S303: locking all information transmission nodes containing each target information management module in a transmission chain network, and removing the target information management module from the transmission chain network as an information transmission node of a transmission upstream end;
Embodiment 1, as shown in fig. 3, is a partial schematic diagram of a transmission chain network formed during the operation of a project, wherein an information transmission node a→b exists between an information management module a and an information management module b; an information transmission node b-c exists between the information management module b and the information management module c; an information transmission node c-e exists between the information management module c and the information management module e; an information transmission node f-c exists between the information management module c and the information management module f; an information transmission node b-d exists between the information management module b and the information management module d;
in embodiment 2, as shown in fig. 4, the information management module c is an information management module belonging to the second category attribute, and thus all information transmission nodes including the information management module c are locked: f-c, b-c, c-e; the information management module c is taken as an information transmission node c-e at the upstream end of transmission and is removed from a transmission chain network;
step S400: in a transmission chain network after removing related information transmission nodes, identifying a plurality of information transmission links existing in the transmission network based on information transmission directions existing among the information transmission nodes, and calculating information transmission risk indexes for the information transmission links based on authority user intervention conditions and information transmission distribution conditions existing in the information transmission links respectively;
Wherein, step S400 includes:
step S401: in a transmission chain network after the related information transmission nodes are removed, a plurality of information transmission links in the same unidirectional transmission direction are identified and extracted; wherein each information transmission link comprises at least one information transmission node; an information management module at the upstream end of transmission in any information transmission node in each information transmission link is set as a1, an information management module at the downstream end of transmission is set as a2, and if Y authority users in authority users with associated marks between a2 in a certain information transmission node have authority functions of Y authority users and simultaneously contain data processing functions corresponding to a1, it is judged that Y authority users in a certain information transmission node have an upper authority supervision function on data processing in a 1;
step S402: accumulating the number N of authority users with associated marks between each information management module in each information transmission link; sequentially numbering all the information transmission nodes in each information transmission link according to the transmission direction, and accumulating the number g of authority users with an upper authority supervision function between an information management module at the transmission upstream end and an information management module at the transmission downstream end for each information transmission node one by one; the number K of information transmission nodes which exist as the transmission upstream end for each information management module in each information transmission link;
Step S403: calculating an information transmission risk index existing in each information transmission link;
R=[(N1+N2+...+NX)*(K1+K2+...+KX)][(g1+g2+...+g(X-1)]
wherein N1, N2, & gt, NX respectively represent the number of authorized users having association marks with the 1 st, 2 nd, & gt, X information management modules in each information transmission link; g1, g2, and g (X-1) respectively represent the number of authorized users having an upper-level authorized monitoring function between the 1 st, 2 nd, and (X-1) information transmission nodes in each information transmission link; k1, K2, KX represent the number of corresponding information transmission nodes that the 1 st, 2 nd, X information management modules exist as the transmission upstream end, respectively;
step S500: collecting IP address information of login of each authority account from a historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account; extracting all information management modules with association marks between the abnormal account numbers, and setting all the extracted information management modules as abnormal information management modules;
step S600: based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to abnormal verification on the abnormal account, and carrying out abnormal verification judgment on the abnormal account based on output data obtained after the verification user side carries out data processing operation in the corresponding abnormal information management module; the abnormal account number which is judged to be abnormal is fed back to the manager port;
Wherein, step S600 includes:
step S601: extracting all the information transmission links correspondingly related to each abnormal information management module respectively, and setting all the information transmission links as risk transmission links; acquiring information transmission risk indexes corresponding to all risk transmission links; capturing authority users with an upper authority supervision function for data processing existing in each abnormal information management module in each risk transmission link, and taking the authority users as verification users for carrying out abnormal verification on abnormal account numbers when each abnormal information management module is operated;
step S602: if the abnormal account number is extracted from the Q risk transmission links at the same time to a verification user for carrying out abnormal verification on a certain abnormal information management module, the verification user extracted from the risk transmission link with the minimum information transmission risk index is selected as a final verification user for carrying out abnormal verification on the abnormal account number when certain abnormal information management is operated; wherein Q is equal to or greater than 2; capturing an abnormal information management module as an information transmission node when a transmission downstream end exists, respectively extracting output data in the information management module as a transmission upstream end, and taking the output data as data to be checked;
Step S603: transmitting the data to be checked to a final checking user for checking the abnormality of the abnormal account when operating the abnormal information management module while transmitting the data to be checked to the abnormal information management module for corresponding data processing operation, operating the final checking user to perform data processing operation in the abnormal information management module based on the data to be checked, feeding back the obtained output data, and taking the output data as calibration data obtained from the final checking user terminal;
step S604: when the output data obtained after the data processing operation of the abnormal account in a certain abnormal information management module is different from the calibration data, judging that the abnormal account is abnormal, and when the output data obtained after the data processing operation of the abnormal account in each abnormal information management module is the same as the calibration data, eliminating a preliminary abnormal conclusion for the abnormal account.
In order to better realize the method, a digital management system is also provided, and the system comprises an information extraction management module, an information transmission chain network carding and extracting module, a permission information extraction management module, a category attribute information identification management module, an information transmission risk index calculation management module, an abnormal account preliminary identification judgment module and an abnormal account verification module;
The information extraction management module is used for respectively capturing each information management module built when the digital engineering information service management system digitally manages engineering information generated in the operation process of each engineering; capturing and identifying input end data and output end data in any information management module;
the information transmission chain network carding and extracting module is used for capturing and extracting the information transmission nodes among the information management modules and carding the information transmission chain network formed by the distribution of all the information transmission nodes;
the authority information extraction management module is used for capturing all authority accounts which are issued when the digital chemical engineering information service management system manages engineering information generated in the operation process of each engineering, and acquiring the authority functions contained in each authority account;
the category attribute information identification management module is used for acquiring data processing functions which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network;
The category attribute information identification management module comprises a category attribute information identification unit and an information transmission chain network arrangement unit;
the category attribute information identification unit is used for acquiring data processing functions which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account;
the information transmission chain network arrangement unit is used for arranging the information transmission nodes of the information transmission chain network according to the distribution condition of the category attribute information to which each information management module corresponds in each information transmission node;
the information transmission risk index calculation management module is used for receiving the data in the category attribute information identification management module, identifying a plurality of information transmission links existing in the transmission network based on the information transmission directions existing among the information transmission nodes, and calculating information transmission risk indexes for the information transmission links based on the intervention condition of authority users existing in the information transmission links and the information transmission distribution condition;
The abnormal account preliminary identification judgment module is used for collecting IP address information of login of each authority account from the historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account;
the abnormal account checking module is used for extracting all information management modules with association marks between the abnormal account checking module and the abnormal account, and setting all the extracted information management modules as abnormal information management modules; based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to abnormal verification on the abnormal account, and carrying out abnormal verification judgment on the abnormal account based on output data obtained after the verification user side carries out data processing operation in the corresponding abnormal information management module; the abnormal account number which is judged to be abnormal is fed back to the manager port;
the abnormal account verification module comprises a verification user extraction unit and an account verification management unit;
the verification user extraction unit is used for extracting all information management modules with association marks with the abnormal account, and setting all the extracted information management modules as abnormal information management modules; based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing a verification user corresponding to the abnormal account and carrying out abnormal verification;
The account checking management unit is used for receiving the data in the checking user extraction unit and carrying out abnormal checking judgment on the abnormal account based on the output data obtained after the checking user side carries out data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A digital management method for implementing engineering information security supervision, the method comprising:
step S100: the system comprises a digital engineering information service management system, a digital engineering information management system and a digital engineering information management system, wherein the digital engineering information service management system is used for respectively capturing various information management modules built when the digital engineering information management system digitally manages engineering information generated in the operation process of various engineering; capturing and identifying input end data and output end data in any information management module; capturing and extracting information transmission nodes among various information management modules, and carding an information transmission chain network formed by distribution among all the information transmission nodes;
the step S100 includes:
step S101: if any information management module Mi and any information management module Mj exist, wherein input end data of Mi is Pin (Mi) and output end data is Pout (Mi); the input end data of Mj is Pin (Mj), and the output end data is Pout (Mj); if the information management module Mi of any item and the information management module Mj of any item meet the following conditions: pout (Mi) ∈pin (Mj), or Pout (Mi) =pin (Mj);
step S102: judging that information transmission exists between any information management module Mi and any information management module Mj, and extracting the information transmission existing between any information management module Mi and any information management module Mj as an information transmission node Point: mi- & gtMj; wherein, the arbitrary item information management module Mi is the information transmission node Point: at the transmission upstream end in Mi-Mj, an arbitrary item information management module Mj is the information transmission node Point: a transmission downstream end in Mi→Mj;
Step S103: capturing and identifying all information transmission existing among all information management modules corresponding to each project, and extracting to obtain all information transmission nodes existing in the running process of each project; combining the information transmission nodes containing the same information management module to obtain an information transmission chain network formed by distributing all the information transmission nodes;
step S200: capturing all authority accounts which are issued when the digital chemical engineering information service management system manages engineering information generated in the engineering operation process of each project, and acquiring the authority functions contained in each authority account; acquiring data processing functions which can be realized in each information management module for managing each project;
step S300: judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network;
The step S300 includes:
step S301: when a coincidence relation exists between a data processing function in a certain information management module and a permission function contained in a certain permission account, judging that the certain information management module is an information management module with permission user intervention management, carrying out association marking between the certain information management module and the certain permission account, and setting the certain information management module as an information management module with a first category attribute; when no coincidence relation exists between the data processing function in a certain information management module and the authority function contained in any authority account, judging that the certain information management module is an information management module without authority user intervention management, and setting the certain information management module as an information management module with a second category attribute;
step S302: traversing corresponding category attribute information for each information management module contained in a transmission chain network formed in the operation process of each project; extracting information management modules which are distributed in a transmission chain network and belong to a second category attribute as target information management modules;
step S303: locking all information transmission nodes containing each target information management module in the transmission chain network, and removing the target information management module from the transmission chain network as the information transmission node at the transmission upstream end;
Step S400: in a transmission chain network after removing related information transmission nodes, identifying a plurality of information transmission links existing in the transmission network based on information transmission directions existing among the information transmission nodes, and respectively calculating information transmission risk indexes for the information transmission links based on authority user intervention conditions and information transmission distribution conditions existing in the information transmission links;
the step S400 includes:
step S401: in a transmission chain network after the related information transmission nodes are removed, a plurality of information transmission links in the same unidirectional transmission direction are identified and extracted; wherein each information transmission link comprises at least one information transmission node; an information management module at the upstream end of transmission in any information transmission node in each information transmission link is set as a1, an information management module at the downstream end of transmission is set as a2, and if Y authority users in authority users with associated marks between a2 in a certain information transmission node have authority functions of the Y authority users and simultaneously contain data processing functions corresponding to a1, it is judged that Y authority users in the certain information transmission node have an upper authority supervision function on data processing in a 1;
Step S402: accumulating the number N of authority users with associated marks between each information management module in each information transmission link; sequentially numbering all the information transmission nodes in each information transmission link according to the transmission direction, and accumulating the number g of authority users with an upper authority supervision function between an information management module at the transmission upstream end and an information management module at the transmission downstream end for each information transmission node one by one; the number K of information transmission nodes which exist as the transmission upstream end for each information management module in each information transmission link;
step S403: calculating an information transmission risk index existing in each information transmission link;
R=[(N1+N2+...+NX)*(K1+K2+...+KX)] [(g1+g2+...+g(X-1)]
wherein N1, N2, & gt, NX respectively represent the number of authorized users having association marks with the 1 st, 2 nd, & gt, X information management modules in each information transmission link; g1, g2, and g (X-1) respectively represent the number of authorized users having an upper-level authorized monitoring function between the 1 st, 2 nd, and (X-1) information transmission nodes in each information transmission link; k1, K2, KX represent the number of corresponding information transmission nodes that the 1 st, 2 nd, X information management modules exist as the transmission upstream end, respectively;
Step S500: collecting IP address information of login of each authority account from a historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account; extracting all information management modules with association marks between the abnormal account numbers, and setting all the extracted information management modules as abnormal information management modules;
step S600: capturing a verification user corresponding to the abnormal account number for performing abnormal verification based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, and performing abnormal verification judgment on the abnormal account number based on output data obtained after the verification user side performs data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
2. The method for digitally managing engineering information security supervision according to claim 1, wherein the step S600 includes:
step S601: extracting all the information transmission links correspondingly related to each abnormal information management module respectively, and setting all the information transmission links as risk transmission links; acquiring information transmission risk indexes corresponding to all risk transmission links; capturing authority users with an upper authority supervision function for data processing existing in each abnormal information management module in each risk transmission link, and taking the authority users as verification users for performing abnormal verification on the abnormal account when the abnormal account operates each abnormal information management module;
Step S602: if the abnormal account number is extracted from Q risk transmission links at the same time to a verification user for carrying out abnormal verification on a certain abnormal information management module, the verification user extracted from the risk transmission link with the minimum information transmission risk index is selected as a final verification user for carrying out abnormal verification on the abnormal account number when the certain abnormal information management is operated; wherein Q is equal to or greater than 2; capturing an abnormal information management module as an information transmission node when a transmission downstream end exists, respectively extracting output data in the information management module as a transmission upstream end, and taking the output data as data to be checked;
step S603: transmitting the data to be checked to a final checking user for performing exception checking on the exception account when the certain exception information management module is operated while transmitting the data to be checked to the certain exception information management module for performing corresponding data processing operation, operating the final checking user to perform data processing operation in the certain exception information management module based on the data to be checked, feeding back obtained output data, and taking the output data as calibration data obtained from the final checking user side;
Step S604: when output data obtained after the abnormal account number performs data processing operation in the abnormal information management module is different from the calibration data, judging that the abnormal account number is abnormal, and when the output data obtained after the abnormal account number performs data processing operation in the abnormal information management modules is identical to the calibration data, eliminating a preliminary abnormal conclusion for the abnormal account number.
3. A digital management system applying the digital management method for realizing engineering information security supervision according to any one of claims 1-2, which is characterized by comprising an information extraction management module, an information transmission chain network carding and extracting module, a permission information extraction management module, a category attribute information identification management module, an information transmission risk index calculation management module, an abnormal account preliminary identification judgment module and an abnormal account verification module;
the information extraction management module is used for respectively capturing each information management module built when the digital engineering information service management system digitally manages engineering information generated in the operation process of each engineering; capturing and identifying input end data and output end data in any information management module;
The information transmission chain network carding and extracting module is used for capturing and extracting the information transmission nodes among the information management modules and carding the information transmission chain network formed by the distribution of all the information transmission nodes;
the authority information extraction management module is used for capturing all the authority accounts which are issued when the digital chemical information service management system manages engineering information generated in the operation process of each engineering, and acquiring the authority functions contained in each authority account;
the category attribute information identification management module is used for acquiring data processing functions which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account; based on the distribution condition of category attribute information to which each information management module corresponds in each information transmission node, arranging the information transmission nodes for the information transmission chain network;
the information transmission risk index calculation management module is used for receiving the data in the category attribute information identification management module, identifying a plurality of information transmission links existing in the transmission network based on the information transmission directions existing among the information transmission nodes, and calculating information transmission risk indexes for the information transmission links based on the intervention condition of authority users existing in the information transmission links and the information transmission distribution condition;
The abnormal account preliminary identification judging module is used for collecting IP address information of login of each authority account from the historical operation log, and preliminarily judging any authority account as an abnormal account every time new IP address information is monitored to login of any authority account;
the abnormal account checking module is used for extracting all information management modules with association marks between the abnormal account checking module and the abnormal account, and setting all the extracted information management modules as abnormal information management modules; capturing a verification user corresponding to the abnormal account number for performing abnormal verification based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, and performing abnormal verification judgment on the abnormal account number based on output data obtained after the verification user side performs data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
4. A digital management system according to claim 3, wherein the category attribute information identification management module comprises a category attribute information identification unit and an information transmission chain network arrangement unit;
The category attribute information identification unit is used for acquiring a data processing function which can be realized in each information management module for managing each project; judging and carding the category attribute information of each information management module based on the coincidence distribution relation between the data processing function in each information management module and the authority function contained in any authority account;
the information transmission chain network arrangement unit is used for arranging the information transmission nodes of the information transmission chain network according to the distribution condition of the category attribute information to which each information management module corresponds in each information transmission node.
5. A digital management system according to claim 3, wherein the abnormal account verification module comprises a verification user extraction unit and an account verification management unit;
the verification user extraction unit is used for extracting all information management modules with association marks between the verification user extraction unit and the abnormal account, and setting all the extracted information management modules as abnormal information management modules; based on information transmission risk index distribution conditions presented by all information transmission links related to each abnormal information management module, capturing verification users corresponding to the abnormal account numbers for abnormal verification;
The account verification management unit is used for receiving the data in the verification user extraction unit and carrying out abnormal verification judgment on the abnormal account based on output data obtained after the verification user side carries out data processing operation in the corresponding abnormal information management module; and feeding the abnormal account number which is judged to be abnormal back to the manager port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310153870.1A CN115829192B (en) | 2023-02-23 | 2023-02-23 | Digital management system and method for realizing engineering information security supervision |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310153870.1A CN115829192B (en) | 2023-02-23 | 2023-02-23 | Digital management system and method for realizing engineering information security supervision |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115829192A CN115829192A (en) | 2023-03-21 |
| CN115829192B true CN115829192B (en) | 2023-04-21 |
Family
ID=85522178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310153870.1A Active CN115829192B (en) | 2023-02-23 | 2023-02-23 | Digital management system and method for realizing engineering information security supervision |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115829192B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116503207B (en) * | 2023-03-31 | 2023-11-14 | 中建安装集团有限公司 | Building construction safety monitoring system and method based on Internet |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115481955A (en) * | 2022-09-19 | 2022-12-16 | 深圳市海络网络科技有限公司 | International logistics intelligent management system and method based on big data |
| CN115545622A (en) * | 2022-11-30 | 2022-12-30 | 中建安装集团有限公司 | Engineering material storage management system and method based on digital construction |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10891610B2 (en) * | 2013-10-11 | 2021-01-12 | Visa International Service Association | Network token system |
| US9648036B2 (en) * | 2014-12-29 | 2017-05-09 | Palantir Technologies Inc. | Systems for network risk assessment including processing of user access rights associated with a network of devices |
| US10291506B2 (en) * | 2015-03-04 | 2019-05-14 | Fisher-Rosemount Systems, Inc. | Anomaly detection in industrial communications networks |
| US11176101B2 (en) * | 2018-02-05 | 2021-11-16 | Bank Of America Corporation | System and method for decentralized regulation and hierarchical control of blockchain architecture |
| CN110659807B (en) * | 2019-08-29 | 2022-08-26 | 苏宁云计算有限公司 | Risk user identification method and device based on link |
| CN111343161B (en) * | 2020-02-14 | 2021-12-10 | 平安科技(深圳)有限公司 | Abnormal information processing node analysis method, abnormal information processing node analysis device, abnormal information processing node analysis medium and electronic equipment |
| CN115168828A (en) * | 2021-04-01 | 2022-10-11 | 腾讯科技(深圳)有限公司 | Account security login method and device and electronic equipment |
| CN114584404B (en) * | 2022-05-07 | 2022-07-05 | 苏州智汇信息科技有限公司 | Data security protection system and method based on cloud storage technology |
| CN115204322B (en) * | 2022-09-16 | 2022-11-22 | 成都新希望金融信息有限公司 | Behavior link abnormity identification method and device |
| CN115481002A (en) * | 2022-09-26 | 2022-12-16 | 北京奇艺世纪科技有限公司 | Abnormal behavior identification method, device, equipment and storage medium |
| CN115374465B (en) * | 2022-10-24 | 2023-01-03 | 江苏荣泽信息科技股份有限公司 | Security service method and system for enterprise-level machine account |
-
2023
- 2023-02-23 CN CN202310153870.1A patent/CN115829192B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115481955A (en) * | 2022-09-19 | 2022-12-16 | 深圳市海络网络科技有限公司 | International logistics intelligent management system and method based on big data |
| CN115545622A (en) * | 2022-11-30 | 2022-12-30 | 中建安装集团有限公司 | Engineering material storage management system and method based on digital construction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115829192A (en) | 2023-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112650762B (en) | Data quality monitoring method and device, electronic equipment and storage medium | |
| US7043661B2 (en) | Topology-based reasoning apparatus for root-cause analysis of network faults | |
| CN112966903A (en) | Dangerous chemical safety production risk monitoring and early warning system and method | |
| CN107918629B (en) | Correlation method and device for alarm fault | |
| CN115829192B (en) | Digital management system and method for realizing engineering information security supervision | |
| CN107066500B (en) | Power grid mass data quality verification method based on PMS model | |
| CN106254137A (en) | The alarm root-cause analysis system and method for supervisory systems | |
| CN115983808A (en) | Project data intelligent management system and method based on digital construction | |
| US12160440B2 (en) | Method and system to detect abnormal message transactions on a network | |
| CN109389524B (en) | Integrated operation and maintenance cooperative management method based on power grid data, storage device and terminal | |
| CN115022006B (en) | Network operation maintenance system and method based on security situation awareness | |
| CN112817827A (en) | Operation and maintenance method, device, server, equipment, system and medium | |
| CN108234162A (en) | TDCS/CTC system early warning methods based on port data flow monitoring | |
| CN118245880B (en) | Building safety early warning method and system based on data analysis | |
| CN111063407B (en) | Medical resource data processing method and system based on block chain | |
| CN117391454B (en) | Industrial management system and method based on cloud edge cooperation | |
| CN117040115A (en) | Virtual power plant demand response management system based on block chain technology | |
| CN116883027B (en) | Material import and export clearance networking supervisory systems | |
| US20220130227A1 (en) | Alarm control device and alarm control method | |
| CN106600221A (en) | Novel urbanized community management system | |
| CN114118652A (en) | Monitoring platform and monitoring method for risk prevention and control management of clean government | |
| CN104854820B (en) | Monitor control device and monitoring control method | |
| CN118606144B (en) | Alarm method, device and equipment based on the integration of IT equipment and OT equipment | |
| CN118264570B (en) | Data pushing method and system based on digital twin and cloud control | |
| CN118887026B (en) | A non-tax special account supervision system and method based on electronic accounting vouchers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |