企业管理系统安全入侵风险的特征挖掘与自适应监测技术研究  

作　　者：吴俊雄 WU Junxiong(Zhejiang Hengfeng Group Co.,Ltd.,Yiwu 322000,China)

机构地区：[1]浙江恒风集团有限公司,浙江义乌322000

出　　处：《电子设计工程》2025年第5期45-50,共6页Electronic Design Engineering

摘　　要：高级持续性威胁攻击会长时间潜伏在企业管理系统中,逐步渗透和窃取数据,导致系统入侵风险特征挖掘效果下降,难以精准识别入侵风险。为此,提出企业管理系统安全入侵风险的特征挖掘与自适应监测技术研究。采用网络嗅探器结合Libpcap库实时捕获并分析网络流量,以识别企业管理系统中的安全入侵风险源,挖掘出潜在的入侵风险特征。同时,对捕获的特征数据进行归一化和Z-score规范化处理,通过聚类分析,将特征数据划分为正常行为和入侵行为。计算安全入侵风险源与入侵行为的关联度,并引入系统网络信息修正处理机制,动态调整风险因素间的关联强度,全面评估风险特征的整体关联程度。基于关联度的计算结果,构建自适应监测模型,依据系统实时状态动态调整权值,实现对企业管理系统安全入侵风险的自适应监测。实验结果表明,研究技术通过动态调整监测策略,能够精准识别入侵行为,显著提升监测覆盖率。In enterprise management system intrusion risk monitoring,advanced persistent threat attacks will lurk in the enterprise management system for a long time,gradually infiltrating and stealing data,resulting in a decrease in the effectiveness of system intrusion risk feature mining and making it difficult to accurately identify intrusion risks.Therefore,research on feature mining and adaptive monitoring technology for enterprise management system security intrusion risk is proposed.Using network sniffers combined with Libpcap library to capture and analyze network traffic in real time,in order to identify security intrusion risk sources in enterprise management systems and mine potential intrusion risk characteristics.At the same time,the captured feature data is normalized and Z-score normalized,and through clustering analysis,the feature data is divided into normal behavior and intrusion behavior.Calculate the correlation between security intrusion risk sources and intrusion behaviors,and introduce a system network information correction processing mechanism to dynamically adjust the correlation strength between risk factors,comprehensively evaluate the overall correlation degree of risk characteristics.Based on the calculation results of correlation degree,an adaptive monitoring model is constructed to dynamically adjust the weights according to the real-time status of the system,achieving adaptive monitoring of security intrusion risks in enterprise management systems.The experimental results show that the research technology can accurately identify intrusion behaviors and significantly improve monitoring coverage by dynamically adjusting monitoring strategies.

关 键 词：企业管理系统 安全入侵风险 特征挖掘 自适应监测 关联度 

分 类 号：TN918[电子电信—通信与信息系统]