CN112351044A - Network security system based on big data - Google Patents
Network security system based on big data Download PDFInfo
- Publication number
- CN112351044A CN112351044A CN202011391725.XA CN202011391725A CN112351044A CN 112351044 A CN112351044 A CN 112351044A CN 202011391725 A CN202011391725 A CN 202011391725A CN 112351044 A CN112351044 A CN 112351044A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- server
- data packet
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 claims description 49
- 238000004891 communication Methods 0.000 claims description 28
- 238000002955 isolation Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000007405 data analysis Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract description 3
- 230000009545 invasion Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0882—Utilisation of link capacity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention relates to a network security system, in particular to a network security system based on big data, which comprises a server and a data packet acquisition module, wherein the data packet acquisition module is used for acquiring a received data packet and sending the data packet; the technical scheme provided by the invention can effectively overcome the defect that the data packet is easy to be invaded and attacked when being sent to other equipment in the prior art.
Description
Technical Field
The invention relates to a network security system, in particular to a network security system based on big data.
Background
The computer communication network is a system which interconnects a plurality of computers with independent functions through communication equipment and transmission media and realizes information transmission and exchange among the computers under the support of communication software. The computer network is a system that connects a plurality of independent computer systems, terminals, and data devices, which are relatively dispersed geographically, by a communication means for the purpose of sharing resources, and performs data exchange under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are the way to implement network resource sharing, so computer networks should be secure, and the corresponding computer communication networks must also be secure.
With the development of network technology, the traditional lan structure has the disadvantages of vulnerable network security, incomplete functions, etc., and the security, stability, versatility and rapidity of the enterprise network have become the most concerned problems for enterprise managers, such as the security of intranet user data, the control of virus propagation between the intranet and the extranet, and the extension of network functions, including voice, video, multi-party communication, data transmission, data sharing, remote login, etc.
However, the existing network security system cannot effectively determine whether the intranet device and the extranet device are invaded or attacked, and when the intranet sends a data packet to the poisoned intranet device and extranet device, the intranet device and the extranet device may be invaded or attacked.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects in the prior art, the invention provides a network security system based on big data, which can effectively overcome the defect that the data packet is easy to be invaded and attacked when being sent to other equipment in the prior art.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme:
a network security system based on big data comprises a server and a data packet acquisition module used for acquiring a received data packet and sending the data packet, wherein the server is connected with a data transmission module used for transmitting the received data packet, the server is connected with a data processing module used for processing the received data packet, the server establishes communication with a monitoring center through a wireless communication module, and the server is connected with a strategy execution module used for executing a security strategy sent by the monitoring center;
the server is connected with a data category judgment module for judging the data category of the sending data packet, the server is connected with a data flow monitoring module for monitoring the data flow of the internal network and the external network, the server is connected with an identity information storage module for storing intranet identity information, the server is connected with an identity information identification module for identifying the identity information contained in the sending data packet, the server is connected with an identity information checking module for matching the identity information contained in the sending data packet and the intranet identity information, the server is connected with a data caching module for caching the sending data packet, and the server is connected with a data isolation module for isolating the sending data packet.
Preferably, the data processing module decrypts, reassembles, and encodes information included in the received data packet, and the server sends the processed data to the monitoring center through the wireless communication module.
Preferably, the monitoring center monitors the processed data and generates a corresponding security policy according to a monitoring result.
Preferably, the system further comprises a network state monitoring module connected with the server and used for monitoring the congestion degree of the current network, and when the monitoring result obtained by the monitoring center does not contain network intrusion and network attack information and the network state monitoring module monitors and monitors the idle state of the current network, the monitoring center sends the security policy to the server through the wireless communication module;
and when the monitoring result obtained by the monitoring center contains network intrusion and network attack information, the monitoring center ignores the current network congestion degree and preferentially sends the security strategy to the server through the wireless communication module.
Preferably, the monitoring system further comprises a security dynamic monitoring module connected with the server and used for dynamically recording the monitoring result fed back by the monitoring center, performing historical analysis and visually displaying the analysis result on the monitoring result, and a detection log updating module connected with the server and used for updating the monitoring log according to the security policy sent by the monitoring center.
Preferably, when the data type judgment module receives only one information stream within a set time, the sending data packet is a data packet sent to the intranet; otherwise, the sending data packet is a data packet sent to the external network.
Preferably, when the sending data packet is a data packet sent to an intranet, if the identity information checking module can match the identity information included in the sending data packet in the intranet identity information, the server caches the sending data packet in the data caching module;
otherwise, the server puts the sending data packet into a data isolation module for isolation and cuts off the communication with the intranet equipment.
Preferably, when the sending data packet is a data packet sent to an external network, the data flow monitoring module judges the sizes of the data flows of the internal network and the external network, and if the data flow of the external network is not greater than the data flow of the internal network, the server caches the sending data packet and the information flow responded by the external network into the data caching module;
otherwise, the server puts the information flow for sending the data packet and responding by the external network into a data isolation module for isolation.
Preferably, the system further comprises a data sending module connected with the data caching module and used for sending the sending data packet to a target network, and a data analysis module connected with the data isolation module and used for analyzing the isolated data and acquiring the network address of the attack device.
Preferably, the data analysis module sends the network address of the attack device obtained by analysis to a server, and the server uploads the network address to a monitoring center through a wireless communication module.
(III) advantageous effects
Compared with the prior art, the network security system based on big data provided by the invention not only can effectively monitor the received data packet and generate a corresponding security policy according to the monitoring result, but also can effectively track the transmitted data packet, when the identity information can not be matched in the intranet identity information, the communication with the intranet equipment is cut off, and when the data flow of an external network is greater than that of the intranet, the information flow corresponding to the external network is isolated, so that the potential threats of invasion and attack when the data packet is transmitted to other equipment can be effectively reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a schematic diagram of the system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A network security system based on big data is disclosed, as shown in figure 1, and comprises a server and a data packet obtaining module for obtaining a received data packet and sending the data packet, wherein the server is connected with a data transmission module for transmitting the received data packet, the server is connected with a data processing module for processing the received data packet, the server establishes communication with a monitoring center through a wireless communication module, and the server is connected with a strategy execution module for executing a security strategy sent by the monitoring center.
The data processing module decrypts, recombines and encodes the information contained in the received data packet, and the server sends the processed data to the monitoring center through the wireless communication module. The monitoring center monitors the processed data and generates a corresponding security policy according to a monitoring result.
The system also comprises a network state monitoring module which is connected with the server and used for monitoring the congestion degree of the current network, and when the monitoring result obtained by the monitoring center does not contain network intrusion and network attack information and the network state monitoring module monitors and monitors the idle state of the current network, the monitoring center sends the security strategy to the server through the wireless communication module;
when the monitoring result obtained by the monitoring center contains network intrusion and network attack information, the monitoring center ignores the current network congestion degree and preferentially sends the security strategy to the server through the wireless communication module.
By monitoring the current network congestion degree, the network idle time can be selected and the security policy is sent to the server when no threat exists, so that the congestion degree of the server is effectively reduced, the response speed of the server is improved, and the processing progress of the server is optimized.
The monitoring system also comprises a safety dynamic monitoring module which is connected with the server and is used for dynamically recording the monitoring result fed back by the monitoring center, carrying out historical analysis and visually displaying the analysis result on the monitoring result, and a detection log updating module which is connected with the server and is used for updating the monitoring log according to the safety strategy sent by the monitoring center.
The monitoring results fed back by the monitoring center in each historical time period can be visually displayed to a user through the safety dynamic monitoring module, the monitoring results can be conveniently analyzed, the probability that threats exist in data packets sent by the type of equipment is higher, and further monitoring of the data packets sent by the type of equipment is strengthened.
The server is connected with a data category judgment module for judging the data category of the sent data packet, the server is connected with a data flow monitoring module for monitoring the data flow of the internal network and the external network, the server is connected with an identity information storage module for storing the identity information of the internal network, the server is connected with an identity information identification module for identifying the identity information contained in the sent data packet, the server is connected with an identity information checking module for matching the identity information contained in the sent data packet and the identity information of the internal network, the server is connected with a data cache module for caching the sent data packet, and the server is connected with a data isolation module for isolating the sent data packet.
When the data type judging module only receives one information flow within the set time, the sending data packet is a data packet sent to the intranet; otherwise, the sending data packet is a data packet sent to the external network.
When a packet is sent between internal networks, no response message flow is usually generated, and when a packet is sent to an external network, two message flows including the response message flow are generated, so as to identify whether the sent packet is sent to the internal network or the external network.
When the sending data packet is a data packet sent to the intranet, if the identity information checking module can match the identity information contained in the sending data packet in the intranet identity information, the server caches the sending data packet into the data caching module;
otherwise, the server puts the sending data packet into a data isolation module for isolation and cuts off the communication with the intranet equipment.
When the sending data packet is a data packet sent to an external network, the data flow monitoring module judges the data flow of the internal network and the external network, and if the data flow of the external network is not greater than the data flow of the internal network, the server caches the sending data packet and the information flow responded by the external network into the data caching module;
otherwise, the server puts the information flow of the sending data packet and the response of the external network into a data isolation module for isolation.
When the identity information can not be matched in the intranet identity information, the communication with the intranet equipment is cut off; when the data flow of the external network is greater than that of the internal network, the information flow corresponding to the external network is isolated, so that the potential threats of invasion and attack when the data packet is sent to other equipment can be effectively reduced.
The data analysis module is connected with the data isolation module and is used for analyzing the isolated data and acquiring the network address of the attack equipment. And the data analysis module sends the network address of the attack device obtained by analysis to the server, and the server uploads the network address to the monitoring center through the wireless communication module.
After receiving the network address of the attack device, the monitoring center can strengthen effective monitoring of the attack device, and can report the network address to the monitoring center in the area, and issue a uniform security policy to the network device in the area through the monitoring center in the area, thereby avoiding larger-scale network security events.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (10)
1. A big data based network security system, characterized by: the system comprises a server and a data packet acquisition module used for acquiring a received data packet and sending the data packet, wherein the server is connected with a data transmission module used for transmitting the received data packet, the server is connected with a data processing module used for carrying out data processing on the received data packet, the server is communicated with a monitoring center through a wireless communication module, and the server is connected with a strategy execution module used for executing a safety strategy sent by the monitoring center;
the server is connected with a data category judgment module for judging the data category of the sending data packet, the server is connected with a data flow monitoring module for monitoring the data flow of the internal network and the external network, the server is connected with an identity information storage module for storing intranet identity information, the server is connected with an identity information identification module for identifying the identity information contained in the sending data packet, the server is connected with an identity information checking module for matching the identity information contained in the sending data packet and the intranet identity information, the server is connected with a data caching module for caching the sending data packet, and the server is connected with a data isolation module for isolating the sending data packet.
2. A big-data based cybersecurity system as claimed in claim 1, wherein: the data processing module decrypts, recombines and encodes information contained in the received data packet, and the server sends the processed data to the monitoring center through the wireless communication module.
3. A big data based network security system as claimed in claim 2, wherein: and the monitoring center monitors the processed data and generates a corresponding security strategy according to a monitoring result.
4. A big data based network security system as claimed in claim 3, wherein: the system also comprises a network state monitoring module which is connected with the server and used for monitoring the congestion degree of the current network, and when the monitoring result obtained by the monitoring center does not contain network intrusion and network attack information and the network state monitoring module monitors and monitors the idle state of the current network, the monitoring center sends the security strategy to the server through a wireless communication module;
and when the monitoring result obtained by the monitoring center contains network intrusion and network attack information, the monitoring center ignores the current network congestion degree and preferentially sends the security strategy to the server through the wireless communication module.
5. A big-data based cybersecurity system as claimed in claim 1, wherein: the monitoring system also comprises a safety dynamic monitoring module which is connected with the server and is used for dynamically recording the monitoring result fed back by the monitoring center, carrying out historical analysis and visually displaying the analysis result on the monitoring result, and a detection log updating module which is connected with the server and is used for updating the monitoring log according to the safety strategy sent by the monitoring center.
6. A big-data based cybersecurity system as claimed in claim 1, wherein: when the data type judging module only receives one information flow within the set time, the sending data packet is a data packet sent to the intranet; otherwise, the sending data packet is a data packet sent to the external network.
7. The big-data based cybersecurity system of claim 6, wherein: when the sending data packet is a data packet sent to the intranet, if the identity information checking module can match the identity information contained in the sending data packet in the intranet identity information, the server caches the sending data packet to the data caching module;
otherwise, the server puts the sending data packet into a data isolation module for isolation and cuts off the communication with the intranet equipment.
8. The big-data based cybersecurity system of claim 6, wherein: when the sending data packet is a data packet sent to an external network, the data flow monitoring module judges the data flow of the internal network and the external network, and if the data flow of the external network is not greater than the data flow of the internal network, the server caches the sending data packet and the information flow responded by the external network into the data caching module;
otherwise, the server puts the information flow for sending the data packet and responding by the external network into a data isolation module for isolation.
9. A big data based network security system as claimed in claim 7 or 8, wherein: the data analysis module is connected with the data isolation module and is used for analyzing the isolated data and acquiring the network address of the attack equipment.
10. A big-data based network security system as recited in claim 9, wherein: the data analysis module sends the network address of the attack device obtained by analysis to the server, and the server uploads the network address to the monitoring center through the wireless communication module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011391725.XA CN112351044A (en) | 2020-12-02 | 2020-12-02 | Network security system based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011391725.XA CN112351044A (en) | 2020-12-02 | 2020-12-02 | Network security system based on big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112351044A true CN112351044A (en) | 2021-02-09 |
Family
ID=74427875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011391725.XA Pending CN112351044A (en) | 2020-12-02 | 2020-12-02 | Network security system based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112351044A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242437A (en) * | 2022-06-15 | 2022-10-25 | 国科华盾(北京)科技有限公司 | Network security system achieving effective management through cloud data analysis |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| US20140196105A1 (en) * | 2013-01-09 | 2014-07-10 | Delta Electronics, Inc. | Cloud system with attack protection mechanism and protection method using for the same |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | SDN-oriented intrusion defense system and method |
| CN111510436A (en) * | 2020-03-27 | 2020-08-07 | 黑龙江省网络空间研究中心 | Network security system |
-
2020
- 2020-12-02 CN CN202011391725.XA patent/CN112351044A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| US20140196105A1 (en) * | 2013-01-09 | 2014-07-10 | Delta Electronics, Inc. | Cloud system with attack protection mechanism and protection method using for the same |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | SDN-oriented intrusion defense system and method |
| CN111510436A (en) * | 2020-03-27 | 2020-08-07 | 黑龙江省网络空间研究中心 | Network security system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242437A (en) * | 2022-06-15 | 2022-10-25 | 国科华盾(北京)科技有限公司 | Network security system achieving effective management through cloud data analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11924170B2 (en) | Methods and systems for API deception environment and API traffic control and security | |
| AU2019216687B2 (en) | Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness | |
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| US8904532B2 (en) | Method, apparatus and system for detecting botnet | |
| US6775657B1 (en) | Multilayered intrusion detection system and method | |
| US7120934B2 (en) | System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network | |
| CN111193719A (en) | Network intrusion protection system | |
| US20080196102A1 (en) | Device, system and method for use of micro-policies in intrusion detection/prevention | |
| US20040181664A1 (en) | Secure self-organizing and self-provisioning anomalous event detection systems | |
| US8448189B2 (en) | Identifying intrusions into a network data processing system | |
| US11856008B2 (en) | Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent | |
| MXPA05002559A (en) | System and method for remotely monitoring wirless networks. | |
| US10951637B2 (en) | Distributed detection of malicious cloud actors | |
| CN108270722B (en) | Attack behavior detection method and device | |
| WO2021098313A1 (en) | Blockchain-based host security monitoring method and apparatus, medium and electronic device | |
| US7409715B2 (en) | Mechanism for detection of attacks based on impersonation in a wireless network | |
| US20220166783A1 (en) | Enabling enhanced network security operation by leveraging context from multiple security agents | |
| US20210352104A1 (en) | Detecting malicious activity in a cluster | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| CN112351044A (en) | Network security system based on big data | |
| CN110213301B (en) | Method, server and system for transferring network attack plane | |
| CN115603938A (en) | Attack protection method, terminal device and computer readable storage medium | |
| CN110912869A (en) | Big data-based monitoring and reminding method | |
| US10757078B2 (en) | Systems and methods for providing multi-level network security | |
| US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210209 |