CN101997786B - Efficient and safe heterogeneous media gateway - Google Patents
Efficient and safe heterogeneous media gateway Download PDFInfo
- Publication number
- CN101997786B CN101997786B CN2010105831713A CN201010583171A CN101997786B CN 101997786 B CN101997786 B CN 101997786B CN 2010105831713 A CN2010105831713 A CN 2010105831713A CN 201010583171 A CN201010583171 A CN 201010583171A CN 101997786 B CN101997786 B CN 101997786B
- Authority
- CN
- China
- Prior art keywords
- data
- file
- white list
- scanning
- sign indicating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an efficient and safe heterogeneous media gateway. The heterogeneous media gateway comprises at least one gateway server and a virus-scanning and filtering module, wherein the virus-scanning and filtering comprises the following steps of: (1) scanning a white list, and comparing the characteristics of a media data file with the characteristics of the media data file in the white list; (2) mapping a port, and coupling a media gateway with a plate physical storage pool in the manner of port mapping, wherein legal media data passes through a portal gateway without staying and is synchronously forwarded to a destination storage place; and (3) quickly slicing data and scanning a fingerprint, quickly scanning and checking data of an application layer, and directly isolating data of other protocol layers. The invention has the advantages that the efficient and safe heterogeneous media gateway and method aiming at the application layer are provided; and the virus isolation system has high transmission efficiency and favorable safety without the problem of lagging protection.
Description
Technical field
The present invention relates to a kind of heterogeneous WMG of highly effective and safe.
Background technology
At present, worm, wooden horse, spyware, bandwidth abuse, DDoS or the like form compound threat in the full court net; Make threat dangerous more be difficult to resist; And these threat directtissima enterprise key server and application, brought heavy losses to TV station, particularly broadcast system; Be faced with these everyday and threaten, cause the serious accident that to break.
The concrete manifestation of these threats mainly comprises: attack terminal use's computer, bring information risk even property loss to the user; Network infrastructure is carried out DoS/DDoS attack, cause the paralysis of infrastructure; Bandwidth resources are formed huge resources loss by the waste of independent of service flow.
In the face of these problems, the maximum problem of traditional solution is that fire compartment wall is operated on the TCP/IP 3-4 layer; Network packet is carried out feature detection one by one; The intercommunication performance sharply reduces, and basic with regard to " seeing " existence less than these threats of application layer, and IDS is as a bypass equipment; These are threatened again " see and do not hinder ", so we need a brand-new security solution to application layer security.
Summary of the invention
Goal of the invention of the present invention is to overcome the deficiency of prior art, and a kind of efficient and safe heterogeneous WMG to application layer is provided, and realizes efficient, safety, the Anti-Virus that does not exist protection to lag behind.
Goal of the invention of the present invention realizes through following technical scheme: the heterogeneous WMG of highly effective and safe; It comprises the module of at least one gateway server and virus scan and filtration, it is characterized in that: described virus scan and filtration may further comprise the steps:
(1) characteristic of media data file in the characteristic of media data file and the white list is compared in white list scanning, receives only the data file on " white list " and could be got into this operational plate through resolving after approving;
(2) port mapping, WMG adopt mode and the plate physical store pond of port mapping to connect, and legal media data does not stop during through door gateway, is synchronized and is forwarded to purpose storage ground;
(3) the data slicer finger scan of speed extremely only carries out scanned for checkout apace to the data of application layer, and the data of other protocol layers are directly isolated.
The operation platform of heterogeneous WMG of the present invention is embedded UNIX operating system.
White list scanning of the present invention may further comprise the steps:
(1) sets up the white list tabulation, the corresponding a kind of effective file type of each entry in the white list tabulation;
(2) set up the tabulation of matching characteristic sign indicating number, each entry of matching characteristic sign indicating number tabulation is represented a kind of characteristic of effective file type;
(3) read in data file to be resolved, whether the type of inspection file exists corresponding entry in the white list tabulation, if can not find corresponding entry, then abandon this document;
(4) read condition code, from the tabulation of matching characteristic sign indicating number, search whether there is corresponding entry,, then abandon this document if can not find corresponding entry through the file of white list check;
(5) generate the plate fingerprint, and the plate fingerprint is bundled on the data flow;
(6) data flow transmission is arrived storage node;
(7) receiving data stream, and data stream carried out the verification contrast;
(8) with deciphering of transmitting terminal PKI and verification plate fingerprint;
(9) judge whether plate fingerprint that deciphering obtains is identical with plate fingerprint in being bundled in data flow,, data are stored, otherwise abandon this data if identical then be the legitimacy verification through data.
The data slicer finger scan of extremely speed of the present invention only carries out scanned for checkout apace to the data of application layer, may further comprise the steps:
(1) microchannel memory-mapped: be mapped to video file in the virtual address space of system physical internal memory, realize the access of file according to the access mode of internal storage data;
(2) intelligent data section: the data that will be mapped to internal memory are carried out the intelligence section, are cut into a plurality of data blocks;
(3) parallel processing data slicer: the MD5 algorithm is carried out to data block in multi-threaded parallel ground, and the eap-message digest that obtains each data block respectively is the MD5 sign indicating number;
(4) MD5 fingerprint extraction, comprehensively the eap-message digest of each data block is the MD5 sign indicating number, obtains the MD5 sign indicating number finger print information of whole video file.
Data slicer method of the present invention comprises compressed file data slicer method and interframe compressed file data slicer method in the frame:
(1) for compressed file data in the frame, only consider the data of this frame and do not consider the redundant information between the consecutive frame, do not use motion compensation, so be random-accessly to go into a little, directly cut apart according to the blocks of files size that presets;
(2) for interframe compressed file data, it is based on compression method between the frame of video of temporal correlation, when data are cut apart, is that reference frame is cut apart with the I frame.
The invention has the beneficial effects as follows: a kind of efficient and safe heterogeneous WMG and method to application layer is provided; This viral shielding system has higher data transmission efficiency; Gateway itself also has higher-security; Compare with fire compartment wall with traditional anti-virus software, have efficient, security performance is good and do not have the advantages such as problem of protection hysteresis.
Description of drawings
The heterogeneous WMG workflow diagram of Fig. 1 highly effective and safe
Fig. 2 is based on the data detection course of work sketch map of white list
The extremely fast scan-data section of Fig. 3 application layer data sketch map.
Embodiment
Specify technical scheme of the present invention below in conjunction with accompanying drawing, the heterogeneous WMG of highly effective and safe, it comprises the module of at least one gateway server and virus scan and filtration, it is characterized in that: described virus scan and filtration may further comprise the steps:
(1) characteristic of media data file in the characteristic of media data file and the white list is compared in white list scanning, receives only the data file on " white list " and could be got into this operational plate through resolving after approving;
(2) port mapping, WMG adopt mode and the plate physical store pond of port mapping to connect, and legal media data does not stop during through door gateway, is synchronized and is forwarded to purpose storage ground;
(3) the data slicer finger scan of speed extremely only carries out scanned for checkout apace to the data of application layer, and the data of other protocol layers are directly isolated.
The operation platform of heterogeneous WMG of the present invention is embedded UNIX operating system.
White list scanning of the present invention may further comprise the steps:
(1) sets up the white list tabulation, the corresponding a kind of effective file type of each entry in the white list tabulation;
(2) set up the tabulation of matching characteristic sign indicating number, each entry of matching characteristic sign indicating number tabulation is represented a kind of characteristic of effective file type;
(3) read in data file to be resolved, whether the type of inspection file exists corresponding entry in the white list tabulation, if can not find corresponding entry, then abandon this document;
(4) read condition code, from the tabulation of matching characteristic sign indicating number, search whether there is corresponding entry,, then abandon this document if can not find corresponding entry through the file of white list check;
(5) generate the plate fingerprint, and the plate fingerprint is bundled on the data flow;
(6) data flow transmission is arrived storage node;
(7) receiving data stream, and data stream carried out the verification contrast;
(8) with deciphering of transmitting terminal PKI and verification plate fingerprint;
(9) judge whether plate fingerprint that deciphering obtains is identical with plate fingerprint in being bundled in data flow,, data are stored, otherwise abandon this data if identical then be the legitimacy verification through data.
The data slicer finger scan of extremely speed of the present invention only carries out scanned for checkout apace to the data of application layer, may further comprise the steps:
(1) microchannel memory-mapped: be mapped to video file in the virtual address space of system physical internal memory, realize the access of file according to the access mode of internal storage data;
(2) intelligent data section: the data that will be mapped to internal memory are carried out the intelligence section, are cut into a plurality of data blocks;
(3) parallel processing data slicer: the MD5 algorithm is carried out to data block in multi-threaded parallel ground, and the eap-message digest that obtains each data block respectively is the MD5 sign indicating number;
(4) MD5 fingerprint extraction, comprehensively the eap-message digest of each data block is the MD5 sign indicating number, obtains the MD5 sign indicating number finger print information of whole video file.
Data slicer method of the present invention comprises compressed file data slicer method and interframe compressed file data slicer method in the frame:
(1) for compressed file data in the frame, because its compression the time only considers the data of this frame and do not consider the redundant information between the consecutive frame, do not use motion compensation, so be random-accessly to go into a little, directly cut apart according to the blocks of files size that presets;
(2),, when data are cut apart, be that reference frame is cut apart with the I frame because it is based on compression method between the frame of video of temporal correlation for interframe compressed file data.
Like Fig. 1; When transfer of data arrives the heterogeneous WMG; At first carry out white list scanning, soon the characteristic of media data file is compared in the characteristic of media data file and the white list, receives only the data file on " white list " and pass through to resolve after approving to be got into this operational plate.
Like Fig. 2, the data detection machine-processed based on white list may further comprise the steps:
(1) sets up the white list tabulation, the corresponding a kind of effective file type of each entry in the white list tabulation;
(2) set up the tabulation of matching characteristic sign indicating number, each entry of matching characteristic sign indicating number tabulation is represented a kind of characteristic of effective file type;
(3) read in data file to be resolved, whether the type of inspection file exists corresponding entry in the white list tabulation, if can not find corresponding entry, then abandon this document;
(4) read condition code, from the tabulation of matching characteristic sign indicating number, search whether there is corresponding entry,, then abandon this document if can not find corresponding entry through the file of white list check;
(5) generate the plate fingerprint, and the plate fingerprint is bundled on the data flow;
(6) data flow transmission is arrived storage node;
(7) receiving data stream, and data stream carried out the verification contrast;
(8) with deciphering of transmitting terminal PKI and verification plate fingerprint;
(9) judge whether plate fingerprint that deciphering obtains is identical with plate fingerprint in being bundled in data flow,, data are stored, otherwise abandon this data if identical then be the legitimacy verification through data.
Like Fig. 1, then pass through port mapping through the data of white list scanning, WMG adopts mode and the plate physical store pond of port mapping to connect, and legal media data does not stop during through door gateway, is synchronized and is forwarded to purpose storage ground.
Like Fig. 1, Fig. 3; When data directly are forwarded to purpose storage ground synchronously through the port mapping mode; Extremely fast data slicer finger scan; Only the data of application layer are carried out scanned for checkout apace, the data of other protocol layers are directly isolated, and extremely the data slicer finger scan of speed may further comprise the steps again:
(1) microchannel memory-mapped: be mapped to video file in the virtual address space of system physical internal memory, realize the access of file according to the access mode of internal storage data;
(2) intelligent data section: the data that will be mapped to internal memory are carried out the intelligence section, are cut into a plurality of data blocks;
(3) parallel processing data slicer: the MD5 algorithm is carried out to data block in multi-threaded parallel ground, and the eap-message digest that obtains each data block respectively is the MD5 sign indicating number;
(4) MD5 fingerprint extraction, comprehensively the eap-message digest of each data block is the MD5 sign indicating number, obtains the MD5 sign indicating number finger print information of whole video file.
The MD5 sign indicating number finger print information and the source MD5 sign indicating number finger print information that extract are compared, can judge whether file is distorted.
Claims (1)
1. the method for virus scan and filtration, it is characterized in that: it may further comprise the steps:
(1) characteristic of media data file in the characteristic of media data file and the white list is compared in white list scanning, receives only the data file on " white list " and could be got into this operational plate through resolving after approving;
(2) port mapping, WMG adopt mode and the plate physical store pond of port mapping to connect, and legal media data does not stop during through door gateway, is synchronized and is forwarded to purpose storage ground;
(3) the data slicer finger scan of speed extremely only carries out scanned for checkout apace to the data of application layer, and the data of other protocol layers are directly isolated, and wherein, the described extremely data slicer finger scan of speed comprises following substep:
(a) microchannel memory-mapped: be mapped to video file in the virtual address space of system physical internal memory, realize the access of file according to the access mode of internal storage data;
(b) intelligent data section: the data that will be mapped to internal memory are carried out the intelligence section, are cut into a plurality of data blocks;
(c) parallel processing data slicer: the MD5 algorithm is carried out to data block in multi-threaded parallel ground, and the eap-message digest that obtains each data block respectively is the MD5 sign indicating number;
(d) MD5 fingerprint extraction, comprehensively the eap-message digest of each data block is the MD5 sign indicating number, obtains the MD5 sign indicating number finger print information of whole video file.
2. the method for a kind of virus scan according to claim 1 and filtration is characterized in that: for compressed file in the frame, directly cut apart according to the blocks of files size that presets during data slicer.
3. the method for a kind of virus scan according to claim 1 and filtration is characterized in that: for the interframe compressed file, be that reference frame is cut apart with the I frame during data slicer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105831713A CN101997786B (en) | 2010-12-12 | 2010-12-12 | Efficient and safe heterogeneous media gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105831713A CN101997786B (en) | 2010-12-12 | 2010-12-12 | Efficient and safe heterogeneous media gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101997786A CN101997786A (en) | 2011-03-30 |
| CN101997786B true CN101997786B (en) | 2012-03-14 |
Family
ID=43787396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105831713A Active CN101997786B (en) | 2010-12-12 | 2010-12-12 | Efficient and safe heterogeneous media gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101997786B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462581B (en) * | 2014-12-30 | 2018-03-06 | 成都因纳伟盛科技股份有限公司 | Very fast file fingerprint extraction system and method based on the mapping of microchannel internal memory and Smart Slice |
| CN105681907A (en) * | 2015-12-30 | 2016-06-15 | 中电长城网际系统应用有限公司 | Information verification system and method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
-
2010
- 2010-12-12 CN CN2010105831713A patent/CN101997786B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN101635730A (en) * | 2009-08-28 | 2010-01-27 | 深圳市永达电子股份有限公司 | Method and system for safe management of internal network information of small and medium-sized enterprises |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101997786A (en) | 2011-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gan et al. | Internet of things security analysis | |
| CN1330131C (en) | System and method for detecting network worm in interactive mode | |
| US20060191008A1 (en) | Apparatus and method for accelerating intrusion detection and prevention systems using pre-filtering | |
| KR100426317B1 (en) | System for providing a real-time attacking connection traceback using of packet watermark insertion technique and method therefor | |
| CN101692649B (en) | Method and equipment for data multi-wire monitoring | |
| CN104767752A (en) | Distributed network isolating system and method | |
| CN101136922A (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| CN101425903A (en) | Trusted network architecture based on identity | |
| CN101378395A (en) | Method and apparatus for preventing reject access aggression | |
| CN1175621C (en) | Method of detecting and monitoring malicious user host machine attack | |
| CN102882676A (en) | Method and system for equipment to safely access Internet of things | |
| Oueslati et al. | Comparative study of the common cyber-physical attacks in industry 4.0 | |
| CN115865526B (en) | Industrial Internet security detection method and system based on cloud edge cooperation | |
| CN108449310B (en) | Domestic network security isolation and one-way import system and method | |
| CN101997786B (en) | Efficient and safe heterogeneous media gateway | |
| CN114339767B (en) | Signaling detection method and device, electronic equipment and storage medium | |
| CN105429944A (en) | ARP attack automatic identification adjusting method and router | |
| CN112272172A (en) | Internet of things video monitoring safety management system | |
| US20200213355A1 (en) | Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory | |
| CN1367434A (en) | Intraconnection network computer and Internet unauthorized connection monitoring system and its method | |
| CN106878338B (en) | Telecontrol equipment gateway firewall integrated machine system | |
| Ye et al. | Research on network security protection strategy | |
| CN101079694A (en) | A certificate making system and method | |
| CN112311776B (en) | System and method for preventing flooding attack of API gateway | |
| KR102027434B1 (en) | Security apparatus and method for operating the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |