CN107360153B - Network security protection system about big data - Google Patents
Network security protection system about big data Download PDFInfo
- Publication number
- CN107360153B CN107360153B CN201710552594.0A CN201710552594A CN107360153B CN 107360153 B CN107360153 B CN 107360153B CN 201710552594 A CN201710552594 A CN 201710552594A CN 107360153 B CN107360153 B CN 107360153B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- behavior recording
- control host
- priority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000011156 evaluation Methods 0.000 claims abstract description 17
- 238000013500 data storage Methods 0.000 claims abstract description 10
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 230000006399 behavior Effects 0.000 claims description 31
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 238000000034 method Methods 0.000 claims description 10
- 230000015654 memory Effects 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 4
- 239000013307 optical fiber Substances 0.000 claims description 4
- 241000700605 Viruses Species 0.000 description 12
- 230000008569 process Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 241000282414 Homo sapiens Species 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of network security, in particular to a network security protection system for big data, which comprises a data storage module, a data access module and a data acquisition module, wherein the data storage module is used for storing data; the data access module comprises an external network, a priority evaluation module, a data request module, a first behavior recording module and a firewall, and the data acquisition module comprises a control host, a second behavior recording module and a data request point; the two ends of the data center are respectively connected with the priority evaluation module and the backup module, the two ends of the data center are connected with the priority evaluation module and the backup module, a TPM security chip is arranged in the control host, the TPM security chip has the function of generating encryption and decryption keys and can encrypt in a wider range, and a request command of a user when requesting related data information is well protected in the transmission process.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security protection system for big data.
Background
The existing society is a high-speed development society, science and technology are developed, information circulation is realized, communication among people is more and more close, life is more and more convenient, big data is a product of the high-tech era, the big data refers to a data set which cannot be captured, managed and processed by a conventional software tool within a certain time range, and is a massive, high-growth-rate and diversified information asset which needs a new processing mode to have stronger decision power, insight discovery power and flow optimization capability, the big data comprises structured, semi-structured and unstructured data, the unstructured data becomes a main part of the data more and more, and the big data attracts more and more attention along with the coming of the cloud era and comprises three levels of contents: theory, technology and practice, with continuous innovation of various industries, big data can gradually create more values for human beings.
In the invention patent CN106302533A in our country, a big data security management system is disclosed, which includes: the acquisition nodes are used for acquiring data and reporting the acquired data to corresponding node servers; the node server is used for receiving the data reported by the acquisition node, performing virus searching and killing on the data, and sending the data which passes the virus searching and killing to the data center server; the data center server is used for receiving and storing the data sent by the node server; and the safety server is used for searching and killing viruses for the node server according to the virus information base. In the process of the data transmission server, the invention carries out virus check and kill on each data reported to the data center server, only passes through the data checked and killed by the virus, and ensures the safety of the data entering the data center server; in addition, virus checking and killing are carried out on the node server through the security server, and the node server is ensured not to be infected by viruses. In addition, the invention also provides a big data security management method. Although the big data security management system can check and kill the viruses reported to the data center server, when the data request volume is very large, a corresponding preferential corresponding mechanism is not provided, the system is easy to crash, and some viruses may enter the system to steal and destroy the data of the data center when the viruses are still in the system.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network security protection system for big data, which is used for solving the problems that when the data request volume is very large, a corresponding preferential corresponding mechanism is not provided, the system is easy to crash, and certain viruses enter the system opportunistically to steal and damage the data of a data center and the like.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme:
a network security protection system for big data comprises a data storage module, a data access module and a data acquisition module; the data access module comprises an external network, a priority evaluation module, a data request module, a first behavior recording module and a firewall, and the data acquisition module comprises a control host, a second behavior recording module and a data request point; the two ends of the data center are respectively connected with the priority evaluation module and the backup module, one side of the priority evaluation module is connected with the data request module, one side of the data request module is connected with the external network, the external network is connected with the firewall, the firewall is connected with a switch, the switch is electrically connected with CAN conversion equipment, the CAN conversion equipment is connected with the control host through a CAN bus, and one end of the control host is respectively connected with the data request point and the second behavior recording module through the CAN bus.
Preferably, the backup module comprises a first memory and data storage software.
Preferably, the control host comprises a virtual control panel and a CPU processor.
Preferably, the number of the data request points is n, and n ≧ 1.
Preferably, the data request point includes a user terminal and the user terminal includes an encryption module.
Preferably, the first behavior recording module, the second behavior recording module and the backup module each include a UPS power supply.
Preferably, a second memory is included in each of the first behavior recording module and the second behavior recording module.
Preferably, the priority rating module comprises a data storage device, a data detection device, a data comparison device and a data caching device.
Preferably, the control host and the data cache device further include a TPM security chip, and the control host and the data cache device are both installed with software supporting the TPM security chip.
(III) advantageous effects
The invention provides a network security protection system for big data, wherein two ends of a data center are connected with a priority evaluation module and a backup module, the priority evaluation module can grade data sent by the data center so as to determine the sending sequence of the data, and under the action of a first behavior recording module, when the data are sent out, the process from request to sending of the data can be recorded and stored in a log form for monitoring; the TPM security chip is arranged in the control host, has the function of generating encryption and decryption keys and can encrypt in a wider range, so that a request command of a user when requesting related data information is well protected in the transmission process.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of the system architecture of the present invention;
FIG. 2 is a schematic diagram of the structure of the priority rating module of the present invention;
in the figure: 1. a data saving module; 2. a data access module; 3. a data acquisition module; 4. a data center; 5. a backup module; 6. an outer net; 7. a priority rating module; 8. a data request module; 9. a first behavior recording module; 10. a firewall; 11. a control host; 12. a second behavior recording module; 13. a data request point; 14. a switch; 15. a CAN conversion device; 16. a data storage device; 17. a data detection device; 18. a data comparison device; 19. and a data caching device.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
a network security protection system about big data comprises a data storage module 1, a data access module 2 and a data acquisition module 3; the data storage module 1 comprises a data center 4 and a backup module 5, the data access module 2 comprises an external network 6, a priority evaluation module 7, a data request module 8, a first behavior recording module 9 and a firewall 10, and the data acquisition module 3 comprises a control host 11, a second behavior recording module 12 and a data request point 13; the two ends of the data center 4 are respectively connected with a priority evaluation module 7 and a backup module 5, one side of the priority evaluation module 7 is connected with a data request module 8, one side of the data request module 8 is connected with an external network 6, the external network 6 is connected with a firewall 10, the firewall 10 is connected with a switch 14, the switch 14 is electrically connected with a CAN conversion device 15, the CAN conversion device 15 is connected with a control host 11 through a CAN bus, and one end of the control host 11 is respectively connected with a data request point 13 and a second behavior recording module 12 through the CAN bus.
Specifically, the backup module 5 includes a first memory and data storage software, the control host 11 includes a virtual control panel and a CPU, the number of the data request points 13 is n, and n is ≧ 1, the data request points 13 include user terminals and the user terminals include encryption modules, the first behavior recording module 9, the second behavior recording module 12, and the backup module 5 all include UPS power supplies, the first behavior recording module 9 and the second behavior recording module 12 both include second memories, the priority evaluation module 7 includes a data storage device 16, a data detection device 17, a data comparison device 18, and a data cache device 19, the control host 11 and the data cache device 19 also include TPM security chips, and the control host 11 and the data cache device 19 are both installed with software supporting TPM security chips.
When the system is in operation, a user terminal in a data request point 13 sends instruction information of a data request, the instruction information is transmitted to a control host 11 through a CAN bus, the request instruction is encrypted at the control host 11, the encrypted instruction information is converted into an optical fiber signal through a CAN conversion device 15 for transmission, the optical fiber signal is transmitted to a data center 4 through an external network 6 after passing through a firewall 10, the data center 4 firstly transmits data required by a user to the firewall 10 after receiving a corresponding request instruction, the relevant data is transmitted to a data acquisition module 3 after being filtered by the firewall 10, and when the data passes through the firewall 10, an activity trace of the data in the external network 6 is recorded in the firewall 10 for inquiry.
When the number of the data request points 13 is 1, the priority rating module 7 directly transmits the relevant data to the firewall 10 through the external network 6, and then transmits the relevant data to the CAN conversion equipment 15, and converts the optical fiber signal into a high-low level signal for transmission.
When the number of the data request points 13 is n >1, the data is firstly transmitted to the priority rating module 7, the priority rating module 7 receives the data, then the importance degree of the data is judged according to the access amount of a user, then the priority transmission sequence is judged, after the rating task is completed, the data is transmitted to the data request module 8, meanwhile, the data caching device 19 transmits data information to the first behavior recording module 9, the first behavior recording module 9 records the transmitted trace in the second memory, and the UPS power supply ensures the normal work and the hardware safety of the first behavior recording module 9 and the second behavior recording module 12.
The two ends of the data center 4 are connected with a priority evaluation module 7 and a backup module 5, the priority evaluation module 7 can grade the data sent by the data center so as to determine the sending sequence of the data, and under the action of a first behavior recording module 9, when the data are sent out, the process from the request to the sending of the data can be recorded and stored in a log form for monitoring; the control host 11 is internally provided with a TPM security chip, which has a function of generating encryption and decryption keys and can perform encryption in a wide range, so that a request command of a user when requesting related data information is well protected in a transmission process.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (5)
1. A network security protection system for big data comprises a data storage module, a data access module and a data acquisition module; the method is characterized in that: the data access module comprises an external network, a priority evaluation module, a data request module, a first behavior recording module and a firewall, the priority evaluation module comprises a data storage device, a data detection device, a data comparison device and a data cache device, and the data acquisition module comprises a control host, a second behavior recording module and a data request point; the two ends of the data center are respectively connected with the priority rating module and the backup module, one side of the priority rating module is connected with the data request module, one side of the data request module is connected with the external network, the external network is connected with the firewall, the firewall is connected with a switch, the switch is electrically connected with CAN conversion equipment, the CAN conversion equipment is connected with the control host through a CAN bus, one end of the control host is respectively connected with the data request point and the second behavior recording module through a CAN bus, a second memory is included in both the first behavior recording module and the second behavior recording module, the control host and the data cache device also comprise TPM security chips, and the control host and the data cache device are both provided with software supporting the TPM security chips;
the number of the data request points is n, n is larger than or equal to 1, when the number of the data request points is 1, the priority evaluation module directly transmits related data to a firewall through an external network, then transmits the related data to CAN conversion equipment, and converts optical fiber signals into high and low level signals for transmission;
when the number of the data request points is n >1, the data are firstly transmitted to a priority rating module, the priority rating module receives the data, then the importance degree of the data is judged according to the access amount of a user, then the priority sending sequence is judged, after the rating task is completed, the data are transmitted to a data request module, meanwhile, a data caching device transmits data information to a first behavior recording module, and the first behavior recording module records sent traces in a second memory.
2. The system according to claim 1, wherein: the backup module comprises a first memory and data storage software.
3. The system according to claim 1, wherein: the control host comprises a virtual control panel and a CPU processor.
4. The system according to claim 1, wherein: the data request point comprises a user terminal, and the user terminal comprises an encryption module.
5. The system according to claim 1, wherein: the first behavior recording module, the second behavior recording module and the backup module all comprise a UPS power supply.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710552594.0A CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710552594.0A CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107360153A CN107360153A (en) | 2017-11-17 |
| CN107360153B true CN107360153B (en) | 2020-11-24 |
Family
ID=60292834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710552594.0A Active CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107360153B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109977700A (en) * | 2019-04-03 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of big data processing system based on network security |
| CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
| CN110677415A (en) * | 2019-09-29 | 2020-01-10 | 信阳农林学院 | Network information safety protection system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0851604A2 (en) * | 1996-12-24 | 1998-07-01 | Lucent Technologies Inc. | Microcell load measurement using feedback control |
| WO2003103325A1 (en) * | 2002-05-31 | 2003-12-11 | Nokia Corporation | Routing method and network structure |
| CN102857486A (en) * | 2012-04-01 | 2013-01-02 | 深信服网络科技(深圳)有限公司 | Next-generation application firewall system and defense method |
| CN106302533A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Big data safety management system and method |
| CN106506491A (en) * | 2016-11-04 | 2017-03-15 | 江苏科技大学 | Network safety system |
-
2017
- 2017-07-07 CN CN201710552594.0A patent/CN107360153B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0851604A2 (en) * | 1996-12-24 | 1998-07-01 | Lucent Technologies Inc. | Microcell load measurement using feedback control |
| WO2003103325A1 (en) * | 2002-05-31 | 2003-12-11 | Nokia Corporation | Routing method and network structure |
| CN102857486A (en) * | 2012-04-01 | 2013-01-02 | 深信服网络科技(深圳)有限公司 | Next-generation application firewall system and defense method |
| CN106302533A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Big data safety management system and method |
| CN106506491A (en) * | 2016-11-04 | 2017-03-15 | 江苏科技大学 | Network safety system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107360153A (en) | 2017-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107196895B (en) | Network attack tracing implementation method and device | |
| CN107360153B (en) | Network security protection system about big data | |
| CN104504014B (en) | Data processing method and device based on big data platform | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN111756702B (en) | Data security protection method, device, equipment and storage medium | |
| TW201702921A (en) | Method, system and apparatus for predicting abnormality | |
| CN105378745A (en) | Disabling and initiating nodes based on security issue | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN110868418A (en) | Threat information generation method and device | |
| CN111343487A (en) | Video cloud storage system based on domestic low-consumption processor | |
| CN115017526A (en) | Database access method and device, electronic equipment and storage medium | |
| US11251976B2 (en) | Data security processing method and terminal thereof, and server | |
| CN104104666B (en) | Method of detecting abnormal cloud service and device | |
| CN103916376A (en) | Cloud system with attract defending mechanism and defending method thereof | |
| CN112835906B (en) | Block chain-based data management method, device, system, equipment and medium | |
| CN111147427A (en) | Management system for computer network security | |
| CN108616423A (en) | A kind of talk-around device monitoring method and device | |
| CN110933064B (en) | Method and system for determining user behavior track | |
| CN110020263B (en) | Monitoring method and device of closed system and monitoring equipment | |
| CN112104748A (en) | Block chain data supervision method and device, electronic equipment and storage medium | |
| CN114584455B (en) | Small and medium-sized high-performance cluster monitoring system based on enterprise WeChat | |
| CN113032774A (en) | Training method, device and equipment of anomaly detection model and computer storage medium | |
| CN115396280B (en) | Alarm data processing method, device, equipment and storage medium | |
| CN104735090A (en) | Web server webpage distortion preventing method and web server webpage distortion preventing system | |
| KR102366846B1 (en) | Security system for detecting data breach and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |