CN109743304B - Cloud computing-oriented network security early warning method and system - Google Patents
Cloud computing-oriented network security early warning method and system Download PDFInfo
- Publication number
- CN109743304B CN109743304B CN201811602527.6A CN201811602527A CN109743304B CN 109743304 B CN109743304 B CN 109743304B CN 201811602527 A CN201811602527 A CN 201811602527A CN 109743304 B CN109743304 B CN 109743304B
- Authority
- CN
- China
- Prior art keywords
- cloud computing
- client
- new client
- computing server
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A cloud computing-oriented network security early warning method comprises the following steps: s1, configuring authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information; s2, generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list; s3, when the new client is accessed to the cloud computing server, the cloud computing server sends authentication request information to the new client; s4, when the new client receives the authentication request information, extracting the calculation force test program from the authentication request information, and operating the calculation force test program to obtain the calculation force test value of the new client; s5, the new mobile terminal sends the calculation force test value and the authentication information of the new client to the cloud computing server; s6, the cloud computing server judges whether the authentication information of the new client exists in the white list information of the client in the cloud computing server, if so, the step S9 is skipped, otherwise, the step S7 is skipped.
Description
Technical Field
The invention relates to the technical field of cloud computing and network security, in particular to a network security early warning method and system for cloud computing.
Background
Cloud Computing (Cloud Computing) is an increasing, usage and delivery model of internet-based related services, typically involving the provision of dynamically scalable and often virtualized resources over the internet. Cloud is a metaphor of network and internet. In the past, telecommunications networks were often represented by clouds and later also by the abstraction of the internet and the underlying infrastructure. Therefore, cloud computing can enable you to experience even 10 trillion times per second computing power, and the powerful computing power can simulate nuclear explosion, forecast climate change and market development trend. A user accesses the data center through a computer, a notebook, a mobile phone and the like and operates according to the own requirements.
There are various references to the definition of cloud computing. To what is cloud computing, it is now widely accepted at this stage that the National Institute of Standards and Technology (NIST) defines: cloud computing is a pay-per-use model that provides available, convenient, on-demand network access into a configurable shared pool of computing resources (resources including networks, servers, storage, applications, services) that can be provisioned quickly, with little administrative effort, or interaction with service providers.
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted.
The prior art is still lack of a related technology of network security early warning facing cloud computing.
Disclosure of Invention
In view of this, the invention provides a network security early warning method oriented to cloud computing.
A cloud computing-oriented network security early warning method comprises the following steps:
s1, configuring authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information;
s2, generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list;
s3, when the new client is accessed to the cloud computing server, the cloud computing server sends authentication request information to the new client, wherein the authentication request information comprises a calculation capacity test program;
s4, when the new client receives the authentication request information, extracting the calculation force test program from the authentication request information, and operating the calculation force test program to obtain the calculation force test value of the new client;
s5, the new mobile terminal sends the calculation force test value and the authentication information of the new client to the cloud computing server;
s6, the cloud computing server judges whether the authentication information of the new client exists in the white list information of the client in the cloud computing server, if so, the step S9 is skipped to, otherwise, the step S7 is skipped to;
s7, the server determines a difficulty value of the verification problem according to the obtained calculation force test value of the new client, and generates a test problem according to the obtained difficulty value;
s8, performing distributed verification of the test problem on the new client through the network security certification chain network, and jumping to the step S9 when the verification is passed; otherwise, jumping to step S10;
s9, confirming that the added new client meets the network safety early warning specification, and ending;
and S10, confirming that the added new client does not conform to the network security early warning specification, and ending.
In the cloud computing-oriented network security early warning method of the invention,
the step S2 includes:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
and setting a network security authentication chain network according to the data flow direction rule.
In the cloud computing-oriented network security early warning method of the invention,
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
and randomly generating different data flow walking rules for different test problems.
In the cloud computing-oriented network security early warning method of the invention,
the step S8 includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of the test problem on the new client through the network security certification chain network, judging whether the verification result is correct and whether the verification feedback order accords with the data flow direction rule, and jumping to the step S9 when the verification result and the verification feedback order meet the data flow direction rule; otherwise, the process jumps to step S10.
The invention also provides a cloud computing-oriented network security early warning system, which comprises the following steps:
the list configuration unit is used for configuring the authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information;
the network configuration unit is used for generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list;
the information sending unit is used for sending authentication request information to the new client by the cloud computing server when the new client is accessed to the cloud computing server, wherein the authentication request information comprises a section of calculation force test program;
the computing power obtaining unit is used for extracting a computing power test program from the authentication request information when the new client receives the authentication request information, and operating the computing power test program to obtain a computing power test value of the new client;
the information transmission unit is used for sending the calculation force test value and the authentication information of the new client to the cloud computing server by the new mobile terminal;
the information verification unit is used for judging whether the authentication information of the new client exists in the white list information of the client in the cloud computing server or not by the cloud computing server, if so, skipping to the early warning confirmation unit, and if not, skipping to the problem generation unit;
the problem generation unit is used for determining a difficulty value of the verification problem according to the obtained calculation force test value of the new client and generating a test problem according to the obtained difficulty value by the server;
the problem verification unit is used for performing distributed verification of the test problem on the new client through a network security certification chain network and jumping to the early warning confirmation unit when the verification is passed; otherwise, jumping to step S10;
the early warning confirmation unit is used for confirming that the added new client conforms to the network safety early warning specification and ending;
and the early warning rejection unit is used for confirming that the added new client does not conform to the network security early warning specification and ending.
In the cloud computing-oriented network security early warning system of the invention,
the network configuration unit includes:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
and setting a network security authentication chain network according to the data flow direction rule.
In the cloud computing-oriented network security early warning system of the invention,
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
and randomly generating different data flow walking rules for different test problems.
In the cloud computing-oriented network security early warning system of the invention,
the problem verification unit includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of a test problem on a new client through a network security certification chain network, judging whether a verification result is correct and whether a verification feedback order accords with a data flow direction rule, and jumping to an early warning confirmation unit when the verification result and the verification feedback order meet the data flow direction rule; otherwise, jumping to an early warning rejection unit.
Compared with the prior art, the cloud computing-oriented network security early warning method and the cloud computing-oriented network security early warning system have the following beneficial effects: judging whether the authentication information of the new client exists in the white list information of the client in the cloud computing server or not through the cloud computing server, if so, jumping to the step S9, otherwise, jumping to the step S7; s7, the server determines a difficulty value of the verification problem according to the obtained calculation force test value of the new client, and generates a test problem according to the obtained difficulty value; and S8, performing distributed verification of the test problem on the new client through the network security certification chain network. The network security of the newly added client is verified in a multi-authentication mode, and the security degree is high.
Drawings
Fig. 1 is a flowchart of a cloud computing-oriented network security early warning method according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, aiming at the defects of the prior art, the invention provides a cloud computing-oriented network security early warning method, which comprises the following steps:
s1, configuring authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information; by generating the white list information of the client, the legal information of the client can be verified.
S2, generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list; the network security authentication chain network is used for performing distributed verification on the validity of the newly added client.
S3, when the new client is accessed to the cloud computing server, the cloud computing server sends authentication request information to the new client, wherein the authentication request information comprises a calculation capacity test program;
s4, when the new client receives the authentication request information, extracting the calculation force test program from the authentication request information, and operating the calculation force test program to obtain the calculation force test value of the new client;
s5, the new mobile terminal sends the calculation force test value and the authentication information of the new client to the cloud computing server;
s6, the cloud computing server judges whether the authentication information of the new client exists in the white list information of the client in the cloud computing server, if so, the step S9 is skipped to, otherwise, the step S7 is skipped to;
s7, the server determines a difficulty value of the verification problem according to the obtained calculation force test value of the new client, and generates a test problem according to the obtained difficulty value; through the step S7, the difficulty value of the verification problem is obtained, and the large-scale server can be prevented from being cracked through the computing power advantage. In addition, a calculation threshold can be set, and when the calculation threshold is exceeded, the newly added client is directly subjected to denial verification, so that the network security is improved.
S8, performing distributed verification of the test problem on the new client through the network security certification chain network, and jumping to the step S9 when the verification is passed; otherwise, jumping to step S10;
s9, confirming that the added new client meets the network safety early warning specification, and ending;
and S10, confirming that the added new client does not conform to the network security early warning specification, and ending.
In the cloud computing-oriented network security early warning method of the invention,
the step S2 includes:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
and setting a network security authentication chain network according to the data flow direction rule.
In the cloud computing-oriented network security early warning method of the invention,
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
and randomly generating different data flow walking rules for different test problems.
In the cloud computing-oriented network security early warning method of the invention,
the step S8 includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of the test problem on the new client through the network security certification chain network, judging whether the verification result is correct and whether the verification feedback order accords with the data flow direction rule, and jumping to the step S9 when the verification result and the verification feedback order meet the data flow direction rule; otherwise, the process jumps to step S10. By judging whether the verification result is correct or not and whether the verification feedback order accords with the data flow direction rule or not, the randomness of verification is improved and the cracking difficulty of an illegal user is improved.
The invention also provides a cloud computing-oriented network security early warning system, which comprises the following steps:
the list configuration unit is used for configuring the authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information;
the network configuration unit is used for generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list;
the information sending unit is used for sending authentication request information to the new client by the cloud computing server when the new client is accessed to the cloud computing server, wherein the authentication request information comprises a section of calculation force test program;
the computing power obtaining unit is used for extracting a computing power test program from the authentication request information when the new client receives the authentication request information, and operating the computing power test program to obtain a computing power test value of the new client;
the information transmission unit is used for sending the calculation force test value and the authentication information of the new client to the cloud computing server by the new mobile terminal;
the information verification unit is used for judging whether the authentication information of the new client exists in the white list information of the client in the cloud computing server or not by the cloud computing server, if so, skipping to the early warning confirmation unit, and if not, skipping to the problem generation unit;
the problem generation unit is used for determining a difficulty value of the verification problem according to the obtained calculation force test value of the new client and generating a test problem according to the obtained difficulty value by the server;
the problem verification unit is used for performing distributed verification of the test problem on the new client through a network security certification chain network and jumping to the early warning confirmation unit when the verification is passed; otherwise, jumping to step S10;
the early warning confirmation unit is used for confirming that the added new client conforms to the network safety early warning specification and ending;
and the early warning rejection unit is used for confirming that the added new client does not conform to the network security early warning specification and ending.
In the cloud computing-oriented network security early warning system of the invention,
the network configuration unit includes:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
and setting a network security authentication chain network according to the data flow direction rule.
In the cloud computing-oriented network security early warning system of the invention,
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
and randomly generating different data flow walking rules for different test problems.
In the cloud computing-oriented network security early warning system of the invention,
the problem verification unit includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of a test problem on a new client through a network security certification chain network, judging whether a verification result is correct and whether a verification feedback order accords with a data flow direction rule, and jumping to an early warning confirmation unit when the verification result and the verification feedback order meet the data flow direction rule; otherwise, jumping to an early warning rejection unit.
Compared with the prior art, the cloud computing-oriented network security early warning method and the cloud computing-oriented network security early warning system have the following beneficial effects: judging whether the authentication information of the new client exists in the white list information of the client in the cloud computing server or not through the cloud computing server, if so, jumping to the step S9, otherwise, jumping to the step S7; s7, the server determines a difficulty value of the verification problem according to the obtained calculation force test value of the new client, and generates a test problem according to the obtained difficulty value; and S8, performing distributed verification of the test problem on the new client through the network security certification chain network. The network security of the newly added client is verified in a multi-authentication mode, and the security degree is high.
It is understood that various other changes and modifications may be made by those skilled in the art based on the technical idea of the present invention, and all such changes and modifications should fall within the protective scope of the claims of the present invention.
Claims (2)
1. A network security early warning method facing cloud computing is characterized by comprising the following steps:
s1, configuring authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information;
s2, generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list;
s3, when the new client is accessed to the cloud computing server, the cloud computing server sends authentication request information to the new client, wherein the authentication request information comprises a calculation capacity test program;
s4, when the new client receives the authentication request information, extracting the calculation force test program from the authentication request information, and operating the calculation force test program to obtain the calculation force test value of the new client;
s5, the new client sends the calculation force test value and the authentication information of the new client to the cloud computing server;
s6, the cloud computing server judges whether the authentication information of the new client exists in the white list information of the client in the cloud computing server, if so, the step S9 is skipped to, otherwise, the step S7 is skipped to;
s7, the server determines a difficulty value of the verification problem according to the obtained calculation force test value of the new client, and generates a test problem according to the obtained difficulty value;
s8, performing distributed verification of the test problem on the new client through the network security certification chain network, and jumping to the step S9 when the verification is passed; otherwise, jumping to step S10;
s9, confirming that the added new client meets the network safety early warning specification, and ending;
s10, confirming that the added new client does not conform to the network safety early warning specification, and ending;
wherein the step S2 includes:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
setting a network security authentication chain network according to a data flow direction rule;
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
for different test problems, randomly generating different data flow walking rules;
the step S8 includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of the test problem on the new client through the network security certification chain network, judging whether the verification result is correct and whether the verification feedback order accords with the data flow direction rule, and jumping to the step S9 when the verification result and the verification feedback order meet the data flow direction rule; otherwise, the process jumps to step S10.
2. A network security early warning system facing cloud computing is characterized by comprising the following steps:
the list configuration unit is used for configuring the authentication information of the client in the cloud computing server and encrypting the authentication information; generating white list information of a client in the cloud computing server according to the authentication information;
the network configuration unit is used for generating a network security authentication chain network between the cloud computing server and the client corresponding to the white list;
the information sending unit is used for sending authentication request information to the new client by the cloud computing server when the new client is accessed to the cloud computing server, wherein the authentication request information comprises a section of calculation force test program;
the computing power obtaining unit is used for extracting a computing power test program from the authentication request information when the new client receives the authentication request information, and operating the computing power test program to obtain a computing power test value of the new client;
the information transmission unit is used for sending the calculation force test value and the authentication information of the new client to the cloud computing server by the new client;
the information verification unit is used for judging whether the authentication information of the new client exists in the white list information of the client in the cloud computing server or not by the cloud computing server, if so, skipping to the early warning confirmation unit, and if not, skipping to the problem generation unit;
the problem generation unit is used for determining a difficulty value of the verification problem according to the obtained calculation force test value of the new client and generating a test problem according to the obtained difficulty value by the server;
the problem verification unit is used for performing distributed verification of the test problem on the new client through a network security certification chain network and jumping to the early warning confirmation unit when the verification is passed; otherwise, jumping to step S10;
the early warning confirmation unit is used for confirming that the added new client conforms to the network safety early warning specification and ending;
the early warning rejection unit is used for confirming that the added new client does not conform to the network safety early warning standard and ending;
wherein the network configuration unit comprises:
configuring data flow direction rules of a cloud computing server and a client corresponding to the white list;
setting a network security authentication chain network according to a data flow direction rule;
the data flow direction rule for configuring the cloud computing server and the client corresponding to the white list comprises the following steps:
for different test problems, randomly generating different data flow walking rules;
the problem verification unit includes:
according to the generated test problems, the server randomly generates different data flow trend rules and sets a network security certification chain network;
performing distributed verification of a test problem on a new client through a network security certification chain network, judging whether a verification result is correct and whether a verification feedback order accords with a data flow direction rule, and jumping to an early warning confirmation unit when the verification result and the verification feedback order meet the data flow direction rule; otherwise, jumping to an early warning rejection unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811602527.6A CN109743304B (en) | 2018-12-26 | 2018-12-26 | Cloud computing-oriented network security early warning method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811602527.6A CN109743304B (en) | 2018-12-26 | 2018-12-26 | Cloud computing-oriented network security early warning method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109743304A CN109743304A (en) | 2019-05-10 |
| CN109743304B true CN109743304B (en) | 2021-03-16 |
Family
ID=66361342
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811602527.6A Expired - Fee Related CN109743304B (en) | 2018-12-26 | 2018-12-26 | Cloud computing-oriented network security early warning method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109743304B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208655B (en) * | 2022-07-11 | 2023-09-26 | 成都信息工程大学 | Equipment authentication processing method applied to industrial Internet cloud service platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957128A (en) * | 2014-03-28 | 2014-07-30 | 山东乾云启创信息科技有限公司 | Method and system for monitoring data flow direction in cloud computing environment |
| CN104320391A (en) * | 2014-10-22 | 2015-01-28 | 南京绿云信息技术有限公司 | Cloud authentication method and system |
| CN107707660A (en) * | 2017-10-13 | 2018-02-16 | 广州市驱创信息科技有限公司 | The cloud storage method and system of the selectable identity-based verification technique of algorithm |
| CN108270716A (en) * | 2016-12-30 | 2018-07-10 | 绵阳灵先创科技有限公司 | A kind of audit of information security method based on cloud computing |
| CN109075991A (en) * | 2016-02-26 | 2018-12-21 | 诺基亚通信公司 | Cloud verifying and test automation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9772652B2 (en) * | 2015-02-23 | 2017-09-26 | Dell Products L.P. | Systems and methods for distributing and synchronizing real-time clock |
-
2018
- 2018-12-26 CN CN201811602527.6A patent/CN109743304B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957128A (en) * | 2014-03-28 | 2014-07-30 | 山东乾云启创信息科技有限公司 | Method and system for monitoring data flow direction in cloud computing environment |
| CN104320391A (en) * | 2014-10-22 | 2015-01-28 | 南京绿云信息技术有限公司 | Cloud authentication method and system |
| CN109075991A (en) * | 2016-02-26 | 2018-12-21 | 诺基亚通信公司 | Cloud verifying and test automation |
| CN108270716A (en) * | 2016-12-30 | 2018-07-10 | 绵阳灵先创科技有限公司 | A kind of audit of information security method based on cloud computing |
| CN107707660A (en) * | 2017-10-13 | 2018-02-16 | 广州市驱创信息科技有限公司 | The cloud storage method and system of the selectable identity-based verification technique of algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109743304A (en) | 2019-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| US9003519B2 (en) | Verifying transactions using out-of-band devices | |
| US9661013B2 (en) | Manipulating API requests to indicate source computer application trustworthiness | |
| US9053306B2 (en) | Authentication system, authentication server, service providing server, authentication method, and computer-readable recording medium | |
| US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
| US9589130B2 (en) | Application trust-listing security service | |
| CN112887284B (en) | Access authentication method and device, electronic equipment and readable medium | |
| CN110958119A (en) | Identity verification method and device | |
| US20200053051A1 (en) | Application signature authorization | |
| CN109743304B (en) | Cloud computing-oriented network security early warning method and system | |
| CN112699404A (en) | Method, device and equipment for verifying authority and storage medium | |
| CN113225348B (en) | Request anti-replay verification method and device | |
| CN112966286B (en) | Method, system, device and computer readable medium for user login | |
| CN107172106B (en) | Security information interaction method and system | |
| CN111835734A (en) | Information processing method, information processing device, electronic equipment, server and storage medium | |
| CN108574658B (en) | Application login method and device | |
| KR102534012B1 (en) | System and method for authenticating security level of content provider | |
| CN107455003B (en) | User identity authentication method and server | |
| US11977620B2 (en) | Attestation of application identity for inter-app communications | |
| CN115834252B (en) | Service access method and system | |
| CN115695035B (en) | Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium | |
| US11924219B1 (en) | Age assurance during an interactive query workflow | |
| US8578492B2 (en) | Application revocation | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN113271306A (en) | Data request and transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210316 Termination date: 20211226 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |