CN113709132A - Security detection method and system for reducing cloud computing requirements - Google Patents

Security detection method and system for reducing cloud computing requirements Download PDF

Info

Publication number
CN113709132A
CN113709132A CN202110967095.4A CN202110967095A CN113709132A CN 113709132 A CN113709132 A CN 113709132A CN 202110967095 A CN202110967095 A CN 202110967095A CN 113709132 A CN113709132 A CN 113709132A
Authority
CN
China
Prior art keywords
threat
security
data
center
scanning result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110967095.4A
Other languages
Chinese (zh)
Inventor
张涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tuoqi Technology Co ltd
Original Assignee
Shenzhen Tuoqi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tuoqi Technology Co ltd filed Critical Shenzhen Tuoqi Technology Co ltd
Priority to CN202110967095.4A priority Critical patent/CN113709132A/en
Publication of CN113709132A publication Critical patent/CN113709132A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a security detection method and a security detection system for reducing cloud computing requirements.A security monitoring terminal is deployed at an edge side to scan extranet data and obtain a scanning result; reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center; receiving a security policy for intelligence level feedback of a scanning result; and when the external network connection or the equipment running state is identified to be abnormal, matching the current threat flow data with the external network vulnerability information in the corresponding security strategy to block the threat flow in advance. According to the scheme, the security monitoring terminal is deployed at the edge side, threat data are analyzed and collected and are linked with the cloud analysis center and the threat information center, the extranet data are filtered, threat flow is reduced or blocked to enter intranet equipment, and a safe network environment is constructed.

Description

Security detection method and system for reducing cloud computing requirements
Technical Field
The invention relates to the technical field of computers, in particular to a security detection method and system for reducing cloud computing requirements.
Background
The existing safety environment mainly comprises a plurality of professional safety devices which jointly complete safety detection and blocking:
the firewall, the WAF, the fort machine and the flow cleaning equipment are very professional safety equipment, which means high capital investment; meanwhile, professional equipment users, namely network and security technicians, are required to participate in use and operation, so that the following situations are caused:
equipment idle: management and operation are carried out by unprofessional network security personnel, and most of network and security strategies are in a default closed state
Frequent problems occur: safety problems cannot be dealt with, and no analysis center is linked to automatically process the single body existing in the intranet.
Disclosure of Invention
Aiming at the defects and shortcomings in the prior art, the safety detection method and the safety detection system for reducing the cloud computing requirement are provided by the invention, a non-high-value network safety equipment gateway is deployed at a client side, threat data are analyzed and collected in advance, and the threat data are linked with a cloud analysis center and a threat information center, so that the filtering effect is achieved, the threat flow is reduced or blocked from entering subsequent professional safety equipment or intranet equipment, and the safe network environment is achieved.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a security detection method that reduces cloud computing requirements, the method comprising:
deploying a safety monitoring terminal at the edge side, and scanning the external network data to obtain a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center;
receiving a security policy for intelligence level feedback of a scanning result;
and when the external network connection or the equipment running state is identified to be abnormal, matching the current threat flow data with the external network vulnerability information in the corresponding security strategy to block the threat flow in advance.
Preferably, the deploying the security monitoring terminal at the edge side scans the extranet data, and obtaining the scanning result includes:
scanning the data of the external network connection and the external equipment running state in real time;
when the service request direction executes wrong operation instructions or illegal access to the intranet server to cause the occurrence of abnormal extranet network connection or equipment running state, the safety monitoring terminal captures threat flow data of the abnormal extranet network connection or equipment running state and takes the threat flow data as extranet vulnerability information.
Preferably, the reporting the scanning result through a heartbeat connection pre-established with a cloud analysis center and a threat intelligence center includes:
the security monitoring terminal encrypts the data packet of the scanning result through the encryption key and reports the encrypted data packet to the threat information center through the communication module;
the threat information center receives the encrypted data packet and identifies whether the security monitoring terminal of the source of the encrypted data packet establishes a corresponding security tunnel with the security monitoring terminal;
and the threat information center processes the data packet according to the identification result of the data packet source.
Further, the processing the data packet by the threat intelligence center according to the identification result of the data packet source comprises:
judging whether a security monitoring terminal which sends the encrypted data packet at present establishes heartbeat connection with a threat information center in advance; if not, discarding; and if so, decrypting the encrypted data packet, reading the outer network vulnerability information contained in the data packet, and synchronizing the outer network vulnerability information serving as information data to a cloud control center.
Preferably, after synchronizing the extranet vulnerability information as intelligence data to the cloud control center, the method further comprises:
the cloud control center divides the intelligence level according to the security risk value of the external network vulnerability information acting on the network attack;
and establishing a security strategy of a corresponding level based on different intelligence levels, and synchronizing the security strategy to all accessed security monitoring terminals.
Further, obtaining the security risk value of the external network vulnerability information acting on the network attack includes:
defining the predefined popularity and threat degree as risk factors of the external network vulnerability information;
calculating the risk value of each attack chain according to the risk rate of the risk factor;
and determining the security risk value of the external network according to the risk value of each attack chain.
Further, an extranet security risk value is determined by:
R(G)=R(L_1)+R(L_2)+…+R(L_n)
wherein, R (g) is a system security risk value, R (L _ i) ═ (V _1, V _2, … …, V _ m) represents a risk value of an attack chain L _ i composed of m vulnerabilities, i ═ 1,2, …, n; i represents the ith attack chain, and n is the number of attack chains.
Further, the risk value of the attack chain L _ i composed of m vulnerabilities is determined by the following formula:
R(L_i)=R(V_1)×R(V_2)×…×R(V_m)
wherein R (V _ m) is the risk rate of the mth vulnerability V _ m;
determining the risk rate of the vulnerability V _ m by:
R(V_m)=(P_p×P_d×P_e)/2
in the formula, Pp and Pd represent the popularity and threat level of the vulnerability V _ m, respectively.
Further, the popularity refers to the frequency of using any vulnerability to perform an attack behavior;
the threat level refers to potential harm caused by vulnerability attack behavior.
A security detection system that reduces cloud computing requirements, comprising:
the scanning module is used for deploying a safety monitoring terminal at the edge side, scanning the external network data and acquiring a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
the communication module is used for reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center;
the acquisition module is used for receiving a security strategy for the intelligence level feedback of the scanning result;
and the processing module is used for matching the current threat flow data with the outer network vulnerability information in the corresponding security strategy when the outer network connection or the equipment running state is identified to be abnormal, and blocking the threat flow in advance.
The invention has the beneficial effects that:
according to the security detection method and system for reducing the cloud computing requirement, the security monitoring terminal is deployed at the edge side to scan the extranet data, and a scanning result is obtained; reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center; meanwhile, receiving a security strategy for the intelligence level feedback of the scanning result; and when the external network connection or the equipment running state is identified to be abnormal, matching the current threat flow data with the external network vulnerability information in the corresponding security strategy to block the threat flow in advance. According to the scheme, threat data are analyzed and collected by deploying a safety monitoring terminal; and the system is linked with a cloud analysis center and a threat information center to filter the data of the extranet, reduce or block the threat flow from entering the intranet equipment, and achieve a safe network environment.
The invention reduces the investment of edge computing power and capital investment by utilizing the analysis capability of the cloud.
Data collection and detection are completed by using the low-cost edge computing nodes, local network threats are reduced, internal lost devices are effectively prevented from infecting devices of internal or external network enterprises, and the purpose of threat combined defense is achieved.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a flowchart of a security detection method for reducing cloud computing requirements according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a security detection method for reducing cloud computing requirements according to an embodiment of the present invention;
fig. 3 is a block diagram of the security detection method for reducing the cloud computing requirement shown in fig. 2.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
The specific embodiment of the present invention provides a security detection method for reducing the cloud computing requirement as shown in fig. 2 and 3, which mainly includes the following steps: the numbers (i) to (viii) in fig. 2 and 3 represent the contents corresponding to the following steps 1 to 8, respectively.
1. Preparing a precondition: installing an edge side safety monitoring terminal, and confirming heartbeat connection with a threat information center and a cloud analysis center;
2. the threat of stiff wood wriggling and the like is infected to the internal host computer through the intranet in other modes such as U disk copy or file download and the like;
3. the internal host machine diffuses outwards and is captured by the safety monitoring terminal;
4. the security terminal detects and triggers the report to the threat information center;
5. the threat information center analyzes and synchronizes to the cloud control center;
6. the cloud control center forms a strategy according to the intelligence level and synchronizes the strategy to all the access security monitoring terminals and the like;
7. when similar threats enter or spread to the network, the threats are blocked by the security monitoring terminal;
8. achieving the technical effect of blocking the threat or preventing the spread.
As shown in fig. 1, the specific implementation process of the method includes:
s1, deploying a security monitoring terminal at the edge side, and scanning the extranet data to obtain a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
s2 reports the scanning result through the heartbeat connection which is pre-established with the threat information center and the cloud analysis center;
s3 receiving a security policy for intelligence level feedback of the scanning result;
and S4, when the external network connection or the equipment running state is identified to be abnormal, matching the current threat traffic data with the external network vulnerability information in the corresponding security policy, and blocking the matched threat traffic in advance.
In step S1, a security monitoring terminal is deployed at the edge side to scan the extranet data, and obtaining the scanning result includes:
scanning the data of the external network connection and the external equipment running state in real time;
when the operation request direction executes wrong operation instructions, illegal access or uses other modes such as U disk copy or file download and the like to be improperly connected with the intranet equipment and the intranet server infects stiff wood worm viruses and other conditions to cause the abnormal connection of the extranet network or the abnormal operation state of the equipment, the safety monitoring terminal captures the threat flow data of the abnormal connection of the extranet network or the abnormal operation state of the equipment and uses the threat flow data as the extranet leak information.
In step S2, the reporting the scanning result through the heartbeat connection pre-established with the cloud analysis center and the threat information center includes:
the security monitoring terminal encrypts the data packet of the scanning result through the encryption key and reports the encrypted data packet to the threat information center through the communication module;
the threat information center receives the encrypted data packet and identifies whether the security monitoring terminal of the source of the encrypted data packet establishes a corresponding security tunnel with the security monitoring terminal;
and the threat information center processes the data packet according to the identification result of the data packet source.
Wherein, the threat intelligence center processes the data packet according to the identification result of the data packet source comprises:
judging whether a security monitoring terminal which sends the encrypted data packet at present establishes heartbeat connection with a threat information center in advance; if not, discarding; and if so, decrypting the encrypted data packet, reading the outer network vulnerability information contained in the data packet, storing the outer network vulnerability information as information data to a threat information base, and synchronizing the information to a cloud control center.
After synchronizing outer net vulnerability information as intelligence data to the cloud control center, the method further comprises the following steps:
the cloud control center divides the intelligence level according to the security risk value of the external network vulnerability information acting on the network attack;
and establishing a security strategy of a corresponding level based on different intelligence levels, and synchronizing the security strategy to all accessed security monitoring terminals.
Wherein, obtaining the security risk value of the external network vulnerability information acting on the network attack comprises:
a, defining the predefined popularity and threat degree as risk factors of the external network vulnerability information; the popularity refers to the frequency of executing attack behaviors by using any vulnerability;
the threat level refers to potential harm caused by vulnerability attack behavior.
b, calculating the risk value of each attack chain according to the risk rate of the risk factor;
and c, determining the security risk value of the external network according to the risk value of each attack chain.
Determining an extranet security risk value by:
R(G)=R(L_1)+R(L_2)+…+R(L_n)
wherein, R (g) is a system security risk value, R (L _ i) ═ (V _1, V _2, … …, V _ m) represents a risk value of an attack chain L _ i composed of m vulnerabilities, i ═ 1,2, …, n; i represents the ith attack chain, and n is the number of attack chains.
The risk value of the attack chain L _ i consisting of m vulnerabilities is determined by the following formula:
R(L_i)=R(V_1)×R(V_2)×…×R(V_m)
wherein R (V _ m) is the risk rate of the mth vulnerability V _ m;
determining the risk rate of the vulnerability V _ m by:
R(V_m)=(P_p×P_d×P_e)/2
in the formula, Pp and Pd represent the popularity and threat level of the vulnerability V _ m, respectively.
Based on the same technical concept, the embodiment of the present invention further provides a security detection system for reducing the cloud computing requirement, comprising:
the scanning module is used for deploying a safety monitoring terminal at the edge side, scanning the external network data and acquiring a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
the communication module is used for reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center;
the acquisition module is used for receiving a security strategy for the intelligence level feedback of the scanning result;
and the processing module is used for matching the current threat flow data with the outer network vulnerability information in the corresponding security strategy when the outer network connection or the equipment running state is identified to be abnormal, and blocking the threat flow in advance.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1. A security detection method for reducing cloud computing requirements, the method comprising:
deploying a safety monitoring terminal at the edge side, and scanning the external network data to obtain a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center;
receiving a security policy for intelligence level feedback of a scanning result;
and when the external network connection or the equipment running state is identified to be abnormal, matching the current threat flow data with the external network vulnerability information in the corresponding security strategy to block the threat flow in advance.
2. The method of claim 1, wherein the deploying of the security monitoring terminal at the edge side scans the extranet data, and the obtaining of the scanning result comprises:
scanning the data of the external network connection and the external equipment running state in real time;
when the service request direction executes wrong operation instructions or illegal access to the intranet server to cause the occurrence of abnormal extranet network connection or equipment running state, the safety monitoring terminal captures threat flow data of the abnormal extranet network connection or equipment running state and takes the threat flow data as extranet vulnerability information.
3. The method of claim 1, wherein reporting the scan results via a pre-established heartbeat connection with a cloud analytics center and a threat intelligence center comprises:
the security monitoring terminal encrypts the data packet of the scanning result through the encryption key and reports the encrypted data packet to the threat information center through the communication module;
the threat information center receives the encrypted data packet and identifies whether the security monitoring terminal of the source of the encrypted data packet establishes a corresponding security tunnel with the security monitoring terminal;
and the threat information center processes the data packet according to the identification result of the data packet source.
4. The method of claim 3, wherein the processing of the data packet by the threat intelligence center based on the identification of the source of the data packet comprises:
judging whether a security monitoring terminal which sends the encrypted data packet at present establishes heartbeat connection with a threat information center in advance; if not, discarding; and if so, decrypting the encrypted data packet, reading the outer network vulnerability information contained in the data packet, and synchronizing the outer network vulnerability information serving as information data to a cloud control center.
5. The method of claim 1, wherein after synchronizing extranet vulnerability information as intelligence data to a cloud control center, further comprising:
the cloud control center divides the intelligence level according to the security risk value of the external network vulnerability information acting on the network attack;
and establishing a security strategy of a corresponding level based on different intelligence levels, and synchronizing the security strategy to all accessed security monitoring terminals.
6. The method of claim 5, wherein obtaining the security risk value of the extranet vulnerability information acting on cyber attacks comprises:
defining the predefined popularity and threat degree as risk factors of the external network vulnerability information;
calculating the risk value of each attack chain according to the risk rate of the risk factor;
and determining the security risk value of the external network according to the risk value of each attack chain.
7. The method of claim 6, wherein the extranet security risk value is determined by:
R(G)=R(L_1)+R(L_2)+…+R(L_n)
wherein, R (g) is a system security risk value, R (L _ i) ═ (V _1, V _2, … …, V _ m) represents a risk value of an attack chain L _ i composed of m vulnerabilities, i ═ 1,2, …, n; i represents the ith attack chain, and n is the number of attack chains.
8. The method according to claim 7, wherein the risk value of the attack chain L _ i consisting of m vulnerabilities is determined by:
R(L_i)=R(V_1)×R(V_2)×…×R(V_m)
wherein R (V _ m) is the risk rate of the mth vulnerability V _ m;
determining the risk rate of the vulnerability V _ m by:
R(V_m)=(P_p×P_d×P_e)/2
in the formula, Pp and Pd represent the popularity and threat level of the vulnerability V _ m, respectively.
9. The method of claim 6,
the popularity refers to the frequency of executing attack behaviors by using any vulnerability;
the threat level refers to potential harm caused by vulnerability attack behavior.
10. A security detection system for reducing cloud computing requirements, comprising:
the scanning module is used for deploying a safety monitoring terminal at the edge side, scanning the external network data and acquiring a scanning result; the scanning result at least comprises external network vulnerability information generated by threat flow data;
the communication module is used for reporting the scanning result through heartbeat connection which is pre-established with a threat information center and a cloud analysis center;
the acquisition module is used for receiving a security strategy for the intelligence level feedback of the scanning result;
and the processing module is used for matching the current threat flow data with the outer network vulnerability information in the corresponding security strategy when the outer network connection or the equipment running state is identified to be abnormal, and blocking the threat flow in advance.
CN202110967095.4A 2021-08-23 2021-08-23 Security detection method and system for reducing cloud computing requirements Pending CN113709132A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110967095.4A CN113709132A (en) 2021-08-23 2021-08-23 Security detection method and system for reducing cloud computing requirements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110967095.4A CN113709132A (en) 2021-08-23 2021-08-23 Security detection method and system for reducing cloud computing requirements

Publications (1)

Publication Number Publication Date
CN113709132A true CN113709132A (en) 2021-11-26

Family

ID=78653960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110967095.4A Pending CN113709132A (en) 2021-08-23 2021-08-23 Security detection method and system for reducing cloud computing requirements

Country Status (1)

Country Link
CN (1) CN113709132A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314303A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Network security defense method and system based on whole network linkage
CN115314302A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Communication method and device based on network security grid

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601530A (en) * 2013-10-31 2015-05-06 中兴通讯股份有限公司 Implementing method and system for could security service
CN107294924A (en) * 2016-04-01 2017-10-24 阿里巴巴集团控股有限公司 Detection method, the device and system of leak
CN109302380A (en) * 2018-08-15 2019-02-01 全球能源互联网研究院有限公司 A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system
CN109672671A (en) * 2018-12-12 2019-04-23 北京华清信安科技有限公司 Security gateway and security protection system based on intelligent behavior analysis
CN110311912A (en) * 2019-07-01 2019-10-08 深信服科技股份有限公司 Cloud server, Intranet scanning client, system and Intranet remote scanning method
US20200137125A1 (en) * 2018-10-26 2020-04-30 Valtix, Inc. Managing computer security services for cloud computing platforms
CN111565202A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Intranet vulnerability attack defense method and related device
CN111787038A (en) * 2019-04-04 2020-10-16 华为技术有限公司 Method, system and computing device for providing edge service
CN112383553A (en) * 2020-11-17 2021-02-19 刘增光 Cloud and mist end collaborative defense framework method facing SDN network
CN112787985A (en) * 2019-11-11 2021-05-11 华为技术有限公司 Vulnerability processing method, management equipment and gateway equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601530A (en) * 2013-10-31 2015-05-06 中兴通讯股份有限公司 Implementing method and system for could security service
CN107294924A (en) * 2016-04-01 2017-10-24 阿里巴巴集团控股有限公司 Detection method, the device and system of leak
CN109302380A (en) * 2018-08-15 2019-02-01 全球能源互联网研究院有限公司 A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system
US20200137125A1 (en) * 2018-10-26 2020-04-30 Valtix, Inc. Managing computer security services for cloud computing platforms
CN109672671A (en) * 2018-12-12 2019-04-23 北京华清信安科技有限公司 Security gateway and security protection system based on intelligent behavior analysis
CN111787038A (en) * 2019-04-04 2020-10-16 华为技术有限公司 Method, system and computing device for providing edge service
CN110311912A (en) * 2019-07-01 2019-10-08 深信服科技股份有限公司 Cloud server, Intranet scanning client, system and Intranet remote scanning method
CN112787985A (en) * 2019-11-11 2021-05-11 华为技术有限公司 Vulnerability processing method, management equipment and gateway equipment
CN111565202A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Intranet vulnerability attack defense method and related device
CN112383553A (en) * 2020-11-17 2021-02-19 刘增光 Cloud and mist end collaborative defense framework method facing SDN network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314303A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Network security defense method and system based on whole network linkage
CN115314302A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Communication method and device based on network security grid

Similar Documents

Publication Publication Date Title
KR101057432B1 (en) System, method, program and recording medium for detection and blocking the harmful program in a real-time throught behavior analysis of the process
US8006305B2 (en) Computer worm defense system and method
US9306960B1 (en) Systems and methods for unauthorized activity defense
US11675904B1 (en) Systems and methods for protecting against malware attacks using signature-less endpoint protection
US8375444B2 (en) Dynamic signature creation and enforcement
US11012449B2 (en) Methods and cloud-based systems for detecting malwares by servers
Mukhopadhyay et al. A comparative study of related technologies of intrusion detection & prevention systems
CN113709132A (en) Security detection method and system for reducing cloud computing requirements
CA2996966A1 (en) Process launch, monitoring and execution control
US20220070185A1 (en) Method for responding to threat transmitted through communication network
CN113079185B (en) Industrial firewall control method and equipment for realizing deep data packet detection control
CN113285917A (en) Method, equipment and architecture for protecting endogenous security boundary of industrial network
Mohamed et al. A collaborative intrusion detection and prevention system in cloud computing
CN116319061A (en) Intelligent control network system
CN113596028A (en) Method and device for handling network abnormal behaviors
CN112968885A (en) Edge computing platform safety protection method and device
CN115550049A (en) Vulnerability detection method and system for Internet of things equipment
Zou et al. An approach for detection of advanced persistent threat attacks
CN112787985A (en) Vulnerability processing method, management equipment and gateway equipment
CN110719271A (en) Combined defense method for bypass flow detection equipment and terminal protection equipment
US20240031407A1 (en) Honeypot Network Management Based on Probabilistic Detection of Malicious Port Activity
KR20020072618A (en) Network based intrusion detection system
CN116723048A (en) Communication system and method in local area network
CN106856478A (en) A kind of safety detection method and device based on LAN
CN107231365B (en) Evidence obtaining method, server and firewall

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination