CN115250188B - Network security protection method, device and system - Google Patents

Network security protection method, device and system Download PDF

Info

Publication number
CN115250188B
CN115250188B CN202110458319.9A CN202110458319A CN115250188B CN 115250188 B CN115250188 B CN 115250188B CN 202110458319 A CN202110458319 A CN 202110458319A CN 115250188 B CN115250188 B CN 115250188B
Authority
CN
China
Prior art keywords
task
safety protection
protection
security
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110458319.9A
Other languages
Chinese (zh)
Other versions
CN115250188A (en
Inventor
黄昭文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Guangdong Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110458319.9A priority Critical patent/CN115250188B/en
Publication of CN115250188A publication Critical patent/CN115250188A/en
Application granted granted Critical
Publication of CN115250188B publication Critical patent/CN115250188B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a network security protection method, a device and a system, wherein the method comprises the following steps: receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from the plurality of task executors; extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library; and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected. The invention improves the efficiency and accuracy of safety protection and reduces the cost.

Description

Network security protection method, device and system
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a network security protection method, device, and system.
Background
Network security is an important guarantee for informatization construction. Network security includes firewall, anti-virus and IDS (Intrusion Detection System ), honeypot system, VPN (Virtual Private Network, virtual private network), security audit, and other technical means. Through the technical means, a certain degree of safety protection capability can be provided for the network.
The existing network security protection technology only considers the function and logic design of network security, and mainly focuses on the security protection requirement of a network security scanning and protection processing device on a detected object. However, for the scene with larger-scale network or higher safety protection requirement, the existing network safety protection technology has lower efficiency, safety protection equipment needs to be repeatedly built, the cost is higher, and the single-point centralized safety scanner is easy to be shielded to cause inaccurate detection results.
Disclosure of Invention
The invention provides a network safety protection method, device and system, which are used for solving the problems of low network safety protection efficiency, inaccuracy and high cost in the prior art, realizing the cooperation between network safety protection devices, improving the network safety protection efficiency and accuracy and reducing the cost.
The invention provides a network security protection method, which comprises the following steps:
receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from the plurality of task executors;
extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library;
and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
According to the present invention, there is provided a network security protection method, wherein the selecting, from among the plurality of task executors, a target task executor that executes a security protection task in the security protection application includes:
selecting a task executor in an available state from the plurality of task executors;
matching the security protection task with an executable security protection task list of a task executor in each available state;
Matching the security protection rule applied by the application program executing the security protection task with an executable security protection rule list of each task executor matched with the security protection task;
comparing the execution efficiency of the task executors matched with all the safety protection rules with a preset threshold value, and taking the task executors with the execution efficiency larger than the preset threshold value as target task executors.
According to the network security protection method provided by the invention, the extraction of the application program list for executing the security protection task from the security protection task application library comprises the following steps:
selecting unselected application programs from the safety protection task application library;
screening application programs supported by the target task executor from unselected application programs;
selecting an application program meeting the requirements of the safety protection task from application programs supported by the target task executor;
selecting an application program with highest security value from application programs meeting the requirements of the security protection task;
and generating the application program list according to the application program with the highest security value.
According to the network security protection method provided by the invention, the execution plan of the security protection task is obtained according to the target task executor, the security protection task, the application program list and the security protection rule list, and the method comprises the following steps:
Calculating the time for executing the safety protection task when the target task executor uses any application program in the application program list to apply the corresponding safety protection rule in the safety protection rule list;
and if the time is smaller than the preset completion time in the safety protection application, generating an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program and the safety protection rule applied by the application program.
According to the network security protection method provided by the invention, the security protection task is distributed to the target task executor according to the execution plan, and the network security protection method comprises the following steps:
calculating a first total number of the safety protection tasks in the safety protection application proposed by all the networks to be protected and a second total number of the safety protection tasks which can be executed by all the target task executors within the preset completion time;
if the second total number is smaller than the first total number, selecting the second total number of safety protection tasks from the safety protection tasks of all the safety protection applications according to the safety values of the safety protection tasks in the safety protection applications, and distributing the second total number of safety protection tasks to the task executor for execution, so that the sum of the safety values of the second total number of safety protection tasks is maximum;
The security value of the security protection task is determined according to the influence degree of security holes detected by the security protection task, the deployment number of the target objects in the network to be protected, the time when the earliest occurrence of the holes in the network to be protected is detected before the security protection task, and the time when the security protection task is executed;
the greater the influence degree is, the higher the safety value of the safety protection task is;
the larger the deployment number is, the higher the safety value of the safety protection task is;
the closer the earliest time of loopholes is to the current moment, the higher the safety value of the safety protection task is;
the shorter the time for executing the safety protection task is, the higher the safety value of the safety protection task is.
According to the network security protection method provided by the invention, the task executor for selecting the available state from the plurality of task executors further comprises:
receiving heartbeat information of the task executor, which is sent by the task executor in an available state, at intervals of a first preset time length;
under the condition that the heartbeat information of the task executor is not received in excess of a second preset duration according to the time for receiving the heartbeat information, marking the task executor as an unavailable state;
The first preset duration is smaller than or equal to the second preset duration.
The invention also provides a network safety protection device, which comprises:
the selection module is used for receiving safety protection applications proposed by a plurality of networks to be protected, and selecting a target task executor for executing the safety protection tasks in the safety protection applications from the plurality of task executors;
the extraction module is used for extracting an application program list for executing the safety protection task from the safety protection task application library and extracting a safety protection rule list applied by the application program from the safety protection rule library;
the distribution module is used for acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
The invention also provides a network security protection system, which comprises: the network safety protection device, the multiple networks to be protected, the safety protection rule base, the safety protection task application base and the multiple task executors are described above.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the network security protection methods described above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a network security protection method as described in any of the above.
According to the network safety protection method, device and system provided by the invention, the network safety protection is carried out by providing the plurality of task execution processors, so that safety detection errors caused by shielding of the single-point task execution processors are avoided; according to the safety protection task, a target task executor, an application program list and a safety protection rule list are dynamically called, so that cooperation of network safety protection equipment is realized, and the working efficiency of the network safety equipment is improved; the target task executor, the application program list and the safety protection rule list can be arranged according to the safety protection tasks, so that the method is suitable for executing various safety protection tasks, and the cost is reduced.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a network security protection method provided by the invention;
FIG. 2 is a schematic diagram of a network security method according to the present invention;
FIG. 3 is a schematic diagram of information interaction in the network security protection method provided by the invention;
FIG. 4 is a schematic diagram of a network safety device according to the present invention;
fig. 5 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The network security protection method of the present invention is described below with reference to fig. 1, including: step 101, receiving a plurality of security protection applications proposed by a network to be protected, and selecting a target task executor for executing a security protection task in the security protection applications from the plurality of task executors;
the execution subject of the present embodiment is a collaborator. The network elements involved include a network to be protected, a collaborator, a task executor, a security protection rule base and a task application base, as shown in fig. 2.
The network to be protected is a network which needs to provide security protection and comprises network equipment, a host, a terminal and other equipment.
A task executor is a device that performs network security tasks.
The security protection rule base is a database for storing network security protection related rules, and comprises information such as purposes of network ports, security holes of network services and the like.
A security task application library is a database that stores applications that can run on task executors. The security rules are input parameters for the application.
The collaborator is used for collaborating the network to be protected, the task executor, the safety protection rule base and the safety protection task application base to implement the network safety protection task.
Optionally, the network to be safeguarded needs to be authorized by the coordinator before applying for security protection to the coordinator. The authorized network to be protected needs to register with the coordinator and register the network to be protected in the coordinator. The registration information includes a network name, an IP address of a network to be protected, a service type, a security level, a management department, responsible person information, contact information, and the like, as shown in table 1. Depending on the network size, there may be multiple networks to be secured for registration.
Table 1 registration information example of network to be protected
Before the task executor performs cooperation, the task executor needs to pass the authentication of the cooperative executor. The task executor that obtains the authentication needs to register with the collaborator, and register the task executor of the available state in the collaborator. The registration information includes the name of the task executor, the IP address, the list of executable security protection tasks, the list of executable security protection rules, the execution efficiency, the network bandwidth, the management department, the responsible person information, the contact information, and the like, as shown in table 2. The executable safety protection task list stores safety protection tasks which can be executed by the task executor, and the executable safety protection rule list stores safety protection rules supported by the task executor.
Table 2 registration information example of task executors
In order to increase the overall processing capacity of the task executors, a plurality of task executors may register with the collaborators. To achieve efficient utilization of the security guard task execution capability, the registration operation may be performed dynamically.
Optionally, when the task executor no longer performs the security task, the collaborator is sent with exit registration information, as shown in Table 3.
Table 3 example of logout registration information for task executors
Task executor name IP address Whether or not to be online Transmission time
scanner1 2.2.2.2 Whether or not 2020-11-20 11:20
The embodiment establishes a dynamic joining and exiting mechanism of the task executor, and realizes the multi-mode expansion of the security service network.
And when the network to be protected needs the security protection service, applying for the collaborator. The content of the application includes the type of security task and the target object. The types of security tasks include scanning, ping (Packet Internet Groper, packet explorer) detection, penetration, weak password detection, etc. The target object is a device in the network to be safeguarded.
After receiving the safety protection application, the collaborator selects a task executor which can be used for executing the safety protection task of the application from a plurality of registered task executors, and takes the selected task executor as a target task executor.
The same security protection task exists in the security protection tasks which are applied for execution by a plurality of networks to be protected at the current moment. A respective target task executor is selected for each of the safety protection tasks.
Step 102, extracting an application program list for executing the security protection task from a security protection task application library, and extracting a security protection rule list applied by the application program from a security protection rule library;
the application program list is an application program composition list which is extracted from a security protection task application library and can execute security protection tasks. The security rule list is a list of security rules required by an application program executing a security task extracted from a security rule base.
And under the condition that the safety protection rule applied by the application program does not exist in the safety protection rule base, updating the safety protection rule base in time.
Step 103, according to the target task executor, the security protection task, the application program list and the security protection rule list, an execution plan of the security protection task is obtained, and the security protection task is distributed to the target task executor according to the execution plan so that the target task executor can execute the security protection task on the network to be protected.
And the collaborator plans an execution plan of the safety protection task according to the condition of the current task executor. The present embodiment is not limited to a specific planning method.
For example, the collaborator issues the security scan task to the task executor according to the execution plan. Optionally, the task content includes a scan object, a scan start time, a scan end time, a scan application list, and a scan rule base list.
And the task executor executes the security protection task to the network to be protected according to the task content, and feeds back the security scanning task execution result to the collaborator.
And the collaborator feeds back the scanning result to the network to be protected after collecting the scanning result of the task executor. The information interaction process is shown in fig. 3.
In the embodiment, network safety protection is performed by providing a plurality of task execution processors, so that safety detection errors caused by shielding of single-point task execution processors are avoided; according to the safety protection task, a target task executor, an application program list and a safety protection rule list are dynamically called, so that cooperation of network safety protection equipment is realized, and the working efficiency of the network safety equipment is improved; the target task executor, the application program list and the safety protection rule list can be arranged according to the safety protection tasks, so that the method is suitable for executing various safety protection tasks, and the cost is reduced.
On the basis of the foregoing embodiment, in this embodiment, the selecting, from the plurality of task executors, a target task executor that executes a security task in the security application includes: selecting a task executor in an available state from the plurality of task executors;
after receiving the security protection application of the network to be protected, the collaborator firstly inquires whether the task executors in the available states exist in the registered task executors.
Matching the security protection task with an executable security protection task list of a task executor in each available state;
matching the security protection rule applied by the application program executing the security protection task with an executable security protection rule list of each task executor matched with the security protection task;
comparing the execution efficiency of the task executors matched with all the safety protection rules with a preset threshold value, and taking the task executors with the execution efficiency larger than the preset threshold value as target task executors.
And judging whether the executable safety protection task list, the executable safety protection rule list and the execution efficiency registered by the task executor in the available state meet the requirements of the applied safety protection task.
And if the requirements are met, taking the task executors meeting the requirements as target task executors, and extracting an application program list of the safety protection tasks from the safety protection task application library and extracting a safety protection rule list applied by the application program list from the safety protection rule library.
Otherwise, the collaborator returns a message that the safety protection application cannot be processed to the network to be protected, and indicates the reason.
On the basis of the foregoing embodiment, in this embodiment, extracting, from a secure protection task application library, an application program list for executing the secure protection task includes: selecting unselected application programs from the safety protection task application library;
application a is selected from the security protection task application library a, first requiring that a not be selected yet. If a is selected, it indicates that a is already occupied and cannot be used for the current security task.
Screening application programs supported by the target task executor from unselected application programs;
second, the application program a is required to be supportable by the target task executor s. The target task executor s performs the security protection task by running the application program a. If s does not support a, a cannot run on s, and thus cannot perform the security protection task.
Selecting an application program meeting the requirements of the safety protection task from application programs supported by the target task executor;
meanwhile, the application program a is required to meet the requirement of the security protection task t, for example, the application program a can execute t, and the application program a can finish t within the set time limit.
Selecting an application program with highest security value from application programs meeting the requirements of the security protection task; and generating the application program list according to the application program with the highest security value.
Finally, application a is required to have the highest security value among all the selectable applications. The security value of an application is determined comprehensively by the following dimensions: the greater the influence degree u1 of the application program corresponding to the security hole is, the higher the security value is; the application program corresponds to the deployment quantity u2 of the detection objects in the network to be protected, and the more the application program is, the higher the safety value is; the earliest time u3 when the application program detects the loopholes, the newer the security value is, the higher the security value is; the faster the application occupies the runtime u4, the higher the security value.
Based on the foregoing embodiments, in this embodiment, the obtaining an execution plan of the security protection task according to the target task executor, the security protection task, the application program list and the security protection rule list includes: calculating the time for executing the safety protection task t when the target task executor s uses any application program a in the application program list A to apply the corresponding safety protection rule R in the safety protection rule list R;
And estimating the time for the target task executor to execute the safety protection task according to the execution efficiency of the target executor and the size of the application program operated by the target executor. The higher the execution efficiency, the smaller the application, the shorter the time to perform the security protection task.
And if the time is smaller than the preset completion time in the safety protection application, generating an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program and the safety protection rule applied by the application program.
The safety protection application carries preset completion time of the safety protection task. The preset completion time is quantized to the duration of the safety protection task from the start to the end of execution.
If the time for executing the safety protection task does not exceed the preset completion time, (s, t, a, r) is added to the execution plan X, the execution state and the occupied resource state of s are updated, and the mark a is selected.
And generating a corresponding execution plan for each security protection task in the security protection application proposed by the network to be protected.
The pseudo code generated by the execution plan is as follows:
on the basis of the foregoing embodiment, in this embodiment, the allocating the security protection task to the target task executor according to the execution plan includes: calculating a first total number of the safety protection tasks in the safety protection application proposed by all the networks to be protected and a second total number of the safety protection tasks which can be executed by all the target task executors within the preset completion time;
Assuming that M networks to be protected are provided, the number of security protection tasks applied by the network M to be protected is t m The first total is:
assuming that N task executors are provided, the number of the task executors N for executing the safety protection tasks in unit time is x n The total processing capacity of the n task executors in a unit time is as follows:
and calculating a second total number q of executable safety protection tasks in the preset completion time according to the total processing capacity.
If the second total number is smaller than the first total number, selecting the second total number of safety protection tasks from the safety protection tasks of all the safety protection applications according to the safety values of the safety protection tasks in the safety protection applications, and distributing the second total number of safety protection tasks to the task executor for execution, so that the sum of the safety values of the second total number of safety protection tasks is maximum;
in the case where q is less than the first total, q security tasks are selected for execution such that the sum of security values is maximized, i.eWherein v is i Is the security value of the ith security protection task.
The security value of the security protection task is determined according to the influence degree of security holes detected by the security protection task, the deployment number of the target objects in the network to be protected, the time when the earliest occurrence of the holes in the network to be protected is detected before the security protection task, and the time when the security protection task is executed;
The greater the influence degree is, the higher the safety value of the safety protection task is;
for example, 150 at the highest and 100 at the lowest, and the magnitude of the influence degree is linearly distributed in this range.
The larger the deployment number is, the higher the safety value of the safety protection task is;
for example, 99 at the highest and 70 at the lowest, and are linearly distributed in this range according to how many deployments are.
The closer the earliest time of loopholes is to the current moment, the higher the safety value of the safety protection task is;
for example, 69 is the highest, 50 is the lowest, and the linear distribution is within this range according to the length of the time period from the current time.
The shorter the time for executing the safety protection task is, the higher the safety value of the safety protection task is.
For example, the highest value is 49, the lowest value is 0, and the linear distribution is within this range according to the shorter time.
The content of the security application includes the type of security task, the target object, the completion time limit, the security value, and the like, thereby quantifying the security application. Table 4 illustrates the security scan task as an example.
Table 4 example of content of security application
Type of security task Target object Presetting a completion time limit Safety value
scan 5GSvr1 1 hour 130
On the basis of the foregoing embodiment, in this embodiment, the task executor that selects the available state from the plurality of task executors further includes: receiving heartbeat information of the task executor, which is sent by the task executor in an available state, at intervals of a first preset time length;
the task executor periodically sends heartbeat information to the collaborator during the available state based on TCP (Transmission Control Protocol ). The contents of the heartbeat information are shown in table 5.
Table 5 content examples of heartbeat information
Task executor name IP address Whether or not to be online Transmission time
scanner1 2.2.2.2 Is that 2020-11-20 11:20
Under the condition that the heartbeat information of the task executor is not received in excess of a second preset duration according to the time for receiving the heartbeat information, marking the task executor as an unavailable state; the first preset duration is smaller than or equal to the second preset duration.
When the task executor cannot send heartbeat information within the required second preset time period, the collaborator marks the task executor as unavailable. The second preset duration may be adjusted according to the network size.
According to the embodiment, the task executors register with the collaborators and update the states, so that the management of the task executors is realized, and the network security protection processing capacity is improved.
The network security protection device provided by the invention is described below, and the network security protection device described below and the network security protection method described above can be referred to correspondingly.
As shown in fig. 4, the apparatus includes a selection module 401, an extraction module 402, and an allocation module 403, wherein:
the selection module 401 is configured to receive security protection applications proposed by a plurality of networks to be protected, and select a target task executor for executing a security protection task in the security protection applications from the plurality of task executors;
the network element related to the embodiment comprises a network to be protected, a collaborator, a task executor, a safety protection rule base and a safety protection task application base.
And when the network to be protected needs the security protection service, applying for the collaborator. The content of the application includes the type of security task and the target object. Types of security tasks include scanning, ping detection, penetration, weak password detection, and the like. The target object is a device in the network to be safeguarded.
Upon receiving the security application, the selection module 401 selects task executors that can be used to execute the security application task from the registered plurality of task executors, and uses the selected task executors as target task executors.
The extracting module 402 is configured to extract an application program list for executing the security protection task from a security protection task application library, and extract a security protection rule list for the application program application from a security protection rule library;
the application program list is an application program composition list which is extracted from a security protection task application library and can execute security protection tasks. The security rule list is a list of security rules required by an application program executing a security task extracted from a security rule base.
The allocation module 403 is configured to obtain an execution plan of the security protection task according to the target task executor, the security protection task, the application program list, and the security protection rule list, and allocate the security protection task to the target task executor according to the execution plan, so that the target task executor executes the security protection task on the network to be protected.
The distribution module 403 plans an execution plan of the safety protection task according to the situation of the current task executor. The present embodiment is not limited to a specific planning method.
And the task executor executes the security protection task to the network to be protected according to the task content, and feeds back the security scanning task execution result to the collaborator.
And the collaborator feeds back the scanning result to the network to be protected after collecting the scanning result of the task executor.
In the embodiment, network safety protection is performed by providing a plurality of task execution processors, so that safety detection errors caused by shielding of single-point task execution processors are avoided; according to the safety protection task, a target task executor, an application program list and a safety protection rule list are dynamically called, so that cooperation of network safety protection equipment is realized, and the working efficiency of the network safety equipment is improved; the target task executor, the application program list and the safety protection rule list can be arranged according to the safety protection tasks, so that the method is suitable for executing various safety protection tasks, and the cost is reduced.
On the basis of the above embodiment, the selection module in this embodiment is used for: selecting a task executor in an available state from the plurality of task executors; matching the security protection task with an executable security protection task list of a task executor in each available state; matching the security protection rule applied by the application program executing the security protection task with an executable security protection rule list of each task executor matched with the security protection task; comparing the execution efficiency of the task executors matched with all the safety protection rules with a preset threshold value, and taking the task executors with the execution efficiency larger than the preset threshold value as target task executors.
On the basis of the above embodiment, the extraction module in this embodiment is configured to: selecting unselected application programs from the safety protection task application library; screening application programs supported by the target task executor from unselected application programs; selecting an application program meeting the requirements of the safety protection task from application programs supported by the target task executor; selecting an application program with highest security value from application programs meeting the requirements of the security protection task; and generating the application program list according to the application program with the highest security value.
On the basis of the above embodiments, the allocation module in this embodiment is configured to: calculating the time for executing the safety protection task when the target task executor uses any application program in the application program list to apply the corresponding safety protection rule in the safety protection rule list; and if the time is smaller than the preset completion time in the safety protection application, generating an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program and the safety protection rule applied by the application program.
On the basis of the above embodiment, the allocation module in this embodiment is configured to: calculating a first total number of the safety protection tasks in the safety protection application proposed by all the networks to be protected and a second total number of the safety protection tasks which can be executed by all the target task executors within the preset completion time;
if the second total number is smaller than the first total number, selecting the second total number of safety protection tasks from the safety protection tasks of all the safety protection applications according to the safety values of the safety protection tasks in the safety protection applications, and distributing the second total number of safety protection tasks to the task executor for execution, so that the sum of the safety values of the second total number of safety protection tasks is maximum;
the security value of the security protection task is determined according to the influence degree of security holes detected by the security protection task, the deployment number of the target objects in the network to be protected, the time when the earliest occurrence of the holes in the network to be protected is detected before the security protection task, and the time when the security protection task is executed;
the greater the influence degree is, the higher the safety value of the safety protection task is; the larger the deployment number is, the higher the safety value of the safety protection task is; the closer the earliest time of loopholes is to the current moment, the higher the safety value of the safety protection task is; the shorter the time for executing the safety protection task is, the higher the safety value of the safety protection task is.
On the basis of the above embodiment, the present embodiment further includes a marking module, configured to receive heartbeat information of the task executor sent by the task executor in an available state at intervals of a first preset duration; under the condition that the heartbeat information of the task executor is not received in excess of a second preset duration according to the time for receiving the heartbeat information, marking the task executor as an unavailable state; the first preset duration is smaller than or equal to the second preset duration.
Fig. 5 illustrates a physical schematic diagram of an electronic device, as shown in fig. 5, which may include: processor 510, communication interface (Communications Interface) 520, memory 530, and communication bus 540, wherein processor 510, communication interface 520, memory 530 complete communication with each other through communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform a network security protection method comprising: receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from the plurality of task executors; extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library; and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
Further, the logic instructions in the memory 530 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the network security protection method provided by the above methods, the method comprising: receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from the plurality of task executors; extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library; and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the above-provided network security protection methods, the method comprising: receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from the plurality of task executors; extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library; and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of protecting network security, comprising:
receiving a plurality of safety protection applications proposed by a network to be protected, and selecting a target task executor for executing a safety protection task in the safety protection applications from a plurality of task executors;
extracting an application program list for executing the safety protection task from a safety protection task application library, and extracting a safety protection rule list of the application program application from a safety protection rule library; the safety protection task is executed by an application program which can run on a task executor and takes the safety protection rule as an input parameter;
and acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
2. The network security protection method according to claim 1, wherein the selecting a target task executor that executes a security protection task in the security protection application from a plurality of task executors includes:
Selecting a task executor in an available state from the plurality of task executors;
matching the security protection task with an executable security protection task list of a task executor in each available state;
matching the security protection rule applied by the application program executing the security protection task with an executable security protection rule list of each task executor matched with the security protection task;
comparing the execution efficiency of the task executors matched with all the safety protection rules with a preset threshold value, and taking the task executors with the execution efficiency larger than the preset threshold value as target task executors.
3. The network security protection method according to claim 1, wherein the extracting an application program list for executing the security protection task from a security protection task application library includes:
selecting unselected application programs from the safety protection task application library;
screening application programs supported by the target task executor from unselected application programs;
selecting an application program meeting the requirements of the safety protection task from application programs supported by the target task executor;
Selecting an application program with highest security value from application programs meeting the requirements of the security protection task;
and generating the application program list according to the application program with the highest security value.
4. A network security protection method according to any one of claims 1 to 3, wherein the obtaining, according to the target task executor, the security protection task, the application program list, and the security protection rule list, an execution plan of the security protection task includes:
calculating the time for executing the safety protection task when the target task executor uses any application program in the application program list to apply the corresponding safety protection rule in the safety protection rule list;
and if the time is smaller than the preset completion time in the safety protection application, generating an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program and the safety protection rule applied by the application program.
5. The network security protection method of claim 4, wherein the assigning the security protection task to the target task executor according to the execution plan comprises:
Calculating a first total number of the safety protection tasks in the safety protection application proposed by all the networks to be protected and a second total number of the safety protection tasks which can be executed by all the target task executors within the preset completion time;
if the second total number is smaller than the first total number, selecting the second total number of safety protection tasks from the safety protection tasks of all the safety protection applications according to the safety values of the safety protection tasks in the safety protection applications, and distributing the second total number of safety protection tasks to the task executor for execution, so that the sum of the safety values of the second total number of safety protection tasks is maximum;
the security value of the security protection task is determined according to the influence degree of security holes detected by the security protection task, the deployment number of target objects in the network to be protected, the time when the earliest occurrence of the holes in the network to be protected is detected before the security protection task, and the time when the security protection task is executed;
the greater the influence degree is, the higher the safety value of the safety protection task is;
the larger the deployment number is, the higher the safety value of the safety protection task is;
The closer the earliest time of loopholes is to the current moment, the higher the safety value of the safety protection task is;
the shorter the time for executing the safety protection task is, the higher the safety value of the safety protection task is.
6. The network security method of claim 2, wherein the selecting a task executor of the plurality of task executors that is available further comprises:
receiving heartbeat information of the task executor, which is sent by the task executor in an available state, at intervals of a first preset time length;
under the condition that the heartbeat information of the task executor is not received in excess of a second preset duration according to the time for receiving the heartbeat information, marking the task executor as an unavailable state;
the first preset duration is smaller than or equal to the second preset duration.
7. A network security appliance, comprising:
the selection module is used for receiving safety protection applications proposed by a plurality of networks to be protected, and selecting a target task executor for executing the safety protection tasks in the safety protection applications from a plurality of task executors;
the extraction module is used for extracting an application program list for executing the safety protection task from the safety protection task application library and extracting a safety protection rule list applied by the application program from the safety protection rule library; the safety protection task is executed by an application program which can run on a task executor and takes the safety protection rule as an input parameter;
The distribution module is used for acquiring an execution plan of the safety protection task according to the target task executor, the safety protection task, the application program list and the safety protection rule list, and distributing the safety protection task to the target task executor according to the execution plan so as to enable the target task executor to execute the safety protection task on the network to be protected.
8. A network security protection system, comprising the network security protection apparatus of claim 7, a plurality of networks to be protected, a security protection rule base, a security protection task application base, and a plurality of task executors.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the network security protection method of any of claims 1 to 6 when the program is executed by the processor.
10. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the steps of the network security protection method according to any of claims 1 to 6.
CN202110458319.9A 2021-04-27 2021-04-27 Network security protection method, device and system Active CN115250188B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110458319.9A CN115250188B (en) 2021-04-27 2021-04-27 Network security protection method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110458319.9A CN115250188B (en) 2021-04-27 2021-04-27 Network security protection method, device and system

Publications (2)

Publication Number Publication Date
CN115250188A CN115250188A (en) 2022-10-28
CN115250188B true CN115250188B (en) 2023-09-19

Family

ID=83697118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110458319.9A Active CN115250188B (en) 2021-04-27 2021-04-27 Network security protection method, device and system

Country Status (1)

Country Link
CN (1) CN115250188B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104239797A (en) * 2014-10-13 2014-12-24 北京奇虎科技有限公司 Active defense method and device
CN106406983A (en) * 2015-07-27 2017-02-15 阿里巴巴集团控股有限公司 Task scheduling method and device in cluster
CN109445797A (en) * 2018-10-24 2019-03-08 北京奇虎科技有限公司 Handle task executing method and device
CN111198863A (en) * 2019-12-27 2020-05-26 天阳宏业科技股份有限公司 Rule engine and implementation method thereof
US10693901B1 (en) * 2015-10-28 2020-06-23 Jpmorgan Chase Bank, N.A. Techniques for application security

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8627442B2 (en) * 2011-05-24 2014-01-07 International Business Machines Corporation Hierarchical rule development and binding for web application server firewall

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104239797A (en) * 2014-10-13 2014-12-24 北京奇虎科技有限公司 Active defense method and device
CN106406983A (en) * 2015-07-27 2017-02-15 阿里巴巴集团控股有限公司 Task scheduling method and device in cluster
US10693901B1 (en) * 2015-10-28 2020-06-23 Jpmorgan Chase Bank, N.A. Techniques for application security
CN109445797A (en) * 2018-10-24 2019-03-08 北京奇虎科技有限公司 Handle task executing method and device
CN111198863A (en) * 2019-12-27 2020-05-26 天阳宏业科技股份有限公司 Rule engine and implementation method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
规则引擎在装备保障管理系统中的应用;李夫新;于书举;;计算机与信息技术(第06期);第1-16页 *

Also Published As

Publication number Publication date
CN115250188A (en) 2022-10-28

Similar Documents

Publication Publication Date Title
CN109076063B (en) Protecting dynamic and short-term virtual machine instances in a cloud environment
US11288398B2 (en) Systems, methods, and devices for obfuscation of browser fingerprint data on the world wide web
US8032920B2 (en) Policies as workflows
CN102484640B (en) For solving the method and apparatus of the threat detected
US20150095994A1 (en) Systems and methods for profiling client devices
CN112685682B (en) Method, device, equipment and medium for identifying forbidden object of attack event
CN110609937A (en) Crawler identification method and device
CN104021141A (en) Method, device and system for data processing and cloud service
CN107995013B (en) Customer service distribution method and device
Van Do An efficient solution to a retrial queue for the performability evaluation of DHCP
CN111917769A (en) Automatic handling method and device of security event and electronic equipment
US9866587B2 (en) Identifying suspicious activity in a load test
CN110691042A (en) Resource allocation method and device
CN104980421A (en) Method and system for processing batch requests
CN112702321B (en) Distributed transaction current limiting method, device, equipment and storage medium
CN112235428B (en) Call request processing method and device, computer equipment and storage medium
CN107995062B (en) RPC-based traffic management integrated platform remote service real-time processing method and system
CN115250188B (en) Network security protection method, device and system
CN102693163A (en) Response communication method in application on on-line application platform and on-line application platform
Liu et al. A clusterized firewall framework for cloud computing
CN106936643B (en) Equipment linkage method and terminal equipment
CN110913019A (en) Security protection method and device for cloud service
CN106254375B (en) A kind of recognition methods of hotspot equipment and device
US20150156078A1 (en) Method and system for dynamically shifting a service
CN109525553B (en) Transmission protection method, intermediate device, server and system for URL (Uniform resource locator) request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant