Summary of the invention
The objective of the invention is in order to solve the prior art illegitimate traffic problem that the caused Network Security Device that is positioned on the individual layer can't be controlled illegitimate traffic when the network interflow of high/low position comprehensively.
For achieving the above object, the invention provides a kind of flow linkage control method, comprising:
Obtain the network traffics data of each network layer;
If have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control;
If described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
The present invention also provides a kind of flow linkage control device, comprising:
Acquisition module is used to obtain the network traffics data of each network layer;
First judge module is used for judging whether described abnormal flow belongs to the illegitimate traffic that need control if there is abnormal flow in described network traffics data;
Processing module, be used for if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
The present invention provides a kind of flow coordinated control system again, comprising:
Network Security Device is used for described illegitimate traffic is handled, and described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to;
The network security decision device, be used to obtain the network traffics data of each network layer, if have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control, if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on relevant each network layer with described illegitimate traffic to the control that links of described illegitimate traffic.
The present invention passes through network traffics data acquisition, analysis in each layer network safety means compass of competency, gather into network security control decision device, trigger each layer network safety means to the illegitimate traffic control that links, realize the mode of operation of high/low position Network Security Device teamwork, thereby remove comprehensively or tackle the illegitimate traffic in the network, improve the fail safe of network and the ability that the opposing malicious traffic stream is attacked.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is the flow chart of flow linkage control method first embodiment of the present invention, and as shown in Figure 1, flow linkage control method of the present invention comprises:
Step 100, network security decision device are obtained the network traffics data of each network layer;
If have abnormal flow in the network traffics data of each network layer that step 101 gets access to, then the network security decision device judges whether this abnormal flow belongs to the illegitimate traffic that need control;
Wherein, abnormal flow may be divided into multiple situation, such as, if this abnormal flow only be flow greatly but do not have the malicious attack situation, then this abnormal flow does not belong to illegitimate traffic, do not need it is controlled,, need control it if flow size is normal but exist malicious attack then to belong to illegitimate traffic.
If this abnormal flow of step 102 belongs to the illegitimate traffic that need control, then the network security decision device is according to the type and the flow direction of this illegitimate traffic, triggers Network Security Device on each network layer relevant with this illegitimate traffic to the control that links of this illegitimate traffic.
The network security decision device is obtained the network traffics data of each network layer in the present embodiment, when the abnormal flow in the network traffics data is the illegitimate traffic that need control, the Network Security Device that the network security decision device triggers on each network layer relevant with this illegitimate traffic is handled this illegitimate traffic, because illegitimate traffic may flow to the low level network layer or flow to high-order network layer from the low level network layer from high-order network layer, therefore, trigger the Network Security Device that inserts on the heterogeneous networks layer simultaneously by the network security decision device, realized the jointly controlling and processing simultaneously of each layer network safety means at illegitimate traffic.
Fig. 2 is the flow chart of flow linkage control method second embodiment of the present invention, and as shown in Figure 2, on the basis of first embodiment, further, flow linkage control method can be specially following steps:
Step 200, network security decision device are obtained the network traffics data of the data acquisition equipment collection of each network layer; Be specially the data acquisition equipment that inserts on each network layer the network traffics data that collect are sent to the network security decision device.
Step 201, network security decision device judge in the network traffics data that get access to whether have abnormal flow; Be that the network security decision device is carried out the parameter analysis to the network traffics data that get access to, judge whether to exceed proper network flow parameter scope, network traffics data analysis result exceeds proper network flow parameter scope, then has abnormal flow; If there is not abnormal flow, then continue execution in step 201, if there is then execution in step 202;
Step 202, network security decision device judge whether this abnormal flow belongs to the illegitimate traffic that need control; Wherein, judge whether abnormal flow belongs to the illegitimate traffic that need control referring to first embodiment; If abnormal flow does not belong to illegitimate traffic, then continue execution in step 202, otherwise execution in step 203;
Step 203, network security decision device are analyzed the network layer relevant with illegitimate traffic and the type of this illegitimate traffic, and according to the Network Security Device inventory and the Network Security Device of each network layer of this illegitimate traffic of analysis result generation processing illegitimate traffic are handled performed operational order;
Wherein, analyzing the network layer relevant with illegitimate traffic and the type of this illegitimate traffic is specially: analyze which network layer is this illegitimate traffic be present in and which network layer the source is, this illegitimate traffic is which network layer to flow to which network layer from, analyzes the size and the type of this illegitimate traffic.According to the result who analyzes, be the illegitimate traffic particular type and the flow direction, specify the Network Security Device that participates in handling this illegitimate traffic, these Network Security Devices are distributed in and exist in each network layer that illegitimate traffic or illegitimate traffic will flow to, according to specifying the Network Security Device that participates in handling illegitimate traffic, generate the Network Security Device inventory of this illegitimate traffic of control, generate these Network Security Devices simultaneously and carry out the operational order of handling operation.
Step 204, network security decision device are sent to each Network Security Device with Network Security Device inventory and operational order, to trigger Network Security Device on each network layer relevant with illegitimate traffic to the control that links of this illegitimate traffic; Be that the network security decision device triggers the Network Security Device on each relevant network layer of illegitimate traffic simultaneously, start Network Security Device the illegitimate traffic control that links.
Step 205, after Network Security Device is handled the illegitimate traffic EO, the network security decision device resets to carry out handling illegitimate traffic network operating safety means.
Present embodiment is at dissimilar, the illegitimate traffic that flows to is specified corresponding Network Security Device, carry out the operation of handling illegitimate traffic according to specific operational order, make illegitimate traffic flow into the low level network layer or when the low level network layer flows into high-order network layer from high-order network layer, Network Security Device in high-order network layer and the low level network layer by the appointment of network security decision device, can handle the operation of illegitimate traffic according to the operational order that the network security decision device sends simultaneously, make the network safety equipment linkage control of heterogeneous networks layer, realize illegitimate traffic has been carried out comprehensive control.
Fig. 3 is the structure chart of flow linkage control device first embodiment of the present invention, as shown in Figure 3, the flow linkage control device of present embodiment comprises: acquisition module 301, first judge module 302 and processing module 303, wherein, acquisition module 301 is used to obtain the network traffics data of each network layer, and the network traffics data on each network layer are gathered; First judge module 302 is used for if there is abnormal flow in the network traffics data, judges whether abnormal flow belongs to the illegitimate traffic of needs control, and this deterministic process is referring to a last embodiment; Processing module 303 is used for if abnormal flow belongs to illegitimate traffic, then according to the type and the flow direction of this illegitimate traffic, triggers Network Security Device on each network layer relevant with this illegitimate traffic to the control that links of this illegitimate traffic.
The flow linkage control device of present embodiment gathers the network traffics data of each network layer, by triggering the Network Security Device on each relevant network layer of illegitimate traffic, the illegitimate traffic that the needs that exist are handled is handled, thereby make the problem that the Network Security Device on each layer may flow between high and low network layer at illegitimate traffic carry out interlock control, make illegitimate traffic obtain comprehensive control.
Fig. 4 is the structure chart of flow linkage control device second embodiment of the present invention, as shown in Figure 4, the flow linkage control device comprises acquisition module 301, first judge module 302 and processing module 303, on this basis, the flow linkage control device can also comprise: second judge module 304, analysis module 305, instruction generation module 306 and sending module 307, wherein, second judge module 304 is used for judging whether the network traffics data exist abnormal flow, analysis module 305 is used to analyze the network layer relevant with illegitimate traffic and the type of illegitimate traffic, instruction generation module 306 is used for generating the Network Security Device inventory of each network layer of handling illegitimate traffic and the operational order that Network Security Device is handled illegitimate traffic according to analysis result, sending module 307 is used for Network Security Device inventory and operational order are sent to each Network Security Device, to trigger Network Security Device on each network layer relevant with illegitimate traffic to the illegitimate traffic control that links.
Present embodiment is by analyzing dissimilar, the flow direction of illegitimate traffic, specify the Network Security Device of corresponding each network layer, control the operation of illegitimate traffic according to specific operational order, make illegitimate traffic when the heterogeneous networks interflow, thereby reached the interlock of the Network Security Device of heterogeneous networks layer, the illegitimate traffic of malice has been carried out comprehensive control.
Fig. 5 is the structure chart of flow coordinated control system first embodiment of the present invention, as shown in Figure 5, flow coordinated control system of the present invention comprises: Network Security Device 501 and network security decision device 502, wherein, Network Security Device 501 is used for illegitimate traffic is handled, network security decision device 502 is used to obtain the network traffics data of each network layer, if have abnormal flow in these network traffics data, judge then whether abnormal flow belongs to the illegitimate traffic that need control, if abnormal flow belongs to illegitimate traffic, then according to the type and the flow direction of illegitimate traffic, trigger the control that links of 501 pairs of illegitimate traffic of Network Security Device on each network layer relevant with illegitimate traffic.
In the present embodiment, because equal access network safety means on each network layer, after the network security decision device has been obtained the network traffics data of each network layer, the Network Security Device that triggers on each network layer is handled the network traffics data that have illegitimate traffic, promptly trigger the Network Security Device of heterogeneous networks layer simultaneously by the network security decision device, make each layer network safety means linkage control illegitimate traffic, realize comprehensive control illegitimate traffic.
Fig. 6 is the structure chart of flow coordinated control system second embodiment of the present invention, as shown in Figure 6, the flow coordinated control system comprises Network Security Device 501 and network security decision device 502, on this basis, the flow coordinated control system can also comprise: data acquisition equipment 503, be used to gather the network traffics data on each network layer, and the network traffics data are sent to network security decision device 502, be that the network traffics data that the data acquisition equipment 503 on each network layer collects on the network layer separately gather to network security decision device 502, further, network security decision device 502 can also comprise: acquisition module 511, first judge module 512 and processing module 513, acquisition module 511 is used to obtain the network traffics data of each network layer, first judge module 512 is used for if there is abnormal flow in the network traffics data, judge whether abnormal flow belongs to the illegitimate traffic that need control, processing module 513 is used for if abnormal flow belongs to the illegitimate traffic that need control, then according to the type and the flow direction of illegitimate traffic, trigger the control that links of 501 pairs of illegitimate traffic of Network Security Device on each network layer relevant with illegitimate traffic.
In the present embodiment, the network traffics data that collected by the data acquisition equipment in each network layer all are aggregated into the network security decision device, the network security decision device is analyzed the network traffics data that have illegitimate traffic that receive, and the Network Security Device that triggers each layer is comprehensively controlled illegitimate traffic.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not break away from the spirit and scope of technical solution of the present invention.