CN103281333A - 数据流的转发方法及装置 - Google Patents
数据流的转发方法及装置 Download PDFInfo
- Publication number
- CN103281333A CN103281333A CN2013102395222A CN201310239522A CN103281333A CN 103281333 A CN103281333 A CN 103281333A CN 2013102395222 A CN2013102395222 A CN 2013102395222A CN 201310239522 A CN201310239522 A CN 201310239522A CN 103281333 A CN103281333 A CN 103281333A
- Authority
- CN
- China
- Prior art keywords
- data flow
- health
- health degree
- firewall policy
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000036541 health Effects 0.000 claims abstract description 194
- 230000008878 coupling Effects 0.000 claims description 8
- 238000010168 coupling process Methods 0.000 claims description 8
- 238000005859 coupling reaction Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 4
- 206010000117 Abnormal behaviour Diseases 0.000 abstract description 5
- 230000003862 health status Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000011156 evaluation Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 235000019788 craving Nutrition 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
组 | 源地址 | 源端口 | 目的地址 | 目的端口 | 协议 | 动作 |
SSL | Any | Any | Intranet_Server | Any | Any | 不允许 |
Engineer | Any | Any | Eng_Server | Any | Any | 允许 |
Any | Eng_IPs | Any | Any | Any | Any | 允许 |
Any | Any | Any | Email_Server | Any | Any | 允许 |
对象(源IP地址) | 健康度 |
10.0.0.1 | 健康 |
10.0.0.2 | 亚健康 |
10.0.0.3 | 不健康 |
10.0.0.4 | 健康 |
健康状态 | 用户/组 | 源地址 | 源端口 | 目的地址 | 目的端口 | 协议 | 动作 |
不健康 | Any | Any | Any | Internet | Any | Any | 允许 |
不健康 | Any | Any | Any | Any | Any | Any | 不允许 |
健康 | Finance | Any | Any | ERP_Svr | Any | Any | 允许 |
健康,亚健康 | Any | Any | Any | Email_Svr | Any | Any | 允许 |
Claims (10)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310239522.2A CN103281333B (zh) | 2013-06-17 | 2013-06-17 | 数据流的转发方法及装置 |
US14/449,109 US9954898B2 (en) | 2013-06-17 | 2014-07-31 | Data flow forwarding method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310239522.2A CN103281333B (zh) | 2013-06-17 | 2013-06-17 | 数据流的转发方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103281333A true CN103281333A (zh) | 2013-09-04 |
CN103281333B CN103281333B (zh) | 2016-12-28 |
Family
ID=49063780
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310239522.2A Active CN103281333B (zh) | 2013-06-17 | 2013-06-17 | 数据流的转发方法及装置 |
Country Status (2)
Country | Link |
---|---|
US (1) | US9954898B2 (zh) |
CN (1) | CN103281333B (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9311123B2 (en) | 2013-07-02 | 2016-04-12 | Hillstone Networks, Corp. | Distributed virtual security appliance and flow-based forwarding system using virtual machines |
CN106664245A (zh) * | 2014-08-19 | 2017-05-10 | 高通股份有限公司 | 使用多连接来对业务进行多播 |
WO2018161802A1 (zh) * | 2017-03-09 | 2018-09-13 | 华为技术有限公司 | 一种业务流的控制方法及装置 |
CN108650215A (zh) * | 2018-03-19 | 2018-10-12 | 山东超越数控电子股份有限公司 | 一种基于标签的网安设备网络数据流预处理方法 |
CN109995794A (zh) * | 2019-04-15 | 2019-07-09 | 深信服科技股份有限公司 | 一种安全防护系统、方法、设备及存储介质 |
CN111147528A (zh) * | 2020-04-03 | 2020-05-12 | 四川新网银行股份有限公司 | 管理网络安全策略的方法 |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10097546B2 (en) * | 2015-07-22 | 2018-10-09 | Verizon Patent And Licensing Inc. | Authentication of a user device using traffic flow information |
US10637828B2 (en) | 2017-09-17 | 2020-04-28 | Mellanox Technologies, Ltd. | NIC with stateful connection tracking |
US10547553B2 (en) * | 2017-09-17 | 2020-01-28 | Mellanox Technologies, Ltd. | Stateful connection tracking |
US10820194B2 (en) * | 2018-10-23 | 2020-10-27 | Duo Security, Inc. | Systems and methods for securing access to computing resources by an endpoint device |
CN111147519A (zh) * | 2019-12-31 | 2020-05-12 | 奇安信科技集团股份有限公司 | 数据检测方法、装置、电子设备和介质 |
CN114024765B (zh) * | 2021-11-15 | 2022-07-22 | 北京智维盈讯网络科技有限公司 | 基于旁路流量与防火墙配置相结合的防火墙策略收敛方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1620034A (zh) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | 认证网关及其数据处理方法 |
EP1819126A1 (en) * | 2006-02-10 | 2007-08-15 | 3COM Corporation | Bi-planar network architecture |
CN101719899A (zh) * | 2008-10-09 | 2010-06-02 | 丛林网络公司 | 用于网络安全装置的具有端口限制的动态访问控制策略 |
CN101917450A (zh) * | 2010-08-31 | 2010-12-15 | 华为技术有限公司 | 防止网络攻击的报文转发方法和网关 |
US8291468B1 (en) * | 2009-03-30 | 2012-10-16 | Juniper Networks, Inc. | Translating authorization information within computer networks |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8065712B1 (en) * | 2005-02-16 | 2011-11-22 | Cisco Technology, Inc. | Methods and devices for qualifying a client machine to access a network |
US20060259980A1 (en) * | 2005-05-16 | 2006-11-16 | Microsoft Corporation | Method and system for limiting rights of services |
US20070124803A1 (en) * | 2005-11-29 | 2007-05-31 | Nortel Networks Limited | Method and apparatus for rating a compliance level of a computer connecting to a network |
US7882538B1 (en) * | 2006-02-02 | 2011-02-01 | Juniper Networks, Inc. | Local caching of endpoint security information |
US20080082662A1 (en) * | 2006-05-19 | 2008-04-03 | Richard Dandliker | Method and apparatus for controlling access to network resources based on reputation |
US7886335B1 (en) * | 2007-07-12 | 2011-02-08 | Juniper Networks, Inc. | Reconciliation of multiple sets of network access control policies |
US9495538B2 (en) * | 2008-09-25 | 2016-11-15 | Symantec Corporation | Graduated enforcement of restrictions according to an application's reputation |
US8561182B2 (en) * | 2009-01-29 | 2013-10-15 | Microsoft Corporation | Health-based access to network resources |
-
2013
- 2013-06-17 CN CN201310239522.2A patent/CN103281333B/zh active Active
-
2014
- 2014-07-31 US US14/449,109 patent/US9954898B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1620034A (zh) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | 认证网关及其数据处理方法 |
EP1819126A1 (en) * | 2006-02-10 | 2007-08-15 | 3COM Corporation | Bi-planar network architecture |
CN101719899A (zh) * | 2008-10-09 | 2010-06-02 | 丛林网络公司 | 用于网络安全装置的具有端口限制的动态访问控制策略 |
US8291468B1 (en) * | 2009-03-30 | 2012-10-16 | Juniper Networks, Inc. | Translating authorization information within computer networks |
CN101917450A (zh) * | 2010-08-31 | 2010-12-15 | 华为技术有限公司 | 防止网络攻击的报文转发方法和网关 |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9311123B2 (en) | 2013-07-02 | 2016-04-12 | Hillstone Networks, Corp. | Distributed virtual security appliance and flow-based forwarding system using virtual machines |
CN106664245A (zh) * | 2014-08-19 | 2017-05-10 | 高通股份有限公司 | 使用多连接来对业务进行多播 |
CN106664245B (zh) * | 2014-08-19 | 2020-06-09 | 高通股份有限公司 | 使用多连接来对业务进行多播 |
US11323851B2 (en) | 2014-08-19 | 2022-05-03 | Qualcomm Incorporated | Multicasting traffic using multi-connectivity |
WO2018161802A1 (zh) * | 2017-03-09 | 2018-09-13 | 华为技术有限公司 | 一种业务流的控制方法及装置 |
US11356416B2 (en) | 2017-03-09 | 2022-06-07 | Huawei Technologies Co., Ltd. | Service flow control method and apparatus |
CN108650215A (zh) * | 2018-03-19 | 2018-10-12 | 山东超越数控电子股份有限公司 | 一种基于标签的网安设备网络数据流预处理方法 |
CN109995794A (zh) * | 2019-04-15 | 2019-07-09 | 深信服科技股份有限公司 | 一种安全防护系统、方法、设备及存储介质 |
CN111147528A (zh) * | 2020-04-03 | 2020-05-12 | 四川新网银行股份有限公司 | 管理网络安全策略的方法 |
CN111147528B (zh) * | 2020-04-03 | 2020-08-21 | 四川新网银行股份有限公司 | 管理网络安全策略的方法 |
Also Published As
Publication number | Publication date |
---|---|
US20170070535A9 (en) | 2017-03-09 |
CN103281333B (zh) | 2016-12-28 |
US20160036856A1 (en) | 2016-02-04 |
US9954898B2 (en) | 2018-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103281333A (zh) | 数据流的转发方法及装置 | |
Stevanovic et al. | Detection of malicious and non-malicious website visitors using unsupervised neural network learning | |
Jiang et al. | Identifying suspicious activities through dns failure graph analysis | |
Ganapathy et al. | Intelligent Agent‐Based Intrusion Detection System Using Enhanced Multiclass SVM | |
EP2933973A1 (en) | Data protection method, apparatus and system | |
AU2015403433A1 (en) | System and method for high speed threat intelligence management using unsupervised machine learning and prioritization algorithms | |
CN104509034A (zh) | 模式合并以识别恶意行为 | |
Chen et al. | FCM technique for efficient intrusion detection system for wireless networks in cloud environment | |
Anand et al. | A rule based approach for attribute selection and intrusion detection in wireless sensor networks | |
CN107733867A (zh) | 一种发现僵尸网络及防护的方法和系统 | |
Uddin et al. | Intrusion detection system to detect DDoS attack in gnutella hybrid P2P network | |
Ding et al. | Research and implementation on snort-based hybrid intrusion detection system | |
WO2023093638A1 (zh) | 异常数据识别方法、装置、设备和存储介质 | |
Teng et al. | A cooperative intrusion detection model for cloud computing networks | |
de Oliveira et al. | An access control for IoT based on network community perception and social trust against Sybil attacks | |
Huang et al. | Socialwatch: detection of online service abuse via large-scale social graphs | |
CN108322454B (zh) | 一种网络安全检测方法及装置 | |
CN108900516A (zh) | 一种网络空间漏洞归并平台分布服务系统 | |
Li et al. | A hierarchical mobile‐agent‐based security operation center | |
Doss et al. | Packet integrity defense mechanism in OppNets | |
CN116668078A (zh) | 一种互联网入侵安全防御系统 | |
CN103078771B (zh) | 基于p2p的僵尸网络分布式协作检测系统和方法 | |
Fazal et al. | A systematic literature review on the security challenges of Internet of Things and their classification | |
Sharma et al. | Recent trend in Intrusion detection using Fuzzy-Genetic algorithm | |
CN115567237A (zh) | 基于知识图谱的网络安全评估方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent of invention or patent application | ||
CB02 | Change of applicant information |
Address after: 215163 Jiangsu city of Suzhou province high tech Industrial Development Zone, kolding Road No. 78 Su Gaoxin Software Park Building 7 layer 3 Applicant after: HILLSTONE NETWORKS Address before: 215163 Jiangsu city of Suzhou province high tech Zone (Suzhou city) kolding Road No. 78 Gaoxin Software Park Building 7 floor 3 Applicant before: Suzhou Shanshi Network Co., Ltd. |
|
COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SUZHOU SHANSHI NETWORK CO., LTD. TO: HILLSTONE NETWORKS COMMUNICATION TECHNOLOGY CO., LTD. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information |
Inventor after: Liu Xiangming Inventor after: Wang Zhong Inventor after: Zhang Lingling Inventor after: Jia Bin Inventor after: Luo Dongping Inventor before: Liu Xiangming Inventor before: Wang Zhong Inventor before: Zhang Lingling Inventor before: Jia Bin |
|
CB03 | Change of inventor or designer information | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 215163 No. 181 Jingrun Road, Suzhou High-tech Zone, Jiangsu Province Patentee after: SHANSHI NETWORK COMMUNICATION TECHNOLOGY CO., LTD. Address before: 215163 3rd Floor, 7th Building, No. 78 Keling Road, Suzhou High-tech Industrial Development Zone, Jiangsu Province Patentee before: HILLSTONE NETWORKS |