CN105282176B - Data security system and method under a kind of cloud computing environment - Google Patents
Data security system and method under a kind of cloud computing environment Download PDFInfo
- Publication number
- CN105282176B CN105282176B CN201510785508.1A CN201510785508A CN105282176B CN 105282176 B CN105282176 B CN 105282176B CN 201510785508 A CN201510785508 A CN 201510785508A CN 105282176 B CN105282176 B CN 105282176B
- Authority
- CN
- China
- Prior art keywords
- data packet
- data
- spy
- sent
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/302—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
Landscapes
- Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Evolutionary Computation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses the data security systems and method under cloud computing environment, the system includes: generation module, for generating spy's data packet, security performance of the spy's data packet to monitor the data packet when determining that needs send data packet to cloud terminal server;Sending module, for spy's data packet and the data packet to be sent to cloud terminal server;Receiving module, the information collected and returned when listening to unauthorized access for receiving spy's data packet;Safety management module, for carrying out data security analysis management according to the information.The present invention can effectively ensure that the safety of the data stored in cloud terminal.
Description
Technical field
The present invention relates to computer network field, more particularly under a kind of cloud computing environment data security system and side
Method.
Background technique
Cloud computing is one of the hot topic of current information technical field, is all circles such as industrial circle, academia, government equal ten
Divide focus of attention.It embodies the thought of " network is exactly computer ", by a large amount of computing resources, storage resource and software resource
It links together, forms the shared virtual IT resource pool of huge size.It is divided according to its deployment and effort category, cloud computing can be with
Be divided into privately owned cloud computing, publicly-owned cloud computing and mixing cloud computing, due to its provide IT type service difference, cloud computing again with
Following pattern embodied: IaaS (Infrastructure as a Service, architecture service), PaaS (Platform
As a Service, platform service), SaaS (Software as a Service, software service), data cloud (cloud
Storage, Storage as a Service) etc..
Using the data cloud service in cloud computing, what user can be convenient is stored in the data of oneself in cloud terminal at any time
Access.But the storage in data cloud service is shared, i.e., is not that user opens up separate storage area.With traditional software phase
Than, maximum of the cloud computing in terms of data it is not both that all data are responsible for maintenance by third party, and due to cloud computing frame
The characteristics of structure, these data are potentially stored in the place of dispersion, and store all in the form of plaintext.Although firewall can be right
The external attack of malice provides a degree of protection, but this framework be leaked some critical data may.
Therefore, there are great safety and privacy concerns for the data stored in cloud terminal.
Summary of the invention
The invention mainly solves the technical problem of providing the data security system and method under a kind of cloud computing environment, energy
The safety of storing data in cloud terminal is enough effectively ensured.
In order to solve the above technical problems, one technical scheme adopted by the invention is that: it provides under a kind of cloud computing environment
Data security system, the system include generation module, for generating when determining that needs send data packet to cloud terminal server
Spy's data packet, security performance of the spy's data packet to monitor the data packet;Sending module is used for the spy
Data packet and the data packet are sent to cloud terminal server;Receiving module is being listened to for receiving spy's data packet
The information collected and returned when unauthorized access;Safety management module, for carrying out data safety according to the information
Analysis management.
In order to solve the above technical problems, one technical scheme adopted by the invention is that: it provides under a kind of cloud computing environment
The method of data safety, this method include determining to need to generate spy's data packet, institute when sending data packet to cloud terminal server
State security performance of spy's data packet to monitor the data packet;Spy's data packet and the data packet are sent to cloud
Terminal server;Receive the information that spy's data packet is collected and returned when listening to unauthorized access;According to described
Information carries out data security analysis management.
It is different from the prior art, the data security system under cloud computing environment of the invention, determines and need to take to cloud terminal
It is engaged in generating spy's data packet when device sends data packet, spy's data packet and the data packet is sent to cloud terminal service
Device;Receive the information that spy's data packet is collected and returned when listening to unauthorized access;According to the information
Carry out data security analysis management;To which the safety of the data stored in cloud terminal be effectively ensured.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of the first embodiment of the data security system under cloud computing environment of the present invention;
Fig. 2 is the structural schematic diagram of the second embodiment of the data security system under cloud computing environment of the present invention;
Fig. 3 is the flow diagram of the first embodiment of the data security methods under cloud computing environment of the present invention.
Specific embodiment
Further more detailed description is made to technical solution of the present invention With reference to embodiment.Obviously, it is retouched
The embodiment stated is only a part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention,
Those of ordinary skill in the art's every other embodiment obtained without creative labor, all should belong to
The scope of protection of the invention.
Refering to fig. 1, Fig. 1 is the knot of the first embodiment of the data security system under cloud computing environment provided by the invention
Structure schematic diagram, the system can be deployed in user for accessing the client of cloud service.
Data security system 100 under the cloud computing environment includes: generation module 110, sending module 120, receiving module
130, safety management module 140.
Wherein, generation module 110, for generating spy's data when determining that needs send data packet to cloud terminal server
Packet, security performance of the spy's data packet to monitor the data packet.
Specifically, generation module 110, which can be the data packet sent as needed, generates spy's data packet, it is also possible to weight
Newly-generated new spy's data packet, the type of spy's data packet of generation, which can be, to be carried the data packet of label indicia, carries and draw
It lures the data packet of data field or carries any one or more combination that real-time monitoring is investigated in the data packet of data.
Sending module 120, for spy's data packet and the data packet to be sent to cloud terminal server.Specifically
, spy's data packet and normal data packet are mixed transmission by sending module 120.
Receiving module 130, the information collected and returned when listening to unauthorized access for receiving spy's data packet
Information.
Safety management module 140, for carrying out data security analysis management according to the information.Specifically, the mould
Block can be analyzed and be sorted out to the information received, parse the unauthorized access time, unauthorized access person IP address,
The information such as unauthorized access type further can give a warning notice to user in real time or save so that user looks at any time
It askes.
It is different from the prior art, the data security system under cloud computing environment of the invention, determines and need to take to cloud terminal
It is engaged in generating spy's data packet, security performance of the spy's data packet to monitor the data packet when device sends data packet;It will
Spy's data packet and the data packet are sent to cloud terminal server;It receives spy's data packet and is listening to illegal visit
The information collected and returned when asking;Data security analysis management is carried out according to the information, to realize cloud end
The safety of the data stored on end is effectively ensured.
Referring to Fig.2, Fig. 2 is the knot of the second embodiment of the data security system under cloud computing environment provided by the invention
Structure schematic diagram.The system can be deployed in user for accessing the client of cloud service.
Data security system 200 under the cloud computing environment includes: generation module 210, sending module 220, receiving module
230, safety management module 240.
Wherein, generation module 210, for generating spy's data when determining that needs send data packet to cloud terminal server
Packet, security performance of the spy's data packet to monitor the data packet.
In first example of the present embodiment, generation module 210 includes selection unit 211 and camouflage unit 212.It chooses
Unit 211, for choosing a part of data packet from the data packet to be sent;Camouflage unit 212 is used for the selection
A part of data packet disguise oneself as spy's data packet;Further, camouflage unit 212 includes that label indicia packet pretends subelement
2121, lure data packet to pretend subelement 2122, real-time monitoring investigates one or more of data packet camouflage subelement 2123
Subelement;Wherein, label indicia packet pretends subelement 2121, for choosing a part of data from the data packet to be sent
Packet adds label indicia data segment, and the label indicia can be opened when spy's data packet is by unauthorized access and record visit
Ask information;It lures data packet to pretend subelement 2122, adds for choosing a part of data packet from the data packet to be sent
On lure data field, it is described to lure data segment that unauthorized access person be lured to access spy's data packet first and record visit
Ask information;Real-time monitoring investigates data packet and pretends subelement 2123, for choosing a part from the data packet to be sent
Data packet investigates data plus real-time monitoring, and the real-time monitoring investigation data can be used for real-time monitoring and record the spy
Data packet is by the information of unauthorized access.
In second example of the present embodiment, generation module 210 includes structural unit 213, for constructing new spy
Data packet;Further, structural unit 213 includes that label indicia packet constructs subelement 2131, and data packet is lured to construct subelement
2132, real-time monitoring investigates one or more subelements in data packet construction subelement 2133;Wherein, label indicia packet constructs
Subelement 2131, for constructing the data packet for not including truthful data and adding label indicia data segment, the label indicia
Can be opened simultaneously record access information when spy's data packet is by unauthorized access;Data packet is lured to construct subelement 2132,
It is described to lure data segment that lure illegally for constructing not comprising truthful data and plus the data packet for luring data field
Visitor accesses spy's data packet and record access information first;Real-time monitoring investigates data packet and constructs subelement 2133,
For constructing the data packet for not including truthful data and investigating data plus real-time monitoring, the real-time monitoring investigation data can
For real-time monitoring and to record spy's data packet by the information of unauthorized access.
Wherein, sending module 220, for spy's data packet and the data packet to be sent to cloud terminal server;
Specifically, when generation module 210 is used for the spy's data packet that disguises oneself as after choosing a part of data packet in the data packet to be sent,
Sending module 220 is sent to cloud for will not pretend part in spy's data packet of the camouflage and the data packet to be sent
Terminal server;When generation module 210 is used for for constructing new spy's data packet, sending module 220 by the new of the construction
Spy's data packet be blended in the data packet to be sent and be sent to cloud terminal server.
Receiving module 230, the information collected and returned when listening to unauthorized access for receiving spy's data packet
Information.
Safety management module 240, for carrying out data security analysis management according to the information.Specifically, the mould
Block can be analyzed and be sorted out to the information received, parse the unauthorized access time, unauthorized access person IP address,
The information such as unauthorized access type further can give a warning notice to user in real time or save so that user looks at any time
It askes.
Optionally, which further also includes display module 250, for showing the feelings to user
It notifies breath.Specifically, can be when safety management module 240 has analyzed unauthorized users to access, display module 250 is real-time
The information such as detailed IP address, the access type of the illegal user are shown to user, so that user proposes the information reporting cloud service
For quotient or do other processing.It is also possible to the inquiry request according to user, shows the unauthorized access record of nearest a period of time.
It is different from the prior art, the data security system under cloud computing environment of the invention, determines and need to take to cloud terminal
It is engaged in generating spy's data packet, security performance of the spy's data packet to monitor the data packet when device sends data packet;It will
Spy's data packet and the data packet are sent to cloud terminal server;It receives spy's data packet and is listening to illegal visit
The information collected and returned when asking;Data security analysis management is carried out according to the information, to realize cloud end
The safety of the data stored on end is effectively ensured.
It is the method first embodiment of the data security system under cloud computing environment provided by the invention refering to Fig. 3, Fig. 3
Flow diagram.The executing subject of this method is the client that user is used to access cloud service.
The step of this method includes:
S301: it determines and needs to generate spy's data packet, spy's data packet when sending data packet to cloud terminal server
To monitor the security performance of the data packet.
It is used specifically, generating spy's data packet and can be any one or both of which of following two method: from described
It chooses a part in the data packet to be sent to disguise oneself as spy's data packet, or spy's data packet that construction is new.
Specifically, the type of spy's datagram can be following three kinds any one or more combination: carrying mark
It signs the data packet of mark, carry the data packet lured the data packet of data field, carry real-time monitoring investigation data.
Wherein, the method for choosing a part of spy's data packet that disguises oneself as may is that be selected from the data packet to be sent
Take a part of data packet plus label indicia data segment, the label indicia can quilt when spy's data packet is by unauthorized access
Open simultaneously record access information;Or a part of data packet is chosen from the data packet to be sent plus luring data word
Section, it is described to lure data segment that unauthorized access person be lured to access spy's data packet and record access information first;Or
A part of data packet is chosen from the data packet to be sent and investigates data plus real-time monitoring, and the real-time monitoring investigates number
According to can be used for real-time monitoring and record spy's data packet by the information of unauthorized access.
Wherein, the method for constructing new spy's data packet may is that construction does not include truthful data and remembers plus label
The data packet of number section, the label indicia can be opened when spy's data packet is by unauthorized access and record access letter
Breath;Or construction does not include truthful data and adds the data packet for luring data field, it is described to lure data segment that lure
Unauthorized access person accesses spy's data packet and record access information first;Or construction does not include truthful data and adds
Real-time monitoring investigates the data packet of data, and the real-time monitoring investigation data can be used for real-time monitoring and record spy's number
According to the information of coating unauthorized access.
S302: spy's data packet and the data packet are sent to cloud terminal server.
Specifically, when the mode for generating spy's data packet in step S301 is to choose a part data packet to be occurred camouflage
When at spy's data packet, this step is that will not pretend part in spy's data packet of the camouflage and the data packet to be sent
It is sent to cloud terminal server.
Specifically, when the mode for generating spy's data packet in step S301 is the new spy's data packet of construction, this step
Implementation be to be blended in new spy's data packet of the construction in the data packet to be sent to be sent to cloud terminal
Server.
S303: the information that spy's data packet is collected and returned when listening to unauthorized access is received.
Wherein, unauthorized access time, the IP address of unauthorized access person, unauthorized access be may include in the information of return
The information such as type.
S304: data security analysis management is carried out according to the information.
Specifically, the information received can be analyzed and be sorted out in this step, when parsing unauthorized access
Between, the information such as the IP address of unauthorized access person, unauthorized access type, further can in real time to user give a warning notice or
Person saves so that user inquires at any time.
It optionally, further can also be comprising showing the information to user after this method.For example, working as step
When S304 has analyzed unauthorized users to access, detailed IP address, the access type etc. of the illegal user are shown to user in real time
Information, so that user by the information reporting cloud service provider or does other processing.Either information is saved in S304
Later, according to the inquiry request of user, the unauthorized access record of nearest a period of time is shown.
It is different from the prior art, the method for the data safety under cloud computing environment of the invention, determines and need to cloud terminal
Server generates spy's data packet, security performance of the spy's data packet to monitor the data packet when sending data packet;
Spy's data packet and the data packet are sent to cloud terminal server;Spy's data packet is received to listen to illegally
The information collected and returned when access;Data security analysis management is carried out according to the information, to realize cloud
The safety of the data stored in terminal is effectively ensured.
Mode the above is only the implementation of the present invention is not intended to limit the scope of the invention, all to utilize this
Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content, it is relevant to be applied directly or indirectly in other
Technical field is included within the scope of the present invention.
Claims (4)
1. the data security system under a kind of cloud computing environment characterized by comprising
Generation module, for generating spy's data packet, the spy when determining that needs send data packet to cloud terminal server
Security performance of the data packet to monitor the data packet;
Sending module, for spy's data packet and the data packet to be sent to cloud terminal server;
Receiving module, the information collected and returned when listening to unauthorized access for receiving spy's data packet;
Safety management module, for carrying out data security analysis management according to the information;
The generation module includes selection unit and camouflage unit, the selection unit, for selecting from the data packet to be sent
Take a part of data packet;The camouflage unit, for a part of data packet of the selection to disguise oneself as spy's data packet;It is described
Camouflage unit includes: label indicia packet camouflage subelement, for choosing a part of data packet from the data packet to be sent
In addition label indicia data segment, the label indicia data segment can be opened and remember when spy's data packet is by unauthorized access
Record access information;Or data packet is lured to pretend subelement, for choosing a part of data from the data packet to be sent
Packet adds and lures data field, described to lure data field that unauthorized access person be lured to access spy's data packet first simultaneously
Record access information;Or real-time monitoring investigation data packet pretends subelement, for being chosen from the data packet to be sent
A part of data packet adds real-time monitoring and investigates data, between the real-time monitoring investigation data are used for described in real-time monitoring and record
Spy data packet is by the information of unauthorized access;
The sending module, for spy's data packet and the data packet to be sent to cloud terminal server specifically: institute
Sending module being stated, being sent to cloud for will not pretend part in spy's data packet of the camouflage and the data packet to be sent
Terminal server.
2. the data security system under cloud computing environment according to claim 1, which is characterized in that the system is further
It further include display module, for showing the information to user.
3. a kind of method of the data safety under cloud computing environment characterized by comprising
It determines and needs to generate spy's data packet when sending data packet to cloud terminal server, spy's data packet is to monitor
State the security performance of data packet;
Spy's data packet and the data packet are sent to cloud terminal server;
Receive the information that spy's data packet is collected and returned when listening to unauthorized access;
Data security analysis management is carried out according to the information;
Generation spy's data packet specifically: a part, which is chosen, from the data packet to be sent disguises oneself as spy's data packet, it can
To be to choose a part of data packet from the data packet to be sent plus label indicia data segment, the label indicia data
Section can be opened when spy's data packet is by unauthorized access and record access information;Or from the data packet to be sent
Middle a part of data packet of selection, which adds, lures data field, described that data field is lured unauthorized access person can be lured to access first
Spy's data packet and record access information;Or a part of data packet is chosen from the data packet to be sent plus real
When monitoring investigation data, real-time monitoring investigation data can be used for real-time monitoring and to record spy's data packet illegal
The information of access;
It is described that spy's data packet and the data packet are sent to cloud terminal server specifically: by the spy of the camouflage
Do not pretend part in data packet and the data packet to be sent and is sent to cloud terminal server.
4. the method for the data safety under cloud computing environment according to claim 3, which is characterized in that the method is into one
Step further include: show the information to user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510785508.1A CN105282176B (en) | 2015-11-16 | 2015-11-16 | Data security system and method under a kind of cloud computing environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510785508.1A CN105282176B (en) | 2015-11-16 | 2015-11-16 | Data security system and method under a kind of cloud computing environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105282176A CN105282176A (en) | 2016-01-27 |
CN105282176B true CN105282176B (en) | 2019-07-19 |
Family
ID=55150502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510785508.1A Active CN105282176B (en) | 2015-11-16 | 2015-11-16 | Data security system and method under a kind of cloud computing environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105282176B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
CN103749001B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | The self-protection GU Generic Unit of Inner Network Security Monitor System |
CN103368979A (en) * | 2013-08-08 | 2013-10-23 | 电子科技大学 | Network security verifying device based on improved K-means algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8959573B2 (en) * | 2012-05-01 | 2015-02-17 | Harris Corporation | Noise, encryption, and decoys for communications in a dynamic computer network |
-
2015
- 2015-11-16 CN CN201510785508.1A patent/CN105282176B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101087196A (en) * | 2006-12-27 | 2007-12-12 | 北京大学 | Multi-layer honey network data transmission method and system |
CN103749001B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | The self-protection GU Generic Unit of Inner Network Security Monitor System |
CN103368979A (en) * | 2013-08-08 | 2013-10-23 | 电子科技大学 | Network security verifying device based on improved K-means algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN105282176A (en) | 2016-01-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Bhatia et al. | A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events | |
CN105592052B (en) | A kind of firewall rule configuration method and device | |
CA2874320A1 (en) | Social sharing of security information in a group | |
JP2014506045A (en) | Network stimulation engine | |
CN109189596A (en) | The method and apparatus that large-size screen monitors are shown are realized based on Websocket | |
Hasan et al. | A constraint-based intrusion detection system | |
Yen | Detecting stealthy malware using behavioral features in network traffic | |
CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
Santa Barletta et al. | Deriving smart city security from the analysis of their technological levels: a case study | |
Killer et al. | Threat management dashboard for a blockchain collaborative defense | |
US20040210773A1 (en) | System and method for network security | |
Castiglione et al. | A novel methodology to acquire live big data evidence from the cloud | |
CN105282176B (en) | Data security system and method under a kind of cloud computing environment | |
Ahmed et al. | A proactive approach to protect cloud computing environment against a distributed denial of service (DDoS) attack | |
Takahashi et al. | Virtual flow‐net for accountability and forensics of computer and network systems | |
Melón et al. | Eve and adam: situation awareness tools for nato ccdcoe cyber exercises | |
CN115022077A (en) | Network threat protection method, system and computer readable storage medium | |
Syed et al. | Fast attack detection using correlation and summarizing of security alerts in grid computing networks | |
Erbacher | Glyph-based generic network visualization | |
CN110392129A (en) | The method of IPv6 client computer and IPv6 client computer and server communication | |
Grispos et al. | Calm before the storm: The emerging challenges of cloud computing in digital forensics | |
Meghani et al. | Security from various Intrusion Attacks using honeypots in cloud | |
Giribabu et al. | Cybersecurity in webgis environment | |
Broucek et al. | Managing university internet access: balancing the need for security, privacy and digital evidence | |
US20230300141A1 (en) | Network security management method and computer device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201010 Address after: 063000 Rongmao building, south of the west section of Huimin street, Qian'an City, Tangshan City, Hebei Province Patentee after: Hebei Steel Grain Union Technology Co., Ltd Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |