CN106603524A - Method for combining safety rules and intelligent device - Google Patents

Method for combining safety rules and intelligent device Download PDF

Info

Publication number
CN106603524A
CN106603524A CN201611131225.6A CN201611131225A CN106603524A CN 106603524 A CN106603524 A CN 106603524A CN 201611131225 A CN201611131225 A CN 201611131225A CN 106603524 A CN106603524 A CN 106603524A
Authority
CN
China
Prior art keywords
safety regulation
pending
classification
network firewall
pending safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611131225.6A
Other languages
Chinese (zh)
Inventor
柴亚琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN201611131225.6A priority Critical patent/CN106603524A/en
Publication of CN106603524A publication Critical patent/CN106603524A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method for combining safety rules. The method comprises the following steps: obtaining the to-be-processed safety rules of a network firewall starting from a preset time period; based on the measures corresponding to the to-be-processed safety rules of the network firewall, classifying the to-be-processed safety rules of the network firewall so that the to-be-processed safety rules in each classification correspond to identical measures; conducting sub-classification to the to-be-processed safety rules in the classifications according to the address information of the to-be-processed safety rules in the classifications so that the source addresses of the to-be-processed safety rules in the sub-classifications or the target addresses are continuous; and finally, combining all the to-be-processed safety rules in the sub-classifications into one characteristic safety rule. According to the invention, the to-be-processed safety rules with identical corresponding measures and whose addresses are continuous are combined as a characteristic safety rule, therefore, greatly reducing the number of safety rules in a network firewall, further accelerating the matching of safety rules and increasing the performance of the firewall.

Description

A kind of merging method and smart machine of safety regulation
Technical field
The present invention relates to communication technical field, more particularly to a kind of merging method of safety regulation, while the application also spy It is not related to a kind of smart machine.
Background technology
Network firewall (Firewall), also referred to as network protection wall, are between a kind of internally positioned network and external network Network safety system.The guard system of one information security, according to specific safety regulation, it is allowed to or limit the number of transmission According to passing through.
Network firewall has a set of safety regulation for following when packet filtration decision is made, these safety regulations storages In special packet filtration table, and these tables are integrated in linux kernel.In packet filtration table, safety regulation quilt Packet is placed in the chain of packet filtration table (chain).Packet filtration system is a powerful instrument, can be used to add Plus, edit and remove safety regulation, safety regulation can control whether the port for allowing other equipment to connect this equipment, it is allowed to which A little IP or the network segment access this equipment etc..
Safety regulation includes attribute and counter-measure.Attribute includes address information and rule specifics.Address information is index According to the source address and target address information of bag, wherein, source address is used for describing the source of packet, and it can be certain individual equipment Address, or a series of set of addresses;Destination address, similar to source address, for describing the destination of packet. Rule specifics refer to the details of rule, to the detailed features for describing packet.Counter-measure is referred to when packet (report Text) information and source address, destination address, rule specifics match when, it should the counter-measure of implementation.Specifically, including prevention Packet passes through, it is allowed to which packet passes through, it is allowed to but send warning etc. to user.
Network firewall, when rule match is carried out, is matched successively from the beginning to the end in list of rules.The method Treatment effeciency it is low, during regular more in list of rules, it is difficult to search out the rule of matching in time.
In order to accelerate the speed that network firewall matches safety regulation, method of the prior art has following two kind:
(1) method one, the analysis based on safety regulation conflict and simplification, are automatically deleted to useless regularization term.Work as rule Between include, when the relation such as being included, intersected, being conflicted, rule arranged and simplification.(2) method two, using multidimensional mould The method of type and fast search, improves the performance that fire wall matches safety regulation.
Inventor has found the side of the speed of quickening fire wall matched rule in prior art during the application is realized At least there is problem below in method:
(1) for method one, there is no the relation for including, being included, intersected, being conflicted between most of safety regulation.Cause This, the method can only merge simplification to the safety regulation of minority, the limitation reduced to fuzzy rules.
(2) for method two, the essence of the method is that lookup algorithm is improved, and improves the speed searched.But should Method will not reduce the quantity of safety regulation, when the quantity of safety regulation is more, or there are problems that lookup is slow-footed.
It can be seen that, the quantity of safety regulation how is effectively reduced, and then accelerate to match the speed of safety regulation, improve fire prevention The performance of wall, becomes those skilled in the art's technical problem urgently to be resolved hurrily.
The content of the invention
The application proposes a kind of merging method of safety regulation, to reduce firewall system in safety regulation quantity, And then accelerate to match the speed of safety regulation, the performance of fire wall is improved, methods described is applied to the intelligence comprising network firewall In energy equipment, methods described at least includes:
When starting the default time cycle, the pending safety regulation of the network firewall is obtained, and according to described The counter-measure of the pending safety regulation of network firewall carries out classification to the pending safety regulation of the network firewall Divide, so that the counter-measure of the pending safety regulation in each described classification is identical;
The address information of the pending safety regulation in the classification to the classification in pending safety regulation Subclass division is carried out, so that the source address or destination address of the pending safety regulation in the subclass are continuous;
All of pending safety regulation in the subclass is merged into into a feature safety regulation.
Preferably, after the pending safety regulation merging by the subclass is characterized safety regulation, institute Stating method also includes:
The information of the flow of each feature safety regulation hit is obtained respectively;
Each feature safety regulation is entered according to the value of the flow of each feature safety regulation hit is descending Row sequence;
The report that order according to the sequence successively receives each feature safety regulation with the network firewall Text matches.
Preferably, the counter-measure of the pending safety regulation according to the network firewall is prevented fires the network The pending safety regulation of wall carries out category division, specifically includes:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification In.
Preferably, treating during the address information of the pending safety regulation in the classification is to the classification is located Reason safety regulation carries out subclass division, specifically includes:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass In not.
Preferably, before the time cycle starts, methods described also includes:
The cycle set information of receiving user's input;
The time cycle is set according to the cycle set information.
Accordingly, the application proposes a kind of smart machine, and the smart machine includes network firewall, the smart machine At least include:
First sort module, when starting the default time cycle, obtains the pending safety rule of the network firewall Then, the pending safety and according to the counter-measure of the pending safety regulation of the network firewall to the network firewall Rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module, the address information of the pending safety regulation in the classification to the classification in treat Processing safety regulation carries out subclass division, so that the source address or destination address of the pending safety regulation in the subclass Continuously;
Merging module, by all of pending safety regulation in the subclass feature safety regulation is merged into.
Preferably, the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, pacifies according to the value of the flow of each feature safety regulation hit is descending to each feature Full rule is ranked up;
Matching module, successively connects each feature safety regulation with the network firewall according to the order of the sequence The message for receiving matches.
Preferably, first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification In.
Preferably, second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass In not.
Preferably, the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
By the technical scheme using the application, when starting the default time cycle, obtain network firewall wait locate Reason safety regulation, and the pending safety according to the counter-measure of the pending safety regulation of network firewall to network firewall Rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;Then according to each The address information of the pending safety regulation in classification carries out subclass division to the pending safety regulation in of all categories, so that The source address or destination address of the pending safety regulation in subclass is continuous;Finally by all of pending safety in subclass Compatible rule merging is a feature safety regulation.It can be seen that, possess the continuous pending safety regulation of identical counter-measure and address A feature safety regulation will be merged into, so as to network firewall has been greatly reduced in safety regulation quantity, Jin Erjia The speed of fast safety regulation matching, improves the performance of fire wall.
Description of the drawings
In order to be illustrated more clearly that the technical scheme of the application, embodiment will be described below needed for the accompanying drawing to be used It is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present application, general for this area For logical technical staff, on the premise of not paying creative work, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is a kind of schematic flow sheet of the merging method of safety regulation that the embodiment of the present application is proposed;
Fig. 2 is a kind of schematic flow sheet of the merging method of safety regulation that the application specific embodiment is proposed;
Fig. 3 is a kind of structural representation of smart machine that the application specific embodiment is proposed.
Specific embodiment
As stated in the Background Art, in order to accelerate the speed that network firewall matches safety regulation, the method for prior art has Two kinds.First, being simplified to safety regulation based on the relation such as including, being included, intersected, being conflicted between safety regulation.So And the relation such as include, included, intersected, being conflicted due to existing between most of rules, therefore the method can only be certain Safety regulation is simplified in degree.Second, using multidimensional model and the method for fast search, improving fire wall matching safety The speed of rule.Method two is substantially that lookup algorithm is improved, and does not have the effect of any reduction safety regulation quantity. It can be seen that, in the prior art without the method that especially can effectively reduce safety regulation quantity, so that in safety regulation When quantity is more, the speed of network firewall matching safety regulation is too low.
Therefore, in order to the quantity for effectively reducing safety regulation, and then accelerate the speed that safety regulation is matched, improve The performance of fire wall, present applicant proposes a kind of merging method of safety regulation, when starting the default time cycle, obtains net The pending safety regulation of network fire wall, and network is prevented fires according to the counter-measure of the pending safety regulation of network firewall The pending safety regulation of wall carries out category division, so that the counter-measure phase of the pending safety regulation in each described classification Together;Then son is carried out to the pending safety regulation in of all categories according to the address information of the pending safety regulation in of all categories Category division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally by institute in subclass The pending safety regulation having merges into a feature safety regulation.It can be seen that, possess identical counter-measure and address is continuous Pending safety regulation will merge into a feature safety regulation, so as to network firewall has been greatly reduced in safety regulation Quantity, and then accelerate safety regulation matching speed, improve fire wall performance.
A kind of schematic flow sheet of the merging method of safety regulation of the application proposition is illustrated in figure 1, explanation is needed It is that the application is applied in the smart machine comprising network firewall, multiple pending safety regulations is included in network firewall. Pending safety regulation is referred to without the safety regulation of merging treatment.Specifically, the application at least comprises the following steps:
S101, when starting the default time cycle, obtains the pending safety regulation of network firewall, and according to network The counter-measure of the pending safety regulation of fire wall carries out category division to the pending safety regulation of network firewall, so that The counter-measure of the pending safety regulation in each classification is identical.
Pending safety regulation is referred in network firewall, without the safety regulation of merging treatment.In the reality of the application In applying example, it is intended to safety regulation number in reduction network firewall is reached by being classified to pending safety regulation, being merged Purpose effect.The process below detailed introduction classified to pending safety regulation and merged.
It is identical that one of premise that safety regulation can be merged is the counter-measure of each safety regulation before merging 's.The counter-measure of safety regulation refers to that counter-measure refers to that network is prevented when the information of packet matches with safety regulation The measure (action of execution) that wall with flues is carried out.Specifically, counter-measure includes preventing packet from passing through, it is allowed to which packet passes through, Allow but send warning etc. to user.
In embodiments herein, first according to the counter-measure of the pending safety regulation of network firewall to network The pending safety regulation of fire wall carries out category division so that the pending safety regulation with identical counter-measure is in same One classification.Then again successively to each classification in pending safety regulation be further processed.
It is above-mentioned to enter the pending safety regulation of network firewall according to counter-measure in the preferred embodiment of the application The method of row category division, can realize, specifically, the program comprises the following steps by following preferred version:
(1) counter-measure of the pending safety regulation of network firewall is obtained;
The pending safety regulation of network firewall is parsed successively, and network firewall is obtained according to the result of parsing own The counter-measure of pending safety regulation.
(2) the pending safety regulation with identical counter-measure in network firewall is divided into into the same classification In.
Obtain network firewall safety regulation to be handled counter-measure after, by with identical counter-measure Pending safety regulation is divided in same category.It should be evident that being able to ensure that each classification by the preferred version of the above In pending safety regulation counter-measure it is identical, this is merged there is provided important for following to generic safety regulation Merging foundation.
It should be noted that the method that pending safety regulation is carried out into category division according to counter-measure disclosed above The preferred embodiment that simply the application is proposed, based on the core concept of the application, those skilled in the art can also adopt it The method that pending safety regulation is carried out category division by him according to counter-measure, this can't affect the protection model of the application Enclose.
In the preferred embodiment of the application, before the default time cycle starts, the scheme of the application also include with Under preferred steps:
(1) the cycle set information of receiving user's input;
Because the safety regulation in network firewall is dynamic change, it is therefore desirable to periodically go to arrange (classification, conjunction And) the pending safety regulation of network firewall.
In the preferred embodiment of the application, before the default time cycle starts, the week of receiving user's input is needed Phase set information, and cycle set information is parsed, obtain the cycle of the pending safety regulation of arrangement of user's setting.
(2) time cycle for arranging pending safety regulation is set according to the cycle set information of user input.
After the time cycle for arranging pending safety regulation is obtained, then the time cycle is set, so that Smart machine it is every through the time cycle when all pending safety regulation can be arranged.
S102, the address information of the pending safety regulation in each classification to each classification in pending safety Rule carries out subclass division, so that the source address or destination address of the pending safety regulation in each subclass are continuous.
Pending safety regulation can be divided into by the classification with identical counter-measure by S101 the step of the above. In embodiments herein, the pending safety regulation in each classification is carried out into further subclass division, below The process that detailed narration is divided.
For same category of pending safety regulation, according to the address information pair of each pending safety regulation in the category Each pending safety regulation carries out further subclass division in the category so that source address or destination address are continuously treated Process safety regulation and be in same subclass.Then again successively to each subclass in pending safety regulation carry out further Process.
In the preferred embodiment of the application, the above-mentioned pending safety regulation by each classification is entered according to address information The method of row category division, can realize, specifically, the program comprises the following steps by following preferred version:
(1) address information of the pending safety regulation in the classification is obtained respectively.
Parsed successively by the pending safety regulation in a certain classification, and such is obtained according to the result of parsing The counter-measure of other safety regulation to be handled.
(2) source address in the classification or the continuous pending safety regulation of destination address are divided into into same subclass In.
Obtain the category safety regulation to be handled counter-measure after, source address or destination address are connected Continuous pending safety regulation is divided in same subclass.It should be evident that being able to ensure that often by the preferred version of the above The source address or destination address of the pending safety regulation in individual subclass is continuous, and this is following to same subclass Safety regulation is merged there is provided important merging foundation.
For example, if the pending safety regulation of certain classification it is as shown in table 1 below,
Pending safety regulation Source address IP Action
Pending safety regulation 1 2.2.2.1 ACCEPT
Pending safety regulation 2 2.2.2.2 ACCEPT
Pending safety regulation 3 2.2.2.3 ACCEPT
Pending safety regulation 4 3.3.3.8 ACCEPT
Pending safety regulation 5 4.4.4.4 ACCEPT
Pending safety regulation 6 5.5.5.5 ACCEPT
Pending safety regulation 7 2.2.2.4 ACCEPT
Pending safety regulation 8 5.5.5.6 ACCEPT
Pending safety regulation 9 4.4.4.5 ACCEPT
Table 1 specifies the safety regulation table of classification
The address information according to pending safety regulation for so being proposed by the application is carried out to pending safety regulation Result after subclass is divided will be as shown in table 2 below:
Table 2 specifies the subclass division table of the safety regulation of classification
From above-mentioned table 2, source address IP of the pending safety regulation in each subclass is continuous.
It should be noted that the side that pending safety regulation is carried out subclass division according to address information disclosed above Method is the preferred embodiment that the application is proposed, based on the core concept of the application, those skilled in the art can also adopt Other methods that pending safety regulation is carried out into subclass division according to address information, this can't affect the protection of the application Scope.
S103, by all of pending safety regulation in subclass a feature safety regulation is merged into.
Pending safety regulation in each classification can be carried out by subclass division by S102 the step of the above, and The source address or destination address of the pending safety regulation in each subclass is continuous.In embodiments herein, All of pending safety regulation in subclass is further merged into into a feature safety regulation, so as to reach safety is reduced The effect of fuzzy rules, the process for below merging detailed narration.
The source address or destination address of the pending safety regulation in due to each subclass is continuous, therefore can be with With an address realm come including in subclass safety regulation to be handled source address or destination address.For example, such as table 2 In subclass 1, source address IP of its each pending safety regulation be respectively 2.2.2.1,2.2.2.2,2.2.2.3, 2.2.2.4, then address realm " 2.2.2.1~2.2.2.4 " can be used as the source address of the subclass another characteristic safety regulation. And the reply of the pending safety regulation of the counter-measure of the source address of the subclass another characteristic safety regulation and the subclass Measure is identical.It can be seen that, by above-mentioned merging treatment after, possess the continuous pending safety rule in identical counter-measure and address Then merging is characterized into safety regulation, so as to network firewall has been greatly reduced in safety regulation quantity, and then accelerate The speed of safety regulation matching, improves the performance of fire wall.
In the preferred embodiment of the application, after step s 103, the application's can also include following preferred side Case, specifically, comprises the following steps:
(1) information of the flow of each feature safety regulation hit is obtained respectively.
After the pending safety regulation merging in each subclass to be characterized safety regulation, each feature safety is obtained The information of the flow of rule hit.It is compared in the uninterrupted hit to each feature safety regulation afterwards.
(2) value of the flow hit according to each feature safety regulation is descending is carried out to each feature safety regulation Sequence.
(3) according to the order of sequence each feature safety regulation and the message that network firewall is received are matched successively.
In the preferred embodiment of the application, network firewall when message is received, by according to sequence order successively Each feature safety regulation and the message that network firewall is received are matched.It can be seen that, if going matching according to the order of the sequence Message, hits the bigger message of flow and is more easily matched, so as to network firewall is preferably carried out to the message of big flow Process, and then avoid stop of the message of big flow at fire wall too long and cause the negative shadow to network firewall performance Ring.
From the description of above example, by the technical scheme using the application, start in the default time cycle When, obtain the pending safety regulation of network firewall, and the counter-measure of the pending safety regulation according to network firewall Category division is carried out to the pending safety regulation of network firewall, so that the pending safety regulation in each described classification Counter-measure is identical;Then according to the address information of the pending safety regulation in of all categories to the pending safety in of all categories Rule carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally will All of pending safety regulation merges into a feature safety regulation in subclass.It can be seen that, possess identical counter-measure and The continuous pending safety regulation in address will merge into a feature safety regulation, so as to network firewall has been greatly reduced The quantity of middle safety regulation, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
In order to the technological thought of the present invention is expanded on further, in conjunction with specific implementing procedure, the technical side to the present invention Case is illustrated.
A kind of schematic flow sheet of the merging method of safety regulation of the application specific embodiment proposition is illustrated in figure 2, As seen from the figure, comprise the following steps:
S201, starts periodical timer.
The cycle of timer can change, there is provided configuration item, be available for user to be adjusted according to actual scene.
S202, scanning system safety regulation.
Scanning system safety regulation, loading all of list so far enters internal memory.
S203, according to counter-measure category division is carried out to the safety regulation for scanning, and the result to dividing carries out one Level caching.
S204, according to address information subclass division, and the result to dividing are carried out to the safety regulation in each classification Carry out L2 cache.
S205, by the safety regulation in subclass specific safety rule is merged into, and obtains the stream of specific safety rule hit Amount size, and three-level caching is carried out to amalgamation result.
S206, is ranked up according to flow is descending to specific safety rule, and ranking results fork (write) is entered The kernel of firewall system.
It can be seen that, by the execution of above step, the bar number that ensure that safety regulation is greatly reduced, and the bigger report of flow Text, is more easily matched, so as to substantially increase the performance of fire wall.
From the description of embodiments above, by the technical scheme using the application, in the default time cycle During beginning, the pending safety regulation of network firewall, and the reply of the pending safety regulation according to network firewall are obtained Measure carries out category division to the pending safety regulation of network firewall, so that the pending safety rule in each described classification Counter-measure then is identical;Then according to the address information of the pending safety regulation in of all categories to pending in of all categories Safety regulation carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Most Afterwards all of pending safety regulation in subclass is merged into into a feature safety regulation.It can be seen that, possess identical counter-measure And the continuous pending safety regulation in address will merge into a feature safety regulation, prevent so as to network has been greatly reduced The quantity of safety regulation in wall with flues, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
In order to reach the technical purpose of the above, as shown in figure 3, the application proposes a kind of smart machine, the smart machine Comprising network firewall, the smart machine at least includes:
First sort module 301, when starting the default time cycle, obtains the pending safety of the network firewall Rule, and the pending peace according to the counter-measure of the pending safety regulation of the network firewall to the network firewall Full rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module 302, the address information of the pending safety regulation in the classification is in the classification Pending safety regulation carry out subclass division so that the source address or target of the pending safety regulation in the subclass Address is continuous;
Merging module 303, by all of pending safety regulation in the subclass feature safety regulation is merged into.
In specific application scenarios, the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, pacifies according to the value of the flow of each feature safety regulation hit is descending to each feature Full rule is ranked up;
Matching module, successively connects each feature safety regulation with the network firewall according to the order of the sequence The message for receiving matches.
In specific application scenarios, first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification In.
In specific application scenarios, second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass In not.
In specific application scenarios, the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
The description of concrete equipment, by the technical scheme using the application, opens in the default time cycle from more than During the beginning, the pending safety regulation of network firewall is obtained, and arranged according to the reply of the pending safety regulation of network firewall Applying the pending safety regulation to network firewall carries out category division, so that the pending safety regulation in each described classification Counter-measure it is identical;Then according to the address information of the pending safety regulation in of all categories to the pending peace in of all categories Full rule carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally All of pending safety regulation in subclass is merged into into a feature safety regulation.It can be seen that, possess identical counter-measure simultaneously And the continuous pending safety regulation in address will merge into a feature safety regulation, so as to network fire prevention has been greatly reduced The quantity of safety regulation in wall, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
What is finally illustrated is:Various embodiments above only to illustrate technical scheme, rather than a limitation;Although The present invention has been described in detail with reference to foregoing embodiments, it will be understood by those within the art that;It is still Technical scheme described in foregoing embodiments can be modified, either which part or all technical characteristic are carried out Equivalent;And these are changed or are replaced, the essence disengaging the claims in the present invention for not making appropriate technical solution are limited Scope.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to Cross hardware realization, it is also possible to realize by the mode of software plus necessary general hardware platform.Based on such understanding, this Bright technical scheme can be embodied in the form of software product, and the software product can be stored in a non-volatile memories In medium (can be CD-ROM, USB flash disk, portable hard drive etc.), including some instructions are used so that a computer equipment (can be Personal computer, server, or network equipment etc.) perform method described in each implement scene of the invention.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or Flow process is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in the device in implement scene can according to implement scene describe into Row is distributed in the device of implement scene, it is also possible to carry out one or more dresses that respective change is disposed other than this implement scene In putting.The module of above-mentioned implement scene can merge into a module, it is also possible to be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only that the several of the present invention are embodied as scene, but, the present invention is not limited to this, Ren Heben What the technical staff in field can think change should all fall into protection scope of the present invention.

Claims (10)

1. a kind of merging method of safety regulation, it is characterised in that described in being applied to the smart machine comprising network firewall Method at least includes:
When starting the default time cycle, the pending safety regulation of the network firewall is obtained, and according to the network The counter-measure of the pending safety regulation of fire wall carries out category division to the pending safety regulation of the network firewall, So that the counter-measure of the pending safety regulation in each described classification is identical;
The address information of the pending safety regulation in the classification to the classification in pending safety regulation carry out Subclass is divided, so that the source address or destination address of the pending safety regulation in the subclass are continuous;
All of pending safety regulation in the subclass is merged into into a feature safety regulation.
2. the method for claim 1, it is characterised in that close in the pending safety regulation by the subclass And be characterized after safety regulation, methods described also includes:
The information of the flow of each feature safety regulation hit is obtained respectively;
Each feature safety regulation is arranged according to the value of the flow of each feature safety regulation hit is descending Sequence;
The message phase that order according to the sequence successively receives each feature safety regulation with the network firewall Matching.
3. the method for claim 1, it is characterised in that the pending safety regulation according to the network firewall Counter-measure category division is carried out to the pending safety regulation of the network firewall, specifically include:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided in the same classification.
4. method as claimed in claim 3, it is characterised in that the ground of the pending safety regulation in the classification Location information to the classification in pending safety regulation carry out subclass division, specifically include:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided in the same subclass.
5. the method as described in any one of claim 1-4, it is characterised in that before the time cycle starts, the side Method also includes:
The cycle set information of receiving user's input;
The time cycle is set according to the cycle set information.
6. a kind of smart machine, it is characterised in that the smart machine includes network firewall, the smart machine is at least wrapped Include:
First sort module, when starting the default time cycle, obtains the pending safety regulation of the network firewall, and Pending safety regulation according to the counter-measure of the pending safety regulation of the network firewall to the network firewall Category division is carried out, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module, the address information of the pending safety regulation in the classification to the classification in it is pending Safety regulation carries out subclass division, so that the source address of the pending safety regulation in the subclass or destination address connect It is continuous;
Merging module, by all of pending safety regulation in the subclass feature safety regulation is merged into.
7. smart machine as claimed in claim 6, it is characterised in that the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, advises safely according to the value of the flow of each feature safety regulation hit is descending to each feature Then it is ranked up;
Matching module, successively receives each feature safety regulation with the network firewall according to the order of the sequence Message match.
8. smart machine as claimed in claim 6, it is characterised in that first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided in the same classification.
9. smart machine as claimed in claim 8, it is characterised in that second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided in the same subclass.
10. the smart machine as described in any one of claim 6-9, it is characterised in that the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
CN201611131225.6A 2016-12-09 2016-12-09 Method for combining safety rules and intelligent device Pending CN106603524A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611131225.6A CN106603524A (en) 2016-12-09 2016-12-09 Method for combining safety rules and intelligent device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611131225.6A CN106603524A (en) 2016-12-09 2016-12-09 Method for combining safety rules and intelligent device

Publications (1)

Publication Number Publication Date
CN106603524A true CN106603524A (en) 2017-04-26

Family

ID=58598545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611131225.6A Pending CN106603524A (en) 2016-12-09 2016-12-09 Method for combining safety rules and intelligent device

Country Status (1)

Country Link
CN (1) CN106603524A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN113783850A (en) * 2021-08-26 2021-12-10 新华三信息安全技术有限公司 Network protection method, device, equipment and machine readable storage medium
CN113992364A (en) * 2021-10-15 2022-01-28 湖南恒茂高科股份有限公司 Network data packet blocking optimization method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1439985A (en) * 2002-02-20 2003-09-03 华北计算机系统工程研究所 Method for improving fire wall performance
US20040088706A1 (en) * 1996-02-06 2004-05-06 Wesinger Ralph E. Firewall providing enhanced netowrk security and user transparency
CN101582900A (en) * 2009-06-24 2009-11-18 成都市华为赛门铁克科技有限公司 Firewall security policy configuration method and management unit
CN103051609A (en) * 2012-12-07 2013-04-17 东软集团股份有限公司 Gateway equipment and network access controlled visualized interaction method executed by same
CN103873441A (en) * 2012-12-12 2014-06-18 中国电信股份有限公司 Firewall safety rule optimization method and device thereof
CN104022999A (en) * 2013-09-05 2014-09-03 北京科能腾达信息技术股份有限公司 Network data processing method and system based on protocol analysis
CN104618403A (en) * 2015-03-10 2015-05-13 网神信息技术(北京)股份有限公司 Access control method and device for security gateway
CN104735026A (en) * 2013-12-19 2015-06-24 华为技术有限公司 Security strategy control method and device
US20160261606A1 (en) * 2014-12-22 2016-09-08 Fortinet, Inc. Location-based network security

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040088706A1 (en) * 1996-02-06 2004-05-06 Wesinger Ralph E. Firewall providing enhanced netowrk security and user transparency
CN1439985A (en) * 2002-02-20 2003-09-03 华北计算机系统工程研究所 Method for improving fire wall performance
CN101582900A (en) * 2009-06-24 2009-11-18 成都市华为赛门铁克科技有限公司 Firewall security policy configuration method and management unit
CN103051609A (en) * 2012-12-07 2013-04-17 东软集团股份有限公司 Gateway equipment and network access controlled visualized interaction method executed by same
CN103873441A (en) * 2012-12-12 2014-06-18 中国电信股份有限公司 Firewall safety rule optimization method and device thereof
CN104022999A (en) * 2013-09-05 2014-09-03 北京科能腾达信息技术股份有限公司 Network data processing method and system based on protocol analysis
CN104735026A (en) * 2013-12-19 2015-06-24 华为技术有限公司 Security strategy control method and device
US20160261606A1 (en) * 2014-12-22 2016-09-08 Fortinet, Inc. Location-based network security
CN104618403A (en) * 2015-03-10 2015-05-13 网神信息技术(北京)股份有限公司 Access control method and device for security gateway

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107592309A (en) * 2017-09-14 2018-01-16 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN107592309B (en) * 2017-09-14 2019-09-17 携程旅游信息技术(上海)有限公司 Security incident detection and processing method, system, equipment and storage medium
CN113783850A (en) * 2021-08-26 2021-12-10 新华三信息安全技术有限公司 Network protection method, device, equipment and machine readable storage medium
CN113992364A (en) * 2021-10-15 2022-01-28 湖南恒茂高科股份有限公司 Network data packet blocking optimization method and system
CN113992364B (en) * 2021-10-15 2024-06-07 湖南恒茂高科股份有限公司 Network data packet blocking optimization method and system

Similar Documents

Publication Publication Date Title
CN102279917B (en) Multi-antivirus engine parallel antivirus method and system
CN106603524A (en) Method for combining safety rules and intelligent device
EP2830260B1 (en) Rule matching method and device
CN107025218A (en) A kind of text De-weight method and device
CN103617226B (en) A kind of matching regular expressions method and device
CN104408159B (en) A kind of data correlation, loading, querying method and device
CN104408169B (en) Dimension querying method and device based on Multidimensional Expressions language
US20120254173A1 (en) Grouping data
CN109885828A (en) Word error correction method, device, computer equipment and medium based on language model
CN105975398A (en) Method for memory fragmentation management
CN103942108B (en) Resource parameters optimization method under Hadoop isomorphism cluster
CN105657471A (en) Account management method and device
CN102870116A (en) Method and apparatus for content matching
CN106815201A (en) A kind of method and device of automatic judgement judgement document court verdict
CN102915344B (en) SQL (structured query language) statement processing method and device
CN107943792A (en) A kind of statement analytical method, device and terminal device, storage medium
CN107368489A (en) A kind of information data processing method and device
CN106845220A (en) A kind of Android malware detecting system and method
CN106209614B (en) A kind of net packet classifying method and device
Lin et al. Length-bounded hybrid CPU/GPU pattern matching algorithm for deep packet inspection
CN105354228A (en) Similar image searching method and apparatus
CN106570058A (en) Searching method and search engine
CN106919627A (en) The treating method and apparatus of hot word
CN105357177A (en) Method for processing data packet filtering rule set and data packet matching method
US9483332B2 (en) Event processing method in stream processing system and stream processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170426

RJ01 Rejection of invention patent application after publication