CN106603524A - Method for combining safety rules and intelligent device - Google Patents
Method for combining safety rules and intelligent device Download PDFInfo
- Publication number
- CN106603524A CN106603524A CN201611131225.6A CN201611131225A CN106603524A CN 106603524 A CN106603524 A CN 106603524A CN 201611131225 A CN201611131225 A CN 201611131225A CN 106603524 A CN106603524 A CN 106603524A
- Authority
- CN
- China
- Prior art keywords
- safety regulation
- pending
- classification
- network firewall
- pending safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for combining safety rules. The method comprises the following steps: obtaining the to-be-processed safety rules of a network firewall starting from a preset time period; based on the measures corresponding to the to-be-processed safety rules of the network firewall, classifying the to-be-processed safety rules of the network firewall so that the to-be-processed safety rules in each classification correspond to identical measures; conducting sub-classification to the to-be-processed safety rules in the classifications according to the address information of the to-be-processed safety rules in the classifications so that the source addresses of the to-be-processed safety rules in the sub-classifications or the target addresses are continuous; and finally, combining all the to-be-processed safety rules in the sub-classifications into one characteristic safety rule. According to the invention, the to-be-processed safety rules with identical corresponding measures and whose addresses are continuous are combined as a characteristic safety rule, therefore, greatly reducing the number of safety rules in a network firewall, further accelerating the matching of safety rules and increasing the performance of the firewall.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of merging method of safety regulation, while the application also spy
It is not related to a kind of smart machine.
Background technology
Network firewall (Firewall), also referred to as network protection wall, are between a kind of internally positioned network and external network
Network safety system.The guard system of one information security, according to specific safety regulation, it is allowed to or limit the number of transmission
According to passing through.
Network firewall has a set of safety regulation for following when packet filtration decision is made, these safety regulations storages
In special packet filtration table, and these tables are integrated in linux kernel.In packet filtration table, safety regulation quilt
Packet is placed in the chain of packet filtration table (chain).Packet filtration system is a powerful instrument, can be used to add
Plus, edit and remove safety regulation, safety regulation can control whether the port for allowing other equipment to connect this equipment, it is allowed to which
A little IP or the network segment access this equipment etc..
Safety regulation includes attribute and counter-measure.Attribute includes address information and rule specifics.Address information is index
According to the source address and target address information of bag, wherein, source address is used for describing the source of packet, and it can be certain individual equipment
Address, or a series of set of addresses;Destination address, similar to source address, for describing the destination of packet.
Rule specifics refer to the details of rule, to the detailed features for describing packet.Counter-measure is referred to when packet (report
Text) information and source address, destination address, rule specifics match when, it should the counter-measure of implementation.Specifically, including prevention
Packet passes through, it is allowed to which packet passes through, it is allowed to but send warning etc. to user.
Network firewall, when rule match is carried out, is matched successively from the beginning to the end in list of rules.The method
Treatment effeciency it is low, during regular more in list of rules, it is difficult to search out the rule of matching in time.
In order to accelerate the speed that network firewall matches safety regulation, method of the prior art has following two kind:
(1) method one, the analysis based on safety regulation conflict and simplification, are automatically deleted to useless regularization term.Work as rule
Between include, when the relation such as being included, intersected, being conflicted, rule arranged and simplification.(2) method two, using multidimensional mould
The method of type and fast search, improves the performance that fire wall matches safety regulation.
Inventor has found the side of the speed of quickening fire wall matched rule in prior art during the application is realized
At least there is problem below in method:
(1) for method one, there is no the relation for including, being included, intersected, being conflicted between most of safety regulation.Cause
This, the method can only merge simplification to the safety regulation of minority, the limitation reduced to fuzzy rules.
(2) for method two, the essence of the method is that lookup algorithm is improved, and improves the speed searched.But should
Method will not reduce the quantity of safety regulation, when the quantity of safety regulation is more, or there are problems that lookup is slow-footed.
It can be seen that, the quantity of safety regulation how is effectively reduced, and then accelerate to match the speed of safety regulation, improve fire prevention
The performance of wall, becomes those skilled in the art's technical problem urgently to be resolved hurrily.
The content of the invention
The application proposes a kind of merging method of safety regulation, to reduce firewall system in safety regulation quantity,
And then accelerate to match the speed of safety regulation, the performance of fire wall is improved, methods described is applied to the intelligence comprising network firewall
In energy equipment, methods described at least includes:
When starting the default time cycle, the pending safety regulation of the network firewall is obtained, and according to described
The counter-measure of the pending safety regulation of network firewall carries out classification to the pending safety regulation of the network firewall
Divide, so that the counter-measure of the pending safety regulation in each described classification is identical;
The address information of the pending safety regulation in the classification to the classification in pending safety regulation
Subclass division is carried out, so that the source address or destination address of the pending safety regulation in the subclass are continuous;
All of pending safety regulation in the subclass is merged into into a feature safety regulation.
Preferably, after the pending safety regulation merging by the subclass is characterized safety regulation, institute
Stating method also includes:
The information of the flow of each feature safety regulation hit is obtained respectively;
Each feature safety regulation is entered according to the value of the flow of each feature safety regulation hit is descending
Row sequence;
The report that order according to the sequence successively receives each feature safety regulation with the network firewall
Text matches.
Preferably, the counter-measure of the pending safety regulation according to the network firewall is prevented fires the network
The pending safety regulation of wall carries out category division, specifically includes:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification
In.
Preferably, treating during the address information of the pending safety regulation in the classification is to the classification is located
Reason safety regulation carries out subclass division, specifically includes:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass
In not.
Preferably, before the time cycle starts, methods described also includes:
The cycle set information of receiving user's input;
The time cycle is set according to the cycle set information.
Accordingly, the application proposes a kind of smart machine, and the smart machine includes network firewall, the smart machine
At least include:
First sort module, when starting the default time cycle, obtains the pending safety rule of the network firewall
Then, the pending safety and according to the counter-measure of the pending safety regulation of the network firewall to the network firewall
Rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module, the address information of the pending safety regulation in the classification to the classification in treat
Processing safety regulation carries out subclass division, so that the source address or destination address of the pending safety regulation in the subclass
Continuously;
Merging module, by all of pending safety regulation in the subclass feature safety regulation is merged into.
Preferably, the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, pacifies according to the value of the flow of each feature safety regulation hit is descending to each feature
Full rule is ranked up;
Matching module, successively connects each feature safety regulation with the network firewall according to the order of the sequence
The message for receiving matches.
Preferably, first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification
In.
Preferably, second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass
In not.
Preferably, the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
By the technical scheme using the application, when starting the default time cycle, obtain network firewall wait locate
Reason safety regulation, and the pending safety according to the counter-measure of the pending safety regulation of network firewall to network firewall
Rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;Then according to each
The address information of the pending safety regulation in classification carries out subclass division to the pending safety regulation in of all categories, so that
The source address or destination address of the pending safety regulation in subclass is continuous;Finally by all of pending safety in subclass
Compatible rule merging is a feature safety regulation.It can be seen that, possess the continuous pending safety regulation of identical counter-measure and address
A feature safety regulation will be merged into, so as to network firewall has been greatly reduced in safety regulation quantity, Jin Erjia
The speed of fast safety regulation matching, improves the performance of fire wall.
Description of the drawings
In order to be illustrated more clearly that the technical scheme of the application, embodiment will be described below needed for the accompanying drawing to be used
It is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present application, general for this area
For logical technical staff, on the premise of not paying creative work, can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 is a kind of schematic flow sheet of the merging method of safety regulation that the embodiment of the present application is proposed;
Fig. 2 is a kind of schematic flow sheet of the merging method of safety regulation that the application specific embodiment is proposed;
Fig. 3 is a kind of structural representation of smart machine that the application specific embodiment is proposed.
Specific embodiment
As stated in the Background Art, in order to accelerate the speed that network firewall matches safety regulation, the method for prior art has
Two kinds.First, being simplified to safety regulation based on the relation such as including, being included, intersected, being conflicted between safety regulation.So
And the relation such as include, included, intersected, being conflicted due to existing between most of rules, therefore the method can only be certain
Safety regulation is simplified in degree.Second, using multidimensional model and the method for fast search, improving fire wall matching safety
The speed of rule.Method two is substantially that lookup algorithm is improved, and does not have the effect of any reduction safety regulation quantity.
It can be seen that, in the prior art without the method that especially can effectively reduce safety regulation quantity, so that in safety regulation
When quantity is more, the speed of network firewall matching safety regulation is too low.
Therefore, in order to the quantity for effectively reducing safety regulation, and then accelerate the speed that safety regulation is matched, improve
The performance of fire wall, present applicant proposes a kind of merging method of safety regulation, when starting the default time cycle, obtains net
The pending safety regulation of network fire wall, and network is prevented fires according to the counter-measure of the pending safety regulation of network firewall
The pending safety regulation of wall carries out category division, so that the counter-measure phase of the pending safety regulation in each described classification
Together;Then son is carried out to the pending safety regulation in of all categories according to the address information of the pending safety regulation in of all categories
Category division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally by institute in subclass
The pending safety regulation having merges into a feature safety regulation.It can be seen that, possess identical counter-measure and address is continuous
Pending safety regulation will merge into a feature safety regulation, so as to network firewall has been greatly reduced in safety regulation
Quantity, and then accelerate safety regulation matching speed, improve fire wall performance.
A kind of schematic flow sheet of the merging method of safety regulation of the application proposition is illustrated in figure 1, explanation is needed
It is that the application is applied in the smart machine comprising network firewall, multiple pending safety regulations is included in network firewall.
Pending safety regulation is referred to without the safety regulation of merging treatment.Specifically, the application at least comprises the following steps:
S101, when starting the default time cycle, obtains the pending safety regulation of network firewall, and according to network
The counter-measure of the pending safety regulation of fire wall carries out category division to the pending safety regulation of network firewall, so that
The counter-measure of the pending safety regulation in each classification is identical.
Pending safety regulation is referred in network firewall, without the safety regulation of merging treatment.In the reality of the application
In applying example, it is intended to safety regulation number in reduction network firewall is reached by being classified to pending safety regulation, being merged
Purpose effect.The process below detailed introduction classified to pending safety regulation and merged.
It is identical that one of premise that safety regulation can be merged is the counter-measure of each safety regulation before merging
's.The counter-measure of safety regulation refers to that counter-measure refers to that network is prevented when the information of packet matches with safety regulation
The measure (action of execution) that wall with flues is carried out.Specifically, counter-measure includes preventing packet from passing through, it is allowed to which packet passes through,
Allow but send warning etc. to user.
In embodiments herein, first according to the counter-measure of the pending safety regulation of network firewall to network
The pending safety regulation of fire wall carries out category division so that the pending safety regulation with identical counter-measure is in same
One classification.Then again successively to each classification in pending safety regulation be further processed.
It is above-mentioned to enter the pending safety regulation of network firewall according to counter-measure in the preferred embodiment of the application
The method of row category division, can realize, specifically, the program comprises the following steps by following preferred version:
(1) counter-measure of the pending safety regulation of network firewall is obtained;
The pending safety regulation of network firewall is parsed successively, and network firewall is obtained according to the result of parsing own
The counter-measure of pending safety regulation.
(2) the pending safety regulation with identical counter-measure in network firewall is divided into into the same classification
In.
Obtain network firewall safety regulation to be handled counter-measure after, by with identical counter-measure
Pending safety regulation is divided in same category.It should be evident that being able to ensure that each classification by the preferred version of the above
In pending safety regulation counter-measure it is identical, this is merged there is provided important for following to generic safety regulation
Merging foundation.
It should be noted that the method that pending safety regulation is carried out into category division according to counter-measure disclosed above
The preferred embodiment that simply the application is proposed, based on the core concept of the application, those skilled in the art can also adopt it
The method that pending safety regulation is carried out category division by him according to counter-measure, this can't affect the protection model of the application
Enclose.
In the preferred embodiment of the application, before the default time cycle starts, the scheme of the application also include with
Under preferred steps:
(1) the cycle set information of receiving user's input;
Because the safety regulation in network firewall is dynamic change, it is therefore desirable to periodically go to arrange (classification, conjunction
And) the pending safety regulation of network firewall.
In the preferred embodiment of the application, before the default time cycle starts, the week of receiving user's input is needed
Phase set information, and cycle set information is parsed, obtain the cycle of the pending safety regulation of arrangement of user's setting.
(2) time cycle for arranging pending safety regulation is set according to the cycle set information of user input.
After the time cycle for arranging pending safety regulation is obtained, then the time cycle is set, so that
Smart machine it is every through the time cycle when all pending safety regulation can be arranged.
S102, the address information of the pending safety regulation in each classification to each classification in pending safety
Rule carries out subclass division, so that the source address or destination address of the pending safety regulation in each subclass are continuous.
Pending safety regulation can be divided into by the classification with identical counter-measure by S101 the step of the above.
In embodiments herein, the pending safety regulation in each classification is carried out into further subclass division, below
The process that detailed narration is divided.
For same category of pending safety regulation, according to the address information pair of each pending safety regulation in the category
Each pending safety regulation carries out further subclass division in the category so that source address or destination address are continuously treated
Process safety regulation and be in same subclass.Then again successively to each subclass in pending safety regulation carry out further
Process.
In the preferred embodiment of the application, the above-mentioned pending safety regulation by each classification is entered according to address information
The method of row category division, can realize, specifically, the program comprises the following steps by following preferred version:
(1) address information of the pending safety regulation in the classification is obtained respectively.
Parsed successively by the pending safety regulation in a certain classification, and such is obtained according to the result of parsing
The counter-measure of other safety regulation to be handled.
(2) source address in the classification or the continuous pending safety regulation of destination address are divided into into same subclass
In.
Obtain the category safety regulation to be handled counter-measure after, source address or destination address are connected
Continuous pending safety regulation is divided in same subclass.It should be evident that being able to ensure that often by the preferred version of the above
The source address or destination address of the pending safety regulation in individual subclass is continuous, and this is following to same subclass
Safety regulation is merged there is provided important merging foundation.
For example, if the pending safety regulation of certain classification it is as shown in table 1 below,
Pending safety regulation | Source address IP | Action |
Pending safety regulation 1 | 2.2.2.1 | ACCEPT |
Pending safety regulation 2 | 2.2.2.2 | ACCEPT |
Pending safety regulation 3 | 2.2.2.3 | ACCEPT |
Pending safety regulation 4 | 3.3.3.8 | ACCEPT |
Pending safety regulation 5 | 4.4.4.4 | ACCEPT |
Pending safety regulation 6 | 5.5.5.5 | ACCEPT |
Pending safety regulation 7 | 2.2.2.4 | ACCEPT |
Pending safety regulation 8 | 5.5.5.6 | ACCEPT |
Pending safety regulation 9 | 4.4.4.5 | ACCEPT |
Table 1 specifies the safety regulation table of classification
The address information according to pending safety regulation for so being proposed by the application is carried out to pending safety regulation
Result after subclass is divided will be as shown in table 2 below:
Table 2 specifies the subclass division table of the safety regulation of classification
From above-mentioned table 2, source address IP of the pending safety regulation in each subclass is continuous.
It should be noted that the side that pending safety regulation is carried out subclass division according to address information disclosed above
Method is the preferred embodiment that the application is proposed, based on the core concept of the application, those skilled in the art can also adopt
Other methods that pending safety regulation is carried out into subclass division according to address information, this can't affect the protection of the application
Scope.
S103, by all of pending safety regulation in subclass a feature safety regulation is merged into.
Pending safety regulation in each classification can be carried out by subclass division by S102 the step of the above, and
The source address or destination address of the pending safety regulation in each subclass is continuous.In embodiments herein,
All of pending safety regulation in subclass is further merged into into a feature safety regulation, so as to reach safety is reduced
The effect of fuzzy rules, the process for below merging detailed narration.
The source address or destination address of the pending safety regulation in due to each subclass is continuous, therefore can be with
With an address realm come including in subclass safety regulation to be handled source address or destination address.For example, such as table 2
In subclass 1, source address IP of its each pending safety regulation be respectively 2.2.2.1,2.2.2.2,2.2.2.3,
2.2.2.4, then address realm " 2.2.2.1~2.2.2.4 " can be used as the source address of the subclass another characteristic safety regulation.
And the reply of the pending safety regulation of the counter-measure of the source address of the subclass another characteristic safety regulation and the subclass
Measure is identical.It can be seen that, by above-mentioned merging treatment after, possess the continuous pending safety rule in identical counter-measure and address
Then merging is characterized into safety regulation, so as to network firewall has been greatly reduced in safety regulation quantity, and then accelerate
The speed of safety regulation matching, improves the performance of fire wall.
In the preferred embodiment of the application, after step s 103, the application's can also include following preferred side
Case, specifically, comprises the following steps:
(1) information of the flow of each feature safety regulation hit is obtained respectively.
After the pending safety regulation merging in each subclass to be characterized safety regulation, each feature safety is obtained
The information of the flow of rule hit.It is compared in the uninterrupted hit to each feature safety regulation afterwards.
(2) value of the flow hit according to each feature safety regulation is descending is carried out to each feature safety regulation
Sequence.
(3) according to the order of sequence each feature safety regulation and the message that network firewall is received are matched successively.
In the preferred embodiment of the application, network firewall when message is received, by according to sequence order successively
Each feature safety regulation and the message that network firewall is received are matched.It can be seen that, if going matching according to the order of the sequence
Message, hits the bigger message of flow and is more easily matched, so as to network firewall is preferably carried out to the message of big flow
Process, and then avoid stop of the message of big flow at fire wall too long and cause the negative shadow to network firewall performance
Ring.
From the description of above example, by the technical scheme using the application, start in the default time cycle
When, obtain the pending safety regulation of network firewall, and the counter-measure of the pending safety regulation according to network firewall
Category division is carried out to the pending safety regulation of network firewall, so that the pending safety regulation in each described classification
Counter-measure is identical;Then according to the address information of the pending safety regulation in of all categories to the pending safety in of all categories
Rule carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally will
All of pending safety regulation merges into a feature safety regulation in subclass.It can be seen that, possess identical counter-measure and
The continuous pending safety regulation in address will merge into a feature safety regulation, so as to network firewall has been greatly reduced
The quantity of middle safety regulation, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
In order to the technological thought of the present invention is expanded on further, in conjunction with specific implementing procedure, the technical side to the present invention
Case is illustrated.
A kind of schematic flow sheet of the merging method of safety regulation of the application specific embodiment proposition is illustrated in figure 2,
As seen from the figure, comprise the following steps:
S201, starts periodical timer.
The cycle of timer can change, there is provided configuration item, be available for user to be adjusted according to actual scene.
S202, scanning system safety regulation.
Scanning system safety regulation, loading all of list so far enters internal memory.
S203, according to counter-measure category division is carried out to the safety regulation for scanning, and the result to dividing carries out one
Level caching.
S204, according to address information subclass division, and the result to dividing are carried out to the safety regulation in each classification
Carry out L2 cache.
S205, by the safety regulation in subclass specific safety rule is merged into, and obtains the stream of specific safety rule hit
Amount size, and three-level caching is carried out to amalgamation result.
S206, is ranked up according to flow is descending to specific safety rule, and ranking results fork (write) is entered
The kernel of firewall system.
It can be seen that, by the execution of above step, the bar number that ensure that safety regulation is greatly reduced, and the bigger report of flow
Text, is more easily matched, so as to substantially increase the performance of fire wall.
From the description of embodiments above, by the technical scheme using the application, in the default time cycle
During beginning, the pending safety regulation of network firewall, and the reply of the pending safety regulation according to network firewall are obtained
Measure carries out category division to the pending safety regulation of network firewall, so that the pending safety rule in each described classification
Counter-measure then is identical;Then according to the address information of the pending safety regulation in of all categories to pending in of all categories
Safety regulation carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Most
Afterwards all of pending safety regulation in subclass is merged into into a feature safety regulation.It can be seen that, possess identical counter-measure
And the continuous pending safety regulation in address will merge into a feature safety regulation, prevent so as to network has been greatly reduced
The quantity of safety regulation in wall with flues, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
In order to reach the technical purpose of the above, as shown in figure 3, the application proposes a kind of smart machine, the smart machine
Comprising network firewall, the smart machine at least includes:
First sort module 301, when starting the default time cycle, obtains the pending safety of the network firewall
Rule, and the pending peace according to the counter-measure of the pending safety regulation of the network firewall to the network firewall
Full rule carries out category division, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module 302, the address information of the pending safety regulation in the classification is in the classification
Pending safety regulation carry out subclass division so that the source address or target of the pending safety regulation in the subclass
Address is continuous;
Merging module 303, by all of pending safety regulation in the subclass feature safety regulation is merged into.
In specific application scenarios, the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, pacifies according to the value of the flow of each feature safety regulation hit is descending to each feature
Full rule is ranked up;
Matching module, successively connects each feature safety regulation with the network firewall according to the order of the sequence
The message for receiving matches.
In specific application scenarios, first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided into into the same classification
In.
In specific application scenarios, second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided into into the same subclass
In not.
In specific application scenarios, the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
The description of concrete equipment, by the technical scheme using the application, opens in the default time cycle from more than
During the beginning, the pending safety regulation of network firewall is obtained, and arranged according to the reply of the pending safety regulation of network firewall
Applying the pending safety regulation to network firewall carries out category division, so that the pending safety regulation in each described classification
Counter-measure it is identical;Then according to the address information of the pending safety regulation in of all categories to the pending peace in of all categories
Full rule carries out subclass division, so that the source address or destination address of the pending safety regulation in subclass are continuous;Finally
All of pending safety regulation in subclass is merged into into a feature safety regulation.It can be seen that, possess identical counter-measure simultaneously
And the continuous pending safety regulation in address will merge into a feature safety regulation, so as to network fire prevention has been greatly reduced
The quantity of safety regulation in wall, and then accelerate the speed of safety regulation matching, improve the performance of fire wall.
What is finally illustrated is:Various embodiments above only to illustrate technical scheme, rather than a limitation;Although
The present invention has been described in detail with reference to foregoing embodiments, it will be understood by those within the art that;It is still
Technical scheme described in foregoing embodiments can be modified, either which part or all technical characteristic are carried out
Equivalent;And these are changed or are replaced, the essence disengaging the claims in the present invention for not making appropriate technical solution are limited
Scope.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Cross hardware realization, it is also possible to realize by the mode of software plus necessary general hardware platform.Based on such understanding, this
Bright technical scheme can be embodied in the form of software product, and the software product can be stored in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, portable hard drive etc.), including some instructions are used so that a computer equipment (can be
Personal computer, server, or network equipment etc.) perform method described in each implement scene of the invention.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or
Flow process is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in the device in implement scene can according to implement scene describe into
Row is distributed in the device of implement scene, it is also possible to carry out one or more dresses that respective change is disposed other than this implement scene
In putting.The module of above-mentioned implement scene can merge into a module, it is also possible to be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only that the several of the present invention are embodied as scene, but, the present invention is not limited to this, Ren Heben
What the technical staff in field can think change should all fall into protection scope of the present invention.
Claims (10)
1. a kind of merging method of safety regulation, it is characterised in that described in being applied to the smart machine comprising network firewall
Method at least includes:
When starting the default time cycle, the pending safety regulation of the network firewall is obtained, and according to the network
The counter-measure of the pending safety regulation of fire wall carries out category division to the pending safety regulation of the network firewall,
So that the counter-measure of the pending safety regulation in each described classification is identical;
The address information of the pending safety regulation in the classification to the classification in pending safety regulation carry out
Subclass is divided, so that the source address or destination address of the pending safety regulation in the subclass are continuous;
All of pending safety regulation in the subclass is merged into into a feature safety regulation.
2. the method for claim 1, it is characterised in that close in the pending safety regulation by the subclass
And be characterized after safety regulation, methods described also includes:
The information of the flow of each feature safety regulation hit is obtained respectively;
Each feature safety regulation is arranged according to the value of the flow of each feature safety regulation hit is descending
Sequence;
The message phase that order according to the sequence successively receives each feature safety regulation with the network firewall
Matching.
3. the method for claim 1, it is characterised in that the pending safety regulation according to the network firewall
Counter-measure category division is carried out to the pending safety regulation of the network firewall, specifically include:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided in the same classification.
4. method as claimed in claim 3, it is characterised in that the ground of the pending safety regulation in the classification
Location information to the classification in pending safety regulation carry out subclass division, specifically include:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided in the same subclass.
5. the method as described in any one of claim 1-4, it is characterised in that before the time cycle starts, the side
Method also includes:
The cycle set information of receiving user's input;
The time cycle is set according to the cycle set information.
6. a kind of smart machine, it is characterised in that the smart machine includes network firewall, the smart machine is at least wrapped
Include:
First sort module, when starting the default time cycle, obtains the pending safety regulation of the network firewall, and
Pending safety regulation according to the counter-measure of the pending safety regulation of the network firewall to the network firewall
Category division is carried out, so that the counter-measure of the pending safety regulation in each described classification is identical;
Second sort module, the address information of the pending safety regulation in the classification to the classification in it is pending
Safety regulation carries out subclass division, so that the source address of the pending safety regulation in the subclass or destination address connect
It is continuous;
Merging module, by all of pending safety regulation in the subclass feature safety regulation is merged into.
7. smart machine as claimed in claim 6, it is characterised in that the smart machine also includes:
Acquisition module, obtains respectively the information of the flow of each feature safety regulation hit;
Order module, advises safely according to the value of the flow of each feature safety regulation hit is descending to each feature
Then it is ranked up;
Matching module, successively receives each feature safety regulation with the network firewall according to the order of the sequence
Message match.
8. smart machine as claimed in claim 6, it is characterised in that first sort module specifically for:
The counter-measure of the pending safety regulation of the network firewall is obtained respectively;
Pending safety regulation with identical counter-measure in the network firewall is divided in the same classification.
9. smart machine as claimed in claim 8, it is characterised in that second sort module specifically for:
The address information of the pending safety regulation in the classification is obtained respectively;
Source address in the classification or the continuous pending safety regulation of destination address are divided in the same subclass.
10. the smart machine as described in any one of claim 6-9, it is characterised in that the smart machine also includes:
Receiver module, the cycle set information of receiving user's input;
Setting module, sets according to the cycle set information to the time cycle.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611131225.6A CN106603524A (en) | 2016-12-09 | 2016-12-09 | Method for combining safety rules and intelligent device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611131225.6A CN106603524A (en) | 2016-12-09 | 2016-12-09 | Method for combining safety rules and intelligent device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106603524A true CN106603524A (en) | 2017-04-26 |
Family
ID=58598545
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611131225.6A Pending CN106603524A (en) | 2016-12-09 | 2016-12-09 | Method for combining safety rules and intelligent device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106603524A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107592309A (en) * | 2017-09-14 | 2018-01-16 | 携程旅游信息技术(上海)有限公司 | Security incident detection and processing method, system, equipment and storage medium |
CN113783850A (en) * | 2021-08-26 | 2021-12-10 | 新华三信息安全技术有限公司 | Network protection method, device, equipment and machine readable storage medium |
CN113992364A (en) * | 2021-10-15 | 2022-01-28 | 湖南恒茂高科股份有限公司 | Network data packet blocking optimization method and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1439985A (en) * | 2002-02-20 | 2003-09-03 | 华北计算机系统工程研究所 | Method for improving fire wall performance |
US20040088706A1 (en) * | 1996-02-06 | 2004-05-06 | Wesinger Ralph E. | Firewall providing enhanced netowrk security and user transparency |
CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
CN103051609A (en) * | 2012-12-07 | 2013-04-17 | 东软集团股份有限公司 | Gateway equipment and network access controlled visualized interaction method executed by same |
CN103873441A (en) * | 2012-12-12 | 2014-06-18 | 中国电信股份有限公司 | Firewall safety rule optimization method and device thereof |
CN104022999A (en) * | 2013-09-05 | 2014-09-03 | 北京科能腾达信息技术股份有限公司 | Network data processing method and system based on protocol analysis |
CN104618403A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Access control method and device for security gateway |
CN104735026A (en) * | 2013-12-19 | 2015-06-24 | 华为技术有限公司 | Security strategy control method and device |
US20160261606A1 (en) * | 2014-12-22 | 2016-09-08 | Fortinet, Inc. | Location-based network security |
-
2016
- 2016-12-09 CN CN201611131225.6A patent/CN106603524A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040088706A1 (en) * | 1996-02-06 | 2004-05-06 | Wesinger Ralph E. | Firewall providing enhanced netowrk security and user transparency |
CN1439985A (en) * | 2002-02-20 | 2003-09-03 | 华北计算机系统工程研究所 | Method for improving fire wall performance |
CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
CN103051609A (en) * | 2012-12-07 | 2013-04-17 | 东软集团股份有限公司 | Gateway equipment and network access controlled visualized interaction method executed by same |
CN103873441A (en) * | 2012-12-12 | 2014-06-18 | 中国电信股份有限公司 | Firewall safety rule optimization method and device thereof |
CN104022999A (en) * | 2013-09-05 | 2014-09-03 | 北京科能腾达信息技术股份有限公司 | Network data processing method and system based on protocol analysis |
CN104735026A (en) * | 2013-12-19 | 2015-06-24 | 华为技术有限公司 | Security strategy control method and device |
US20160261606A1 (en) * | 2014-12-22 | 2016-09-08 | Fortinet, Inc. | Location-based network security |
CN104618403A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Access control method and device for security gateway |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107592309A (en) * | 2017-09-14 | 2018-01-16 | 携程旅游信息技术(上海)有限公司 | Security incident detection and processing method, system, equipment and storage medium |
CN107592309B (en) * | 2017-09-14 | 2019-09-17 | 携程旅游信息技术(上海)有限公司 | Security incident detection and processing method, system, equipment and storage medium |
CN113783850A (en) * | 2021-08-26 | 2021-12-10 | 新华三信息安全技术有限公司 | Network protection method, device, equipment and machine readable storage medium |
CN113992364A (en) * | 2021-10-15 | 2022-01-28 | 湖南恒茂高科股份有限公司 | Network data packet blocking optimization method and system |
CN113992364B (en) * | 2021-10-15 | 2024-06-07 | 湖南恒茂高科股份有限公司 | Network data packet blocking optimization method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102279917B (en) | Multi-antivirus engine parallel antivirus method and system | |
CN106603524A (en) | Method for combining safety rules and intelligent device | |
EP2830260B1 (en) | Rule matching method and device | |
CN107025218A (en) | A kind of text De-weight method and device | |
CN103617226B (en) | A kind of matching regular expressions method and device | |
CN104408159B (en) | A kind of data correlation, loading, querying method and device | |
CN104408169B (en) | Dimension querying method and device based on Multidimensional Expressions language | |
US20120254173A1 (en) | Grouping data | |
CN109885828A (en) | Word error correction method, device, computer equipment and medium based on language model | |
CN105975398A (en) | Method for memory fragmentation management | |
CN103942108B (en) | Resource parameters optimization method under Hadoop isomorphism cluster | |
CN105657471A (en) | Account management method and device | |
CN102870116A (en) | Method and apparatus for content matching | |
CN106815201A (en) | A kind of method and device of automatic judgement judgement document court verdict | |
CN102915344B (en) | SQL (structured query language) statement processing method and device | |
CN107943792A (en) | A kind of statement analytical method, device and terminal device, storage medium | |
CN107368489A (en) | A kind of information data processing method and device | |
CN106845220A (en) | A kind of Android malware detecting system and method | |
CN106209614B (en) | A kind of net packet classifying method and device | |
Lin et al. | Length-bounded hybrid CPU/GPU pattern matching algorithm for deep packet inspection | |
CN105354228A (en) | Similar image searching method and apparatus | |
CN106570058A (en) | Searching method and search engine | |
CN106919627A (en) | The treating method and apparatus of hot word | |
CN105357177A (en) | Method for processing data packet filtering rule set and data packet matching method | |
US9483332B2 (en) | Event processing method in stream processing system and stream processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170426 |
|
RJ01 | Rejection of invention patent application after publication |