CN106713365A - Cloud environment-based network security system - Google Patents

Cloud environment-based network security system Download PDF

Info

Publication number
CN106713365A
CN106713365A CN201710113584.7A CN201710113584A CN106713365A CN 106713365 A CN106713365 A CN 106713365A CN 201710113584 A CN201710113584 A CN 201710113584A CN 106713365 A CN106713365 A CN 106713365A
Authority
CN
China
Prior art keywords
cloud
environment
cloud environment
security
protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710113584.7A
Other languages
Chinese (zh)
Inventor
吕广杰
刘正伟
朱波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710113584.7A priority Critical patent/CN106713365A/en
Publication of CN106713365A publication Critical patent/CN106713365A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The present invention discloses a cloud environment-based network security system. The cloud environment-based network security system comprises an extra-cloud control module, in-cloud protection module, and an intra-cloud reinforcing module. The extra-cloud control module is used for deploying a preset security component in the border of a target cloud environment in a form of a virtual machine so as to perform security detection on external access data. The in-cloud protection module is used for monitoring and controlling internal security of the target cloud environment. The intra-cloud reinforcing module is used for performing antivirus protection and reinforcement on a virtual host in the target cloud environment. According to extra-cloud control, external security of the cloud environment is controlled and bidirectional protection is provided between the cloud environment and the internet environment. According to in-cloud protection, various resources in the cloud environment are protected. According to intra-cloud reinforcement, the virtual machine is protected, and the cloud service applications are protected. The advantages of cloud computing and virtualization are fully exerted, the cloud environment is safer, a security system architecture of the cloud computing environment is standardized, and the security system architecture is easy to develop, expand and maintain.

Description

A kind of network safety system based on cloud environment
Technical field
The present invention relates to field of cloud computer technology, more particularly to a kind of network safety system based on cloud environment.
Background technology
With the development of Information technology, cloud computing progressively turns into the Hot spots for development of industry, the cloud meter of domestic and international all big enterprises Service platform is calculated to also begin to put into science, education, culture, health, government, high-performance calculation, ecommerce, Internet of Things one after another Used etc. multiple fields.
One of maximum risk of cloud computing comes from its property:It allows data to be transmitted and be stored in substantially any place, Even it is separately maintained in the diverse location in the world.With the maturation of cloud computing technology, the safety problem of cloud computing is increasingly subject to close Note.Data privacy and Network Security Issues must be taken seriously using the enterprise of cloud computing, cloud computing is played a role Time, place and produced risk are assessed.Although each security firm proposes safety product miscellaneous, at present The integration cloud security scheme of maturation is not formed.
Therefore, in order to more fully play the advantage of cloud computing and virtualization, the more preferable safety of protection cloud environment, The security system framework of cloud computing environment is standardized, how a kind of easy exploiting, easily extension, the cloud environment network of easy care is provided and is pacified Total system, is the current technical issues that need to address of those skilled in the art.
The content of the invention
It is an object of the invention to provide a kind of network safety system based on cloud environment, cloud meter can be more fully played The advantage calculated and virtualize, preferably the safety of protection cloud environment, standardizes the security system framework of cloud computing environment, and makes Obtain security system framework easy exploiting, easily extension, easy care.
In order to solve the above technical problems, the invention provides following technical scheme:
A kind of network safety system based on cloud environment, including:
The outer management and control module of cloud, the side for default security component to be deployed in target cloud environment in the form of virtual machine Boundary, access data to external world carry out safety detection;
Protection module in cloud, is monitored and controls for the internal security to the target cloud environment;
Module is reinforced in cloud, for carrying out kill virus protection and reinforcing to the fictitious host computer in the target cloud environment.
Preferably, the outer management and control module of the cloud includes:Virtual firewall unit, for tectonic network layer protective barrier, enters Row zone isolation and formulation access control rule, define whether different access requests meet safety requirements, and isolate not same district The security risk in domain.
Preferably, the outer management and control module of the cloud also includes:IPS units, attack for carrying out leak to the target cloud environment Hit and intrusion behavior detection.
Preferably, the outer management and control module of the cloud also includes:VPN units, for the identity according to different user to each access User carries out corresponding access mandate.
Preferably, protection module includes in the cloud:Isolation monitoring unit, for virtual in the target cloud environment Machine carries out the monitoring analysis of East and West direction flow, and synchronism output monitoring journal and form.
Preferably, protection module also includes in the cloud:Fort machine unit, for the use to accessing the target cloud environment Family is authenticated, and journal record and management daily record and the verification of serve log audit are carried out to the access process of user.
Preferably, protection module also includes in the cloud:DEU data encryption unit, for the target cloud environment and the external world The interaction data of user is encrypted;Data backup unit, for carrying out disaster-tolerant backup to the data in the target cloud environment.
Preferably, module is reinforced in the cloud includes:Antivirus unit, for the virtual machine in the target cloud environment Operating system carries out checking and killing virus scanning and security protection;Trust calculation unit, for building trust computing Pooled resources and credible Dummy machine system;Reinforcement elements, for setting up on the normal and abnormal behaviour of the virtual machine in the target cloud environment Model, to recognize the security threat of each virtual machine end points, and responds to attack.
Compared with prior art, above-mentioned technical proposal has advantages below:
A kind of network safety system based on cloud environment provided by the present invention, including:The outer management and control module of cloud, for by advance If security component the border of target cloud environment is deployed in the form of virtual machine, access data to external world carry out safe inspection Survey;Protection module in cloud, is monitored and controls for the internal security to target cloud environment;Module is reinforced in cloud, for right Fictitious host computer in target cloud environment carries out kill virus protection and reinforcing.In the technical program, answering for cloud computing has been considered With environment, the characteristics of give full play to virtualization, in the form of virtual secure component, overall management and control is inside and outside, middle part cloud environment, Supported for cloud computing environment provides safety guarantee.Wherein, the security control outside cloud environment is realized in the outer management and control of cloud, is that cloud environment is arrived Two-way prevention is provided between internet environment;The protection between all kinds of resources of cloud environmental interior is realized in protection in cloud;Reinforced in cloud The security protection of virtual machine itself is realized, the security of cloud service application is protected.Can more fully play cloud computing and The advantage of virtualization, preferably the safety of protection cloud environment, standardizes the security system framework of cloud computing environment, and cause peace All system structure easy exploitings, easily extension, easy care.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is illustrated by the Security Architecture based on cloud environment that a kind of specific embodiment of the invention is provided Figure.
Specific embodiment
Core of the invention is to provide a kind of network safety system based on cloud environment, can more fully play cloud meter The advantage calculated and virtualize, preferably the safety of protection cloud environment, standardizes the security system framework of cloud computing environment, and makes Obtain security system framework easy exploiting, easily extension, easy care.
In order that the above objects, features and advantages of the present invention can become apparent it is understandable, below in conjunction with the accompanying drawings to this hair Bright specific embodiment is described in detail.
Elaborate detail in order to fully understand the present invention in the following description.But the present invention can with it is various not It is same as other manner described here to implement, those skilled in the art can do class in the case of without prejudice to intension of the present invention Like popularization.Therefore the present invention is not limited by following public specific implementation.
Refer to Fig. 1, the network safety system based on cloud environment that Fig. 1 is provided by a kind of specific embodiment of the invention Structural representation.
A kind of specific embodiment of the invention includes there is provided a kind of network safety system based on cloud environment:Cloud outer tube Control module 11, the border for default security component to be deployed in target cloud environment in the form of virtual machine, visit to external world Ask that data carry out safety detection, it can use for reference traditional data center's Border Protection scheme, the border to cloud environment is carried out Security protection, strong adaptability;Protection module 12 in cloud, are monitored and control for the internal security to target cloud environment, fill Divide the characteristics of using cloud computing and virtualization, using virtual secure equipment simulating security hardware, cloud basic environment is entered Row protection, compatibility is high, and autgmentability is strong;Module 13 is reinforced in cloud, for being killed virus to the fictitious host computer in target cloud environment Protection and reinforcing, are host and VME operating system interior customization security procedure etc., realize that the gas defence of service application is reinforced, It is practical, flexible, reliable.
In the present embodiment, the applied environment of cloud computing has been considered, the characteristics of give full play to virtualization, with virtual The form of security component, overall management and control is inside and outside, middle part cloud environment, is supported for cloud computing environment provides safety guarantee.Wherein, The security control outside cloud environment is realized in the outer management and control of cloud, is cloud environment to providing two-way prevention between internet environment;Yun Zhongfang Shield realizes the protection between all kinds of resources of cloud environmental interior;The security protection for realizing virtual machine itself is reinforced in cloud, cloud is protected The security of service application.The advantage of cloud computing and virtualization can be more fully played, cloud environment is preferably protected Safety, standardizes the security system framework of cloud computing environment, and cause security system framework easy exploiting, easily extension, easy care.
In one embodiment of the invention, the outer management and control module of cloud utilizes Intel Virtualization Technology, by security component with virtual The form of machine is deployed in cloud environment border, and it includes:Virtual firewall unit, for providing Internet, application layer, content-level Risk monitoring and control ability, serves as security postures analysis, network log-in management, the Antivirus gateway in north-south, tectonic network layer protection screen Barrier, carries out zone isolation and formulates access control rule, defines whether different access requests meet safety requirements, and isolate not With the security risk in region.
IPS units, for target cloud environment is carried out leak attack and intrusion behavior detection, such as detection leak attack and Intrusion behavior, including various first floor system leak invasions, abnormal flow, malicious code, DoS (refusal service) etc. are various threatens row For.Protect web security threats primary challenge, including attacks of anti-SQL injection, anti-XSS cross-site scripting attacks, anti-CSRF attack, HTTP abnormality detections, buffer overflow detection etc..
VPN units, corresponding access mandate is carried out for the identity according to different user to each access user.It provides base In the control of authority of user role, control the user of different role to access different resources, realize the secure access to resource.For The safety issue of cloud platform internal applications system is ensured, and realizes the seamless access of terminal-pair business, by cloud security resource pool Virtual VPN device, realize cloud application mandate access, ensure remote access safety, it is ensured that legal identity pass through lawful acts Access valid system.
Further, protection module is responsible for controlling the safety of cloud environmental interior in cloud, and it includes:
Isolation monitoring unit, in East and West direction, being that different tenant's flows stamps VXLAN labels, is realized by VXLAN Isolation between tenant.Inside same tenant, from secure group component, the isolation and interconnection between tenant's virtual machine are realized Control.By on the traffic mirroring of band VXLAN labels to specific vSwitch ports, by flow analysis virtual machine to target cloud Virtual machine in environment carries out the monitoring analysis of East and West direction flow, and synchronism output monitoring journal and form.
Fort machine unit, is authenticated for the user to access target cloud environment, and access process to user is carried out Journal record and management daily record and the verification of serve log audit.Accomplish Prior Control, inspecting in process, trace afterwards.In industry When business system needs to provide secure accessing, user is carried out using modes such as hardware characteristics code, short message certification, dynamic token cards and is recognized Card.During application system is accessed, realize considering access, the safety of reading process.Journal record is carried out to access process, There is provided management daily record and serve log carries out verification audit.Wherein, user access logses provide information when user accesses and (log in IP, access resource, time, authentication mode), user's active degree, user/user's group flow seniority among brothers and sisters and inquiry, user/user's group Flow velocity trend and inquiry;Alarm log provides and (breaks login attack record, CPU long-times cruelly and take too high record, device memory not Foot), user cruelly break log in, master-slave user name unauthorized access record etc..
DEU data encryption unit, is encrypted for the interaction data to target cloud environment and extraneous user;Data backup list Unit, for carrying out disaster-tolerant backup to the data in target cloud environment.Sensitive data in transmitting procedure should be encrypted, and carry out Cipher mode has three kinds of modes:1) client/application encryption:Data are first encrypted in terminal or server end, are then led to again Network transmission is crossed, or is stored with appropriate encryption format.Using encryption equipment or can be integrated among application program Encryption mechanism;2) link/network encryption mode:The network encryption technique of standard includes SSL, VPN and SSH.Both can be hardware Encryption, or software cryptography;3) encryption based on agency:Data transfer is carried out by proxy server, and data are being carried out Encryption is completed before transmission.
Data backup can additionally be carried out, there is provided data disaster tolerance, such as using RAID, the synchronous technology of time delay, to code, Distributed storage and database carry out real-time Hot Spare and time delay cold standby, it is ensured that even if data are deleted in device damage and mistake Extreme case under also can be safe and sound.Data strange land calamity is set up for environment, it is ensured that the completeness of core data.
And WAF, Web application firewall protect each website Web server to be invaded from application layer, realize HTTP request Abnormality detection, prevents the hostile networks such as webpage tamper, information leakage, wooden horse implantation, SQL injection, XSS cross-site attacks from invading row To protect Web malicious codes, there is provided rule-based protection and the protection based on exception, condition managing etc. is carried out.
The service security that module is responsible for controlling based on fictitious host computer is reinforced in cloud, killed virus in virtual machine internal, Reinforce, it includes:Antivirus unit, checking and killing virus scanning and peace are carried out for the operating system to the virtual machine in target cloud environment Full protection, is VME operating system customization antivirus software, and the protection technique based on virus base carries out security protection and looked into virus Kill scanning;Based on system and the minimum operation authority of application program, active protection is carried out to internal memory, file system, process etc., prevented Senior malicious attack enters system using system 0day leaks and raising operation authority.
Trust calculation unit, for building trust computing Pooled resources and credible virtual machine system, preferably with secure hardware And based on cryptography, trust to build trust chain by safe and reliable hardware, it is ensured that the integrality of virtual machine calculating platform, The function such as calculating platform proof of identification and data safety storage is provided.Based on trusted servers build trust computing Pooled resources with can Letter dummy machine system, for service application provides the support of virtual credible resource.
Reinforcement elements, for setting up normal and abnormal behaviour the model on the virtual machine in target cloud environment, with The security threat of each virtual machine end points is recognized, and attack is responded, application endpoints are detected and response technology, record virtual machine All operations in node, such as user/program/network store the record into peace to file, process, registration table operation In full big data platform, by setting up normal and abnormal behaviour model, persistently these data are analyzed using machine learning, To recognize the security threat of end points, and quick attack is responded.
In sum, a kind of network safety system based on cloud environment provided by the present invention, has considered cloud computing Applied environment, the characteristics of give full play to virtualization, in the form of virtual secure component, overall management and control is inside and outside, middle part cloud ring Border, supports for cloud computing environment provides safety guarantee.Wherein, the security control outside cloud environment is realized in the outer management and control of cloud, is cloud ring Border is to providing two-way prevention between internet environment;The protection between all kinds of resources of cloud environmental interior is realized in protection in cloud;In cloud The security protection of virtual machine itself is realized in reinforcing, protects the security of cloud service application.Cloud meter can more fully be played The advantage calculated and virtualize, preferably the safety of protection cloud environment, standardizes the security system framework of cloud computing environment, and makes Obtain security system framework easy exploiting, easily extension, easy care.
A kind of network safety system based on cloud environment provided by the present invention is described in detail above.Herein Apply specific case to be set forth principle of the invention and implementation method, the explanation of above example is only intended to help Understand the method for the present invention and its core concept.It should be pointed out that for those skilled in the art, not taking off On the premise of the principle of the invention, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls into this In invention scope of the claims.

Claims (8)

1. a kind of network safety system based on cloud environment, it is characterised in that including:
The outer management and control module of cloud, the border for default security component to be deployed in target cloud environment in the form of virtual machine is right Extraneous access data carry out safety detection;
Protection module in cloud, is monitored and controls for the internal security to the target cloud environment;
Module is reinforced in cloud, for carrying out kill virus protection and reinforcing to the fictitious host computer in the target cloud environment.
2. system according to claim 1, it is characterised in that the outer management and control module of the cloud includes:Virtual firewall unit, For tectonic network layer protective barrier, carry out zone isolation and formulate access control rule, whether define different access requests Meet safety requirements, and isolate the security risk of different zones.
3. system according to claim 2, it is characterised in that the outer management and control module of the cloud also includes:IPS units, are used for Leak attack and intrusion behavior detection are carried out to the target cloud environment.
4. system according to claim 3, it is characterised in that the outer management and control module of the cloud also includes:VPN units, are used for Identity according to different user carries out corresponding access mandate to each access user.
5. the system according to any one of Claims 1-4, it is characterised in that protection module includes in the cloud:Isolation prison Control unit, the monitoring for carrying out East and West direction flow to the virtual machine in the target cloud environment is analyzed, and synchronism output is monitored Daily record and form.
6. system according to claim 5, it is characterised in that protection module also includes in the cloud:Fort machine unit, uses It is authenticated in the user to accessing the target cloud environment, and access process to user carries out journal record and management day The verification audit of will and serve log.
7. system according to claim 6, it is characterised in that protection module also includes in the cloud:DEU data encryption unit, It is encrypted for the interaction data to the target cloud environment and extraneous user;Data backup unit, for the target Data in cloud environment carry out disaster-tolerant backup.
8. system according to claim 7, it is characterised in that module is reinforced in the cloud to be included:Antivirus unit, for right The operating system of the virtual machine in the target cloud environment carries out checking and killing virus scanning and security protection;Trust calculation unit, uses In structure trust computing Pooled resources and credible virtual machine system;Reinforcement elements, for setting up in the target cloud environment Normal and abnormal behaviour the model of virtual machine, to recognize the security threat of each virtual machine end points, and is carried out to attack Response.
CN201710113584.7A 2017-02-28 2017-02-28 Cloud environment-based network security system Pending CN106713365A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710113584.7A CN106713365A (en) 2017-02-28 2017-02-28 Cloud environment-based network security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710113584.7A CN106713365A (en) 2017-02-28 2017-02-28 Cloud environment-based network security system

Publications (1)

Publication Number Publication Date
CN106713365A true CN106713365A (en) 2017-05-24

Family

ID=58911977

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710113584.7A Pending CN106713365A (en) 2017-02-28 2017-02-28 Cloud environment-based network security system

Country Status (1)

Country Link
CN (1) CN106713365A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121912A (en) * 2017-12-13 2018-06-05 中国科学院软件研究所 A kind of malice cloud tenant recognition methods and device based on neutral net
CN108200073A (en) * 2018-01-12 2018-06-22 阳光保险集团股份有限公司 A kind of sensitive data safety system
CN108683498A (en) * 2018-05-14 2018-10-19 国网江西省电力有限公司电力科学研究院 A kind of cloud terminal management-control method based on changeable key national secret algorithm
CN108810027A (en) * 2018-07-20 2018-11-13 深圳点猫科技有限公司 A kind of network safety control method and electronic equipment of education resource platform
CN109274756A (en) * 2018-10-12 2019-01-25 湖北邮电规划设计有限公司 A kind of intelligent environment protection monitoring management system
CN109361652A (en) * 2018-09-12 2019-02-19 北京精友世纪软件技术有限公司 A kind of vehicle insurance Claims Resolution safety system
CN109861972A (en) * 2018-12-21 2019-06-07 陕西商洛发电有限公司 A kind of security architecture system of industrial information control unified platform
CN110213346A (en) * 2019-05-14 2019-09-06 北京思源互联科技有限公司 The transmission method and device of encryption information
CN110611637A (en) * 2018-06-14 2019-12-24 北京安天网络安全技术有限公司 Online network threat detection method and system based on VPN flow traction
CN111008376A (en) * 2019-12-09 2020-04-14 国网山东省电力公司电力科学研究院 Mobile application source code safety audit system based on code dynamic analysis
CN111224922A (en) * 2018-11-26 2020-06-02 顺丰科技有限公司 Distributed security group module access control method and system
CN112286639A (en) * 2020-11-08 2021-01-29 国家电网有限公司 Method for reducing CPU occupancy rate of security component
CN112714103A (en) * 2020-12-03 2021-04-27 南京暴走团电子商务有限公司 Safety control system based on network engineering
CN112948204A (en) * 2021-02-07 2021-06-11 上海汉询软件有限公司 Data processing system based on DataRobot technology
CN113612785A (en) * 2021-08-09 2021-11-05 华云数据控股集团有限公司 SDN-based protection system and control method thereof
CN113742735A (en) * 2021-09-18 2021-12-03 合肥力拓云计算科技有限公司 Big data-based energy balance analysis platform safety system and use method thereof
CN113824745A (en) * 2021-11-24 2021-12-21 武汉大学 Network safety emergency disposal system based on recurrent neural network model
CN114780301A (en) * 2022-06-22 2022-07-22 深圳市木浪云科技有限公司 Disaster recovery method and system supporting multi-cloud production environment
CN117014214A (en) * 2023-08-21 2023-11-07 中山市智牛电子有限公司 Intelligent control system and control method for LED display screen

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012027472A2 (en) * 2010-08-24 2012-03-01 Copiun, Inc. Constant access gateway and de-duplicated data cache server
CN102438026A (en) * 2012-01-12 2012-05-02 冶金自动化研究设计院 Industrial control network security protection method and system
EP2569693A2 (en) * 2010-05-09 2013-03-20 Madhav Chinta Methods and systems for forcing an application to store data in a secure storage location
CN103400226A (en) * 2013-07-31 2013-11-20 湖南省烟草公司永州市公司 Integrated tobacco industry information security, operation and maintenance application platform system
CN104504538A (en) * 2015-01-09 2015-04-08 河北斯博思创新科技有限公司 Distributed personnel file management system
CN104660610A (en) * 2015-03-13 2015-05-27 华存数据信息技术有限公司 Cloud computing environment based intelligent security defending system and defending method thereof
CN104994089A (en) * 2015-06-29 2015-10-21 浪潮(北京)电子信息产业有限公司 Security system for cloud data center
CN205486301U (en) * 2016-01-04 2016-08-17 重庆市规划信息服务中心 E -Government platform data management system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2569693A2 (en) * 2010-05-09 2013-03-20 Madhav Chinta Methods and systems for forcing an application to store data in a secure storage location
WO2012027472A2 (en) * 2010-08-24 2012-03-01 Copiun, Inc. Constant access gateway and de-duplicated data cache server
CN102438026A (en) * 2012-01-12 2012-05-02 冶金自动化研究设计院 Industrial control network security protection method and system
CN103400226A (en) * 2013-07-31 2013-11-20 湖南省烟草公司永州市公司 Integrated tobacco industry information security, operation and maintenance application platform system
CN104504538A (en) * 2015-01-09 2015-04-08 河北斯博思创新科技有限公司 Distributed personnel file management system
CN104660610A (en) * 2015-03-13 2015-05-27 华存数据信息技术有限公司 Cloud computing environment based intelligent security defending system and defending method thereof
CN104994089A (en) * 2015-06-29 2015-10-21 浪潮(北京)电子信息产业有限公司 Security system for cloud data center
CN205486301U (en) * 2016-01-04 2016-08-17 重庆市规划信息服务中心 E -Government platform data management system

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121912A (en) * 2017-12-13 2018-06-05 中国科学院软件研究所 A kind of malice cloud tenant recognition methods and device based on neutral net
CN108200073A (en) * 2018-01-12 2018-06-22 阳光保险集团股份有限公司 A kind of sensitive data safety system
CN108683498A (en) * 2018-05-14 2018-10-19 国网江西省电力有限公司电力科学研究院 A kind of cloud terminal management-control method based on changeable key national secret algorithm
CN110611637A (en) * 2018-06-14 2019-12-24 北京安天网络安全技术有限公司 Online network threat detection method and system based on VPN flow traction
CN108810027A (en) * 2018-07-20 2018-11-13 深圳点猫科技有限公司 A kind of network safety control method and electronic equipment of education resource platform
CN109361652A (en) * 2018-09-12 2019-02-19 北京精友世纪软件技术有限公司 A kind of vehicle insurance Claims Resolution safety system
CN109361652B (en) * 2018-09-12 2020-11-13 北京精友世纪软件技术有限公司 Car insurance claim settlement safety protection system
CN109274756A (en) * 2018-10-12 2019-01-25 湖北邮电规划设计有限公司 A kind of intelligent environment protection monitoring management system
CN111224922A (en) * 2018-11-26 2020-06-02 顺丰科技有限公司 Distributed security group module access control method and system
CN109861972A (en) * 2018-12-21 2019-06-07 陕西商洛发电有限公司 A kind of security architecture system of industrial information control unified platform
CN109861972B (en) * 2018-12-21 2022-09-09 陕西商洛发电有限公司 Safety architecture system of industrial information control integrated platform
CN110213346A (en) * 2019-05-14 2019-09-06 北京思源互联科技有限公司 The transmission method and device of encryption information
CN111008376A (en) * 2019-12-09 2020-04-14 国网山东省电力公司电力科学研究院 Mobile application source code safety audit system based on code dynamic analysis
CN111008376B (en) * 2019-12-09 2021-11-05 国网山东省电力公司电力科学研究院 Mobile application source code safety audit system based on code dynamic analysis
CN112286639A (en) * 2020-11-08 2021-01-29 国家电网有限公司 Method for reducing CPU occupancy rate of security component
CN112286639B (en) * 2020-11-08 2024-02-23 国家电网有限公司 Method for reducing CPU occupancy rate of safety component
CN112714103A (en) * 2020-12-03 2021-04-27 南京暴走团电子商务有限公司 Safety control system based on network engineering
CN112948204A (en) * 2021-02-07 2021-06-11 上海汉询软件有限公司 Data processing system based on DataRobot technology
CN113612785A (en) * 2021-08-09 2021-11-05 华云数据控股集团有限公司 SDN-based protection system and control method thereof
CN113742735A (en) * 2021-09-18 2021-12-03 合肥力拓云计算科技有限公司 Big data-based energy balance analysis platform safety system and use method thereof
CN113824745A (en) * 2021-11-24 2021-12-21 武汉大学 Network safety emergency disposal system based on recurrent neural network model
CN114780301A (en) * 2022-06-22 2022-07-22 深圳市木浪云科技有限公司 Disaster recovery method and system supporting multi-cloud production environment
CN117014214A (en) * 2023-08-21 2023-11-07 中山市智牛电子有限公司 Intelligent control system and control method for LED display screen
CN117014214B (en) * 2023-08-21 2024-04-02 中山市智牛电子有限公司 Intelligent control system and control method for LED display screen

Similar Documents

Publication Publication Date Title
CN106713365A (en) Cloud environment-based network security system
US9288223B2 (en) Potential attack detection based on dummy network traffic
Williams A risk assessment on Raspberry Pi using NIST standards
Soares et al. Cloud security: state of the art
Itradat et al. Developing an ISO27001 Information Security Management System for an Educational Institute: Hashemite University as a Case Study.
Alam et al. Review on security aspects for cloud architecture
Miloslavskaya et al. Taxonomy for unsecure big data processing in security operations centers
Alrasheed et al. Cloud Computing Security and Challenges: Issues, Threats, and Solutions
Gerža et al. Security of ISES measureserver® module for remote experiments against malign attacks
Rawal et al. Cybersecurity and Identity Access Management
Aljawarneh et al. Security Issues in Cloud Computing: A Perspective
Oka et al. Analysis of Current Preventive Approaches in the Context of Cybersecurity
Sharma et al. Categorizing threat types and cyber-assaults over Internet of Things-equipped gadgets
Xiao Research on Cyberspace Security System Based on Cloud Computing Environment
Igbinovia et al. Cyber security in university libraries and implication for library and information science education in Nigeria
Krasniqi et al. Vulnerability Assessment & Penetration Testing: Case study on web application security
Zare et al. Cybersecurity vulnerabilities assessment (a systematic review approach)
Tang The Research on Cloud computing security model and Countermeasures
Ma Research on website penetration test
Yacob Securing Sensitive Data in the Cloud: A New Era of Security Through Zero Trust Principles
JP5359292B2 (en) ACCESS CONTROL SYSTEM, ACCESS CONTROL DEVICE, ACCESS CONTROL METHOD, AND PROGRAM
Abduvaliyevich et al. Creation and Security of the Cloud Platform for Educational Technologies
Fgee et al. My Security for Dynamic Websites in Educational Institution
Indu et al. Early work vis-à-vis current trends in internet of things security
Hu Security Problems and Countermeasures of Network Accounting Information System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170524

RJ01 Rejection of invention patent application after publication