CN106790088A - A kind of network security enforcement system and method based on big data platform - Google Patents

A kind of network security enforcement system and method based on big data platform Download PDF

Info

Publication number
CN106790088A
CN106790088A CN201611204203.8A CN201611204203A CN106790088A CN 106790088 A CN106790088 A CN 106790088A CN 201611204203 A CN201611204203 A CN 201611204203A CN 106790088 A CN106790088 A CN 106790088A
Authority
CN
China
Prior art keywords
client
information
big data
access
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611204203.8A
Other languages
Chinese (zh)
Inventor
许广利
郗海龙
张帅
陈学斌
闫少宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
North China University of Science and Technology
Original Assignee
North China University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by North China University of Science and Technology filed Critical North China University of Science and Technology
Priority to CN201611204203.8A priority Critical patent/CN106790088A/en
Publication of CN106790088A publication Critical patent/CN106790088A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of network security enforcement system based on big data platform of technical field of network security, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall, reponse system, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data memory;Network distribution and network environment where the Intranet detecting system detection client, the problem and hidden danger that the Intranet detecting system has network system where client are excluded and warned, the Intranet detecting system is connected with client, the network security enforcement system for being based on big data platform is conducted interviews detection by multi-level safety monitoring system, for the network platform one use environment of safety of offer.

Description

A kind of network security enforcement system and method based on big data platform
Technical field
The present invention relates to technical field of network security, specially a kind of network security enforcement system based on big data platform And method.
Background technology
With the development of electronic information technology, people use the frequency more and more higher of network, while big data is proposed, people Also gradually realize the high speed information hidden danger brought of development, safety problem turns into the major issue of network browsing, privacy leakage, Property is cheated etc., and the network environment of neither one safety is very big for the influence of user, therefore, we have proposed one kind Network security enforcement system and method based on big data platform.
The content of the invention
It is an object of the invention to provide a kind of network security enforcement system based on big data platform and method, to solve The safety problem proposed in above-mentioned background technology turns into the major issue of network browsing, and privacy leakage, property are cheated etc., does not have One network environment of safety problem very big for the influence of user.
To achieve the above object, the present invention provides following technical scheme:A kind of network security reality based on big data platform System is applied, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall, The storage of reponse system, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data Device;
Network distribution and network environment where the Intranet detecting system detection client, the Intranet detecting system will The problem and hidden danger that network system where client is present are excluded and warned, the Intranet detecting system and client End connection;
The client is the instrument that user obtains big data memorizer information, and the client connects with Intranet detecting system Connect;
The LAN provides network connection basis and online environment, the LAN and visitor's checking system for client Connection;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource by LAN Authentication is needed before acquisition, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger and one group of client carry out data biography Defeated, the interchanger is connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
The fire wall sets up safety to the system further safeguard protection between the client and big data memory Protection, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitivity in access information is believed Breath is filtered and rejected, and sensitive information is filtered and rejected and is transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is limited It is fixed;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, the cloud server respectively with user behaviors log storehouse and big data Memory is connected;
The user behaviors log library storage client access information and access content, base is judged as the behavior to client Plinth;
Storage in the big data memory storage network data, the client upload or retrieval big data memory Content.
Preferably, the authentication is correct account and password by way of.
Preferably, the client meets LAN services agreement and big data memory access agreement.
A kind of implementation of the network security enforcement system based on big data platform, should be based on the network of big data platform The implementation of security implementation system is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to client Online verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, access information By fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, believes according to accessing Breath, if the information unauthorized such as dangerous information and influence social stability occur filter, and it is anti-by reponse system to filter information Client is fed to, flowing of access control system is defined for the client visit capacity of same period, beyond the access of visit capacity Information feeds back to corresponding client by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact into big data memory by cloud server Data access is carried out, user behaviors log storehouse stores to the access information of relative client, so as to as the access row of the client For big data memory provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
Compared with prior art, the beneficial effects of the invention are as follows:This is based on the network security enforcement system of big data platform Conducted interviews detection by multi-level safety monitoring system, a use environment for safety is provided for the network platform.
Brief description of the drawings
Fig. 1 implements system flow chart for the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Fig. 1 is referred to, the present invention provides a kind of technical scheme:A kind of network security enforcement system based on big data platform System, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall, feedback System, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data memory;
Network distribution and network environment where the Intranet detecting system detection client, the Intranet detecting system will The problem and hidden danger that network system where client is present are excluded and warned, the Intranet detecting system and client End connection;
The client is the instrument that user obtains big data memorizer information, and the client connects with Intranet detecting system Connect;
The LAN provides network connection basis and online environment, the LAN and visitor's checking system for client Connection;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource by LAN Authentication is needed before acquisition, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger and one group of client carry out data biography Defeated, the interchanger is connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
The fire wall sets up safety to the system further safeguard protection between the client and big data memory Protection, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitivity in access information is believed Breath is filtered and rejected, and sensitive information is filtered and rejected and is transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is limited It is fixed;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, the cloud server respectively with user behaviors log storehouse and big data Memory is connected;
The user behaviors log library storage client access information and access content, base is judged as the behavior to client Plinth;
Storage in the big data memory storage network data, the client upload or retrieval big data memory Content.
Wherein, the authentication is correct account and password by way of, and the client meets LAN clothes Business agreement and big data memory access agreement.
A kind of implementation of the network security enforcement system based on big data platform, should be based on the network of big data platform The implementation of security implementation system is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to client Online verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, access information By fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, believes according to accessing Breath, if the information unauthorized such as dangerous information and influence social stability occur filter, and it is anti-by reponse system to filter information Client is fed to, flowing of access control system is defined for the client visit capacity of same period, beyond the access of visit capacity Information feeds back to corresponding client by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact into big data memory by cloud server Data access is carried out, user behaviors log storehouse stores to the access information of relative client, so as to as the access row of the client For big data memory provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with Understanding can carry out various changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention And modification, the scope of the present invention be defined by the appended.

Claims (4)

1. a kind of network security enforcement system based on big data platform, it is characterised in that including:Intranet detecting system, client End, LAN, visitor's checking system, interchanger, enterprise router, fire wall, reponse system, sensitive information filter system, visit Ask flow control system, user behaviors log storehouse, cloud server and big data memory;
Network distribution and network environment where Intranet detecting system detection client, the Intranet detecting system is by client The problem and hidden danger that network system where end is present are excluded and warned, and the Intranet detecting system connects with client Connect;
The client is the instrument that user obtains big data memorizer information, and the client is connected with Intranet detecting system;
The LAN provides network connection basis and online environment for client, and the LAN connects with visitor's checking system Connect;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource acquisition by LAN Before need authentication, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger carries out data transmission with one group of client, institute Interchanger is stated to be connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
It is anti-that the fire wall sets up safety to the further safeguard protection of the system, between the client and big data memory Shield, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitive information in access information is entered Row filtering and rejection, sensitive information is filtered and rejected transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is defined;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, and the cloud server is stored with user behaviors log storehouse and big data respectively Device is connected;
The user behaviors log library storage client access information and access content, as the behavior judgement basis to client;
In storage in the big data memory storage network data, the client upload or retrieval big data memory Hold.
2. a kind of network security enforcement system based on big data platform according to claim 1, it is characterised in that:It is described Authentication is correct account and password by way of.
3. a kind of network security enforcement system based on big data platform according to claim 1, it is characterised in that:It is described Client meets LAN services agreement and big data memory access agreement.
4. a kind of implementation of the network security enforcement system based on big data platform, it is characterised in that:Big data should be based on The implementation of the network security enforcement system of platform is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to the upper of client Net is verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, and access information is passed through Fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, according to access information, If the information unauthorized such as dangerous information and influence social stability occur to filter, and filtering information is fed back to by reponse system Client, flowing of access control system is defined for the client visit capacity of same period, beyond the access information of visit capacity Corresponding client is fed back to by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact by cloud server and carried out into big data memory Data access, user behaviors log storehouse stores to the access information of relative client, so as to as the access behavior of the client, greatly Data storage provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
CN201611204203.8A 2016-12-23 2016-12-23 A kind of network security enforcement system and method based on big data platform Pending CN106790088A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611204203.8A CN106790088A (en) 2016-12-23 2016-12-23 A kind of network security enforcement system and method based on big data platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611204203.8A CN106790088A (en) 2016-12-23 2016-12-23 A kind of network security enforcement system and method based on big data platform

Publications (1)

Publication Number Publication Date
CN106790088A true CN106790088A (en) 2017-05-31

Family

ID=58897729

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611204203.8A Pending CN106790088A (en) 2016-12-23 2016-12-23 A kind of network security enforcement system and method based on big data platform

Country Status (1)

Country Link
CN (1) CN106790088A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528852A (en) * 2017-09-05 2017-12-29 郑州升达经贸管理学院 A kind of big data based on network security implements system and method
CN111083114A (en) * 2019-11-19 2020-04-28 宏图智能物流股份有限公司 Logistics warehouse network safety system and construction method
CN111859378A (en) * 2020-07-31 2020-10-30 中国工商银行股份有限公司 Processing method and device for protecting data model
CN112615842A (en) * 2020-12-11 2021-04-06 黑龙江亿林网络股份有限公司 Network security implementation system and method based on big data platform
CN113486256A (en) * 2021-06-30 2021-10-08 商洛学院 Big data processing system based on network security
CN115412472A (en) * 2022-08-30 2022-11-29 中国联合网络通信集团有限公司 Network fault troubleshooting method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130803A (en) * 2010-10-22 2011-07-20 新兴铸管股份有限公司 Local area network website security architecture system
CN202150865U (en) * 2011-05-27 2012-02-22 上海尹圣数码科技有限公司 System suitable for enterprises to carry out network behavior management
US8601265B2 (en) * 2010-11-22 2013-12-03 Netapp, Inc. Method and system for improving storage security in a cloud computing environment
CN105553940A (en) * 2015-12-09 2016-05-04 北京中科云集科技有限公司 Safety protection method based on big data processing platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130803A (en) * 2010-10-22 2011-07-20 新兴铸管股份有限公司 Local area network website security architecture system
US8601265B2 (en) * 2010-11-22 2013-12-03 Netapp, Inc. Method and system for improving storage security in a cloud computing environment
CN202150865U (en) * 2011-05-27 2012-02-22 上海尹圣数码科技有限公司 System suitable for enterprises to carry out network behavior management
CN105553940A (en) * 2015-12-09 2016-05-04 北京中科云集科技有限公司 Safety protection method based on big data processing platform

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528852A (en) * 2017-09-05 2017-12-29 郑州升达经贸管理学院 A kind of big data based on network security implements system and method
CN107528852B (en) * 2017-09-05 2020-07-31 郑州升达经贸管理学院 Big data implementation system and method based on network security
CN111083114A (en) * 2019-11-19 2020-04-28 宏图智能物流股份有限公司 Logistics warehouse network safety system and construction method
CN111083114B (en) * 2019-11-19 2021-09-24 宏图智能物流股份有限公司 Logistics warehouse network safety system and construction method
CN111859378A (en) * 2020-07-31 2020-10-30 中国工商银行股份有限公司 Processing method and device for protecting data model
CN112615842A (en) * 2020-12-11 2021-04-06 黑龙江亿林网络股份有限公司 Network security implementation system and method based on big data platform
CN113486256A (en) * 2021-06-30 2021-10-08 商洛学院 Big data processing system based on network security
CN115412472A (en) * 2022-08-30 2022-11-29 中国联合网络通信集团有限公司 Network fault troubleshooting method, device and equipment
CN115412472B (en) * 2022-08-30 2024-04-30 中国联合网络通信集团有限公司 Network fault investigation method, device and equipment

Similar Documents

Publication Publication Date Title
CN106790088A (en) A kind of network security enforcement system and method based on big data platform
CN101834866B (en) CC (Communication Center) attack protective method and system thereof
CN105357195B (en) Go beyond one's commission leak detection method and the device of web access
CN104301302B (en) Go beyond one's commission attack detection method and device
CN101909298B (en) Secure access control method and device for wireless network
TWI691861B (en) Resource permission management method and device
CN105117657B (en) A kind of design method and system of the open mandate access based on intelligence s ervice
CN105141614B (en) A kind of access right control method and device of movable storage device
DE112012004114T5 (en) Assess the social risk due to exposure to potential threats from connected contacts
CN108259432A (en) A kind of management method of API Calls, equipment and system
CN106302534B (en) A kind of method and system of detection and processing illegal user
CN107770191A (en) A kind of finicial administration of enterprise system with security protection
JP2015534138A (en) Method and system for secure authentication and information sharing and analysis
CN101388768A (en) Method and device for detecting malicious HTTP request
CN206686205U (en) The multiple-protection network architecture
CN107026825A (en) A kind of method and system for accessing big data system
CN106034054A (en) Redundant access control list ACL rule file detection method and apparatus thereof
CN107689954A (en) Power information system monitoring method and device
CN104486320B (en) Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology
CN114117264A (en) Illegal website identification method, device, equipment and storage medium based on block chain
CN103095825B (en) A kind of approaches to IM of the Internet and system, server
CN105847287A (en) Resource access control method based on community local area network and system based on community local area network
CN105049445B (en) A kind of access control method and free-standing access controller
US20180309782A1 (en) Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network
CN108696540A (en) A kind of authorizing secure system and its authorization method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication