CN106790088A - A kind of network security enforcement system and method based on big data platform - Google Patents
A kind of network security enforcement system and method based on big data platform Download PDFInfo
- Publication number
- CN106790088A CN106790088A CN201611204203.8A CN201611204203A CN106790088A CN 106790088 A CN106790088 A CN 106790088A CN 201611204203 A CN201611204203 A CN 201611204203A CN 106790088 A CN106790088 A CN 106790088A
- Authority
- CN
- China
- Prior art keywords
- client
- information
- big data
- access
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of network security enforcement system based on big data platform of technical field of network security, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall, reponse system, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data memory;Network distribution and network environment where the Intranet detecting system detection client, the problem and hidden danger that the Intranet detecting system has network system where client are excluded and warned, the Intranet detecting system is connected with client, the network security enforcement system for being based on big data platform is conducted interviews detection by multi-level safety monitoring system, for the network platform one use environment of safety of offer.
Description
Technical field
The present invention relates to technical field of network security, specially a kind of network security enforcement system based on big data platform
And method.
Background technology
With the development of electronic information technology, people use the frequency more and more higher of network, while big data is proposed, people
Also gradually realize the high speed information hidden danger brought of development, safety problem turns into the major issue of network browsing, privacy leakage,
Property is cheated etc., and the network environment of neither one safety is very big for the influence of user, therefore, we have proposed one kind
Network security enforcement system and method based on big data platform.
The content of the invention
It is an object of the invention to provide a kind of network security enforcement system based on big data platform and method, to solve
The safety problem proposed in above-mentioned background technology turns into the major issue of network browsing, and privacy leakage, property are cheated etc., does not have
One network environment of safety problem very big for the influence of user.
To achieve the above object, the present invention provides following technical scheme:A kind of network security reality based on big data platform
System is applied, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall,
The storage of reponse system, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data
Device;
Network distribution and network environment where the Intranet detecting system detection client, the Intranet detecting system will
The problem and hidden danger that network system where client is present are excluded and warned, the Intranet detecting system and client
End connection;
The client is the instrument that user obtains big data memorizer information, and the client connects with Intranet detecting system
Connect;
The LAN provides network connection basis and online environment, the LAN and visitor's checking system for client
Connection;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource by LAN
Authentication is needed before acquisition, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger and one group of client carry out data biography
Defeated, the interchanger is connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
The fire wall sets up safety to the system further safeguard protection between the client and big data memory
Protection, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitivity in access information is believed
Breath is filtered and rejected, and sensitive information is filtered and rejected and is transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is limited
It is fixed;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, the cloud server respectively with user behaviors log storehouse and big data
Memory is connected;
The user behaviors log library storage client access information and access content, base is judged as the behavior to client
Plinth;
Storage in the big data memory storage network data, the client upload or retrieval big data memory
Content.
Preferably, the authentication is correct account and password by way of.
Preferably, the client meets LAN services agreement and big data memory access agreement.
A kind of implementation of the network security enforcement system based on big data platform, should be based on the network of big data platform
The implementation of security implementation system is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to client
Online verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, access information
By fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, believes according to accessing
Breath, if the information unauthorized such as dangerous information and influence social stability occur filter, and it is anti-by reponse system to filter information
Client is fed to, flowing of access control system is defined for the client visit capacity of same period, beyond the access of visit capacity
Information feeds back to corresponding client by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact into big data memory by cloud server
Data access is carried out, user behaviors log storehouse stores to the access information of relative client, so as to as the access row of the client
For big data memory provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
Compared with prior art, the beneficial effects of the invention are as follows:This is based on the network security enforcement system of big data platform
Conducted interviews detection by multi-level safety monitoring system, a use environment for safety is provided for the network platform.
Brief description of the drawings
Fig. 1 implements system flow chart for the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Fig. 1 is referred to, the present invention provides a kind of technical scheme:A kind of network security enforcement system based on big data platform
System, including:Intranet detecting system, client, LAN, visitor's checking system, interchanger, enterprise router, fire wall, feedback
System, sensitive information filter system, flowing of access control system, user behaviors log storehouse, cloud server and big data memory;
Network distribution and network environment where the Intranet detecting system detection client, the Intranet detecting system will
The problem and hidden danger that network system where client is present are excluded and warned, the Intranet detecting system and client
End connection;
The client is the instrument that user obtains big data memorizer information, and the client connects with Intranet detecting system
Connect;
The LAN provides network connection basis and online environment, the LAN and visitor's checking system for client
Connection;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource by LAN
Authentication is needed before acquisition, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger and one group of client carry out data biography
Defeated, the interchanger is connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
The fire wall sets up safety to the system further safeguard protection between the client and big data memory
Protection, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitivity in access information is believed
Breath is filtered and rejected, and sensitive information is filtered and rejected and is transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is limited
It is fixed;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, the cloud server respectively with user behaviors log storehouse and big data
Memory is connected;
The user behaviors log library storage client access information and access content, base is judged as the behavior to client
Plinth;
Storage in the big data memory storage network data, the client upload or retrieval big data memory
Content.
Wherein, the authentication is correct account and password by way of, and the client meets LAN clothes
Business agreement and big data memory access agreement.
A kind of implementation of the network security enforcement system based on big data platform, should be based on the network of big data platform
The implementation of security implementation system is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to client
Online verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, access information
By fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, believes according to accessing
Breath, if the information unauthorized such as dangerous information and influence social stability occur filter, and it is anti-by reponse system to filter information
Client is fed to, flowing of access control system is defined for the client visit capacity of same period, beyond the access of visit capacity
Information feeds back to corresponding client by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact into big data memory by cloud server
Data access is carried out, user behaviors log storehouse stores to the access information of relative client, so as to as the access row of the client
For big data memory provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
Understanding can carry out various changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention
And modification, the scope of the present invention be defined by the appended.
Claims (4)
1. a kind of network security enforcement system based on big data platform, it is characterised in that including:Intranet detecting system, client
End, LAN, visitor's checking system, interchanger, enterprise router, fire wall, reponse system, sensitive information filter system, visit
Ask flow control system, user behaviors log storehouse, cloud server and big data memory;
Network distribution and network environment where Intranet detecting system detection client, the Intranet detecting system is by client
The problem and hidden danger that network system where end is present are excluded and warned, and the Intranet detecting system connects with client
Connect;
The client is the instrument that user obtains big data memorizer information, and the client is connected with Intranet detecting system;
The LAN provides network connection basis and online environment for client, and the LAN connects with visitor's checking system
Connect;
Visitor's checking system is defined for the network connection conditions, and the client carries out resource acquisition by LAN
Before need authentication, visitor's checking system is connected with interchanger;
The interchanger is used as network shunt, and the stub interface of the interchanger carries out data transmission with one group of client, institute
Interchanger is stated to be connected with enterprise router;
The enterprise router as internet connection hinge, the enterprise router is connected with fire wall;
It is anti-that the fire wall sets up safety to the further safeguard protection of the system, between the client and big data memory
Shield, the fire wall is connected with reponse system, sensitive information filter system and flowing of access control system respectively;
Request of the reponse system to the access of client is fed back, and by transmission of feedback information to client;
The sensitive information filter system is retrieved to the access information of client, and the sensitive information in access information is entered
Row filtering and rejection, sensitive information is filtered and rejected transmitted to client by reponse system;
The flowing of access control system limits the flowing of access of client, and the access number for the same period is defined;
The reponse system, sensitive information filter system and flowing of access control system are connected with cloud server;
The cloud server provides service for the system, and the cloud server is stored with user behaviors log storehouse and big data respectively
Device is connected;
The user behaviors log library storage client access information and access content, as the behavior judgement basis to client;
In storage in the big data memory storage network data, the client upload or retrieval big data memory
Hold.
2. a kind of network security enforcement system based on big data platform according to claim 1, it is characterised in that:It is described
Authentication is correct account and password by way of.
3. a kind of network security enforcement system based on big data platform according to claim 1, it is characterised in that:It is described
Client meets LAN services agreement and big data memory access agreement.
4. a kind of implementation of the network security enforcement system based on big data platform, it is characterised in that:Big data should be based on
The implementation of the network security enforcement system of platform is specific as follows:
S1:Client connects LAN, and client carries out information browse by LAN, and visitor's checking system is to the upper of client
Net is verified that client carries out Account Logon by correct account and password;
S2:Intranet detecting system is eliminated and warned to potential safety hazard to the network environment and potential safety hazard of client;
S3:Client is connected by by interchanger with the wide area network of enterprise router after Information Authentication, and access information is passed through
Fire wall, fire wall carries out safety inspection to the access information of client;
S4:After the safety inspection of fire wall passes through, access information enters into sensitive information filter system, according to access information,
If the information unauthorized such as dangerous information and influence social stability occur to filter, and filtering information is fed back to by reponse system
Client, flowing of access control system is defined for the client visit capacity of same period, beyond the access information of visit capacity
Corresponding client is fed back to by reponse system;
S5:By the way that after sensitive information filter system, access information is made contact by cloud server and carried out into big data memory
Data access, user behaviors log storehouse stores to the access information of relative client, so as to as the access behavior of the client, greatly
Data storage provides corresponding custom and accesses data, and retrieval information is back into client after accessing data retrieval.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611204203.8A CN106790088A (en) | 2016-12-23 | 2016-12-23 | A kind of network security enforcement system and method based on big data platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611204203.8A CN106790088A (en) | 2016-12-23 | 2016-12-23 | A kind of network security enforcement system and method based on big data platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106790088A true CN106790088A (en) | 2017-05-31 |
Family
ID=58897729
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611204203.8A Pending CN106790088A (en) | 2016-12-23 | 2016-12-23 | A kind of network security enforcement system and method based on big data platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790088A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107528852A (en) * | 2017-09-05 | 2017-12-29 | 郑州升达经贸管理学院 | A kind of big data based on network security implements system and method |
CN111083114A (en) * | 2019-11-19 | 2020-04-28 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
CN111859378A (en) * | 2020-07-31 | 2020-10-30 | 中国工商银行股份有限公司 | Processing method and device for protecting data model |
CN112615842A (en) * | 2020-12-11 | 2021-04-06 | 黑龙江亿林网络股份有限公司 | Network security implementation system and method based on big data platform |
CN113486256A (en) * | 2021-06-30 | 2021-10-08 | 商洛学院 | Big data processing system based on network security |
CN115412472A (en) * | 2022-08-30 | 2022-11-29 | 中国联合网络通信集团有限公司 | Network fault troubleshooting method, device and equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102130803A (en) * | 2010-10-22 | 2011-07-20 | 新兴铸管股份有限公司 | Local area network website security architecture system |
CN202150865U (en) * | 2011-05-27 | 2012-02-22 | 上海尹圣数码科技有限公司 | System suitable for enterprises to carry out network behavior management |
US8601265B2 (en) * | 2010-11-22 | 2013-12-03 | Netapp, Inc. | Method and system for improving storage security in a cloud computing environment |
CN105553940A (en) * | 2015-12-09 | 2016-05-04 | 北京中科云集科技有限公司 | Safety protection method based on big data processing platform |
-
2016
- 2016-12-23 CN CN201611204203.8A patent/CN106790088A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102130803A (en) * | 2010-10-22 | 2011-07-20 | 新兴铸管股份有限公司 | Local area network website security architecture system |
US8601265B2 (en) * | 2010-11-22 | 2013-12-03 | Netapp, Inc. | Method and system for improving storage security in a cloud computing environment |
CN202150865U (en) * | 2011-05-27 | 2012-02-22 | 上海尹圣数码科技有限公司 | System suitable for enterprises to carry out network behavior management |
CN105553940A (en) * | 2015-12-09 | 2016-05-04 | 北京中科云集科技有限公司 | Safety protection method based on big data processing platform |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107528852A (en) * | 2017-09-05 | 2017-12-29 | 郑州升达经贸管理学院 | A kind of big data based on network security implements system and method |
CN107528852B (en) * | 2017-09-05 | 2020-07-31 | 郑州升达经贸管理学院 | Big data implementation system and method based on network security |
CN111083114A (en) * | 2019-11-19 | 2020-04-28 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
CN111083114B (en) * | 2019-11-19 | 2021-09-24 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
CN111859378A (en) * | 2020-07-31 | 2020-10-30 | 中国工商银行股份有限公司 | Processing method and device for protecting data model |
CN112615842A (en) * | 2020-12-11 | 2021-04-06 | 黑龙江亿林网络股份有限公司 | Network security implementation system and method based on big data platform |
CN113486256A (en) * | 2021-06-30 | 2021-10-08 | 商洛学院 | Big data processing system based on network security |
CN115412472A (en) * | 2022-08-30 | 2022-11-29 | 中国联合网络通信集团有限公司 | Network fault troubleshooting method, device and equipment |
CN115412472B (en) * | 2022-08-30 | 2024-04-30 | 中国联合网络通信集团有限公司 | Network fault investigation method, device and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106790088A (en) | A kind of network security enforcement system and method based on big data platform | |
CN101834866B (en) | CC (Communication Center) attack protective method and system thereof | |
CN105357195B (en) | Go beyond one's commission leak detection method and the device of web access | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
CN101909298B (en) | Secure access control method and device for wireless network | |
TWI691861B (en) | Resource permission management method and device | |
CN105117657B (en) | A kind of design method and system of the open mandate access based on intelligence s ervice | |
CN105141614B (en) | A kind of access right control method and device of movable storage device | |
DE112012004114T5 (en) | Assess the social risk due to exposure to potential threats from connected contacts | |
CN108259432A (en) | A kind of management method of API Calls, equipment and system | |
CN106302534B (en) | A kind of method and system of detection and processing illegal user | |
CN107770191A (en) | A kind of finicial administration of enterprise system with security protection | |
JP2015534138A (en) | Method and system for secure authentication and information sharing and analysis | |
CN101388768A (en) | Method and device for detecting malicious HTTP request | |
CN206686205U (en) | The multiple-protection network architecture | |
CN107026825A (en) | A kind of method and system for accessing big data system | |
CN106034054A (en) | Redundant access control list ACL rule file detection method and apparatus thereof | |
CN107689954A (en) | Power information system monitoring method and device | |
CN104486320B (en) | Intranet sensitive information leakage evidence-obtaining system and method based on sweet network technology | |
CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
CN103095825B (en) | A kind of approaches to IM of the Internet and system, server | |
CN105847287A (en) | Resource access control method based on community local area network and system based on community local area network | |
CN105049445B (en) | A kind of access control method and free-standing access controller | |
US20180309782A1 (en) | Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network | |
CN108696540A (en) | A kind of authorizing secure system and its authorization method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
RJ01 | Rejection of invention patent application after publication |