CN106936814A - A kind of network protection methods, devices and systems - Google Patents

A kind of network protection methods, devices and systems Download PDF

Info

Publication number
CN106936814A
CN106936814A CN201710048058.7A CN201710048058A CN106936814A CN 106936814 A CN106936814 A CN 106936814A CN 201710048058 A CN201710048058 A CN 201710048058A CN 106936814 A CN106936814 A CN 106936814A
Authority
CN
China
Prior art keywords
network access
access request
request packet
testing conditions
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710048058.7A
Other languages
Chinese (zh)
Other versions
CN106936814B (en
Inventor
姜海舟
王烨
张俊贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN201710048058.7A priority Critical patent/CN106936814B/en
Publication of CN106936814A publication Critical patent/CN106936814A/en
Application granted granted Critical
Publication of CN106936814B publication Critical patent/CN106936814B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of network protection methods, devices and systems, methods described, including:The network access request packet that receiving terminal sends, the essential information needed for carrying this network access in the network access request packet;Judge whether the essential information meets default testing conditions;If it is, the data in the network access request packet are carried out into the packet after data obfuscation is obscured, and packet after obscuring is sent to webpage Web server.Using method provided in an embodiment of the present invention, realize the active defense of the packet sent to terminal, can not only reduce Web server by number of times of attack, the packet that terminal can also be protected to send, it is ensured that the security of user profile.

Description

A kind of network protection methods, devices and systems
Technical field
The present invention relates to computer techno-stress technical field, more particularly to a kind of network protection methods, devices and systems.
Background technology
With the fast development of the new and high technologies such as internet, cloud computing, big data, open increasing, the shifting of information Dynamic property is also stronger, and information content also more and more higher, the attack to whole hacker brings very big firing area, especially automates The development of instrument so that attack meanses grow in intensity, the security to network causes greatly threat.
Traditional information security means belong to passive-type, solid-state " enclosing wall type " defense mechanism, peace each time mostly Full Developing Tactics necessarily refer to each security node.It is this to dispose fire wall, VPN (Virtual Private according to demand Network, Virtual Private Network), intrusion prevention system, anti-virus, flow control, URL (Uniform Resource Locator, URL) filtering etc. safety means mode, cannot meet business in Internet era and quickly send out The rhythm of exhibition.
Therefore, how security protection is provided for various Internet services, protect user's sensitive data, reduce server and attacked It is one of problem demanding prompt solution to hit number of times.
The content of the invention
The embodiment of the present invention provides a kind of network protection methods, devices and systems, to active for Internet service is provided Security protection, can not only protect user's sensitive data, can also reduce server by number of times of attack, enhance terminal user's letter The security of breath.
The embodiment of the present invention provides a kind of network protection method, including:
The network access request packet that receiving terminal sends, this net is carried in the network access request packet Network accesses required essential information;
Judge whether the essential information meets default testing conditions;
If it is, the data in the network access request packet are carried out into the data after data obfuscation is obscured Bag, and packet after obscuring is sent to webpage Web server.
It is preferred that the data in the network access request packet are carried out into the data after data obfuscation is obscured Bag, specifically includes:
The word after being expanded is extended respectively for each byte included in the network access request packet Section;And
For the byte after each extension, after to the byte after the extension processed using preset algorithm Byte;
Combine the packet after the byte after all treatment is obscured.
Preferably, the essential information include it is following at least one:Send the network access request packet time, The purpose Internet protocol IP of this network access and the characteristic information of the terminal, the characteristic information of the terminal is including following At least one:It is clear that the source IP of this network access, the MAC address of the terminal and the terminal are logged in Look at the version number of device;And
If the essential information includes at least two, judge whether the essential information meets default detector bar Part, specifically includes:
Judge whether each single item essential information meets default testing conditions;
If each single item essential information is satisfied by default testing conditions, it is determined that the essential information meets default inspection Survey condition;
If any one essential information is unsatisfactory for default testing conditions, it is determined that the essential information is unsatisfactory for default Testing conditions.
Further, judge whether the time for sending the network access request packet meets default in accordance with the following methods Testing conditions:
Judge whether the time for sending the network access request packet is not more than and receive the network access request number According to the time of bag;
If it is judged that being yes, it is determined that the time for sending network access request packet meets default detector bar Part;
If it is judged that being no, it is determined that the time for sending network access request packet is unsatisfactory for default detector bar Part.
Further, judge whether each single item characteristic information of the terminal meets default detector bar in accordance with the following methods Part:
For each single item characteristic information of the terminal, judge this characteristic information of the terminal with it is prestoring, Whether this characteristic information of the terminal is consistent;
If it is judged that being yes, it is determined that this characteristic information of the terminal meets default testing conditions;
If it is judged that being no, it is determined that this characteristic information of the terminal is unsatisfactory for default testing conditions.
Further, judge whether the purpose IP of this network access meets default testing conditions in accordance with the following methods:
Judge whether the purpose IP is consistent with the source IP of the terminal;
If it is, determining that the purpose IP of this network access is unsatisfactory for default testing conditions;
If it is not, then determining that the purpose IP of this network access meets default testing conditions.
It is preferred that before judging whether the essential information meets default testing conditions, methods described also includes:
Determine to be received in the unit interval number of times of handshake SYN;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, Also include:
Determine that the number of times that handshake SYN is received in the unit interval is no more than predetermined threshold value.
It is preferred that before judging whether the essential information meets default testing conditions, methods described also includes:
It is determined that the byte number of the network access request packet for receiving;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, Also include:
Determine the byte number no more than predetermined word joint number of the network access request packet.
It is preferred that before judging whether the essential information meets default testing conditions, methods described also includes:
It is determined that receiving the port numbers of the network access request packet;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, Also include:
It is not default port numbers to determine the port numbers, and the urgent position URG of transmission control protocol TCP is not setting Value.
Preferably, the network access request packet is obtained for the terminal is encrypted using predetermined encryption algorithm 's;And
Before judging whether the essential information meets default testing conditions, methods described also includes:
The network access request packet is decrypted.
The embodiment of the present invention provides a kind of network protection device, including:
Receiving unit, for the network access request packet that receiving terminal sends, the network access request packet In carry this network access needed for essential information;
Judging unit, for judging whether the essential information meets default testing conditions;
Data obfuscation unit, if being yes for the judged result of the judging unit, by the network access request Data in packet carry out the packet after data obfuscation is obscured, and packet after obscuring is sent to webpage Web Server.
During specific implementation, the data obfuscation unit specifically includes extension subelement, treatment subelement and combination single Unit, wherein:
Extension subelement, for being extended respectively for each byte included in the network access request packet Byte after being expanded;
Treatment subelement, for for the byte after each extension, being carried out to the byte after the extension using preset algorithm Byte after being processed;
Combination subelement, for combining the packet after the byte after all treatment is obscured.
It is preferred that the essential information include it is following at least one:Send the network access request packet time, The purpose IP of this network access and the characteristic information of the terminal, the characteristic information of the terminal include it is following at least one: The version number of the browser that the source IP of this network access, the MAC Address of the terminal and the terminal are logged in;And
The judging unit, if including at least two specifically for the essential information, judges that each single item is believed substantially Whether breath meets default testing conditions;If each single item essential information is satisfied by default testing conditions, it is determined that the base This information meets default testing conditions;If any one essential information is unsatisfactory for default testing conditions, it is determined that the base This information is unsatisfactory for default testing conditions.
It is preferred that the judging unit, specifically for judge to send the network access request packet time whether No more than receive the time of the network access request packet;If it is judged that being yes, it is determined that network access request number Time according to bag meets default testing conditions;If it is judged that being no, it is determined that the time of network access request packet It is unsatisfactory for default testing conditions.
It is preferred that the judging unit, specifically for each single item characteristic information for the terminal, judges the terminal This characteristic information it is whether consistent with this characteristic information of terminal prestore, described;If it is judged that be it is yes, then Determine that this characteristic information of the terminal meets default testing conditions;If it is judged that being no, it is determined that the terminal This characteristic information be unsatisfactory for default testing conditions.
It is preferred that whether the judging unit, consistent with the source IP of the terminal specifically for judging the purpose IP;Such as It is really, it is determined that the purpose IP of this network access is unsatisfactory for default testing conditions;If it is not, then determining this network access Purpose IP meet default testing conditions.
Preferably, described device, also including the first determining unit, wherein:
First determining unit, for judging whether the essential information meets default detection in the judging unit Before condition, determine to receive the number of times of handshake SYN in the unit interval;And
Described device, also including the second determining unit, wherein:
Second determining unit, in the data obfuscation unit by the number in the network access request packet According to the number of times for before carrying out the packet after data obfuscation is obscured, determining to receive handshake SYN in the unit interval not More than predetermined threshold value.
It is preferred that described device, also including the 3rd determining unit, wherein:
3rd determining unit, for judging whether the essential information meets default detection in the judging unit Before condition, it is determined that the byte number of the network access request packet for receiving;And
Described device, also including the 4th determining unit, wherein:
4th determining unit, in the data obfuscation unit by the number in the network access request packet According to before carrying out the packet after data obfuscation is obscured, determining that the byte number of the network access request packet is not more than Predetermined word joint number.
It is preferred that described device, also including the 5th determining unit, wherein:
5th determining unit, for judging whether the essential information meets default detection in the judging unit Before condition, it is determined that receiving the port numbers of the network access request packet;And
Described device, also including the 6th determining unit, wherein:
6th determining unit, in the data obfuscation unit by the number in the network access request packet It not is default port numbers according to the port numbers before carrying out the packet after data obfuscation is obscured, are determined, and transmission The urgent position URG of control protocol TCP is not setting value.
It is preferred that the network access request packet is obtained for the terminal is encrypted using predetermined encryption algorithm 's;And described device, also including decryption unit, wherein:
The decryption unit, for judging whether the essential information meets default testing conditions in the judging unit Before, the network access request packet is decrypted.
The embodiment of the present invention provides a kind of network-safeguard system, including:At least one terminal, network protection server and net Page Web server, wherein, above-mentioned network protection device is provided with the network protection server.
Beneficial effect of the present invention:
Network protection methods, devices and systems provided in an embodiment of the present invention, are receiving the network access of terminal transmission After request data package, the essential information according to needed for this network access carried in the network access request packet is sentenced Whether the essential information of breaking meets default testing conditions;If it is, by the number in the network access request packet According to carrying out the packet after data obfuscation is obscured, and packet after obscuring is sent to Web server, realizes to end The Initiative Defense of the packet for sending is held, for various Internet services provide security protection, while also protection user sensitivity number According to, server is reduced by number of times of attack, enhance the security of user profile.
Other features and advantages of the present invention will be illustrated in the following description, also, the partly change from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes a part of the invention, this hair Bright schematic description and description does not constitute inappropriate limitation of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 a are the implementation process diagram of the network protection method that the embodiment of the present invention one is provided;
In the network protection method that Fig. 1 b are provided for the embodiment of the present invention one when the essential information includes at least two Judge whether the essential information meets the implementation process diagram of default testing conditions;
Fig. 2 is the judgement transmission network access request packet in the network protection method that the embodiment of the present invention one is provided Time whether meet the implementation process diagram of default testing conditions;
The each single item characteristic information of the terminal is judged in the network protection method that Fig. 3 is provided for the embodiment of the present invention one is The no implementation process diagram for meeting default testing conditions;
Judge whether the purpose IP of this network access is full in the network protection method that Fig. 4 is provided for the embodiment of the present invention one The implementation process diagram of the default testing conditions of foot;
By the number in the network access request packet in the network protection method that Fig. 5 is provided for the embodiment of the present invention one According to the implementation process diagram for carrying out the packet after data obfuscation is obscured;
Fig. 6 is the structural representation of the network protection device that the embodiment of the present invention two is provided;
Fig. 7 is the structural representation of the network-safeguard system that the embodiment of the present invention three is provided.
Specific embodiment
The embodiment of the present invention provides a kind of network protection methods, devices and systems, to active for Internet service is provided Security protection, can not only protect user's sensitive data, can also reduce server by number of times of attack, enhance terminal user's letter The security of breath.
The preferred embodiments of the present invention are illustrated below in conjunction with Figure of description, it will be appreciated that described herein Preferred embodiment is merely to illustrate and explain the present invention, and is not intended to limit the present invention, and in the case where not conflicting, this hair The feature in embodiment and embodiment in bright can be mutually combined.
Embodiment one
As shown in Figure 1a, it is the implementation process diagram of the network protection method that the embodiment of the present invention one is provided, can wraps Include following steps:
The network access request packet that S11, receiving terminal send, carries this in the network access request packet Essential information needed for secondary network access.
Specifically, when any network address of the browser access in User logs in terminal, browsing process of the prior art It is that this network access request is directly sent to webpage Web server, and the embodiment of the present invention is by network access request number Network protection server is sent to according to bag, network access request packet is verified and processed by network protection server, Web server is sent to after packet is processed after being verified again, is that miscellaneous service carries out active safety protection, protected The sensitive data of terminal transmission is protected.
It is preferred that before network access request packet is sent to network protection server, in order to ensure the peace of data Quan Xing, it is possible to use the intelligent code key with the close algorithm of state is encrypted to network access request packet, then The network access request packet encrypted is sent to network protection server.
During specific implementation, the essential information include it is following at least one:Send the network access request packet Time, the purpose IP (Internet Protocol, Internet protocol) and the characteristic information of the terminal of this network access, The characteristic information of the terminal include it is following at least one:MAC (the Media of the source IP of this network access, the terminal Access Control, media access control) version number of browser that is logged in of address and the terminal.
S12, judge whether the essential information meets default testing conditions, if it is, performing step S13;If It is no, then perform step S14.
Obtained because the network access request packet terminal is encrypted using predetermined encryption algorithm;Cause This, network protection server was judging whether the essential information meets default testing conditions before step S12 is performed Before, methods described, also includes:
The network access request packet is decrypted.
Network protection server is needed using decipherment algorithm corresponding with encription algorithms approved by the State Password Administration Committee Office algorithm to network access request data Bag performs decryption oprerations, if decryption failure, abandons the packet, does not perform and delivers a packet to Web server operation, Web server is prevented by malicious attack.
If it is preferred that the essential information includes at least two, be may be referred to shown in Fig. 1 b when performing step S12 Method, comprises the following steps:
S121, judge whether each single item essential information meets default testing conditions, if each single item essential information is full The default testing conditions of foot, then perform step S122;Otherwise, step S123 is performed.
Specifically, include sending described for the essential information in network access request packet in the embodiment of the present invention The characteristic information of the time of network access request packet, the purpose IP of this network access and the terminal, therefore need to this Three essential informations perform step S121~S123 respectively, when default testing conditions are satisfied by for this three, it is determined that network Essential information in access request data bag meets default testing conditions, and then determines that the network access data bag is safe Packet.
S122, determine that the essential information meets default testing conditions.
S123, determine that the essential information is unsatisfactory for default testing conditions.
Further, in for the essential information carried in network access request packet in step S11, individually below really Whether each single item in the fixed essential information meets default testing conditions.
(1) judge whether the time for sending the network access request packet meets default according to the method described in Fig. 2 Testing conditions, comprise the following steps:
S21, judge to send the network access request packet time whether be not more than receive the network access please The time of packet is asked, if it is judged that being yes, then step S22 is performed;Otherwise, step S23 is performed.
Specifically, network protection server is receiving the time generally larger than terminal of network access request packet The time of network access request packet is sent, network is sent less than terminal when the time for receiving network access request packet The time of access request data bag, then show that current data packet is possible for illegal packet, then perform step S23, it is determined that The time for sending network access request packet is unsatisfactory for default testing conditions;And network protection server is it is determined that step The judged result of S21 determines that the time for sending network access request packet meets default when being, then to perform step S22 Testing conditions.
The time that S22, determination send network access request packet meets default testing conditions.
The time that S23, determination send network access request packet is unsatisfactory for default testing conditions.
(2) whether each single item characteristic information for judging the terminal according to the method shown in Fig. 3 meets default detector bar Part, comprises the following steps:
S31, each single item characteristic information for the terminal, judge this characteristic information of the terminal and prestore , this characteristic information of the terminal it is whether consistent, if it is judged that be yes, then execution step S32;Otherwise, step is performed Rapid S33.
Specifically, the characteristic information of terminal can include the source IP of this network access, the MAC Address of the terminal and Version number for the browser that the terminal is logged in etc., for each characteristic information, then judges this feature information and network protection Whether characteristic information prestored in server, terminal is consistent, if unanimously, it is determined that this feature letter of the terminal Breath meets default testing conditions, otherwise, it determines determining that this characteristic information of the terminal is unsatisfactory for default testing conditions; Untill all characteristic informations for judging terminal.
S32, determine that this characteristic information of the terminal meets default testing conditions.
S33, determine that this characteristic information of the terminal is unsatisfactory for default testing conditions.
(3) judge whether the purpose IP of this network access meets default testing conditions according to the method shown in Fig. 4, wrap Include following steps:
S41, judge whether the purpose IP is consistent with the source IP of the terminal, if it is not, then performing step S43;Otherwise, Perform step S42.
Specifically, theoretically, purpose IP address are different from the source IP address of terminal, but are attacked when there is malice When hitting, the purpose IP address that terminal is carried are probably consistent with the source IP address of terminal, in this regard, network protection server needs Further perform the deterministic process of step S41.If it is judged that for when being, it is determined that the purpose IP of this network access is discontented with The default testing conditions of foot, otherwise, meet default testing conditions.
S42, determine that the purpose IP of this network access is unsatisfactory for default testing conditions.
S43, determine that the purpose IP of this network access meets default testing conditions.
It is preferred that before judging whether the essential information meets default testing conditions, methods described also includes:
Determine to be received in the unit interval number of times of handshake SYN;And
Before step S13 is performed, i.e., obtain the data in the network access request packet are carried out into data obfuscation Before packet to after obscuring, also include:
Determine that the number of times that handshake SYN is received in the unit interval is no more than predetermined threshold value.
Specifically, judge whether the number of times that handshaking information SYN is received in the unit interval exceedes network protection server Predetermined threshold value, if it exceeds, it is determined that the packet is illegal packet, otherwise, it determines network access request packet is Legal data packet, wherein, the predetermined threshold value is set by network protection server according to actual conditions.
It is preferred that before step S12 is performed, i.e., judge the essential information whether meet default testing conditions it Before, methods described also includes:
It is determined that the byte number of the network access request packet for receiving;And
Before step S13 is performed, i.e., obtain the data in the network access request packet are carried out into data obfuscation Before packet to after obscuring, also include:
Determine the byte number no more than predetermined word joint number of the network access request packet.
Specifically, when the byte number of network access request packet is more than predetermined word joint number, then the packet is shown It is illegal packet, it may occur that flooding phenomenon, therefore, network protection server needs to judge network access request data Whether the byte number of bag is less than predetermined word joint number, if it is less, the packet is determined for legal data packet, otherwise, not conform to Method packet.Wherein, the predetermined word joint number can be 65535.
It is preferred that before step S12 is performed, i.e., judge the essential information whether meet default testing conditions it Before, methods described also includes:
It is determined that receiving the port numbers of the network access request packet;And
Before step S13 is performed, i.e., obtain the data in the network access request packet are carried out into data obfuscation Before packet to after obscuring, also include:
It is not default port numbers to determine the port numbers, and TCP (Transmission Control Protocol, Transmission control protocol) urgent position URG be setting value.
Specifically, URG is used to prevent WinNuke from attacking, and is mainly manifested in target of attack port, the target often attacked Port, that is, preset port numbers and be typically 139,138,137,113 and 53 etc., when URG is 1 (preset value), then represents urgent mould Formula, WinNuke is attacked can send (OOB) data message outside some carryings TCP bands to the corresponding port of above-mentioned port numbers, work as Web Server can cause server crash when these data are processed.
Therefore, in order to prevent Web server from being collapsed on the premise of not judging, network protection server it needs to be determined that The port numbers for receiving network access request packet are not the port numbers such as 139,138,137,113 and 53, and determine TCP's URG is not 1, network access request packet could be sent into Web server.
S13, the data in the network access request packet are carried out the packet after data obfuscation is obscured, and Packet after obscuring is sent to Web server.
During specific implementation, the data in the network access request packet can be carried out according to the method shown in Fig. 5 Data obfuscation obscured after packet, may comprise steps of:
S51, be extended respectively for each byte included in the network access request packet and be expanded after Byte.
S52, for the byte after each extension, the byte after the extension is carried out using preset algorithm being processed Byte afterwards.
S53, the byte combined after all treatment obscured after packet.
For step S51~S53, the embodiment of the present invention using redundant digit data obfuscation technology, general principle is:1 Byte is constituted by 8, i.e.,:1byte=8bit, unit32d is transformed into from unit8d (data type), and wherein unit8d is accounted for 8bit, unit32 account for 32bit, and in unit8d, 01 is located at first byte of unit32d, and 23 are located at second of unit32d Byte, 45 are located at the 3rd byte of unit32d, and 67 are located at the 4th byte of unit32d, take each byte in unit32d It is high three, the decimal value for corresponding to is converted into respectively, for each decimal value, carry out the complementation fortune of preset value Calculate, the remainder that will be obtained as storage unit8d in data start significance, to reach data obfuscation purpose.Wherein, it is described Preset value can be 5.
For example, 48 are merged into 1 32, this 4 bytes are respectively:
U8data8_1=0x12;
U8data8_2=0x34;
U8data8_3=0x56;
U8data8_4=0x78;
According to following rules, this four byte conversions are obtained into u32data32 into 32:
Data32=((u32) data8_1<<24)|((u32)data8_2<<16)|((u32)data8_3<<8)| ((u32)data8_4);
32 are converted thereof into according to the method described above to other 4 bytes again, four words during two 32 are then taken respectively First 3 of section, then decimal number is converted into respectively, complementation computing is finally carried out, after obtaining remainder, started with the corresponding position of remainder Sequential storage data, such as when remainder is 3, then the data storage since the 3rd.
Further, it is also possible to obscure method using second, i.e.,:The byte of 18 is 10100110, it is necessary to be converted to 32 , result is:00000010 00000010 00000001 00000010;Assuming that prestoring the data of 8, the number According to being 10010110 (existing in network protection server, can regularly update), obtained after being converted into 32:00000010 0000001 00000001 00000010;
Take or computing after result:0000010 00,000,011 00,000,001 00000010 are the data after obscuring.
It is, of course, also possible to using other data obfuscation methods, as long as data obfuscation algorithm of the prior art can reach Data obfuscation purpose, may apply in the present invention, and the present invention is not defined to this.
S14, the network access request packet for abandoning terminal transmission.
Network protection method provided in an embodiment of the present invention, the network access request packet that receiving terminal sends is described Essential information needed for this network access is carried in network access request packet;Due to the network access request packet Just sent to network protection server after being encrypted in advance for terminal, therefore, network protection server is receiving the net , it is necessary to be first decrypted to the packet using corresponding decipherment algorithm after network access request data bag, then judge described again Whether essential information meets default testing conditions;If it is, the data in the network access request packet are carried out Data obfuscation obscured after packet, and packet after obscuring is sent to Web server.Hereby it is achieved that actively Security protection is provided to miscellaneous service, because network protection server only has essential information in the packet to meet default detection During condition, just to packet can obscure processing and being sent to Web server, therefore, it can reduce being attacked for Web server Hit number of times, and then the sensitive data that user sent by terminal can also be protected, enhance the security of user profile.
Embodiment two
A kind of network protection device is additionally provided based on same inventive concept, in the embodiment of the present invention, due to said apparatus The principle of solve problem is similar to network protection method, therefore the implementation of said apparatus may refer to the implementation of method, repetition Place repeats no more.
As shown in fig. 6, the structural representation of the network protection device for the offer of the embodiment of the present invention two, including receiving unit 61st, judging unit 62 and data obfuscation unit 63, wherein:
Receiving unit 61, for the network access request packet that receiving terminal sends, the network access request data Essential information needed for this network access is carried in bag;
Judging unit 62, for judging whether the essential information meets default testing conditions;
Data obfuscation unit 63, if being yes for the judged result of the judging unit 62, by the network access Data in request data package carry out the packet after data obfuscation is obscured, and packet after obscuring is sent to webpage Web server.
During specific implementation, implement data obfuscation unit 63, specifically include extension subelement 631, treatment subelement 632 and group Zygote unit 633, wherein:
Extension subelement 631, for being carried out respectively for each byte included in the network access request packet Extend the byte after being expanded;
Treatment subelement 632, for for the byte after each extension, being entered to the byte after the extension using preset algorithm The byte gone after being processed;
Combination subelement 633, for combining the packet after the byte after all treatment is obscured.
It is preferred that the essential information include it is following at least one:Send the network access request packet time, The purpose IP of this network access, the characteristic information of the terminal, the characteristic information of the terminal include it is following at least one:This The version number of the browser that the source IP of secondary network access, the MAC Address of the terminal and the terminal are logged in;And
It is preferred that the judging unit 62, if including at least two specifically for the essential information, judges each Whether item essential information meets default testing conditions;If each single item essential information is satisfied by default testing conditions, really The fixed essential information meets default testing conditions;If any one essential information is unsatisfactory for default testing conditions, really The fixed essential information is unsatisfactory for default testing conditions.
It is preferred that the judging unit 62, the time specifically for judging to send the network access request packet is It is no to be not more than the time for receiving the network access request packet;If it is judged that being yes, it is determined that network access request The time of packet meets default testing conditions;If it is judged that being no, it is determined that network access request packet when Between be unsatisfactory for default testing conditions.
It is preferred that the judging unit 62, specifically for each single item characteristic information for the terminal, judges the end Whether this characteristic information at end is consistent with this characteristic information of terminal prestore, described;If it is judged that be it is yes, Then determine that this characteristic information of the terminal meets default testing conditions;If it is judged that being no, it is determined that the end This characteristic information at end is unsatisfactory for default testing conditions.
It is preferred that whether the judging unit 62, consistent with the source IP of the terminal specifically for judging the purpose IP; If it is, determining that the purpose IP of this network access is unsatisfactory for default testing conditions;If it is not, then determining that this network is visited The purpose IP for asking meets default testing conditions.
During specific implementation, described device, also including the first determining unit 64, wherein:
First determining unit 64, it is default for judging whether the essential information meets in the judging unit 62 Before testing conditions, determine to receive the number of times of handshake SYN in the unit interval;And
Described device, also including the second determining unit 65, wherein:
Second determining unit 65, in the data obfuscation unit 63 by the network access request packet Data carry out the packet after data obfuscation is obscured before, determine to be received in the unit interval handshake SYN time Number is no more than predetermined threshold value.
During specific implementation, described device, also including the 3rd determining unit 66, wherein:
3rd determining unit 66, it is default for judging whether the essential information meets in the judging unit 62 Before testing conditions, it is determined that the byte number of the network access request packet for receiving;And
Described device, also including the 4th determining unit 67, wherein:
4th determining unit 67, in the data obfuscation unit 63 by the network access request packet Data carry out the packet after data obfuscation is obscured before, determine the byte number of the network access request packet not More than predetermined word joint number.
During specific implementation, described device, also including the 5th determining unit 68, wherein:
5th determining unit 68, it is default for judging whether the essential information meets in the judging unit 62 Before testing conditions, it is determined that receiving the port numbers of the network access request packet;And
Described device, also including the 6th determining unit 69, wherein:
6th determining unit 69, in the data obfuscation unit 63 by the network access request packet Data carry out the packet after data obfuscation is obscured before, determine the port numbers for default port numbers, and The urgent position URG of transmission control protocol TCP is not setting value.
Further, the network access request packet is obtained for the terminal is encrypted using predetermined encryption algorithm 's;And described device, also including decryption unit 610, wherein:
The decryption unit 610, for judging whether the essential information meets default inspection in the judging unit 62 Before survey condition, the network access request packet is decrypted.
For convenience of description, above each several part is divided by function as each module (or unit) is described respectively.Certainly, exist Implement the function of each module (or unit) can be realized in same or multiple softwares or hardware during the present invention.For example, this The network protection device that inventive embodiments two are provided can be arranged in network protection server, completed by network protection server The checking and treatment of the network access request packet sent to terminal.
Embodiment three
As shown in fig. 7, the structural representation of the network-safeguard system for the offer of the embodiment of the present invention three, including at least one Terminal 71, network protection server 72 and webpage Web server 73, wherein, it is provided with implementation in the network protection server Network protection device described in example two.For each terminal, the Initiative Defense process of execution is as follows:
Terminal 71, for sending network access request packet to network protection server 72, before this, in order to ensure The security of packet, employs the intelligent code key 74 pairs network access request packet and is encrypted, to be encrypted After the completion of, send network access request packet to network protection server 72.
Network protection server 72, after the network access request packet for receiving the transmission of terminal 71, to the packet Whether the essential information for judging to be carried in the network access request packet according to being provided in embodiment one meets default The method of testing conditions is verified, after passing through to network access request packet authentication, according still further to step in embodiment one The method of S51~S53 carries out data obfuscation treatment to network access request packet, and the packet after then obscuring is sent to Web server 73.And the response results that Web server 73 sends are received, and feed back to terminal 71.
Web server 73, receive network protection server 72 transmission obscure after packet after, reduce the data Bag, parses the request data that terminal sends from the packet after reduction, then sends the request to network protection server 72 The response results of data.
The network protection device and system that embodiments herein is provided can be realized by computer program.This area skill Art personnel it should be appreciated that above-mentioned Module Division mode is only the one kind in numerous Module Division modes, if be divided into Other modules or non-division module, as long as network protection device and system have above-mentioned functions, all should be in the protection of the application Within the scope of.
Network protection methods, devices and systems provided in an embodiment of the present invention, are receiving the network access of terminal transmission After request data package, the essential information according to needed for this network access carried in the network access request packet is sentenced Whether the essential information of breaking meets default testing conditions;If it is, by the number in the network access request packet According to carrying out the packet after data obfuscation is obscured, and packet after obscuring is sent to Web server, realizes to end Hold send packet Initiative Defense, for various Internet services provide security protection, it is to avoid utilization unknown leak or The generation of situations such as attacking attack simulating valid operation.Employ simultaneously and dynamically packet is packaged and dynamic authentication number The technologies such as data obfuscation are carried out to packet according to the legitimacy and dynamic of bag, user's sensitive data is not only protected, clothes are also reduced Business device more enhances the security of user profile by number of times of attack.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.And, the present invention can be used and wherein include the computer of computer usable program code at one or more The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) is produced The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising these changes and modification.

Claims (21)

1. a kind of network protection method, it is characterised in that including:
The network access request packet that receiving terminal sends, carries the visit of this network in the network access request packet Ask required essential information;
Judge whether the essential information meets default testing conditions;
If it is, the data in the network access request packet are carried out into the packet after data obfuscation is obscured, And the packet after obscuring is sent to webpage Web server.
2. the method for claim 1, it is characterised in that the data in the network access request packet are entered into line number According to the packet after being obscured, specifically include:
The byte after being expanded is extended respectively for each byte included in the network access request packet;With And
For the byte after each extension, the word after being processed is carried out to the byte after the extension using preset algorithm Section;
Combine the packet after the byte after all treatment is obscured.
3. the method for claim 1, it is characterised in that the essential information include it is following at least one:Send described The characteristic information of the time of network access request packet, the purpose Internet protocol IP of this network access and the terminal, The characteristic information of the terminal include it is following at least one:The media access control of the source IP of this network access, the terminal The version number of the browser that MAC Address and the terminal are logged in;And
If the essential information includes at least two, judge whether the essential information meets default testing conditions, have Body includes:
Judge whether each single item essential information meets default testing conditions;
If each single item essential information is satisfied by default testing conditions, it is determined that the essential information meets default detector bar Part;
If any one essential information is unsatisfactory for default testing conditions, it is determined that the essential information is unsatisfactory for default detection Condition.
4. method as claimed in claim 3, it is characterised in that judge to send the network access request number in accordance with the following methods Whether the time according to bag meets default testing conditions:
Judge the time for sending the network access request packet whether more than the reception network access request packet Time;
If it is judged that being yes, it is determined that the time for sending network access request packet meets default testing conditions;
If it is judged that being no, it is determined that the time for sending network access request packet is unsatisfactory for default testing conditions.
5. method as claimed in claim 3, it is characterised in that judge each single item feature letter of the terminal in accordance with the following methods Whether breath meets default testing conditions:
For each single item characteristic information of the terminal, judge this characteristic information of the terminal with it is prestoring, described Whether this characteristic information of terminal is consistent;
If it is judged that being yes, it is determined that this characteristic information of the terminal meets default testing conditions;
If it is judged that being no, it is determined that this characteristic information of the terminal is unsatisfactory for default testing conditions.
6. method as claimed in claim 3, it is characterised in that judging the purpose IP of this network access in accordance with the following methods is It is no to meet default testing conditions:
Judge whether the purpose IP is consistent with the source IP of the terminal;
If it is, determining that the purpose IP of this network access is unsatisfactory for default testing conditions;
If it is not, then determining that the purpose IP of this network access meets default testing conditions.
7. the method for claim 1, it is characterised in that judging whether the essential information meets default detector bar Before part, methods described also includes:
Determine to be received in the unit interval number of times of handshake SYN;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, also wrap Include:
Determine that the number of times that handshake SYN is received in the unit interval is no more than predetermined threshold value.
8. the method for claim 1, it is characterised in that judging whether the essential information meets default detector bar Before part, methods described also includes:
It is determined that the byte number of the network access request packet for receiving;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, also wrap Include:
Determine the byte number no more than predetermined word joint number of the network access request packet.
9. the method for claim 1, it is characterised in that judging whether the essential information meets default detector bar Before part, methods described also includes:
It is determined that receiving the port numbers of the network access request packet;And
Before the data in the network access request packet are carried out into the packet after data obfuscation is obscured, also wrap Include:
It is not default port numbers to determine the port numbers, and the urgent position URG of transmission control protocol TCP is not setting value.
10. the method for claim 1, it is characterised in that the network access request packet is that the terminal is utilized Predetermined encryption algorithm is encrypted what is obtained;And
Before judging whether the essential information meets default testing conditions, methods described also includes:
The network access request packet is decrypted.
A kind of 11. network protection devices, it is characterised in that including:
Receiving unit, for the network access request packet that receiving terminal sends, takes in the network access request packet With the essential information needed for this network access;
Judging unit, for judging whether the essential information meets default testing conditions;
Data obfuscation unit, if being yes for the judged result of the judging unit, by the network access request data Data in bag carry out the packet after data obfuscation is obscured, and packet after obscuring is sent to webpage Web service Device.
12. devices as claimed in claim 11, it is characterised in that the data obfuscation unit, specifically include extension subelement, Treatment subelement and combination subelement, wherein:
Extension subelement, obtains for being extended respectively for each byte included in the network access request packet Byte after extension;
Treatment subelement, for for the byte after each extension, being processed the byte after the extension using preset algorithm Byte after being processed;
Combination subelement, for combining the packet after the byte after all treatment is obscured.
13. devices as claimed in claim 11, it is characterised in that the essential information include it is following at least one:Send institute State the characteristic information of the time of network access request packet, the purpose IP of this network access and the terminal, the terminal Characteristic information include it is following at least one:The source IP of this network access, the MAC Address of the terminal and the terminal are stepped on The version number of the browser of record;And
The judging unit, if including at least two specifically for the essential information, judges that each single item essential information is It is no to meet default testing conditions;If each single item essential information is satisfied by default testing conditions, it is determined that the basic letter Breath meets default testing conditions;If any one essential information is unsatisfactory for default testing conditions, it is determined that the basic letter Breath is unsatisfactory for default testing conditions.
14. devices as claimed in claim 13, it is characterised in that
The judging unit, institute is received specifically for judging whether the time for sending the network access request packet is not more than State the time of network access request packet;If it is judged that being yes, it is determined that the time of network access request packet expires The default testing conditions of foot;If it is judged that being no, it is determined that the time of network access request packet is unsatisfactory for default Testing conditions.
15. devices as claimed in claim 13, it is characterised in that
The judging unit, specifically for each single item characteristic information for the terminal, judges this feature of the terminal Whether information is consistent with this characteristic information of terminal prestore, described;If it is judged that being yes, it is determined that the end This characteristic information at end meets default testing conditions;If it is judged that being no, it is determined that this feature of the terminal Information is unsatisfactory for default testing conditions.
16. devices as claimed in claim 13, it is characterised in that
The judging unit, it is whether consistent with the source IP of the terminal specifically for judging the purpose IP;If it is, determining The purpose IP of this network access is unsatisfactory for default testing conditions;If it is not, then determine the purpose IP of this network access expiring The default testing conditions of foot.
17. devices as claimed in claim 11, it is characterised in that also including the first determining unit, wherein:
First determining unit, for judging whether the essential information meets default testing conditions in the judging unit Before, determine to be received in the unit interval number of times of handshake SYN;And
Described device, also including the second determining unit, wherein:
Second determining unit, for entering the data in the network access request packet in the data obfuscation unit Row data obfuscation obscured after packet before, determine that the number of times that handshake SYN is received in the unit interval is no more than Predetermined threshold value.
18. devices as claimed in claim 11, it is characterised in that also including the 3rd determining unit, wherein:
3rd determining unit, for judging whether the essential information meets default testing conditions in the judging unit Before, it is determined that the byte number of the network access request packet for receiving;And
Described device, also including the 4th determining unit, wherein:
4th determining unit, for entering the data in the network access request packet in the data obfuscation unit Row data obfuscation obscured after packet before, determine the network access request packet byte number be not more than it is default Byte number.
19. devices as claimed in claim 11, it is characterised in that also including the 5th determining unit, wherein:
5th determining unit, for judging whether the essential information meets default testing conditions in the judging unit Before, it is determined that receiving the port numbers of the network access request packet;And
Described device, also including the 6th determining unit, wherein:
6th determining unit, for entering the data in the network access request packet in the data obfuscation unit Row data obfuscation obscured after packet before, determine the port numbers for default port numbers, and transmission control The urgent position URG of agreement TCP is not setting value.
20. devices as claimed in claim 11, it is characterised in that the network access request packet is utilized for the terminal Predetermined encryption algorithm is encrypted what is obtained;And described device, also including decryption unit, wherein:
The decryption unit, for the judging unit judge the essential information whether meet default testing conditions it Before, the network access request packet is decrypted.
A kind of 21. network-safeguard systems, it is characterised in that including:At least one terminal, network protection server and webpage Web Server, wherein, the network described in claim 11~20 any claim is provided with the network protection server and is prevented Protection unit.
CN201710048058.7A 2017-01-20 2017-01-20 A kind of network protection methods, devices and systems Active CN106936814B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710048058.7A CN106936814B (en) 2017-01-20 2017-01-20 A kind of network protection methods, devices and systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710048058.7A CN106936814B (en) 2017-01-20 2017-01-20 A kind of network protection methods, devices and systems

Publications (2)

Publication Number Publication Date
CN106936814A true CN106936814A (en) 2017-07-07
CN106936814B CN106936814B (en) 2018-07-06

Family

ID=59422862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710048058.7A Active CN106936814B (en) 2017-01-20 2017-01-20 A kind of network protection methods, devices and systems

Country Status (1)

Country Link
CN (1) CN106936814B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455640A (en) * 2023-04-20 2023-07-18 云盾智慧安全科技有限公司 Website safety protection method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003063443A1 (en) * 2002-01-22 2003-07-31 Intrasecure Networks Oy Method and system for sending a message through a secure connection
CN101383820A (en) * 2008-07-07 2009-03-11 上海安融信息系统有限公司 Design and implementing method for SSL connection and data monitoring
US7941724B2 (en) * 2006-05-01 2011-05-10 Nokia Siemens Networks Oy Embedded retransmission scheme with cross-packet coding
CN102333042A (en) * 2011-10-31 2012-01-25 深信服网络科技(深圳)有限公司 Method, security gateway and system for preventing data leakage
CN102460404A (en) * 2009-06-01 2012-05-16 起元技术有限责任公司 Generating obfuscated data
CN103023926A (en) * 2012-12-28 2013-04-03 中科正阳信息安全技术有限公司 Reverse proxy based information leakage preventing security gateway system
CN104079659A (en) * 2014-07-14 2014-10-01 清华大学 Location-based service anonymous query system based on random agents and application method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003063443A1 (en) * 2002-01-22 2003-07-31 Intrasecure Networks Oy Method and system for sending a message through a secure connection
US7941724B2 (en) * 2006-05-01 2011-05-10 Nokia Siemens Networks Oy Embedded retransmission scheme with cross-packet coding
CN101383820A (en) * 2008-07-07 2009-03-11 上海安融信息系统有限公司 Design and implementing method for SSL connection and data monitoring
CN102460404A (en) * 2009-06-01 2012-05-16 起元技术有限责任公司 Generating obfuscated data
CN102333042A (en) * 2011-10-31 2012-01-25 深信服网络科技(深圳)有限公司 Method, security gateway and system for preventing data leakage
CN103023926A (en) * 2012-12-28 2013-04-03 中科正阳信息安全技术有限公司 Reverse proxy based information leakage preventing security gateway system
CN104079659A (en) * 2014-07-14 2014-10-01 清华大学 Location-based service anonymous query system based on random agents and application method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116455640A (en) * 2023-04-20 2023-07-18 云盾智慧安全科技有限公司 Website safety protection method and device

Also Published As

Publication number Publication date
CN106936814B (en) 2018-07-06

Similar Documents

Publication Publication Date Title
US7761618B2 (en) Using a USB host controller security extension for controlling changes in and auditing USB topology
US9514300B2 (en) Systems and methods for enhanced security in wireless communication
US10581800B2 (en) Protecting computer servers from API attacks using coordinated varying of URL addresses in API requests
US7634812B2 (en) Filter generation
CN107426181A (en) The hold-up interception method and device of malice web access request
US20060021054A1 (en) Containment of worms
US9210184B2 (en) Determining the vulnerability of computer software applications to attacks
US20140020067A1 (en) Apparatus and method for controlling traffic based on captcha
Khalifa et al. A lightweight cryptography (LWC) framework to secure memory heap in Internet of Things
JP2016511480A (en) Method, computer program product, data processing system, and database system for processing database client requests
JP7388613B2 (en) Packet processing method and apparatus, device, and computer readable storage medium
CN111130799B (en) Method and system for HTTPS protocol transmission based on TEE
CN111756702A (en) Data security protection method, device, equipment and storage medium
CN110069241A (en) Acquisition methods, device, client device and the server of pseudo random number
WO2021051591A1 (en) Secure keyboard realizing method and apparatus, and computer device and storage medium
CN113746781A (en) Network security detection method, device, equipment and readable storage medium
US20240348540A1 (en) System for controlling data flow based on logical connection identification and method thereof
WO2020076508A1 (en) Methods and apparatus to detect and prevent host firewall bypass threats through a data link layer
Imamura et al. Web access monitoring mechanism for Android webview
CN113608907B (en) Database auditing method, device, equipment, system and storage medium
CN110430213A (en) Service request processing method, apparatus and system
CN106936814A (en) A kind of network protection methods, devices and systems
CN115277201B (en) Website defense system of dynamic code encapsulation
CN113132310A (en) Safe access method and system for power distribution terminal and power distribution master station
CN115828228A (en) Method and device for verifying detection capability of memory horse and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant