CN107360153A - A kind of network security protection system on big data - Google Patents

A kind of network security protection system on big data Download PDF

Info

Publication number
CN107360153A
CN107360153A CN201710552594.0A CN201710552594A CN107360153A CN 107360153 A CN107360153 A CN 107360153A CN 201710552594 A CN201710552594 A CN 201710552594A CN 107360153 A CN107360153 A CN 107360153A
Authority
CN
China
Prior art keywords
data
module
network security
protection system
security protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710552594.0A
Other languages
Chinese (zh)
Other versions
CN107360153B (en
Inventor
陈昌岭
陈建国
盛林
刘刚
徐立
魏浩
王超
靳玉晨
尤东泽
张春玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Tianchang Power Supply Co of State Grid Anhui Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Tianchang Power Supply Co of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Tianchang Power Supply Co of State Grid Anhui Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710552594.0A priority Critical patent/CN107360153B/en
Publication of CN107360153A publication Critical patent/CN107360153A/en
Application granted granted Critical
Publication of CN107360153B publication Critical patent/CN107360153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to technical field of network security, and in particular to a kind of network security protection system on big data, including data storage module, data access module and data acquisition module;The data storage module includes data center and backup module, the data access module includes outer net, priority assessment module, data demand module, the first behavior logging modle and fire wall, and the data acquisition module includes control main frame, the second behavior record module and request of data point;The both ends of the data center connect the priority assessment module and the backup module respectively; the both ends of data center are connected to priority assessment module and backup module; TPM safety chips are provided with control main frame; TPM safety chips have the function of producing encryption and decryption key; the wider encryption of line range can be entered so that user is preferably protected in transmitting procedure asking request command during related data information.

Description

A kind of network security protection system on big data
Technical field
The present invention relates to technical field of network security, and in particular to a kind of network security protection system on big data.
Background technology
Present society is the society of a high speed development, and science and technology is flourishing, information flow, and the exchange between people is increasingly Closely, life is also more and more convenient, and big data is exactly the product of this cyberage, and big data refers to can not be in certain time In the range of the data acquisition system that is caught, managed and handled with conventional software instrument, be to need new tupe to have more Strong decision edge, see clearly magnanimity, high growth rate and the diversified information assets for finding power and process optimization ability, big data bag Structuring, semi-structured and unstructured data are included, unstructured data increasingly becomes the major part of data, during with cloud The arriving in generation, big data have also attracted increasing concern, and it includes the content of three aspects:Theoretical, technology and practice, with Constantly bringing forth new ideas for all trades and professions, big data progressively can create more values for the mankind.
A kind of big data safety management system is disclosed in China patent of invention CN106302533A, including:Collection section Point, corresponding node server is reported to for gathered data, and by the data of collection;Node server, adopted for receiving The data that collection node reports, checking and killing virus is carried out to the data, the data by checking and killing virus are sent to data center and taken Business device;Data center server, for the data received and memory node server is sent;Security server, for according to disease Malicious information bank carries out checking and killing virus to node server.This invention is during data transfer server, to reporting in data Each data of central server carry out checking and killing virus, only to being let pass by the data of checking and killing virus, have ensured into data The security of the data of central server;In addition, checking and killing virus is also carried out to node server by security server, it is ensured that node Server is not infected by the virus.In addition, present invention also offers a kind of big data method for managing security.It is as described above a kind of big Although data safety management system can carry out killing to the virus for reporting to data center server, work as data request amount When very big, without corresponding preferential corresponding mechanism, system tends to collapse, and may result in some viruses and takes advantage of the occasion to enter and is The internal data for stealing, destroying data center of system.
The content of the invention
(1) technical problem solved
In view of the shortcomings of the prior art, the invention provides a kind of network security protection system on big data, it is used for Solve when data request amount is very big, without corresponding preferential corresponding mechanism, system tends to collapse, and may result in certain A little viruses take advantage of the occasion into internal system steal, destroy the data of data center the problems such as.
(2) technical scheme
To realize object above, the present invention is achieved by the following technical programs:
A kind of network security protection system on big data, including data storage module, data access module and data Acquisition module;The data storage module includes data center and backup module, and the data access module includes outer net, preferential Level assessment module, data demand module, the first behavior logging modle and fire wall, the data acquisition module, which includes control, to be led Machine, the second behavior record module and request of data point;The both ends of the data center connect the priority assessment module respectively With the backup module, the side of the priority assessment module connects the data demand module, the data demand module Side connect the outer net, the outer net connects the fire wall, and the fire wall is connected with interchanger, it is described exchange it is electromechanical It is connected with CAN conversion equipments, the CAN conversion equipments connect the control main frame by CAN, and the one of the control main frame End connects the request of data point and the second behavior record module respectively by CAN.
Preferably, first memory and data storage software are included in the backup module.
Preferably, the control main frame includes virtual control panel and CPU processor.
Preferably, the quantity of the request of data point is n and n≤1.
Preferably, include including encrypting module in user terminal and the user terminal in the request of data point.
Preferably, the first behavior logging modle, the second behavior record module and the backup module include Ups power.
Preferably, second memory is included in the first behavior logging modle and the second behavior record module.
Preferably, the priority assessment module include data deposit device, data detection device, data comparison device and Data buffer storage device.
Preferably, TPM safety chips and the control master are also included in the control main frame and the data buffer storage device Machine and the data buffer storage device are mounted on supporting the software of the TPM safety chips.
(3) beneficial effect
The invention provides a kind of network security protection system on big data, the both ends of data center are connected to preferentially Level assessment module and backup module, the data that priority assessment module can be sent to data center are graded, so that it is determined that The sequencing that data are sent,, can be by data from request when data are sent in the presence of the first behavior logging modle Process to transmission is preserved in the form of daily record, is monitored;TPM safety chips, TPM are provided with control main frame Safety chip has the function of producing encryption and decryption key, can enter the wider encryption of line range so that user is in request dependency number It is believed that request command during breath is preferably protected in transmitting procedure.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the system structure diagram of the present invention;
Fig. 2 is the structural representation of the priority assessment module of the present invention;
In figure:1st, data storage module;2nd, data access module;3rd, data acquisition module;4th, data center;5th, backup mould Block;6th, outer net;7th, priority assessment module;8th, data demand module;9th, the first behavior logging modle;10th, fire wall;11st, control Main frame processed;12nd, the second behavior record module;13rd, request of data point;14th, interchanger;15th, CAN conversion equipments;16th, data are stored in Device;17th, data detection device;18th, data comparison device;19th, data buffer storage device.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Embodiment 1:
A kind of network security protection system on big data, including data storage module 1, the sum of data access module 2 According to acquisition module 3;Data storage module 1 includes data center 4 and backup module 5, and data access module 2 includes outer net 6, preferential Level assessment module 7, data demand module 8, the first behavior logging modle 9 and fire wall 10, data acquisition module 3, which includes control, to be led Machine 11, the second behavior record module 12 and request of data point 13;The both ends difference connection priority assessment module 7 of data center 4 It is outer with backup module 5, the side connection data demand module 8 of priority assessment module 7, the side connection of data demand module 8 Net 6, outer net 6 connect fire wall 10, and fire wall 10 is connected with interchanger 14, and interchanger 14 is electrically connected with CAN conversion equipments 15, CAN conversion equipments 15 connect control main frame 11 by CAN, and one end of control main frame 11 connects number respectively by CAN According to request point 13 and the second behavior record module 12.
Specifically, including first memory and data storage software in backup module 5, control main frame 11 includes virtual control Panel and CPU processor processed, the quantity of request of data point 13 are n and n≤1, include in request of data point 13 user terminal and Encrypting module is included in user terminal, the first behavior logging modle 9, the second behavior record module 12 and backup module 5 include Include second memory, priority evaluation mould in ups power, the first behavior logging modle 9 and the second behavior record module 12 Block 7 includes data deposit device 16, data detection device 17, data comparison device 18 and data buffer storage 19, control main frame 11 and data buffer storage 19 in also include TPM safety chips and control main frame 11 and data buffer storage 19 and be mounted on supporting The software of TPM safety chips.
During system operation, the user terminal in request of data point 13 sends the command information of request of data, the command information Control main frame 11 is transferred to by CAN, at control main frame 11, request instruction is encrypted, the instruction letter after encryption Breath by CAN conversion equipments 15 is converted into signal transmission through fiber, by fire wall 10 afterwards by outer net 6 to data center 4 Transmission, after data center 4 receives corresponding request instruction, the data that user needs are first transmitted at fire wall 10, passed through Cross after the filtering of fire wall 10 and then related data is transferred to data acquisition module 3, when by fire wall 10, data are outside Activity trail in net 6 is recorded in fire wall 10, is available for inquiring about.
When the quantity of request of data point 13 is 1, priority assessment module 7 is directly passed related data by outer net 6 Transport at fire wall 10, be then transmit to CAN conversion equipments 15, fiber-optic signal is converted into low and high level signal is transmitted.
When the quantity of request of data point 13 is n>When 1, data are transferred in priority assessment module 7 first, priority Assessment module 7 is received data, and the significance level of the data is then judged according to the size of user's visit capacity, is then sentenced The fixed order preferentially sent, after the completion of grading task, then transfers data to data demand module 8, while data buffer storage fills Put 19 and the vestige of transmission is recorded in second by data information transfer to the first behavior logging modle 9, the first behavior logging modle 9 In memory, ups power ensure that the normal work and hardware peace of the first behavior logging modle 9 and the second behavior record module 12 Entirely.
The both ends of data center 4 are connected to priority assessment module 7 and backup module 5, and priority assessment module 7 can be right The data that data center sends are graded, so that it is determined that the sequencing that data are sent, in the work of the first behavior logging modle 9 Under, when data are sent, process of the data from request to transmission can be preserved in the form of daily record, carried out Monitoring;TPM safety chips are provided with control main frame 11, TPM safety chips have the function of producing encryption and decryption key, Ke Yijin The wider encryption of line range so that user is preferably protected in transmitting procedure asking request command during related data information Shield.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Other identical element also be present in process, method, article or equipment including key element.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments The present invention is described in detail, it will be understood by those within the art that:It still can be to foregoing each implementation Technical scheme described in example is modified, or carries out equivalent substitution to which part technical characteristic;And these modification or Replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (9)

1. a kind of network security protection system on big data, including data storage module, data access module and data obtain Modulus block;It is characterized in that:The data storage module includes data center and backup module, and the data access module includes Outer net, priority assessment module, data demand module, the first behavior logging modle and fire wall, the data acquisition module bag Include control main frame, the second behavior record module and request of data point;The both ends of the data center connect the priority respectively Assessment module and the backup module, the side of the priority assessment module connect the data demand module, the data The side of request module connects the outer net, and the outer net connects the fire wall, and the fire wall is connected with interchanger, described Interchanger is electrically connected with CAN conversion equipments, and the CAN conversion equipments connect the control main frame, the control by CAN One end of main frame connects the request of data point and the second behavior record module by CAN respectively.
A kind of 2. network security protection system on big data according to claim 1, it is characterised in that:The backup Include first memory and data storage software in module.
A kind of 3. network security protection system on big data according to claim 1, it is characterised in that:The control Main frame includes virtual control panel and CPU processor.
A kind of 4. network security protection system on big data according to claim 1, it is characterised in that:The data The quantity of request point is n and n≤1.
A kind of 5. network security protection system on big data according to claim 4, it is characterised in that:The data Include including encrypting module in user terminal and the user terminal in request point.
A kind of 6. network security protection system on big data according to claim 1, it is characterised in that:Described first Behavior record module, the second behavior record module and the backup module include ups power.
A kind of 7. network security protection system on big data according to claim 1, it is characterised in that:Described first Include second memory in behavior record module and the second behavior record module.
A kind of 8. network security protection system on big data according to claim 1, it is characterised in that:It is described preferential Level assessment module includes data deposit device, data detection device, data comparison device and data buffer storage.
A kind of 9. network security protection system on big data according to claim 7, it is characterised in that:The control Also include TPM safety chips in main frame and the data buffer storage device and the control main frame and the data buffer storage device are pacified Equipped with the software for supporting the TPM safety chips.
CN201710552594.0A 2017-07-07 2017-07-07 Network security protection system about big data Active CN107360153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710552594.0A CN107360153B (en) 2017-07-07 2017-07-07 Network security protection system about big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710552594.0A CN107360153B (en) 2017-07-07 2017-07-07 Network security protection system about big data

Publications (2)

Publication Number Publication Date
CN107360153A true CN107360153A (en) 2017-11-17
CN107360153B CN107360153B (en) 2020-11-24

Family

ID=60292834

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710552594.0A Active CN107360153B (en) 2017-07-07 2017-07-07 Network security protection system about big data

Country Status (1)

Country Link
CN (1) CN107360153B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977661A (en) * 2019-04-09 2019-07-05 福建奇点时空数字科技有限公司 A kind of network safety protection method and system based on big data platform
CN109977700A (en) * 2019-04-03 2019-07-05 福建奇点时空数字科技有限公司 A kind of big data processing system based on network security
CN110677415A (en) * 2019-09-29 2020-01-10 信阳农林学院 Network information safety protection system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0851604A2 (en) * 1996-12-24 1998-07-01 Lucent Technologies Inc. Microcell load measurement using feedback control
WO2003103325A1 (en) * 2002-05-31 2003-12-11 Nokia Corporation Routing method and network structure
CN102857486A (en) * 2012-04-01 2013-01-02 深信服网络科技(深圳)有限公司 Next-generation application firewall system and defense method
CN106302533A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Big data safety management system and method
CN106506491A (en) * 2016-11-04 2017-03-15 江苏科技大学 Network safety system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0851604A2 (en) * 1996-12-24 1998-07-01 Lucent Technologies Inc. Microcell load measurement using feedback control
WO2003103325A1 (en) * 2002-05-31 2003-12-11 Nokia Corporation Routing method and network structure
CN102857486A (en) * 2012-04-01 2013-01-02 深信服网络科技(深圳)有限公司 Next-generation application firewall system and defense method
CN106302533A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Big data safety management system and method
CN106506491A (en) * 2016-11-04 2017-03-15 江苏科技大学 Network safety system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977700A (en) * 2019-04-03 2019-07-05 福建奇点时空数字科技有限公司 A kind of big data processing system based on network security
CN109977661A (en) * 2019-04-09 2019-07-05 福建奇点时空数字科技有限公司 A kind of network safety protection method and system based on big data platform
CN110677415A (en) * 2019-09-29 2020-01-10 信阳农林学院 Network information safety protection system

Also Published As

Publication number Publication date
CN107360153B (en) 2020-11-24

Similar Documents

Publication Publication Date Title
CN103391185B (en) A kind of cloud security storage of track traffic Monitoring Data and processing method and system
CN110278211A (en) A kind of data checking method and device based on block chain
CN103532838B (en) The method and system of data exchange are realized between a kind of separation net
CN107360153A (en) A kind of network security protection system on big data
CN110457190A (en) A kind of full link monitoring method, apparatus and system based on block chain
CN108040055A (en) A kind of fire wall combined strategy and safety of cloud service protection
CN110222498A (en) A kind of supervision management system and method based on mobile interchange cloud
US20070234425A1 (en) Multistep integrated security management system and method using intrusion detection log collection engine and traffic statistic generation engine
CN107294966A (en) A kind of IP white list construction methods based on Intranet flow
CN107135234A (en) The method and apparatus that a kind of data traffic monitors control
CN103607291A (en) Alarm analysis merging method for power secondary system intranet security monitoring platform
CN103618720B (en) A kind of Trojan network communication detects and evidence collecting method and system
CN106209902A (en) A kind of network safety system being applied to intellectual property operation platform and detection method
CN107070952A (en) A kind of network node Traffic Anomaly analysis method and system
CN109543459A (en) A kind of data deposit card method and apparatus
CN202979014U (en) Network isolation device
CN107248975A (en) System of defense is monitored based on the APT that big data is analyzed
CN107864153A (en) A kind of internet worm method for early warning based on network security sensor
CN111431967A (en) Multi-source heterogeneous data representation and distribution method and device based on business rules
CN106936829A (en) A kind of security system of computer network
CN110119629A (en) Private data management and data safety unified platform
CN206149326U (en) Data acquisition analysis monitoring system
CN206712543U (en) A kind of network information security supervising device
CN112383573A (en) Security intrusion playback equipment based on multiple attack stages
CN102970767A (en) Weather monitoring system based on time division long term evolution (TD-LTE) private network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant