CN107360153A - A kind of network security protection system on big data - Google Patents
A kind of network security protection system on big data Download PDFInfo
- Publication number
- CN107360153A CN107360153A CN201710552594.0A CN201710552594A CN107360153A CN 107360153 A CN107360153 A CN 107360153A CN 201710552594 A CN201710552594 A CN 201710552594A CN 107360153 A CN107360153 A CN 107360153A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- network security
- protection system
- security protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to technical field of network security, and in particular to a kind of network security protection system on big data, including data storage module, data access module and data acquisition module;The data storage module includes data center and backup module, the data access module includes outer net, priority assessment module, data demand module, the first behavior logging modle and fire wall, and the data acquisition module includes control main frame, the second behavior record module and request of data point;The both ends of the data center connect the priority assessment module and the backup module respectively; the both ends of data center are connected to priority assessment module and backup module; TPM safety chips are provided with control main frame; TPM safety chips have the function of producing encryption and decryption key; the wider encryption of line range can be entered so that user is preferably protected in transmitting procedure asking request command during related data information.
Description
Technical field
The present invention relates to technical field of network security, and in particular to a kind of network security protection system on big data.
Background technology
Present society is the society of a high speed development, and science and technology is flourishing, information flow, and the exchange between people is increasingly
Closely, life is also more and more convenient, and big data is exactly the product of this cyberage, and big data refers to can not be in certain time
In the range of the data acquisition system that is caught, managed and handled with conventional software instrument, be to need new tupe to have more
Strong decision edge, see clearly magnanimity, high growth rate and the diversified information assets for finding power and process optimization ability, big data bag
Structuring, semi-structured and unstructured data are included, unstructured data increasingly becomes the major part of data, during with cloud
The arriving in generation, big data have also attracted increasing concern, and it includes the content of three aspects:Theoretical, technology and practice, with
Constantly bringing forth new ideas for all trades and professions, big data progressively can create more values for the mankind.
A kind of big data safety management system is disclosed in China patent of invention CN106302533A, including:Collection section
Point, corresponding node server is reported to for gathered data, and by the data of collection;Node server, adopted for receiving
The data that collection node reports, checking and killing virus is carried out to the data, the data by checking and killing virus are sent to data center and taken
Business device;Data center server, for the data received and memory node server is sent;Security server, for according to disease
Malicious information bank carries out checking and killing virus to node server.This invention is during data transfer server, to reporting in data
Each data of central server carry out checking and killing virus, only to being let pass by the data of checking and killing virus, have ensured into data
The security of the data of central server;In addition, checking and killing virus is also carried out to node server by security server, it is ensured that node
Server is not infected by the virus.In addition, present invention also offers a kind of big data method for managing security.It is as described above a kind of big
Although data safety management system can carry out killing to the virus for reporting to data center server, work as data request amount
When very big, without corresponding preferential corresponding mechanism, system tends to collapse, and may result in some viruses and takes advantage of the occasion to enter and is
The internal data for stealing, destroying data center of system.
The content of the invention
(1) technical problem solved
In view of the shortcomings of the prior art, the invention provides a kind of network security protection system on big data, it is used for
Solve when data request amount is very big, without corresponding preferential corresponding mechanism, system tends to collapse, and may result in certain
A little viruses take advantage of the occasion into internal system steal, destroy the data of data center the problems such as.
(2) technical scheme
To realize object above, the present invention is achieved by the following technical programs:
A kind of network security protection system on big data, including data storage module, data access module and data
Acquisition module;The data storage module includes data center and backup module, and the data access module includes outer net, preferential
Level assessment module, data demand module, the first behavior logging modle and fire wall, the data acquisition module, which includes control, to be led
Machine, the second behavior record module and request of data point;The both ends of the data center connect the priority assessment module respectively
With the backup module, the side of the priority assessment module connects the data demand module, the data demand module
Side connect the outer net, the outer net connects the fire wall, and the fire wall is connected with interchanger, it is described exchange it is electromechanical
It is connected with CAN conversion equipments, the CAN conversion equipments connect the control main frame by CAN, and the one of the control main frame
End connects the request of data point and the second behavior record module respectively by CAN.
Preferably, first memory and data storage software are included in the backup module.
Preferably, the control main frame includes virtual control panel and CPU processor.
Preferably, the quantity of the request of data point is n and n≤1.
Preferably, include including encrypting module in user terminal and the user terminal in the request of data point.
Preferably, the first behavior logging modle, the second behavior record module and the backup module include
Ups power.
Preferably, second memory is included in the first behavior logging modle and the second behavior record module.
Preferably, the priority assessment module include data deposit device, data detection device, data comparison device and
Data buffer storage device.
Preferably, TPM safety chips and the control master are also included in the control main frame and the data buffer storage device
Machine and the data buffer storage device are mounted on supporting the software of the TPM safety chips.
(3) beneficial effect
The invention provides a kind of network security protection system on big data, the both ends of data center are connected to preferentially
Level assessment module and backup module, the data that priority assessment module can be sent to data center are graded, so that it is determined that
The sequencing that data are sent,, can be by data from request when data are sent in the presence of the first behavior logging modle
Process to transmission is preserved in the form of daily record, is monitored;TPM safety chips, TPM are provided with control main frame
Safety chip has the function of producing encryption and decryption key, can enter the wider encryption of line range so that user is in request dependency number
It is believed that request command during breath is preferably protected in transmitting procedure.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the system structure diagram of the present invention;
Fig. 2 is the structural representation of the priority assessment module of the present invention;
In figure:1st, data storage module;2nd, data access module;3rd, data acquisition module;4th, data center;5th, backup mould
Block;6th, outer net;7th, priority assessment module;8th, data demand module;9th, the first behavior logging modle;10th, fire wall;11st, control
Main frame processed;12nd, the second behavior record module;13rd, request of data point;14th, interchanger;15th, CAN conversion equipments;16th, data are stored in
Device;17th, data detection device;18th, data comparison device;19th, data buffer storage device.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Embodiment 1:
A kind of network security protection system on big data, including data storage module 1, the sum of data access module 2
According to acquisition module 3;Data storage module 1 includes data center 4 and backup module 5, and data access module 2 includes outer net 6, preferential
Level assessment module 7, data demand module 8, the first behavior logging modle 9 and fire wall 10, data acquisition module 3, which includes control, to be led
Machine 11, the second behavior record module 12 and request of data point 13;The both ends difference connection priority assessment module 7 of data center 4
It is outer with backup module 5, the side connection data demand module 8 of priority assessment module 7, the side connection of data demand module 8
Net 6, outer net 6 connect fire wall 10, and fire wall 10 is connected with interchanger 14, and interchanger 14 is electrically connected with CAN conversion equipments 15,
CAN conversion equipments 15 connect control main frame 11 by CAN, and one end of control main frame 11 connects number respectively by CAN
According to request point 13 and the second behavior record module 12.
Specifically, including first memory and data storage software in backup module 5, control main frame 11 includes virtual control
Panel and CPU processor processed, the quantity of request of data point 13 are n and n≤1, include in request of data point 13 user terminal and
Encrypting module is included in user terminal, the first behavior logging modle 9, the second behavior record module 12 and backup module 5 include
Include second memory, priority evaluation mould in ups power, the first behavior logging modle 9 and the second behavior record module 12
Block 7 includes data deposit device 16, data detection device 17, data comparison device 18 and data buffer storage 19, control main frame
11 and data buffer storage 19 in also include TPM safety chips and control main frame 11 and data buffer storage 19 and be mounted on supporting
The software of TPM safety chips.
During system operation, the user terminal in request of data point 13 sends the command information of request of data, the command information
Control main frame 11 is transferred to by CAN, at control main frame 11, request instruction is encrypted, the instruction letter after encryption
Breath by CAN conversion equipments 15 is converted into signal transmission through fiber, by fire wall 10 afterwards by outer net 6 to data center 4
Transmission, after data center 4 receives corresponding request instruction, the data that user needs are first transmitted at fire wall 10, passed through
Cross after the filtering of fire wall 10 and then related data is transferred to data acquisition module 3, when by fire wall 10, data are outside
Activity trail in net 6 is recorded in fire wall 10, is available for inquiring about.
When the quantity of request of data point 13 is 1, priority assessment module 7 is directly passed related data by outer net 6
Transport at fire wall 10, be then transmit to CAN conversion equipments 15, fiber-optic signal is converted into low and high level signal is transmitted.
When the quantity of request of data point 13 is n>When 1, data are transferred in priority assessment module 7 first, priority
Assessment module 7 is received data, and the significance level of the data is then judged according to the size of user's visit capacity, is then sentenced
The fixed order preferentially sent, after the completion of grading task, then transfers data to data demand module 8, while data buffer storage fills
Put 19 and the vestige of transmission is recorded in second by data information transfer to the first behavior logging modle 9, the first behavior logging modle 9
In memory, ups power ensure that the normal work and hardware peace of the first behavior logging modle 9 and the second behavior record module 12
Entirely.
The both ends of data center 4 are connected to priority assessment module 7 and backup module 5, and priority assessment module 7 can be right
The data that data center sends are graded, so that it is determined that the sequencing that data are sent, in the work of the first behavior logging modle 9
Under, when data are sent, process of the data from request to transmission can be preserved in the form of daily record, carried out
Monitoring;TPM safety chips are provided with control main frame 11, TPM safety chips have the function of producing encryption and decryption key, Ke Yijin
The wider encryption of line range so that user is preferably protected in transmitting procedure asking request command during related data information
Shield.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including key element.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments
The present invention is described in detail, it will be understood by those within the art that:It still can be to foregoing each implementation
Technical scheme described in example is modified, or carries out equivalent substitution to which part technical characteristic;And these modification or
Replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (9)
1. a kind of network security protection system on big data, including data storage module, data access module and data obtain
Modulus block;It is characterized in that:The data storage module includes data center and backup module, and the data access module includes
Outer net, priority assessment module, data demand module, the first behavior logging modle and fire wall, the data acquisition module bag
Include control main frame, the second behavior record module and request of data point;The both ends of the data center connect the priority respectively
Assessment module and the backup module, the side of the priority assessment module connect the data demand module, the data
The side of request module connects the outer net, and the outer net connects the fire wall, and the fire wall is connected with interchanger, described
Interchanger is electrically connected with CAN conversion equipments, and the CAN conversion equipments connect the control main frame, the control by CAN
One end of main frame connects the request of data point and the second behavior record module by CAN respectively.
A kind of 2. network security protection system on big data according to claim 1, it is characterised in that:The backup
Include first memory and data storage software in module.
A kind of 3. network security protection system on big data according to claim 1, it is characterised in that:The control
Main frame includes virtual control panel and CPU processor.
A kind of 4. network security protection system on big data according to claim 1, it is characterised in that:The data
The quantity of request point is n and n≤1.
A kind of 5. network security protection system on big data according to claim 4, it is characterised in that:The data
Include including encrypting module in user terminal and the user terminal in request point.
A kind of 6. network security protection system on big data according to claim 1, it is characterised in that:Described first
Behavior record module, the second behavior record module and the backup module include ups power.
A kind of 7. network security protection system on big data according to claim 1, it is characterised in that:Described first
Include second memory in behavior record module and the second behavior record module.
A kind of 8. network security protection system on big data according to claim 1, it is characterised in that:It is described preferential
Level assessment module includes data deposit device, data detection device, data comparison device and data buffer storage.
A kind of 9. network security protection system on big data according to claim 7, it is characterised in that:The control
Also include TPM safety chips in main frame and the data buffer storage device and the control main frame and the data buffer storage device are pacified
Equipped with the software for supporting the TPM safety chips.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710552594.0A CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710552594.0A CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107360153A true CN107360153A (en) | 2017-11-17 |
CN107360153B CN107360153B (en) | 2020-11-24 |
Family
ID=60292834
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710552594.0A Active CN107360153B (en) | 2017-07-07 | 2017-07-07 | Network security protection system about big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107360153B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
CN109977700A (en) * | 2019-04-03 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of big data processing system based on network security |
CN110677415A (en) * | 2019-09-29 | 2020-01-10 | 信阳农林学院 | Network information safety protection system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0851604A2 (en) * | 1996-12-24 | 1998-07-01 | Lucent Technologies Inc. | Microcell load measurement using feedback control |
WO2003103325A1 (en) * | 2002-05-31 | 2003-12-11 | Nokia Corporation | Routing method and network structure |
CN102857486A (en) * | 2012-04-01 | 2013-01-02 | 深信服网络科技(深圳)有限公司 | Next-generation application firewall system and defense method |
CN106302533A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Big data safety management system and method |
CN106506491A (en) * | 2016-11-04 | 2017-03-15 | 江苏科技大学 | Network safety system |
-
2017
- 2017-07-07 CN CN201710552594.0A patent/CN107360153B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0851604A2 (en) * | 1996-12-24 | 1998-07-01 | Lucent Technologies Inc. | Microcell load measurement using feedback control |
WO2003103325A1 (en) * | 2002-05-31 | 2003-12-11 | Nokia Corporation | Routing method and network structure |
CN102857486A (en) * | 2012-04-01 | 2013-01-02 | 深信服网络科技(深圳)有限公司 | Next-generation application firewall system and defense method |
CN106302533A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Big data safety management system and method |
CN106506491A (en) * | 2016-11-04 | 2017-03-15 | 江苏科技大学 | Network safety system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977700A (en) * | 2019-04-03 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of big data processing system based on network security |
CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
CN110677415A (en) * | 2019-09-29 | 2020-01-10 | 信阳农林学院 | Network information safety protection system |
Also Published As
Publication number | Publication date |
---|---|
CN107360153B (en) | 2020-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103391185B (en) | A kind of cloud security storage of track traffic Monitoring Data and processing method and system | |
CN110278211A (en) | A kind of data checking method and device based on block chain | |
CN103532838B (en) | The method and system of data exchange are realized between a kind of separation net | |
CN107360153A (en) | A kind of network security protection system on big data | |
CN110457190A (en) | A kind of full link monitoring method, apparatus and system based on block chain | |
CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
CN110222498A (en) | A kind of supervision management system and method based on mobile interchange cloud | |
US20070234425A1 (en) | Multistep integrated security management system and method using intrusion detection log collection engine and traffic statistic generation engine | |
CN107294966A (en) | A kind of IP white list construction methods based on Intranet flow | |
CN107135234A (en) | The method and apparatus that a kind of data traffic monitors control | |
CN103607291A (en) | Alarm analysis merging method for power secondary system intranet security monitoring platform | |
CN103618720B (en) | A kind of Trojan network communication detects and evidence collecting method and system | |
CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
CN107070952A (en) | A kind of network node Traffic Anomaly analysis method and system | |
CN109543459A (en) | A kind of data deposit card method and apparatus | |
CN202979014U (en) | Network isolation device | |
CN107248975A (en) | System of defense is monitored based on the APT that big data is analyzed | |
CN107864153A (en) | A kind of internet worm method for early warning based on network security sensor | |
CN111431967A (en) | Multi-source heterogeneous data representation and distribution method and device based on business rules | |
CN106936829A (en) | A kind of security system of computer network | |
CN110119629A (en) | Private data management and data safety unified platform | |
CN206149326U (en) | Data acquisition analysis monitoring system | |
CN206712543U (en) | A kind of network information security supervising device | |
CN112383573A (en) | Security intrusion playback equipment based on multiple attack stages | |
CN102970767A (en) | Weather monitoring system based on time division long term evolution (TD-LTE) private network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |