CN107547500A - A kind of information collecting method and device - Google Patents
A kind of information collecting method and device Download PDFInfo
- Publication number
- CN107547500A CN107547500A CN201710334766.7A CN201710334766A CN107547500A CN 107547500 A CN107547500 A CN 107547500A CN 201710334766 A CN201710334766 A CN 201710334766A CN 107547500 A CN107547500 A CN 107547500A
- Authority
- CN
- China
- Prior art keywords
- information
- network side
- decryptdecryption
- side equipment
- control device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiments of the invention provide a kind of information collecting method and device, and applied to field of information security technology, methods described includes:According to presupposed information acquisition condition, pair terminal communicated to connect with network side equipment progress information gathering, initial information is obtained.DecryptDecryption processing is carried out to the initial information, DecryptDecryption information is obtained, the DecryptDecryption information is sent to control device.The embodiment of the present invention extracts initial information by network side equipment, and DecryptDecryption processing is carried out to initial information, so that network side equipment is fully controllable to the DecryptDecryption information of transmission to control device, and control device is set not have information collection function, solve the problems, such as distrust of the network end user to manufacturer in information gathering process, promote information and smoothly gather.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of information collecting method and device.
Background technology
In recent years, threaten that information is in the field of business is constantly referred to, due to threatening information to help manufacturer and organizing quick
Threat information of the adverse party to oneself is solved, so as to help manufacturer and tissue to carry out threat strick precaution in advance, be attacked more quickly
Hit detection and respond, more efficiently attacked and traced to the source afterwards, therefore, each manufacturer and tissue all continue to increase throwing in the field
Enter.Current network attack technology increasingly updates, and the defence rule solution of traditional feature based or regular expression is
It is increasingly insufficient, the rise of collaboration and big data in safety loop so that magnanimity information is exchanged into order to possible, well
Meet the demand of dynamic security.Possess however, everything is all built upon on magnanimity information basis, then, such as
What collection information turns into a hang-up before each manufacturer and tissue surface.
Being presently used for collection threatens the information collecting method of information mainly to include:End side information collecting method and network
Side information collecting method.For network side information collecting method, control device is remotely from network side equipment collection and the network side
The information of the terminal of equipment communication connection, is then directly submitted to high in the clouds by the information collected.Wherein, network side equipment bag
Include:Fire wall, Anti Virus Gateway etc..It is uploaded to by control device gathers information from network side equipment to by the information gathered
The whole process in high in the clouds is sightless for network end user (for example, network manager), so for most of network
For end subscriber especially big customer, consider for information security, refuse to provide and network side equipment communication link to control device
The relevant information of the terminal connect, and then it is relatively difficult to cause control device to carry out information gathering.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of information collecting method and device, and letter is carried out to solve control device
The problem of breath collection is difficult.Concrete technical scheme is as follows:
The embodiment of the invention discloses a kind of information collecting method, applied to network side equipment, including:
According to presupposed information acquisition condition, pair terminal communicated to connect with the network side equipment progress information gathering, obtain
To initial information;
DecryptDecryption processing is carried out to the initial information, obtains DecryptDecryption information;
The DecryptDecryption information is sent to control device.
The embodiment of the invention also discloses a kind of information collecting device, applied to network side equipment, including:
Information acquisition module, for according to presupposed information acquisition condition, pair end communicated to connect with the network side equipment
End carries out information gathering, obtains initial information;
Information DecryptDecryption module, for carrying out DecryptDecryption processing to the initial information, obtain DecryptDecryption information;
Information sending module, for the DecryptDecryption information to be sent to control device.
Information collecting method and device provided in an embodiment of the present invention, the default acquisition condition set according to user, collection
The information of terminal, obtains initial information, to initial information carry out DecryptDecryption processing, obtain DecryptDecryption information, by DecryptDecryption information send to
Control device.The embodiment of the present invention gathers initial information by network side equipment, and carries out DecryptDecryption processing to initial information, makes net
Network end subscriber to send to control device DecryptDecryption information it is fully controllable, eliminate collection information when information to network end user not
It can be seen that the problem of so that the DecryptDecryption information that control device receives is safe for network end user, and it is smooth to promote information
Collection.Certainly, any product or method for implementing the present invention must be not necessarily required to reach all the above advantage simultaneously.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the information collecting method of the embodiment of the present invention;
Fig. 2 is the structure chart of the information collecting device of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
In order to solve problems of the prior art, the embodiments of the invention provide a kind of information collecting method and dress
Put, to eliminate distrust problem of the network end user (for example, network manager) to manufacturer in information gathering process, promote letter
Breath smoothly collection.The executive agent of the embodiment of the present invention is network side equipment, wherein, network side equipment includes:Intrusion prevention class
Equipment, Anti Virus Gateway, fire wall etc..The information collecting method provided first below the embodiment of the present invention is introduced.
Referring to Fig. 1, Fig. 1 is the flow chart of the information collecting method of the embodiment of the present invention, is comprised the following steps:
S101, according to presupposed information acquisition condition, pair terminal communicated to connect with network side equipment progress information gathering, obtain
To initial information.
Information collecting method in the embodiment of the present invention refers to network side information collecting method, the process tool of information gathering
Body is:Network side equipment enters row information according to presupposed information acquisition condition by the information collection module inside network side equipment
Collection, information gathering can also be carried out by the information collecting device communicated to connect with network side equipment, obtain setting with network side
The information of the terminal of standby communication connection, the information directly collected by information collecting device, network side equipment etc. are as initial
Information.It can include with the terminal of network side equipment communication connection:Server and user equipment etc..
Wherein, presupposed information acquisition condition is:The information gathering condition that network end user is set.Network end user sets letter
The mode of breath acquisition condition can include:Network end user by set configuration file (such as:Xml document, cfg files etc.)
Mode configuration information acquisition condition.So, when network side equipment carries out information gathering, configuration file is entered in network end user
After row is set, network side equipment can obtain information gathering condition by way of accessing configuration file, in addition, network-side is used
Family can also be modified by changing configuration file to information gathering condition.
For example, network side equipment needs to gather the relevant information of hacker attacks enterprise network, and network end user is being believed
Configuration information acquisition condition on collecting device is ceased, including:Which attack logs information network end user selection gathers, and network-side is used
Family selection collection meets log information of which agreement etc..For example, daily record of the network end user when selection prints hacker attacks
During information, it is also an option which data message etc. specifically printed.So, when hacker is invaded enterprise network, network
The information gathering condition that side apparatus can be set according to network end user preserves related log information, and the log information is namely adopted
The initial information collected.Wherein, log information can be:* .txt files and * .log files etc..Log information can record hacker
Repeatedly trial logs in the information of some system, and record hacker repeatedly attempts to access that the letter of unauthorized file or system
Breath etc..By being acquired to log information, on the one hand, network end user can be analyzed log information, done afterwards
Good safeguard procedures.On the other hand, log information can also be sent to the control for producing the network side equipment and set by network side equipment
Standby, manufacturer is analyzed log information in product side, then network side equipment is improved so as to prevent hacker attacks.
S102, DecryptDecryption processing is carried out to initial information, obtains DecryptDecryption information.
Specifically, when pair carrying out information gathering with the terminal of network side equipment communication connection, in the initial information collected,
Except the relevant information comprising hacker, it is also possible to include the information of the terminal communicated to connect with network side equipment.For network side
For equipment, the information of terminal may be related to the private information of terminal user, and network side equipment is to protect its user profile
Security, the private information that control device knows terminal user is generally not desirable to, and control device knows the relevant information of hacker,
The security of its product i.e. the embodiment of the present application executive agent is favorably improved, the scheme provided for this embodiment of the present application
In, to eliminate network side equipment for the misgivings of its user's private information security, the information collected is sent to control and set
Before standby, DecryptDecryption processing is carried out to the initial information collected, obtains DecryptDecryption information.
In a kind of implementation of the embodiment of the present invention, DecryptDecryption processing is carried out to initial information, including:
The classified information in initial information is deleted or modified.
Wherein, classified information includes:With the information of the terminal of network side equipment communication connection, the hardware information of terminal, example
Such as:IP (Internet Protocol, Internet protocol) address of terminal etc.;Can also be including the use of the user's of the terminal
Relevant information, such as:Username and password of user etc.;The data preserved in terminal can also be included.
For example, when the server or user equipment communicated to connect with network side equipment is by network attack, net
The initial information that network side apparatus collects includes:Purpose IP address, destination interface and attack time of network attack etc..Its
In, network attack is that hacker utilizes leak existing for network and safety defect in the hardware, software and its system of network system
Data carry out attack.Obviously, the information such as the purpose IP address of network attack, destination interface and attack time in initial information
For the information of the terminal communicated to connect with network side equipment, these information are classified informations, and in the embodiment of the present invention, network side is set
It is standby these information to be deleted or changed.For example, certain server in the target of network attack is weight in enterprise
The server wanted, for information security, network side equipment can delete the attack logs for the server.Or initial letter
The username and password of many users is included in breath, then, when carrying out DecryptDecryption processing, username and password can also be deleted
Remove.The specific implementation of DecryptDecryption processing can be realized by script or other programs, and the executive agent of DecryptDecryption processing is
Network side equipment or the server communicated to connect with network side equipment or personal computer etc..Certainly, in the prior art
DecryptDecryption processing method belong to the protection domain of the embodiment of the present invention.
It is noted that the type of above-mentioned classified information can be the Default Value type of acquiescence, use can also be
During the type that is set according to the demand of terminal user, the application is defined not to this.
S103, DecryptDecryption information is sent to control device.
In the embodiment of the present invention, after network side equipment carries out DecryptDecryption processing to the information of collection, obtained DecryptDecryption is believed
Breath is sent to control device, and so, control device can obtain threatening information, enter by being analyzed and processed to DecryptDecryption information
One step, network side equipment is avoided Cyberthreat according to threatening information to take appropriate measures.Optionally, control device can be with
The DecryptDecryption information received is uploaded to high in the clouds, saves the hardware memory space of manufacturer.
Wherein, control device is forbidden reading and writing data from network side equipment.
In the embodiment of the present invention, to the authority limitation that conducted interviews between network side equipment and control device, only allow network
Side apparatus, to control device afferent message, does not allow control device to read and write the data of network side equipment by preset format.Wherein, in advance
If the arbitrary format that form is arranged between network side equipment and control device, is not limited herein.So, control device can only
The passive information for receiving network side equipment and sending, it is impossible to network side equipment is actively read and write, even if network side equipment has collected letter
Breath, in the case where network side equipment does not gather information to control device transmission network side equipment, control device can not also obtain
The information for taking network side equipment to gather, it is ensured that the safety of information in network side equipment, avoid network end user to control
The distrust of equipment and information-leakage problem, can promote information smoothly to gather well.
The information collecting method of the embodiment of the present invention, network side equipment according to presupposed information acquisition condition, pair and network side
The terminal of equipment communication connection carries out information gathering, obtains initial information., will be de- after DecryptDecryption processing is carried out to initial information
Confidential information is sent to control device.As can be seen that from initial information collect DecryptDecryption information submission whole process be all network
What end subscriber was operated, network end user is fully controllable to DecryptDecryption information, avoids the information-leakage of network end user worry
Problem, information is promoted smoothly to gather.
Optionally, the network side equipment in the information collecting method of the embodiment of the present invention is forbidden reading number from control device
According to.
In the embodiment of the present invention, the access rights of control device are limited, are ensureing network side equipment rights and interests
Meanwhile also the access rights of network side equipment are limited, i.e. network side equipment can not read the number in control device
According to.Control device includes the information of control device itself, in addition to control device multiple network side equipments for receiving are sent
Information, any one network side equipment cannot all read the data in control device.So, control device information peace is being ensured
While complete, it also ensure that the information in network side equipment is not read by other any network side equipments, further, improve
The security of information in network side equipment.
Corresponding to above method embodiment, the embodiment of the present invention additionally provides a kind of information collecting device, referring to Fig. 2, Fig. 2
For the structure chart of the information collecting device of the embodiment of the present invention, including:
Information acquisition module 201, for according to presupposed information acquisition condition, pair terminal communicated to connect with network side equipment
Information gathering is carried out, obtains initial information.
Information DecryptDecryption module 202, for carrying out DecryptDecryption processing to initial information, obtain DecryptDecryption information.
Information sending module 203, for DecryptDecryption information to be sent to control device.
The information collecting device of the embodiment of the present invention, network side equipment according to presupposed information acquisition condition, pair and network side
The terminal of equipment communication connection carries out information gathering, obtains initial information., will be de- after DecryptDecryption processing is carried out to initial information
Confidential information is sent to control device.As can be seen that from initial information collect DecryptDecryption information submission whole process be all network
What end subscriber was operated, network end user is fully controllable to DecryptDecryption information, avoids the information-leakage of network end user worry
Problem, information is promoted smoothly to gather.
It should be noted that the device of the embodiment of the present invention is the device using above- mentioned information acquisition method, then above-mentioned letter
All embodiments of breath acquisition method are applied to the device, and can reach same or analogous beneficial effect.
Optionally, in the information collecting device of the embodiment of the present invention, presupposed information acquisition condition is:Network end user is set
Information gathering condition.
Optionally, in the information collecting device of the embodiment of the present invention, information DecryptDecryption module is specifically used for, and is deleted or modified just
Classified information in beginning information.
Optionally, in the information collecting device of the embodiment of the present invention, network side equipment is forbidden reading data from control device.
Optionally, in the information collecting device of the embodiment of the present invention, control device is forbidden reading and writing data from network side equipment.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including the key element.
Each embodiment in this specification is described by the way of related, identical similar portion between each embodiment
Divide mutually referring to what each embodiment stressed is the difference with other embodiment.It is real especially for system
For applying example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in protection scope of the present invention
It is interior.
Claims (10)
- A kind of 1. information collecting method, applied to network side equipment, it is characterised in that including:According to presupposed information acquisition condition, pair terminal communicated to connect with the network side equipment progress information gathering, obtain just Beginning information;DecryptDecryption processing is carried out to the initial information, obtains DecryptDecryption information;The DecryptDecryption information is sent to control device.
- 2. information collecting method according to claim 1, it is characterised in that the presupposed information acquisition condition is:Network The information gathering condition that end subscriber is set.
- 3. information collecting method according to claim 1, it is characterised in that described to be carried out to the initial information at DecryptDecryption Reason, including:The classified information in the initial information is deleted or modified.
- 4. according to the information collecting method any one of claim 1-3, it is characterised in that the network side equipment is forbidden Data are read from the control device.
- 5. according to the information collecting method any one of claim 1-3, it is characterised in that the control device forbid from The network side equipment reads and writes data.
- A kind of 6. information collecting device, applied to network side equipment, it is characterised in that including:Information acquisition module, for being entered according to presupposed information acquisition condition, pair terminal communicated to connect with the network side equipment Row information gathers, and obtains initial information;Information DecryptDecryption module, for carrying out DecryptDecryption processing to the initial information, obtain DecryptDecryption information;Information sending module, for the DecryptDecryption information to be sent to control device.
- 7. information collecting device according to claim 6, it is characterised in that the presupposed information acquisition condition is:Network The information gathering condition that end subscriber is set.
- 8. information collecting device according to claim 6, it is characterised in that described information DecryptDecryption module is specifically used for, and deletes Remove or change the classified information in the initial information.
- 9. according to the information collecting device any one of claim 6-8, it is characterised in that the network side equipment is forbidden Data are read from the control device.
- 10. according to the information collecting device any one of claim 6-8, it is characterised in that the control device is forbidden Data are read and write from the network side equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710334766.7A CN107547500A (en) | 2017-05-12 | 2017-05-12 | A kind of information collecting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710334766.7A CN107547500A (en) | 2017-05-12 | 2017-05-12 | A kind of information collecting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107547500A true CN107547500A (en) | 2018-01-05 |
Family
ID=60966244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710334766.7A Pending CN107547500A (en) | 2017-05-12 | 2017-05-12 | A kind of information collecting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547500A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012086868A1 (en) * | 2010-12-24 | 2012-06-28 | 주식회사상상이룸 | Cloud computing-based personal publishing service system and service method |
| CN105630855A (en) * | 2015-04-24 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | File sharing method, file sharing system and terminal |
| CN105868040A (en) * | 2016-03-29 | 2016-08-17 | Tcl通力电子(惠州)有限公司 | Log collection method and collection terminal |
| CN106603493A (en) * | 2016-11-11 | 2017-04-26 | 北京安天电子设备有限公司 | Safeguard device embedded in network device and safeguard method |
-
2017
- 2017-05-12 CN CN201710334766.7A patent/CN107547500A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012086868A1 (en) * | 2010-12-24 | 2012-06-28 | 주식회사상상이룸 | Cloud computing-based personal publishing service system and service method |
| CN105630855A (en) * | 2015-04-24 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | File sharing method, file sharing system and terminal |
| CN105868040A (en) * | 2016-03-29 | 2016-08-17 | Tcl通力电子(惠州)有限公司 | Log collection method and collection terminal |
| CN106603493A (en) * | 2016-11-11 | 2017-04-26 | 北京安天电子设备有限公司 | Safeguard device embedded in network device and safeguard method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101689296B1 (en) | Automated verification method of security event and automated verification apparatus of security event | |
| US8595803B2 (en) | Protection against malware on web resources utilizing scripts for content scanning | |
| CN107872456A (en) | Network intrusion prevention method, apparatus, system and computer-readable recording medium | |
| DE112012004114T5 (en) | Assess the social risk due to exposure to potential threats from connected contacts | |
| CN105939326A (en) | Message processing method and device | |
| Chhikara et al. | Phishing & anti-phishing techniques: Case study | |
| CN107770125A (en) | A kind of network security emergency response method and emergency response platform | |
| DE112014003159T5 (en) | Network identity authentication using a communication device identification code | |
| Rianafirin et al. | Design network security infrastructure cabling using network development life cycle methodology and ISO/IEC 27000 series in Yayasan Kesehatan (Yakes) Telkom Bandung | |
| Rana et al. | Taxonomy of digital forensics: Investigation tools and challenges | |
| Idhom et al. | Network security system on multiple servers against brute force attacks | |
| CN108737332A (en) | A kind of man-in-the-middle attack prediction technique based on machine learning | |
| CN108781367A (en) | The method for reducing Cookie injection and Cookie Replay Attacks | |
| Butt et al. | Cloud and its security impacts on managing a workforce remotely: a reflection to cover remote working challenges | |
| CN111147486B (en) | Refined safety protection system and method and application thereof | |
| DE10241974B4 (en) | Monitoring of data transmissions | |
| SOX | This White Paper | |
| Pallangyo | Cyber Security Challenges, its Emerging Trends on Latest Information and Communication Technology and Cyber Crime in Mobile Money Transaction Services | |
| Mohtasebi et al. | A mitigation approach to the privacy and malware threats of social network services | |
| Enigbokan et al. | Managing cybercrimes through the implementation of security measures | |
| Chowdhury | Modelling cyber attacks | |
| Byeong-Ho | Ubiquitous computing environment threats and defensive measures | |
| Fraunholz et al. | Hack My Company: An Empirical Assessment of Post-exploitation Behavior and Lateral Movement in Cloud Environments | |
| CN107547500A (en) | A kind of information collecting method and device | |
| Hussien | Cyber security crimes, ethics and a suggested algorithm to overcome cyber-physical systems problems (CybSec1) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180105 |