CN107888624B - Method and device for protecting network security - Google Patents
Method and device for protecting network security Download PDFInfo
- Publication number
- CN107888624B CN107888624B CN201711402905.1A CN201711402905A CN107888624B CN 107888624 B CN107888624 B CN 107888624B CN 201711402905 A CN201711402905 A CN 201711402905A CN 107888624 B CN107888624 B CN 107888624B
- Authority
- CN
- China
- Prior art keywords
- traffic
- session
- flow
- network security
- packet loss
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Abstract
The application provides a network security protection method and a device, which are applied to network security equipment, wherein the method comprises the following steps: when a target session table item in the received flow matching is received, searching a packet loss table item corresponding to the target session table item from a corresponding relation between the session table item and the packet loss table item stored in a local terminal; if the packet loss table entry corresponding to the target session table entry is found, the flow is discarded; and if the packet loss table entry corresponding to the target session table entry is not found, forwarding the flow. By adopting the technical scheme provided by the application, the session to which malicious traffic belongs can be interrupted successfully under the condition of network backflow.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for protecting network security.
Background
With the rapid development of networks, the size of the networks is getting larger, and various security devices such as firewalls, virtual private networks, intrusion prevention systems, denial of service systems, Web application firewalls, etc. are developed in an infinite number for protecting the security of the networks. The network security equipment intercepts malicious traffic by detecting the traffic flowing through the equipment, thereby realizing the effect of network security protection.
When the network security device detects traffic, the traffic is usually detected based on a pre-configured security rule. Wherein the security rules consist of rule conditions and actions. When the received traffic meets the rule condition, the network security device may perform a corresponding action on the traffic. When the network security device detects that the received traffic is malicious traffic based on the security rule, the malicious traffic can be discarded, so that the security of the protection network is realized.
In the prior art, besides discarding the malicious traffic, the network security device also interrupts the session to which the malicious traffic belongs. When the method is implemented, the network security device can respectively simulate the client to send the message for interrupting the session to the server based on the malicious flow, and simulate the server to send the message for interrupting the session to the client.
However, the development of networks is getting larger and more complex, and traffic backflow occurs in the network.
Assuming that the network security device receives traffic sent by the client to the server, and the traffic is malicious traffic, the network security device may simulate the server to send a message for interrupting a session to the client based on the malicious traffic; wherein the message can directly reach the client. However, when the network security device simulates the client to send a message for interrupting the session to the server based on the malicious traffic; the VLAN in the message is different from the VLAN to which the service end belongs, and therefore the message needs to be modified into the VLAN to which the service end belongs by the network, and then flows back to the network security device, and then is sent to the service end through the corresponding interface. When the message flows back to the network security device through the network, the network security device can detect that the message and the malicious traffic belong to the same session, so that the network security device can directly regard the message as the malicious traffic and discard the message, and the message cannot reach the server, so that the session to which the malicious traffic belongs cannot be interrupted.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for protecting network security, which are applied to a network security device, and are used to successfully interrupt a session to which malicious traffic belongs under a network backflow condition.
Specifically, the method is realized through the following technical scheme:
a network security protection method is applied to network security equipment and comprises the following steps:
when a target session table item in the received flow matching is received, searching a packet loss table item corresponding to the target session table item from a corresponding relation between the session table item and the packet loss table item stored in a local terminal;
if the packet loss table entry corresponding to the target session table entry is found, the flow is discarded;
and if the packet loss table entry corresponding to the target session table entry is not found, forwarding the flow.
A protection device for network security is applied to network security equipment, and comprises:
the searching unit is used for searching a packet loss table entry corresponding to the target session table entry from the corresponding relation between the session table entry and the packet loss table entry stored in the local terminal when the received flow is matched with the target session table entry;
a discarding unit, configured to discard the traffic if a packet loss entry corresponding to the target session entry is found;
and the forwarding unit is used for forwarding the flow if the packet loss table entry corresponding to the target session table entry is not found.
The application provides a beneficial effect that technical scheme brought:
in the application, when the message received by the network security device and the malicious traffic belong to the same session, the network security device does not directly discard the message. The network security equipment further judges whether the packet loss table item corresponding to the session table item of the session to which the message belongs is matched with the packet loss table item, if so, the network security equipment discards the message, and if not, the network security equipment forwards the message. After the message for interrupting the session flows back through the network, the VLAN in the message is different from the VLAN in the message when the message is sent out from the network security equipment for the first time, so that the network security equipment cannot find the packet loss table entry corresponding to the session table entry of the session to which the message belongs, and the network security equipment can smoothly send the message to the target equipment for receiving the message, thereby realizing the successful interruption of the session under the condition of network backflow.
Drawings
FIG. 1 is a schematic diagram of a network security device for protecting network security;
fig. 2 is a flowchart illustrating a method for network security protection according to an embodiment of the present application;
fig. 3 is a hardware structure diagram of a network security device where a network security protection apparatus according to a second embodiment of the present application is located;
fig. 4 is a device for protecting network security according to the second embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the prior art, network security equipment detects received traffic through security rules and intercepts malicious traffic, thereby achieving the effect of protecting network security.
Wherein the security rules are composed of rule conditions and actions. When the traffic received by the network security device meets the rule condition, the network security device may perform a corresponding action on the traffic. The actions specify the traffic transmission mode, and mainly include actions such as discarding, releasing, blocking, pushing, and redirecting.
The drop action refers to dropping the currently received traffic;
the release action refers to the normal forwarding of the currently received traffic;
the blocking action refers to interrupting a session between the client and the server;
the push action is to send a specific data message to the client and interrupt the session between the client and the server;
the redirection action is to send a specific redirection message to the client and interrupt the session between the client and the server.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating a network security device protecting network security.
When the traffic received by the network security device is the first received traffic, a corresponding session table entry may be created based on a five-tuple in the received traffic, and security detection may be performed on the traffic based on the security rule. When detecting that the traffic is malicious traffic, the network security device may discard the traffic, interrupt the session to which the traffic belongs, add a packet loss flag in the session entry, and directly discard the received traffic when receiving the traffic of the same session again. As shown in fig. 1, the network security device includes an interface a, an interface B, an interface C, and an interface D, where a VLAN of the interface a and the interface C is 100, a VLAN of the interface B and the interface D is 200, the interface a is connected to the client, and the interface B is connected to the server. Assuming that the traffic sent from the client to the server and received by the network security device from the interface a is the first received traffic, and the traffic is malicious traffic, the network security device may create a corresponding session entry based on a five-tuple of the traffic, add a packet loss flag to the session entry, then discard the traffic, respectively simulate the server to send a packet for interrupting a session to which the traffic belongs to the client and simulate the client to send a packet for interrupting a session to which the traffic belongs to the server based on the traffic. The specific process is as follows:
assuming that the message for interrupting the session to which the traffic belongs is a Reset message, the network security device may simulate the server to send the Reset message to the client, and simulate the client to send the Reset message to the server. Here, since the Reset message is generated based on the traffic, the VLAN of the traffic is 100, and thus the VLAN in the Reset message is also 100. The network security device can directly send a Reset message to the client through the interface A, however, because the server is connected with the interface B, and the VLAN of the interface B is different from the VLAN in the Reset message, under the condition that the Reset message is directly sent to the server through the interface B without being forced by other strategies, the Reset message needs to be output from the interface C, the VLAN (100) in the Reset message is changed into the VLAN (200) through the external device, then the VLAN returns to the network security device from the interface D, and then the Reset message is sent to the server through the interface B.
However, the Reset message and the malicious traffic belong to the same session, and after the network security device receives the Reset message returned to the local end, the Reset message may be matched to a session entry of the session to which the traffic belongs, and the session entry carries a packet loss flag, so that the network security device may directly regard the Reset message as the malicious traffic and discard the Reset message, and therefore the Reset message cannot reach the service end, and the session to which the malicious traffic belongs may not be interrupted.
Example one
In order to solve the problems in the prior art, an embodiment of the present application shows a method for protecting network security, which is applied to a network security device. Referring to fig. 2, fig. 2 is a flowchart of a network security protection method according to an embodiment of the present application, specifically executing the following steps:
step 201: when a target session table item in the received flow matching is received, searching a packet loss table item corresponding to the target session table item from a corresponding relation between the session table item and the packet loss table item stored in a local terminal;
step 202: if the packet loss table entry corresponding to the target session table entry is found, the flow is discarded;
step 203: and if the packet loss table entry corresponding to the target session table entry is not found, forwarding the flow.
In this embodiment, when the network security device receives any session entry stored in the home terminal in the traffic matching, the network security device searches for a packet loss entry corresponding to the session entry in the matching from a correspondence between the session entry stored in the home terminal and the packet loss entry, and directly discards the traffic if the packet loss entry corresponding to the session entry in the matching is found; and if the packet loss table entry corresponding to the session table entry in the matching is not found, executing corresponding action on the flow.
The process of creating the correspondence between the packet loss table entry and the session table entry and the packet loss table entry is as follows:
when the traffic received by the network security device is the first received traffic, the network security device may create a corresponding session table entry for a session to which the traffic belongs based on a five-tuple of the traffic, and then detect the traffic based on the configured security rule. When it is detected that the traffic is malicious traffic carrying an attack, the network security device may obtain, from the traffic, a VLAN to which the traffic belongs, where the traffic flows into an ingress interface of the network security device and a transmission direction of the traffic, and based on the VLAN to which the traffic belongs, the traffic flows into the ingress interface of the network security device, and the transmission direction of the traffic creates and generates a corresponding packet loss entry for a session to which the traffic belongs, where the packet loss entry at least includes three attributes of the VLAN to which the traffic belongs, the ingress interface of the traffic flowing into the network security device, and the transmission direction of the traffic. Of course, the user may add another attribute, such as a packet loss identifier, to the packet loss table entry according to actual needs. And after the network security equipment creates a corresponding session table entry and a packet loss table entry for the session to which the flow belongs, establishing a corresponding relationship between the session table entry and the packet loss table entry.
Wherein, the transmission direction of the above-mentioned flow includes: client → server, server → client.
The inlet interface of the traffic flow into the network security equipment is a physical interface for the network security equipment to receive the traffic.
For example, based on fig. 1, when the traffic sent by the network security device from the client to the server is the traffic received for the first time, the network security device may create and generate a corresponding session entry for the session to which the traffic belongs based on the five-tuple information of the traffic, and then detect the traffic based on the security rule. When detecting that the traffic is malicious traffic carrying an attack, the network security device may create a corresponding packet loss table entry based on the traffic, where the packet loss table entry includes a VLAN (100) to which the traffic belongs, the traffic flows into an input interface (interface a) of the network security device, and a transmission direction of the traffic (client → server), and finally, the network security device may establish a corresponding relationship between the session table entry and the packet loss table entry.
Similarly, when the traffic sent from the server to the client by the network security device is the traffic received for the first time, the network security device may create and generate a corresponding session table entry for the session to which the traffic belongs based on the five-tuple information of the traffic, and then detect the traffic based on the security rule. When detecting that the traffic is malicious traffic carrying an attack, the network security device may create a corresponding packet loss entry based on the traffic, where the packet loss entry includes a VLAN (200) to which the traffic belongs, the traffic flows into an input interface (interface B) of the network security device, a transmission direction of the traffic (server → client), and finally, the network security device may establish a correspondence between the session entry and the packet loss entry.
In other words, in the present application, when the traffic received by the network security device is the first received traffic and is a legal traffic, the network security device creates a corresponding session table entry for the session to which the traffic belongs according to the prior art. When the traffic received by the network security device is the first received traffic and is malicious traffic carrying an attack, after the network security device creates a corresponding session table entry for the traffic based on the five-tuple of the traffic, it also needs to create a corresponding packet loss table entry for the VLAN to which the traffic belongs, the ingress interface of the traffic into the network security device, and the transmission direction of the traffic, and establish a corresponding relationship between the session table entry and the packet loss table entry.
In this embodiment, after the network security device receives the traffic, the specific operation process for the traffic is as follows:
after the network security device receives the traffic, the network security device may match the traffic with the session table entry stored in the home terminal. If the network security device finds the session table item matched with the flow from the session table items stored in the home terminal, it indicates that the network security device has created a corresponding session table item for the session to which the flow belongs. The network security device may search the packet loss table entry corresponding to the session table entry in the traffic matching from the correspondence between the session table entry and the packet loss table entry stored in the home terminal.
If the network security device does not find the packet loss table entry corresponding to the session table entry in the traffic matching, it indicates that the traffic of the session to which the traffic belongs is legal traffic. The network security appliance may process the traffic based on the matching session entry.
If the network security device finds the packet loss table entry corresponding to the session table entry in the traffic matching, it indicates that the traffic of the session to which the traffic belongs is malicious traffic, and the network security device may directly discard the traffic.
If the network security device does not find the session table item matched with the flow from the session table items stored in the home terminal, it indicates that the flow is the flow received by the network security device for the first time. The network security device may create and generate a corresponding session entry for the session to which the traffic belongs, and perform security detection on the traffic based on a preset security rule. When the flow passes the safety detection, corresponding action is executed on the flow based on the safety rule. When the flow does not pass the safety detection, a corresponding packet loss table entry is created and generated for the session to which the flow belongs, and a corresponding relation between the session table entry and the packet loss table entry is established. Please refer to the above contents for the specific creating process of the packet loss table entry and the corresponding relationship between the packet loss table entry and the session table entry, which is not described herein again.
In this embodiment, when the received traffic of the network security device is the traffic received for the first time, and the traffic is malicious traffic, the network security device may interrupt a session to which the traffic belongs. The network security equipment respectively simulates a server side to send a message for interrupting the session to the client side, and simulates the client side to send the message for interrupting the session to the server side.
Since the message is generated based on the received traffic, the VLAN in the message is the same as the VLAN in the traffic. When the network security device sends the message to the device sending the traffic, the device may directly receive the message. However, when the network security device sends the message to the destination receiving device of the traffic, since the VLAN to which the destination receiving device belongs is different from the VLAN in the message, the VLAN in the message needs to be modified by an external device to the same VLAN as the VLAN to which the destination receiving device belongs, and then the message flows back to the network security device through the network without forcing the message to be sent directly to the destination receiving device through other policies.
In the prior art, after the packet flows back to the network security device, the network security device detects that the packet and the malicious traffic are the traffic of the same session, and then directly discards the packet as the malicious traffic.
In an embodiment, after the packet flows back to the network security device, the network security device may detect that the packet and the malicious traffic are traffic of the same session, and then the network security device may not directly discard the packet. The network security device may further search whether a packet loss table entry corresponding to a session table entry of a session to which the packet belongs exists in packet loss table entries stored in the home terminal. After the message flows back to the network security device through the network, the VLAN in the message has changed, so that the network security device cannot find a packet loss entry corresponding to a session entry of a session to which the message belongs, and thus the network security device can smoothly send the message to a destination device that receives the message. For example, as shown in fig. 1, it is assumed that malicious traffic received by the network security device is traffic sent by the client to the server, and the network security device completes creating a corresponding Reset message based on the traffic, at this time, because a VLAN to which the Reset message belongs is the same as a VLAN to which the client belongs, the network security device may send the Reset message to the client through the interface a. The VLAN to which the server belongs is different from the VLAN to which the Reset message belongs, the Reset message needs to be output from the interface C under the condition that the Reset message is forcibly sent to the server directly through the interface B without other strategies, the VLAN (100) in the Reset message is changed into the VLAN (200) through external equipment, then the VLAN flows back to the network security equipment from the interface D, and the network security equipment sends the Reset message to the server through the interface B.
In this embodiment, when the packet received by the network security device and the malicious traffic belong to the same session, the network security device does not directly discard the packet. The network security equipment further judges whether the packet loss table item corresponding to the session table item of the session to which the message belongs is matched with the packet loss table item, if so, the network security equipment discards the message, and if not, the network security equipment forwards the message. After the message for interrupting the session flows back through the network, the VLAN in the message is different from the VLAN in the message when the message is sent out from the network security equipment for the first time, so that the network security equipment cannot find the packet loss table entry corresponding to the session table entry of the session to which the message belongs, and the network security equipment can smoothly send the message to the target equipment for receiving the message, thereby realizing the successful interruption of the session under the condition of network backflow.
Example two
Corresponding to the first embodiment of the method for protecting network security, the present application further provides a second embodiment of a device for protecting network security.
The embodiment of the device for protecting the network security can be applied to network security equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a device in a logical sense, the device is formed by reading a corresponding computer program instruction in a non-volatile memory into an internal memory through a processor of the network security device where the device is located to run. In terms of hardware, as shown in fig. 3, the present application is a hardware structure diagram of a network security device where a device for protecting network security is located, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the network security device where the device is located in the embodiment may also include other hardware according to the actual function of protecting network security, which is not described again.
Referring to fig. 4, fig. 4 is a diagram illustrating an apparatus for protecting network security according to a second embodiment of the present application, where the apparatus is applied to a network security device, and the apparatus includes: a lookup unit 410, a discard unit 420, a forwarding unit 430.
The searching unit 410 is configured to search, when a received flow matches a target session entry, a packet loss entry corresponding to the target session entry from a correspondence between session entries and packet loss entries stored in a home terminal;
the discarding unit 420 is configured to discard the traffic if the packet loss table entry corresponding to the target session table entry is found;
the forwarding unit 430 is configured to forward the traffic if the packet loss table entry corresponding to the target session table entry is not found.
In this embodiment, the apparatus further includes:
and the matching unit is used for matching the flow with the session table entry stored in the local terminal when the flow is received.
A first creating unit, configured to create a corresponding session table entry for a session to which the traffic belongs based on the traffic if the traffic does not match any session table entry;
the detection unit is used for detecting the flow based on a preset safety rule;
a second creating unit, configured to create, when the traffic fails to pass the security detection, a corresponding packet loss table entry for a session to which the traffic belongs based on the traffic; the packet loss table entry comprises a VLAN to which the traffic belongs, an access interface for receiving the traffic by network security equipment, and a transmission direction of the traffic;
and the establishing unit is used for establishing a corresponding relation between a session table item established for the session to which the flow belongs and a packet loss table item established for the session to which the flow belongs.
And the execution unit is used for executing corresponding actions on the flow based on the safety rules when the flow passes the safety detection.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (8)
1. A network security protection method is applied to a network security device, and is characterized in that the network security device is connected with an external device, the external device is at least used for modifying VLAN information of a session interrupt message from the network security device and reflowing the session interrupt message, and the method comprises the following steps:
when a target session table item in the received flow matching is received, searching a packet loss table item corresponding to the target session table item from a corresponding relation between the session table item and the packet loss table item stored in a local terminal; the packet loss table entry is used for recording a VLAN to which traffic which fails to pass security detection belongs, an ingress interface through which the network security device receives the traffic which fails to pass security detection, and a transmission direction of the traffic which fails to pass security detection;
if the packet loss table item matched with the received flow is found, discarding the flow;
and if the packet loss table item matched with the received flow is not found, forwarding the flow.
2. The method of claim 1, further comprising:
and when receiving the flow, matching the flow with the session table entry stored in the local terminal.
3. The method of claim 2, further comprising:
if the flow does not match any session table item, establishing a corresponding session table item for the session to which the flow belongs on the basis of the flow;
detecting the flow based on a preset safety rule;
when the flow does not pass the safety detection, establishing a corresponding packet loss table item for the session to which the flow belongs on the basis of the flow; the packet loss table entry comprises a VLAN to which the traffic belongs, an access interface for receiving the traffic by network security equipment, and a transmission direction of the traffic;
and establishing a corresponding relation between a session table item established for the session to which the flow belongs and a packet loss table item established for the session to which the flow belongs.
4. The method of claim 3, further comprising:
and when the flow passes the safety detection, executing corresponding action on the flow based on the safety rule.
5. A network security protection device is applied to a network security device, and is characterized in that the network security device is connected with an external device, the external device is at least used for modifying VLAN information of a session interrupt message from the network security device and reflowing the session interrupt message, and the device comprises:
the searching unit is used for searching a packet loss table entry corresponding to the target session table entry from the corresponding relation between the session table entry and the packet loss table entry stored in the local terminal when the received flow is matched with the target session table entry; the packet loss table entry is used for recording a VLAN to which traffic which fails to pass security detection belongs, an ingress interface through which the network security device receives the traffic which fails to pass security detection, and a transmission direction of the traffic which fails to pass security detection;
a discarding unit, configured to discard the traffic if a packet loss entry matching the received traffic is found;
and the forwarding unit is used for forwarding the flow if the packet loss table item matched with the received flow is not found.
6. The apparatus of claim 5, further comprising:
and the matching unit is used for matching the flow with the session table entry stored in the local terminal when the flow is received.
7. The apparatus of claim 6, further comprising:
a first creating unit, configured to create a corresponding session table entry for a session to which the traffic belongs based on the traffic if the traffic does not match any session table entry;
the detection unit is used for detecting the flow based on a preset safety rule;
a second creating unit, configured to create, when the traffic fails to pass the security detection, a corresponding packet loss table entry for a session to which the traffic belongs based on the traffic; the packet loss table entry comprises a VLAN to which the traffic belongs, an access interface for receiving the traffic by network security equipment, and a transmission direction of the traffic;
and the establishing unit is used for establishing a corresponding relation between a session table item established for the session to which the flow belongs and a packet loss table item established for the session to which the flow belongs.
8. The apparatus of claim 7, further comprising:
and the execution unit is used for executing corresponding actions on the flow based on the safety rules when the flow passes the safety detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711402905.1A CN107888624B (en) | 2017-12-22 | 2017-12-22 | Method and device for protecting network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711402905.1A CN107888624B (en) | 2017-12-22 | 2017-12-22 | Method and device for protecting network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107888624A CN107888624A (en) | 2018-04-06 |
| CN107888624B true CN107888624B (en) | 2021-12-24 |
Family
ID=61771219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711402905.1A Active CN107888624B (en) | 2017-12-22 | 2017-12-22 | Method and device for protecting network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107888624B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108777679B (en) * | 2018-05-22 | 2021-09-17 | 深信服科技股份有限公司 | Method and device for generating traffic access relation of terminal and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101304389A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for processing packet |
| CN103812875A (en) * | 2014-03-07 | 2014-05-21 | 网神信息技术(北京)股份有限公司 | Data processing method and data processing device for gateway equipment |
| CN105959254A (en) * | 2015-12-02 | 2016-09-21 | 杭州迪普科技有限公司 | Message processing method and device |
-
2017
- 2017-12-22 CN CN201711402905.1A patent/CN107888624B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101304389A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for processing packet |
| CN103812875A (en) * | 2014-03-07 | 2014-05-21 | 网神信息技术(北京)股份有限公司 | Data processing method and data processing device for gateway equipment |
| CN105959254A (en) * | 2015-12-02 | 2016-09-21 | 杭州迪普科技有限公司 | Message processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107888624A (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108701187B (en) | Apparatus and method for hybrid hardware-software distributed threat analysis | |
| JP4906504B2 (en) | Intelligent integrated network security device | |
| Choi et al. | A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment | |
| US10135785B2 (en) | Network security system to intercept inline domain name system requests | |
| CN114145004B (en) | System and method for using DNS messages to selectively collect computer forensic data | |
| CN104660565A (en) | Hostile attack detection method and device | |
| Mubarakali et al. | Security challenges in internet of things: Distributed denial of service attack detection using support vector machine‐based expert systems | |
| CN108353068B (en) | SDN controller assisted intrusion prevention system | |
| US20160352774A1 (en) | Mitigation of computer network attacks | |
| CN104115463A (en) | A streaming method and system for processing network metadata | |
| CN111526121B (en) | Intrusion prevention method and device, electronic equipment and computer readable medium | |
| US10375118B2 (en) | Method for attribution security system | |
| KR20080028381A (en) | Method for defending against denial of service attacks in ip networks by target victim self-identification and control | |
| US10397225B2 (en) | System and method for network access control | |
| CN105991617B (en) | Computer-implemented system and method for selecting a secure path using network scoring | |
| Kim et al. | Preventing DNS amplification attacks using the history of DNS queries with SDN | |
| US20070289014A1 (en) | Network security device and method for processing packet data using the same | |
| CN108737344A (en) | A kind of network attack protection method and device | |
| CN107888624B (en) | Method and device for protecting network security | |
| US20210359978A1 (en) | Selective Rate Limiting via a Hybrid Local and Remote Architecture | |
| CN107395615B (en) | Method and device for printer safety protection | |
| CN113328976B (en) | Security threat event identification method, device and equipment | |
| CN110198298A (en) | A kind of information processing method, device and storage medium | |
| JP4391455B2 (en) | Unauthorized access detection system and program for DDoS attack | |
| CN110166359B (en) | Message forwarding method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |