CN108833340A - A kind of internal home network communication security protection system - Google Patents
A kind of internal home network communication security protection system Download PDFInfo
- Publication number
- CN108833340A CN108833340A CN201810387603.XA CN201810387603A CN108833340A CN 108833340 A CN108833340 A CN 108833340A CN 201810387603 A CN201810387603 A CN 201810387603A CN 108833340 A CN108833340 A CN 108833340A
- Authority
- CN
- China
- Prior art keywords
- data packet
- communication
- application layer
- layer data
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of internal home network communication securities to protect system, a security control equipment of connecting on switches, and the interchanger is connect with network layer communication by the first security control equipment, connect by the second security control equipment with application layer communication.A kind of internal home network communication security of the present invention protects system, the data packet of network layer passes through the first security control equipment and application layer communication, and the data packet of application layer passes through the second security control equipment and network layer communication, network layer data packet and application layer data carry out supervision processing by different security control equipment respectively, the processing speed of security control equipment can be improved, after the unqualified data in network layer data packet is filtered by the first security control equipment again with application layer communication, after the unqualified data in application layer data packet is filtered by the second security control equipment again with application layer or network layer communication, form the network environment of a safety, substantially increase the safety of internal home network communication.
Description
【Technical field】
The present invention relates to the technical field of network security, in particular to a kind of internal home network communication security protects system.
【Background technique】
It is the scientific and technological information epoch now, is the epoch that information generates value.Informationization is becoming greatly for current era development
Gesture represents advanced productivity.Information-based development must rely on internet, but there are certain network securitys for internet
Property, the data of individual, government of company etc. is easy to be equipped with camera shooting in attack and leakage by network, such as many families
Head, and the data in camera will be shared on network.With the development of society, more and more smart machines are put into
Market, equipment can equally network, by remote port manipulation can be achieved with can only equipment application.But there is also one in this way
Problem:Once security control is not in place, various problem will occur, such as:Daytime nobody home, intelligent air condition by
Hacker attacks starting, etc. such problems will come one after another, and be huge to loss caused by individual, company etc..For
Raising internal home network communications security, it is necessary to propose a kind of internal home network communication security protection system.
【Summary of the invention】
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, a kind of internal home network communication security protection system is provided
System, aims to solve the problem that the technical problem that internet security is lower in the prior art.
To achieve the above object, the invention proposes a kind of internal home network communication securities to protect system, goes here and there on switches
Join a security control equipment, the interchanger is connect by the first security control equipment with network layer communication, and the second peace is passed through
Full monitoring equipment is connect with application layer communication.
Preferably, the first security control equipment analyzes mould by packet-receiving module a, network layer data packet
Block, network layer data packet filtering module and packet sending module b are constituted, the network layer data packet analysis module input terminal
It is connect by packet-receiving module a with network layer communication, the output end and network layer data of network layer data packet analysis module
The connection of packet filtering module input, the output end of network layer data packet filtering module is connect with packet sending module b, described
Packet sending module b passes through interchanger and application layer communication.
Preferably, being additionally provided with the first prompting device, first prompting device in the first security control equipment
It is communicated to connect with network layer data packet analysis module.
Preferably, the second security control equipment analyzes mould by packet-receiving module c, application layer data packet
Block, application layer data packet filtering module and packet sending module d are constituted, the input of the application layer data packet analysis module
End connect by packet-receiving module c with application layer communication, the output end of application layer data packet analysis module and using the number of plies
It is connected according to the input terminal of packet filtering module, the output end of application layer data packet filtering module is connect with packet sending module d, institute
The packet sending module d stated passes through interchanger and network layer communication.
Preferably, being additionally provided with the second prompting device, second prompting device in the second security control equipment
It is communicated to connect with application layer data packet analysis module.
Preferably, the application layer includes internet of things equipment, the internet of things equipment includes computer, intelligent hand
Machine, pad, monitor, intelligent refrigerator, intelligent washing machine, also by the second security control equipment between the internet of things equipment
It is communicated.
Beneficial effects of the present invention:Compared with prior art, a kind of internal home network communication security protection provided by the invention
System, the data packet of network layer is by the first security control equipment and application layer communication, and the data packet of application layer passes through second
Security control equipment and network layer communication, network layer data packet and application layer data respectively by different security control equipment into
Row supervision processing, can be improved the processing speed of security control equipment, will be in network layer data packet by the first security control equipment
Unqualified data be filtered after again with application layer communication, by the second security control equipment by not conforming in application layer data packet
Lattice data be filtered after again with application layer or network layer communication, form the network environment of a safety, substantially increase interior
The safety of network communication.
Feature and advantage of the invention will be described in detail by embodiment combination attached drawing.
【Detailed description of the invention】
Fig. 1 is a kind of module diagram of internal home network communication security protection system of the embodiment of the present invention.
【Specific embodiment】
In order to make the objectives, technical solutions and advantages of the present invention clearer, below by accompanying drawings and embodiments, to this
Invention is further elaborated.However, it should be understood that the specific embodiments described herein are merely illustrative of the present invention,
The range being not intended to restrict the invention.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to keep away
Exempt from unnecessarily to obscure idea of the invention.
Refering to fig. 1, the embodiment of the present invention provides a kind of internal home network communication security protection system, connects on interchanger 1
One security control equipment 2, the interchanger 1 are connect by the first security control equipment 2 with network layer communication, and the second peace is passed through
Full monitoring equipment 3 is connect with application layer communication.
Further, the first security control equipment 2 is analyzed by packet-receiving module a21, network layer data packet
Module 22, network layer data packet filtering module 23 and packet sending module b24 are constituted, and the network layer data packet analyzes mould
22 input terminal of block is connect by packet-receiving module a21 with network layer communication, the output of network layer data packet analysis module 22
End is connect with 23 input terminal of network layer data packet filtering module, and the output end and data packet of network layer data packet filtering module 23 are sent out
Module b24 connection is sent, the packet sending module b24 passes through interchanger 1 and application layer communication.
Further, the second security control equipment 3 is analyzed by packet-receiving module c31, application layer data packet
Module 32, application layer data packet filtering module 33 and packet sending module d34 are constituted, and the application layer data packet analyzes mould
The input terminal of block 32 is connect by packet-receiving module c31 with application layer communication, application layer data packet analysis module 32 it is defeated
Outlet is connect with the input terminal of application layer data packet filtering module 33, the output end and data of application layer data packet filtering module 33
The d34 connection of packet sending module, the packet sending module d34 pass through interchanger 1 and network layer communication.
In embodiments of the present invention, it is additionally provided with the first prompting device 25 in the first security control equipment 2, it is described
First prompting device 25 is communicated to connect with network layer data packet analysis module 22, is also set up in the second security control equipment 3
There is the second prompting device 35, second prompting device 35 is communicated to connect with application layer data packet analysis module 32.When the network number of plies
When analyzing network layer data according to packet analysis module 22 and being surrounded by unqualified data, the first prompting device 25 just will do it warning note,
When application layer data packet analysis module 32, which analyzes application layer data, is surrounded by unqualified data, the second prompting device 35 just be will do it
Warning note, user can check underproof data, track.
Further, the application layer includes internet of things equipment, and the internet of things equipment includes computer, intelligent hand
Machine, pad, monitor, intelligent refrigerator, intelligent washing machine, also by the second security control equipment 3 between the internet of things equipment
It is communicated.
In embodiments of the present invention, point on network layer data packet analysis module 22 and application layer data packet analysis module 32
Analysis criterion can be set by user, for example which IP address available communication, which communication protocol can communicate etc..
The course of work of the present invention:
During the work time, the data packet of network layer passes through first to a kind of internal home network communication security protection system of the present invention
Security control equipment 2 and application layer communication, after being analyzed by network layer data packet analysis module 22, by network layer data packet filtering
Module 23 will be analyzed underproof data packet and is filtered, and only qualified data packet can be communicated by interchanger 1;Application layer
Data packet by the second security control equipment 3 and network layer communication, after being analyzed by application layer data packet analysis module 32, by
Application layer data packet filtering module 33 will be analyzed underproof data packet and is filtered, and only qualified data packet can pass through friendship
It changes planes 1 communication, and is provided with the first prompting device 25 in the first security control equipment 2, is provided in the second security control equipment 3
Second prompting device 35, after having analyzed unqualified data packet, the first prompting device 25 or the second prompting device 35 just can be carried out alarm
Prompt, and communicated between internet of things equipment also by the second security control equipment 3, it avoids internet of things equipment and is attacked
The problem of other internet of things equipment are impacted after hitting.
Network layer data packet and application layer data carry out supervision processing, Ke Yiti by different security control equipment respectively
The processing speed of high safety monitoring equipment is carried out the illegalities data in network layer data packet by the first security control equipment 2
The illegalities data in application layer data packet are filtered by the second security control equipment 3 with application layer communication again after filtering
The network environment of a safety is formed with application layer or network layer communication again afterwards, substantially increases the safety of internal home network communication
Property.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modification, equivalent replacement or improvement etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (6)
1. a kind of internal home network communication security protects system, it is characterised in that:It connects on interchanger (1) a security control equipment
(2), the interchanger (1) is connect by the first security control equipment (2) with network layer communication, is set by the second security control
Standby (3) are connect with application layer communication.
2. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:First safety
Monitoring equipment (2) is by packet-receiving module a (21), network layer data packet analysis module (22), network layer data packet filtering mould
Block (23) and packet sending module b (24) are constituted, and described network layer data packet analysis module (22) input terminal passes through data
Packet receiving module a (21) is connect with network layer communication, the output end and network layer data of network layer data packet analysis module (22)
The connection of packet filtering module (23) input terminal, the output end and packet sending module b of network layer data packet filtering module (23)
(24) it connects, the packet sending module b (24) passes through interchanger (1) and application layer communication.
3. a kind of internal home network communication security as claimed in claim 2 protects system, it is characterised in that:First safety
It is additionally provided on monitoring equipment (2) the first prompting device (25), first prompting device (25) and network layer data packet analyze mould
Block (22) communication connection.
4. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:Second safety
Monitoring equipment (3) is by packet-receiving module c (31), application layer data packet analysis module (32), application layer data packet filter module
Block (33) and packet sending module d (34) are constituted, and the input terminal of the application layer data packet analysis module (32) passes through number
Connect according to packet receiving module c (31) with application layer communication, the output end of application layer data packet analysis module (32) with apply the number of plies
It is connected according to the input terminal of packet filtering module (33), the output end and packet sending module of application layer data packet filtering module (33)
D (34) connection, the packet sending module d (34) pass through interchanger (1) and network layer communication.
5. a kind of internal home network communication security as claimed in claim 4 protects system, it is characterised in that:Second safety
It is additionally provided on monitoring equipment (3) the second prompting device (35), second prompting device (35) and application layer data packet analyze mould
Block (32) communication connection.
6. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:The application layer packet
Internet of things equipment is included, the internet of things equipment includes computer, smart phone, pad, monitor, intelligent refrigerator, intelligence laundry
Machine is communicated also by the second security control equipment (3) between the internet of things equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810387603.XA CN108833340A (en) | 2018-04-26 | 2018-04-26 | A kind of internal home network communication security protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810387603.XA CN108833340A (en) | 2018-04-26 | 2018-04-26 | A kind of internal home network communication security protection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108833340A true CN108833340A (en) | 2018-11-16 |
Family
ID=64155689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810387603.XA Pending CN108833340A (en) | 2018-04-26 | 2018-04-26 | A kind of internal home network communication security protection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108833340A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103220279A (en) * | 2013-04-02 | 2013-07-24 | 工业和信息化部电子第五研究所 | Safe data transmission method and system |
CN103944865A (en) * | 2013-01-22 | 2014-07-23 | 横河电机株式会社 | Isolation protection system and method for executing bidirectional data packet filtering inspection |
CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
US20170012956A1 (en) * | 2015-07-12 | 2017-01-12 | Qualcomm Incorporated | Network security architecture |
-
2018
- 2018-04-26 CN CN201810387603.XA patent/CN108833340A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103944865A (en) * | 2013-01-22 | 2014-07-23 | 横河电机株式会社 | Isolation protection system and method for executing bidirectional data packet filtering inspection |
CN103220279A (en) * | 2013-04-02 | 2013-07-24 | 工业和信息化部电子第五研究所 | Safe data transmission method and system |
CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
US20170012956A1 (en) * | 2015-07-12 | 2017-01-12 | Qualcomm Incorporated | Network security architecture |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9130983B2 (en) | Apparatus and method for detecting abnormality sign in control system | |
US8891546B1 (en) | Protocol splitter | |
CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
CN106341404A (en) | IPSec VPN system based on many-core processor and encryption and decryption processing method | |
KR20050081439A (en) | System of network security and working method thereof | |
CN103200123A (en) | Safety control method of switchboard port | |
CN102035793A (en) | Botnet detecting method, device and network security protective equipment | |
KR101692155B1 (en) | Method, apparatus and computer program for analzing vulnerability of software defined network | |
US11025639B2 (en) | Security access for a switch device | |
CN107959715A (en) | Remote terminal information recognition software system and recognition methods based on wireless telecommunications | |
CN102624726A (en) | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method | |
CN104333549A (en) | Data package filtering method applied to distributive firewall system | |
CN101895552B (en) | Security gateway and method thereof for detecting proxy surfing | |
CN104660554A (en) | Method for implementing communication data security of virtual machines | |
Kwon et al. | Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet | |
CN106572103B (en) | hidden port detection method based on SDN network architecture | |
CN101783786A (en) | Method and device for filtering data packets | |
CN113839925A (en) | IPv6 network intrusion detection method and system based on data mining technology | |
CN108833340A (en) | A kind of internal home network communication security protection system | |
CN104717188A (en) | Asset object security protection system and method in industrial control firewall | |
CN106161330A (en) | A kind of security isolation system being applied to PROFINET EPA | |
CN104579832B (en) | A kind of OpenFlow network security detection methods and system | |
CN103944896A (en) | Smart power grid safety protection system | |
CN109450918B (en) | IoT (Internet of things) equipment safety protection system based on software defined network | |
CN114039795A (en) | Software-defined router and data forwarding method based on same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |