CN108833340A - A kind of internal home network communication security protection system - Google Patents

A kind of internal home network communication security protection system Download PDF

Info

Publication number
CN108833340A
CN108833340A CN201810387603.XA CN201810387603A CN108833340A CN 108833340 A CN108833340 A CN 108833340A CN 201810387603 A CN201810387603 A CN 201810387603A CN 108833340 A CN108833340 A CN 108833340A
Authority
CN
China
Prior art keywords
data packet
communication
application layer
layer data
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810387603.XA
Other languages
Chinese (zh)
Inventor
余丹丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Harvest Network Technology Co Ltd
Original Assignee
Zhejiang Harvest Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Harvest Network Technology Co Ltd filed Critical Zhejiang Harvest Network Technology Co Ltd
Priority to CN201810387603.XA priority Critical patent/CN108833340A/en
Publication of CN108833340A publication Critical patent/CN108833340A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of internal home network communication securities to protect system, a security control equipment of connecting on switches, and the interchanger is connect with network layer communication by the first security control equipment, connect by the second security control equipment with application layer communication.A kind of internal home network communication security of the present invention protects system, the data packet of network layer passes through the first security control equipment and application layer communication, and the data packet of application layer passes through the second security control equipment and network layer communication, network layer data packet and application layer data carry out supervision processing by different security control equipment respectively, the processing speed of security control equipment can be improved, after the unqualified data in network layer data packet is filtered by the first security control equipment again with application layer communication, after the unqualified data in application layer data packet is filtered by the second security control equipment again with application layer or network layer communication, form the network environment of a safety, substantially increase the safety of internal home network communication.

Description

A kind of internal home network communication security protection system
【Technical field】
The present invention relates to the technical field of network security, in particular to a kind of internal home network communication security protects system.
【Background technique】
It is the scientific and technological information epoch now, is the epoch that information generates value.Informationization is becoming greatly for current era development Gesture represents advanced productivity.Information-based development must rely on internet, but there are certain network securitys for internet Property, the data of individual, government of company etc. is easy to be equipped with camera shooting in attack and leakage by network, such as many families Head, and the data in camera will be shared on network.With the development of society, more and more smart machines are put into Market, equipment can equally network, by remote port manipulation can be achieved with can only equipment application.But there is also one in this way Problem:Once security control is not in place, various problem will occur, such as:Daytime nobody home, intelligent air condition by Hacker attacks starting, etc. such problems will come one after another, and be huge to loss caused by individual, company etc..For Raising internal home network communications security, it is necessary to propose a kind of internal home network communication security protection system.
【Summary of the invention】
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, a kind of internal home network communication security protection system is provided System, aims to solve the problem that the technical problem that internet security is lower in the prior art.
To achieve the above object, the invention proposes a kind of internal home network communication securities to protect system, goes here and there on switches Join a security control equipment, the interchanger is connect by the first security control equipment with network layer communication, and the second peace is passed through Full monitoring equipment is connect with application layer communication.
Preferably, the first security control equipment analyzes mould by packet-receiving module a, network layer data packet Block, network layer data packet filtering module and packet sending module b are constituted, the network layer data packet analysis module input terminal It is connect by packet-receiving module a with network layer communication, the output end and network layer data of network layer data packet analysis module The connection of packet filtering module input, the output end of network layer data packet filtering module is connect with packet sending module b, described Packet sending module b passes through interchanger and application layer communication.
Preferably, being additionally provided with the first prompting device, first prompting device in the first security control equipment It is communicated to connect with network layer data packet analysis module.
Preferably, the second security control equipment analyzes mould by packet-receiving module c, application layer data packet Block, application layer data packet filtering module and packet sending module d are constituted, the input of the application layer data packet analysis module End connect by packet-receiving module c with application layer communication, the output end of application layer data packet analysis module and using the number of plies It is connected according to the input terminal of packet filtering module, the output end of application layer data packet filtering module is connect with packet sending module d, institute The packet sending module d stated passes through interchanger and network layer communication.
Preferably, being additionally provided with the second prompting device, second prompting device in the second security control equipment It is communicated to connect with application layer data packet analysis module.
Preferably, the application layer includes internet of things equipment, the internet of things equipment includes computer, intelligent hand Machine, pad, monitor, intelligent refrigerator, intelligent washing machine, also by the second security control equipment between the internet of things equipment It is communicated.
Beneficial effects of the present invention:Compared with prior art, a kind of internal home network communication security protection provided by the invention System, the data packet of network layer is by the first security control equipment and application layer communication, and the data packet of application layer passes through second Security control equipment and network layer communication, network layer data packet and application layer data respectively by different security control equipment into Row supervision processing, can be improved the processing speed of security control equipment, will be in network layer data packet by the first security control equipment Unqualified data be filtered after again with application layer communication, by the second security control equipment by not conforming in application layer data packet Lattice data be filtered after again with application layer or network layer communication, form the network environment of a safety, substantially increase interior The safety of network communication.
Feature and advantage of the invention will be described in detail by embodiment combination attached drawing.
【Detailed description of the invention】
Fig. 1 is a kind of module diagram of internal home network communication security protection system of the embodiment of the present invention.
【Specific embodiment】
In order to make the objectives, technical solutions and advantages of the present invention clearer, below by accompanying drawings and embodiments, to this Invention is further elaborated.However, it should be understood that the specific embodiments described herein are merely illustrative of the present invention, The range being not intended to restrict the invention.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to keep away Exempt from unnecessarily to obscure idea of the invention.
Refering to fig. 1, the embodiment of the present invention provides a kind of internal home network communication security protection system, connects on interchanger 1 One security control equipment 2, the interchanger 1 are connect by the first security control equipment 2 with network layer communication, and the second peace is passed through Full monitoring equipment 3 is connect with application layer communication.
Further, the first security control equipment 2 is analyzed by packet-receiving module a21, network layer data packet Module 22, network layer data packet filtering module 23 and packet sending module b24 are constituted, and the network layer data packet analyzes mould 22 input terminal of block is connect by packet-receiving module a21 with network layer communication, the output of network layer data packet analysis module 22 End is connect with 23 input terminal of network layer data packet filtering module, and the output end and data packet of network layer data packet filtering module 23 are sent out Module b24 connection is sent, the packet sending module b24 passes through interchanger 1 and application layer communication.
Further, the second security control equipment 3 is analyzed by packet-receiving module c31, application layer data packet Module 32, application layer data packet filtering module 33 and packet sending module d34 are constituted, and the application layer data packet analyzes mould The input terminal of block 32 is connect by packet-receiving module c31 with application layer communication, application layer data packet analysis module 32 it is defeated Outlet is connect with the input terminal of application layer data packet filtering module 33, the output end and data of application layer data packet filtering module 33 The d34 connection of packet sending module, the packet sending module d34 pass through interchanger 1 and network layer communication.
In embodiments of the present invention, it is additionally provided with the first prompting device 25 in the first security control equipment 2, it is described First prompting device 25 is communicated to connect with network layer data packet analysis module 22, is also set up in the second security control equipment 3 There is the second prompting device 35, second prompting device 35 is communicated to connect with application layer data packet analysis module 32.When the network number of plies When analyzing network layer data according to packet analysis module 22 and being surrounded by unqualified data, the first prompting device 25 just will do it warning note, When application layer data packet analysis module 32, which analyzes application layer data, is surrounded by unqualified data, the second prompting device 35 just be will do it Warning note, user can check underproof data, track.
Further, the application layer includes internet of things equipment, and the internet of things equipment includes computer, intelligent hand Machine, pad, monitor, intelligent refrigerator, intelligent washing machine, also by the second security control equipment 3 between the internet of things equipment It is communicated.
In embodiments of the present invention, point on network layer data packet analysis module 22 and application layer data packet analysis module 32 Analysis criterion can be set by user, for example which IP address available communication, which communication protocol can communicate etc..
The course of work of the present invention:
During the work time, the data packet of network layer passes through first to a kind of internal home network communication security protection system of the present invention Security control equipment 2 and application layer communication, after being analyzed by network layer data packet analysis module 22, by network layer data packet filtering Module 23 will be analyzed underproof data packet and is filtered, and only qualified data packet can be communicated by interchanger 1;Application layer Data packet by the second security control equipment 3 and network layer communication, after being analyzed by application layer data packet analysis module 32, by Application layer data packet filtering module 33 will be analyzed underproof data packet and is filtered, and only qualified data packet can pass through friendship It changes planes 1 communication, and is provided with the first prompting device 25 in the first security control equipment 2, is provided in the second security control equipment 3 Second prompting device 35, after having analyzed unqualified data packet, the first prompting device 25 or the second prompting device 35 just can be carried out alarm Prompt, and communicated between internet of things equipment also by the second security control equipment 3, it avoids internet of things equipment and is attacked The problem of other internet of things equipment are impacted after hitting.
Network layer data packet and application layer data carry out supervision processing, Ke Yiti by different security control equipment respectively The processing speed of high safety monitoring equipment is carried out the illegalities data in network layer data packet by the first security control equipment 2 The illegalities data in application layer data packet are filtered by the second security control equipment 3 with application layer communication again after filtering The network environment of a safety is formed with application layer or network layer communication again afterwards, substantially increases the safety of internal home network communication Property.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modification, equivalent replacement or improvement etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (6)

1. a kind of internal home network communication security protects system, it is characterised in that:It connects on interchanger (1) a security control equipment (2), the interchanger (1) is connect by the first security control equipment (2) with network layer communication, is set by the second security control Standby (3) are connect with application layer communication.
2. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:First safety Monitoring equipment (2) is by packet-receiving module a (21), network layer data packet analysis module (22), network layer data packet filtering mould Block (23) and packet sending module b (24) are constituted, and described network layer data packet analysis module (22) input terminal passes through data Packet receiving module a (21) is connect with network layer communication, the output end and network layer data of network layer data packet analysis module (22) The connection of packet filtering module (23) input terminal, the output end and packet sending module b of network layer data packet filtering module (23) (24) it connects, the packet sending module b (24) passes through interchanger (1) and application layer communication.
3. a kind of internal home network communication security as claimed in claim 2 protects system, it is characterised in that:First safety It is additionally provided on monitoring equipment (2) the first prompting device (25), first prompting device (25) and network layer data packet analyze mould Block (22) communication connection.
4. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:Second safety Monitoring equipment (3) is by packet-receiving module c (31), application layer data packet analysis module (32), application layer data packet filter module Block (33) and packet sending module d (34) are constituted, and the input terminal of the application layer data packet analysis module (32) passes through number Connect according to packet receiving module c (31) with application layer communication, the output end of application layer data packet analysis module (32) with apply the number of plies It is connected according to the input terminal of packet filtering module (33), the output end and packet sending module of application layer data packet filtering module (33) D (34) connection, the packet sending module d (34) pass through interchanger (1) and network layer communication.
5. a kind of internal home network communication security as claimed in claim 4 protects system, it is characterised in that:Second safety It is additionally provided on monitoring equipment (3) the second prompting device (35), second prompting device (35) and application layer data packet analyze mould Block (32) communication connection.
6. a kind of internal home network communication security as described in claim 1 protects system, it is characterised in that:The application layer packet Internet of things equipment is included, the internet of things equipment includes computer, smart phone, pad, monitor, intelligent refrigerator, intelligence laundry Machine is communicated also by the second security control equipment (3) between the internet of things equipment.
CN201810387603.XA 2018-04-26 2018-04-26 A kind of internal home network communication security protection system Pending CN108833340A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810387603.XA CN108833340A (en) 2018-04-26 2018-04-26 A kind of internal home network communication security protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810387603.XA CN108833340A (en) 2018-04-26 2018-04-26 A kind of internal home network communication security protection system

Publications (1)

Publication Number Publication Date
CN108833340A true CN108833340A (en) 2018-11-16

Family

ID=64155689

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810387603.XA Pending CN108833340A (en) 2018-04-26 2018-04-26 A kind of internal home network communication security protection system

Country Status (1)

Country Link
CN (1) CN108833340A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220279A (en) * 2013-04-02 2013-07-24 工业和信息化部电子第五研究所 Safe data transmission method and system
CN103944865A (en) * 2013-01-22 2014-07-23 横河电机株式会社 Isolation protection system and method for executing bidirectional data packet filtering inspection
CN104580260A (en) * 2015-02-10 2015-04-29 成都英力拓信息技术有限公司 Safety method applicable to intelligent terminal of internet of things
US20170012956A1 (en) * 2015-07-12 2017-01-12 Qualcomm Incorporated Network security architecture

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944865A (en) * 2013-01-22 2014-07-23 横河电机株式会社 Isolation protection system and method for executing bidirectional data packet filtering inspection
CN103220279A (en) * 2013-04-02 2013-07-24 工业和信息化部电子第五研究所 Safe data transmission method and system
CN104580260A (en) * 2015-02-10 2015-04-29 成都英力拓信息技术有限公司 Safety method applicable to intelligent terminal of internet of things
US20170012956A1 (en) * 2015-07-12 2017-01-12 Qualcomm Incorporated Network security architecture

Similar Documents

Publication Publication Date Title
US9130983B2 (en) Apparatus and method for detecting abnormality sign in control system
US8891546B1 (en) Protocol splitter
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN106341404A (en) IPSec VPN system based on many-core processor and encryption and decryption processing method
KR20050081439A (en) System of network security and working method thereof
CN103200123A (en) Safety control method of switchboard port
CN102035793A (en) Botnet detecting method, device and network security protective equipment
KR101692155B1 (en) Method, apparatus and computer program for analzing vulnerability of software defined network
US11025639B2 (en) Security access for a switch device
CN107959715A (en) Remote terminal information recognition software system and recognition methods based on wireless telecommunications
CN102624726A (en) Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method
CN104333549A (en) Data package filtering method applied to distributive firewall system
CN101895552B (en) Security gateway and method thereof for detecting proxy surfing
CN104660554A (en) Method for implementing communication data security of virtual machines
Kwon et al. Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet
CN106572103B (en) hidden port detection method based on SDN network architecture
CN101783786A (en) Method and device for filtering data packets
CN113839925A (en) IPv6 network intrusion detection method and system based on data mining technology
CN108833340A (en) A kind of internal home network communication security protection system
CN104717188A (en) Asset object security protection system and method in industrial control firewall
CN106161330A (en) A kind of security isolation system being applied to PROFINET EPA
CN104579832B (en) A kind of OpenFlow network security detection methods and system
CN103944896A (en) Smart power grid safety protection system
CN109450918B (en) IoT (Internet of things) equipment safety protection system based on software defined network
CN114039795A (en) Software-defined router and data forwarding method based on same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116