CN109120626A - Security threat processing method, system, safety perception server and storage medium - Google Patents

Security threat processing method, system, safety perception server and storage medium Download PDF

Info

Publication number
CN109120626A
CN109120626A CN201810993834.5A CN201810993834A CN109120626A CN 109120626 A CN109120626 A CN 109120626A CN 201810993834 A CN201810993834 A CN 201810993834A CN 109120626 A CN109120626 A CN 109120626A
Authority
CN
China
Prior art keywords
target
security threat
analysis data
firewall
api interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810993834.5A
Other languages
Chinese (zh)
Inventor
杨萌
杨一萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201810993834.5A priority Critical patent/CN109120626A/en
Publication of CN109120626A publication Critical patent/CN109120626A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The invention discloses a kind of security threat processing method, system, safety perception server and storage medium, is detecting that Intranet there are when security threat, analyzes the security threat by perceiving server safely, obtaining analysis data;Corresponding interface type is determined according to the analysis data, and target api interface is determined according to the interface type;Target firewall is sent by the analysis data by the target api interface, so that the target firewall is handled the security threat according to the analysis data, by the linkage for perceiving server Yu target firewall safely, the attack for entering Intranet around boundary defence is intercepted, compensate for the deficiency of static defence, the defence capability to Intranet attack is improved, hacker attack is avoided and is lost to user's bring, the user experience is improved.

Description

Security threat processing method, system, safety perception server and storage medium
Technical field
The present invention relates to field of communication security more particularly to a kind of security threat processing method, system, safe aware services Device and storage medium.
Background technique
Since the internal network (abbreviation Intranet) of the very high department of the security requirements such as government, bank, security and army connects It is more and more to enter Internet (abbreviation outer net) demand, how to guarantee the safety of internal network perfectly safely, it appears very It is important.There is a kind of attack mode now, hacker enters Intranet by various means, then pass through Intranet offensive attack, Heavy losses are caused to user.But traditional defensive equipment is deployed in network boundary, such as firewall lays particular emphasis on internet and goes out Mouth and Border Protection, once boundary defence is bypassed, attacker will be no longer constrained, can not accurately perceive the attack row of Intranet Such attack also can not to be just effectively treated, and existing application firewall relies on itself predefined rule to detect peace Complete to threaten, Policy Updates do not have specific aim, and defence capability is insufficient.
Summary of the invention
The main purpose of the present invention is to provide a kind of security threat processing method, system, safety perception server and deposit Storage media, it is intended to solve firewall in the prior art and rely on itself predefined rule to detect security threat, defence capability is not Enough, the technical issues of can not accurately perceiving the attack of Intranet.
To achieve the above object, the present invention provides a kind of security threat processing method, the security threat processing method packet Include following steps:
Safety perception server is detecting that Intranet there are when security threat, analyzes the security threat, obtains Analyze data;
Corresponding interface type is determined according to the analysis data, and target api interface is determined according to the interface type;
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The security threat is handled according to the analysis data.
Preferably, described that target firewall is sent for the analysis data by the target api interface, so that described Before target firewall is handled the security threat according to the analysis data, the security threat processing method is also wrapped It includes:
The target api interface is verified, when the target api interface is verified, executes and passes through the mesh The step of analysis data are sent target firewall by mark api interface.
Preferably, described that the target api interface is verified, when the target api interface is verified, execute The step of sending target firewall for the analysis data by the target api interface, specifically includes:
Certification request is sent to target firewall, so that the target firewall is to described by the target api interface Certification request is verified;
When being proved to be successful information of the target firewall transmission is being received, is assert that the target api interface verifying is logical It crosses;
The step of execution sends target firewall for the analysis data by the target api interface.
Preferably, described that certification request is sent to target firewall, so that the target is anti-by the target api interface Wall with flues verifies the certification request, specifically includes:
Certification request is sent to target firewall, so that the target firewall use connects by the target api interface The random number in the certification request received recalculate obtain the second cryptographic Hash, will second cryptographic Hash and First password cryptographic Hash in the certification request compares, so that completion is to the verifying of the certification request described first When cryptographic Hash is consistent with second cryptographic Hash, determine that the certification request passes through.
Preferably, described to receive when being proved to be successful information of the target firewall transmission, assert the target API Interface is verified, and is specifically included:
When the target firewall verifying first password cryptographic Hash is consistent with second cryptographic Hash, receive Effective token in the preset time that the target firewall generates;
Using the token as information is proved to be successful, assert that the target api interface is verified.
Preferably, described that target firewall is sent for the analysis data by the target api interface, so that described Target firewall is handled the security threat according to the analysis data, is specifically included:
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The analysis data are formatted, the analysis data after being converted according to format execute corresponding place to the security threat Reason operation.
Preferably, described that target firewall is sent for the analysis data by the target api interface, so that described After target firewall is handled the security threat according to the analysis data, the security threat processing method is also wrapped It includes:
When receiving user and being executed instruction by the movement that web management interface inputs, refer in response to movement execution Order checks the analysis data.
In addition, to achieve the above object, the present invention also proposes a kind of safety perception server, the safety perception server It include: the security threat processing journey that memory, processor and being stored in can be run on the memory and on the processor The step of sequence, the security threat processing routine is arranged for carrying out security threat processing method as described above.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, safety is stored on the storage medium Processing routine is threatened, the security threat processing routine realizes security threat processing side as described above when being executed by processor The step of method.
In addition, to achieve the above object, the present invention also provides a kind of security threat processing system, the security threat processing System includes:
Data acquisition module is detecting Intranet there are when security threat, to the safety for perceiving server safely Threat is analyzed, and analysis data are obtained;
Interface determining module, for determining corresponding interface type according to the analysis data, according to the interface type Determine target api interface;
Processing module, for sending target firewall for the analysis data by the target api interface, so that institute Target firewall is stated to handle the security threat according to the analysis data.
Security threat processing method proposed by the present invention, by perceiving server safely, detecting Intranet, there are safe prestige When the side of body, the security threat is analyzed, obtains analysis data;Corresponding interface type is determined according to the analysis data, Target api interface is determined according to the interface type;Target is sent by the analysis data by the target api interface to prevent Wall with flues, so that the target firewall is handled the security threat according to the analysis data, by perceiving clothes safely The linkage of business device and target firewall intercepts the attack for entering Intranet around boundary defence, compensates for static defence Deficiency, improve to Intranet attack defence capability, avoid hacker attack give user's bring loss, improve user's body It tests.
Detailed description of the invention
Fig. 1 is the safety perception server architecture schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of security threat processing method first embodiment of the present invention;
Fig. 3 is the flow diagram of security threat processing method second embodiment of the present invention;
Fig. 4 is the functional block diagram of security threat processing system first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The solution of the embodiment of the present invention is mainly: by perceiving server safely, detecting Intranet, there are safe prestige When the side of body, the security threat is analyzed, obtains analysis data;Corresponding interface type is determined according to the analysis data, Target api interface is determined according to the interface type;Target is sent by the analysis data by the target api interface to prevent Wall with flues, so that the target firewall is handled the security threat according to the analysis data, by perceiving clothes safely The linkage of business device and target firewall intercepts the attack for entering Intranet around boundary defence, compensates for static defence Deficiency, improve to Intranet attack defence capability, avoid hacker attack give user's bring loss, improve user's body It tests, solves firewall in the prior art and rely on itself predefined rule to detect security threat, defence capability is insufficient, can not Accurately the technical issues of the attack of perception Intranet.
Referring to Fig.1, Fig. 1 is that the safety perception server architecture for the hardware running environment that the embodiment of the present invention is related to shows It is intended to.
As shown in Figure 1, safety perception server may include: processor 1001, such as CPU, communication bus 1002 is used Family end interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing between these components Connection communication.User's end interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), can Selecting family end interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include Standard wireline interface and wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to steady Fixed memory (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of The storage device of aforementioned processor 1001.
It does not constitute it will be understood by those skilled in the art that perceiving server architecture shown in Fig. 1 safely to the service The restriction of device may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
As shown in Figure 1, as may include operating system, network communication mould in a kind of memory 1005 of storage medium Block, user terminal interface module and security threat processing routine.
The present invention perceives safely server and calls the security threat stored in memory 1005 processing by processor 1001 Program, and execute following operation:
It is detecting that Intranet there are when security threat, analyzes the security threat, is obtaining analysis data;
Corresponding interface type is determined according to the analysis data, and target api interface is determined according to the interface type;
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The security threat is handled according to the analysis data.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
The target api interface is verified, when the target api interface is verified, executes and passes through the mesh The step of analysis data are sent target firewall by mark api interface.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
Certification request is sent to target firewall, so that the target firewall is to described by the target api interface Certification request is verified;
When being proved to be successful information of the target firewall transmission is being received, is assert that the target api interface verifying is logical It crosses;
The step of execution sends target firewall for the analysis data by the target api interface.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
Certification request is sent to target firewall, so that the target firewall use connects by the target api interface The random number in the certification request received recalculate obtain the second cryptographic Hash, will second cryptographic Hash and First password cryptographic Hash in the certification request compares, so that completion is to the verifying of the certification request described first When cryptographic Hash is consistent with second cryptographic Hash, determine that the certification request passes through.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
When the target firewall verifying first password cryptographic Hash is consistent with second cryptographic Hash, receive Effective token in the preset time that the target firewall generates;
Using the token as information is proved to be successful, assert that the target api interface is verified.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The analysis data are formatted, the analysis data after being converted according to format execute corresponding place to the security threat Reason operation.
Further, processor 1001 can call the security threat processing routine stored in memory 1005, also execute It operates below:
When receiving user and being executed instruction by the movement that web management interface inputs, refer in response to movement execution Order checks the analysis data.
The present embodiment through the above scheme, by perceive safely server detect Intranet there are when security threat, it is right The security threat is analyzed, and analysis data are obtained;Corresponding interface type is determined according to the analysis data, according to described Interface type determines target api interface;Target firewall is sent by the analysis data by the target api interface, with Handle the target firewall to the security threat according to the analysis data, by perceiving server and mesh safely The linkage for marking firewall intercepts the attack for entering Intranet around boundary defence, compensates for the deficiency of static defence, mentions The high defence capability to Intranet attack, avoids hacker attack and gives the loss of user's bring, the user experience is improved.
Based on above-mentioned hardware configuration, security threat processing method embodiment of the present invention is proposed.
It is the flow diagram of security threat processing method first embodiment of the present invention referring to Fig. 2, Fig. 2.
In the first embodiment, the security threat processing method the following steps are included:
Step S10, safety perception server is detecting that Intranet there are when security threat, divides the security threat Analysis obtains analysis data.
It should be noted that the safety perception server can carry out real-time monitoring to Intranet, detecting that Intranet deposits In security threat, the security threat can be analyzed, obtain corresponding analysis data, the Intranet is detected, Real-time monitoring can be carried out to the flow generated in Intranet using flow as test object, in flow there are when suspected threat, carried out Corresponding analysis is also possible to be browsed record using Intranet as test object progress corresponding analysis, is can also be certainly with other Test object of the information as Intranet, so that it is determined that security threat, the present embodiment is without restriction to this.
In the concrete realization, server can be perceived safely by deeply convinced to be monitored Intranet, is pacified by deeply convinced Full aware services device is using full flow analysis as core, in conjunction with threat information, behavioural analysis modeling, user and entity behavioural analysis It is (User and Entity Behavior Analysis, UEBA), Host Detection of falling, figure association analysis, machine learning, big Data relation analysis, visualization technology, to the whole network flow realize the whole network business visualization, threaten visualization, attack with it is suspicious Traffic visualization etc. realizes the monitoring to Intranet.
Step S20, corresponding interface type is determined according to the analysis data, target is determined according to the interface type Api interface.
It should be noted that can determine interface type corresponding with the analysis data, institute according to the analysis data Stating interface type includes but is not limited to authorization interface, application strategy interface and user's group interface, can by different interface types With the different application programming interface of determination (Application Programming Interface, API), api interface is Some functions predetermined, it is therefore an objective to application program be provided and developer is based on certain software or hardware is able to one group of example of access The ability of journey, and be not necessarily to access source code, or understand the details of internal work mechanism;It can be determined by different interface types Corresponding api interface, to realize the transmission of different data.
Step S30, target firewall is sent for the analysis data by the target api interface, so that the mesh Mark firewall is handled the security threat according to the analysis data.
It, can be by target api interface by the analysis data it is understood that after target api interface has been determined It is sent to target firewall, thus handle the target firewall to the security threat according to the analysis data, Specified movement is executed to relevant target, for example, the IP of block attacker, or the behavior of security threat is intercepted Deng other processing, the present embodiment is without restriction to this.
In the concrete realization, the target firewall can use deeply convinced next generation firewall, by with the sense of security The linkage for knowing server intercepts the attack for entering Intranet around firewall boundaries defence, can make up static defence Deficiency, naturally it is also possible to be that the inspection attacked Intranet is realized in conjunction with safety perception server using universal general firewall It surveys, early warning and response are disposed.
Further, the specific following steps of step S30:
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The analysis data are formatted, the analysis data after being converted according to format execute corresponding place to the security threat Reason operation.
It is understood that after sending target firewall for the analysis data by the target api interface, it is described Target firewall can format the analysis data, i.e., the analysis data are converted to the target firewall The format that can directly use improves detection efficiency, according to format to reduce the time of security threat detection and reply Data after conversion execute specified movement to related objective, for example, block, IP of intercept attack person etc., the present embodiment is to this It is without restriction.
In the concrete realization, the target firewall may include that API module, data conversion module and movement execute mould Block, the API module can define format and the requesting party of the interaction data between safety perception server and target firewall Method, different request instructions indicate that the different operation to resource, such as GET represent and obtain resource, and POST is represented newly-built or updated Resource, DELETE, which is represented, deletes resource, naturally it is also possible to be that other instruct the operation to resource, the present embodiment does not limit this System;The data that safety perception server is sent are converted to the format that target firewall can be used directly by data conversion module, The relevant interface of action executing module invocation target firewall prevents fires the data application that safety perception server is sent to target Wall.
Further, after the step S30, the security threat processing method is further comprising the steps of:
When receiving user and being executed instruction by the movement that web management interface inputs, refer in response to movement execution Order checks the analysis data.
It is executed it is understood that executing instruction institute of Shi Mei section in the movement for receiving user's input in response to the movement Instruction checks the analysis data, i.e., executes program by web management interface call action to check safety perception clothes The data that business device is sent, thus manual detection data.
The present embodiment through the above scheme, by perceive safely server detect Intranet there are when security threat, it is right The security threat is analyzed, and analysis data are obtained;Corresponding interface type is determined according to the analysis data, according to described Interface type determines target api interface;Target firewall is sent by the analysis data by the target api interface, with Handle the target firewall to the security threat according to the analysis data, by perceiving server and mesh safely The linkage for marking firewall intercepts the attack for entering Intranet around boundary defence, compensates for the deficiency of static defence, mentions The high defence capability to Intranet attack, avoids hacker attack and gives the loss of user's bring, the user experience is improved.
Further, Fig. 3 is the flow diagram of security threat processing method second embodiment of the present invention, as shown in figure 3, It is proposed security threat processing method second embodiment of the present invention based on first embodiment, in the present embodiment, the step S30 it Before, the security threat processing method is further comprising the steps of:
Step S301, the target api interface is verified, when the target api interface is verified, is executed logical Cross the step of analysis data are sent target firewall by the target api interface.
It is understood that being verified to the target api interface, i.e., needs safety perception server is called Api interface verified, when the target api interface is verified, that is, show that the target api interface meets described point Analysis data transmission will quadrature and can send target firewall for the analysis data by the target api interface.
Further, the step S301 specifically includes the following steps:
Certification request is sent to target firewall, so that the target firewall is to described by the target api interface Certification request is verified;
When being proved to be successful information of the target firewall transmission is being received, is assert that the target api interface verifying is logical It crosses;
The step of execution sends target firewall for the analysis data by the target api interface.
It should be understood that the target is anti-after sending certification request to target firewall by the target api interface Wall with flues by call cryptographic Hash proving program the certification request is verified, when being verified, can with feedback validation at Function information is to the safety perception server, so that it is determined that carrying out the transmission of the analysis data by the target api interface.
Further, described that certification request is sent to target firewall, so that the target by the target api interface Firewall verifies the certification request, specifically includes the following steps:
Certification request is sent to target firewall, so that the target firewall use connects by the target api interface The random number in the certification request received recalculate obtain the second cryptographic Hash, will second cryptographic Hash and First password cryptographic Hash in the certification request compares, so that completion is to the verifying of the certification request described first When cryptographic Hash is consistent with second cryptographic Hash, determine that the certification request passes through.
It should be noted that the certification request includes user name, random number and first password cryptographic Hash, naturally it is also possible to Including other information, the present embodiment is without restriction to this, the first password cryptographic Hash be by the random number encryption after Obtained cryptographic Hash;The target firewall is after receiving the certification request that the target api interface is sent, Ke Yicong The random number is extracted in the certification request, the cryptographic Hash of password is recalculated according to the random number, as the second password Existing first password cryptographic Hash itself compares in cryptographic Hash, with the certification request, if the two is consistent, described in judgement Certification request passes through.
Further, the step is receiving when being proved to be successful information of the target firewall transmission, described in identification Target api interface is verified, specifically includes the following steps:
When the target firewall verifying first password cryptographic Hash is consistent with second cryptographic Hash, receive Effective token in the preset time that the target firewall generates;
Using the token as information is proved to be successful, assert that the target api interface is verified.
It is understood that verifying the first password cryptographic Hash and second cryptographic hash in the target firewall When being worth consistent, i.e., certification request described in task is out of question, and effective token token within a preset time can be generated at this time, after The request of continuous safety perception server will be with this token, using the token as information is proved to be successful, to assert The target api interface is verified.
The present embodiment sends certification request to target firewall through the above scheme, by the target api interface, so that The target firewall verifies the certification request;Information is proved to be successful receive that the target firewall sends When, assert that the target api interface is verified;It executes and mesh is sent for the analysis data by the target api interface The step of marking firewall, ensure that the stability and accuracy of data transmission interface, improve the efficiency of data transmission, and then contract The short time of intranet security threat detection, improve the defence capability to Intranet attack, avoid hacker attack to user with The loss come, the user experience is improved.
The present invention further provides a kind of security threat processing systems.
It is the functional block diagram of security threat processing system first embodiment of the present invention referring to Fig. 4, Fig. 4.
In security threat processing system first embodiment of the present invention, which includes:
Data acquisition module 10 is detecting Intranet there are when security threat, to the peace for perceiving server safely Complete threaten is analyzed, and analysis data are obtained.
It should be noted that the safety perception server can carry out real-time monitoring to Intranet, detecting that Intranet deposits In security threat, the security threat can be analyzed, obtain corresponding analysis data, the Intranet is detected, Real-time monitoring can be carried out to the flow generated in Intranet using flow as test object, in flow there are when suspected threat, carried out Corresponding analysis is also possible to be browsed record using Intranet as test object progress corresponding analysis, is can also be certainly with other Test object of the information as Intranet, so that it is determined that security threat, the present embodiment is without restriction to this.
In the concrete realization, server can be perceived safely by deeply convinced to be monitored Intranet, is pacified by deeply convinced Full aware services device is using full flow analysis as core, in conjunction with threat information, behavioural analysis modeling, user and entity behavioural analysis It is (User and Entity Behavior Analysis, UEBA), Host Detection of falling, figure association analysis, machine learning, big Data relation analysis, visualization technology, to the whole network flow realize the whole network business visualization, threaten visualization, attack with it is suspicious Traffic visualization etc. realizes the monitoring to Intranet.
Interface determining module 20, for determining corresponding interface type according to the analysis data, according to the interface class Type determines target api interface.
It should be noted that can determine interface type corresponding with the analysis data, institute according to the analysis data Stating interface type includes but is not limited to authorization interface, application strategy interface and user's group interface, can by different interface types With the different application programming interface of determination (Application Programming Interface, API), api interface is Some functions predetermined, it is therefore an objective to application program be provided and developer is based on certain software or hardware is able to one group of example of access The ability of journey, and be not necessarily to access source code, or understand the details of internal work mechanism;It can be determined by different interface types Corresponding api interface, to realize the transmission of different data.
Processing module 30, for sending target firewall for the analysis data by the target api interface, so that The target firewall is handled the security threat according to the analysis data.
It, can be by target api interface by the analysis data it is understood that after target api interface has been determined It is sent to target firewall, thus handle the target firewall to the security threat according to the analysis data, Specified movement is executed to relevant target, for example, the IP of block attacker, or the behavior of security threat is intercepted Deng other processing, the present embodiment is without restriction to this.
In the concrete realization, the target firewall can use deeply convinced next generation firewall, by with the sense of security The linkage for knowing server intercepts the attack for entering Intranet around firewall boundaries defence, can make up static defence Deficiency, naturally it is also possible to be that the inspection attacked Intranet is realized in conjunction with safety perception server using universal general firewall It surveys, early warning and response are disposed.
The present embodiment through the above scheme, by perceive safely server detect Intranet there are when security threat, it is right The security threat is analyzed, and analysis data are obtained;Corresponding interface type is determined according to the analysis data, according to described Interface type determines target api interface;Target firewall is sent by the analysis data by the target api interface, with Handle the target firewall to the security threat according to the analysis data, by perceiving server and mesh safely The linkage for marking firewall intercepts the attack for entering Intranet around boundary defence, compensates for the deficiency of static defence, mentions The high defence capability to Intranet attack, avoids hacker attack and gives the loss of user's bring, the user experience is improved.
In addition, the embodiment of the present invention also proposes a kind of storage medium, security threat processing is stored on the storage medium Program realizes following operation when the security threat processing routine is executed by processor:
It is detecting that Intranet there are when security threat, analyzes the security threat, is obtaining analysis data;
Corresponding interface type is determined according to the analysis data, and target api interface is determined according to the interface type;
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The security threat is handled according to the analysis data.
Further, following operation is also realized when the security threat processing routine is executed by processor:
The target api interface is verified, when the target api interface is verified, executes and passes through the mesh The step of analysis data are sent target firewall by mark api interface.
Further, following operation is also realized when the security threat processing routine is executed by processor:
Certification request is sent to target firewall, so that the target firewall is to described by the target api interface Certification request is verified;
When being proved to be successful information of the target firewall transmission is being received, is assert that the target api interface verifying is logical It crosses;
The step of execution sends target firewall for the analysis data by the target api interface.
Further, following operation is also realized when the security threat processing routine is executed by processor:
Certification request is sent to target firewall, so that the target firewall use connects by the target api interface The random number in the certification request received recalculate obtain the second cryptographic Hash, will second cryptographic Hash and First password cryptographic Hash in the certification request compares, so that completion is to the verifying of the certification request described first When cryptographic Hash is consistent with second cryptographic Hash, determine that the certification request passes through.
Further, following operation is also realized when the security threat processing routine is executed by processor:
When the target firewall verifying first password cryptographic Hash is consistent with second cryptographic Hash, receive Effective token in the preset time that the target firewall generates;
Using the token as information is proved to be successful, assert that the target api interface is verified.
Further, following operation is also realized when the security threat processing routine is executed by processor:
Target firewall is sent by the analysis data by the target api interface, so that the target firewall The analysis data are formatted, the analysis data after being converted according to format execute corresponding place to the security threat Reason operation.
Further, following operation is also realized when the security threat processing routine is executed by processor:
When receiving user and being executed instruction by the movement that web management interface inputs, refer in response to movement execution Order checks the analysis data.
The present embodiment through the above scheme, by perceive safely server detect Intranet there are when security threat, it is right The security threat is analyzed, and analysis data are obtained;Corresponding interface type is determined according to the analysis data, according to described Interface type determines target api interface;Target firewall is sent by the analysis data by the target api interface, with Handle the target firewall to the security threat according to the analysis data, by perceiving server and mesh safely The linkage for marking firewall intercepts the attack for entering Intranet around boundary defence, compensates for the deficiency of static defence, mentions The high defence capability to Intranet attack, avoids hacker attack and gives the loss of user's bring, the user experience is improved.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of security threat processing method, which is characterized in that the security threat processing method includes:
Safety perception server is detecting that Intranet there are when security threat, analyzes the security threat, analyzed Data;
Corresponding interface type is determined according to the analysis data, and target api interface is determined according to the interface type;
Send target firewall for the analysis data by the target api interface so that the target firewall according to The analysis data handle the security threat.
2. security threat processing method as described in claim 1, which is characterized in that described to be incited somebody to action by the target api interface The analysis data are sent to target firewall, so that the target firewall is according to the analysis data to the security threat Before being handled, the security threat processing method further include:
The target api interface is verified, when the target api interface is verified, execution passes through the target API The step of analysis data are sent target firewall by interface.
3. security threat processing method as claimed in claim 2, which is characterized in that described to be carried out to the target api interface Verifying, when the target api interface is verified, execution is sent the analysis data to by the target api interface It the step of target firewall, specifically includes:
Certification request is sent to target firewall, so that the target firewall is to the certification by the target api interface Request is verified;
When being proved to be successful information of the target firewall transmission is being received, is assert that the target api interface is verified;
The step of execution sends target firewall for the analysis data by the target api interface.
4. security threat processing method as claimed in claim 3, which is characterized in that described to be sent out by the target api interface Certification request is sent to specifically include to target firewall so that the target firewall verifies the certification request:
Certification request is sent to target firewall, so that the target firewall use receives by the target api interface The certification request in random number recalculate obtain the second cryptographic Hash, by second cryptographic Hash with it is described First password cryptographic Hash in certification request compares, so that completion is to the verifying of the certification request in the first password When cryptographic Hash is consistent with second cryptographic Hash, determine that the certification request passes through.
5. security threat processing method as claimed in claim 4, which is characterized in that described to receive the target firewall When being proved to be successful information of transmission, assert that the target api interface is verified, specifically includes:
When the target firewall verifying first password cryptographic Hash is consistent with second cryptographic Hash, described in reception Effective token in the preset time that target firewall generates;
Using the token as information is proved to be successful, assert that the target api interface is verified.
6. security threat processing method as claimed in claim 5, which is characterized in that described to be incited somebody to action by the target api interface The analysis data are sent to target firewall, so that the target firewall is according to the analysis data to the security threat It is handled, is specifically included:
Target firewall is sent by the analysis data by the target api interface, so that the target firewall is to institute It states analysis data to format, the analysis data after being converted according to format execute corresponding processing to the security threat and grasp Make.
7. such as security threat processing method of any of claims 1-6, which is characterized in that described to pass through the target The analysis data are sent target firewall by api interface, so that the target firewall is according to the analysis data to institute It states after security threat handled, the security threat processing method further include:
When receiving user and being executed instruction by the movement that web management interface inputs, executed instruction pair in response to the movement The analysis data are checked.
8. a kind of security threat processing system, which is characterized in that the security threat processing system includes:
Data acquisition module is detecting Intranet there are when security threat, to the security threat for perceiving server safely It is analyzed, obtains analysis data;
Interface determining module is determined for determining corresponding interface type according to the analysis data according to the interface type Target api interface;
Processing module, for sending target firewall for the analysis data by the target api interface, so that the mesh Mark firewall is handled the security threat according to the analysis data.
9. a kind of safety perception server, which is characterized in that the safety perception server includes: memory, processor and deposits Store up the security threat processing routine that can be run on the memory and on the processor, the security threat processing routine The step of security threat processing method being arranged for carrying out as described in any one of claims 1 to 7.
10. a kind of storage medium, which is characterized in that be stored with security threat processing routine, the safety on the storage medium Realizing the security threat processing method as described in any one of claims 1 to 7 when processing routine being threatened to be executed by processor Step.
CN201810993834.5A 2018-08-28 2018-08-28 Security threat processing method, system, safety perception server and storage medium Pending CN109120626A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810993834.5A CN109120626A (en) 2018-08-28 2018-08-28 Security threat processing method, system, safety perception server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810993834.5A CN109120626A (en) 2018-08-28 2018-08-28 Security threat processing method, system, safety perception server and storage medium

Publications (1)

Publication Number Publication Date
CN109120626A true CN109120626A (en) 2019-01-01

Family

ID=64861148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810993834.5A Pending CN109120626A (en) 2018-08-28 2018-08-28 Security threat processing method, system, safety perception server and storage medium

Country Status (1)

Country Link
CN (1) CN109120626A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719291A (en) * 2019-10-16 2020-01-21 杭州安恒信息技术股份有限公司 Network threat identification method and identification system based on threat information
CN112434894A (en) * 2019-08-23 2021-03-02 上海哔哩哔哩科技有限公司 Real-time risk control method, computer equipment and readable storage medium
CN112583843A (en) * 2020-12-23 2021-03-30 北京珞安科技有限责任公司 Joint protection system and method and computer equipment
CN113328996A (en) * 2021-05-08 2021-08-31 中国电子科技集团公司第三十研究所 Intelligent security policy configuration method based on target perception

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509006A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall and invasion detecting system linkage method
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN104601530A (en) * 2013-10-31 2015-05-06 中兴通讯股份有限公司 Implementing method and system for could security service
CN106789351A (en) * 2017-01-24 2017-05-31 华南理工大学 A kind of online intrusion prevention method and system based on SDN
CN107566420A (en) * 2017-10-27 2018-01-09 深信服科技股份有限公司 The localization method and equipment of a kind of main frame by malicious code infections
US20180041470A1 (en) * 2016-08-08 2018-02-08 Talari Networks Incorporated Applications and integrated firewall design in an adaptive private network (apn)
CN108449218A (en) * 2018-05-29 2018-08-24 广西电网有限责任公司 The network security situation sensing system of next-generation key message infrastructure

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509006A (en) * 2002-12-13 2004-06-30 联想(北京)有限公司 Firewall and invasion detecting system linkage method
CN103188344A (en) * 2013-02-22 2013-07-03 浪潮电子信息产业股份有限公司 Method for safely invoking REST API (representational state transfer, application programming interface)
CN104601530A (en) * 2013-10-31 2015-05-06 中兴通讯股份有限公司 Implementing method and system for could security service
US20180041470A1 (en) * 2016-08-08 2018-02-08 Talari Networks Incorporated Applications and integrated firewall design in an adaptive private network (apn)
CN106789351A (en) * 2017-01-24 2017-05-31 华南理工大学 A kind of online intrusion prevention method and system based on SDN
CN107566420A (en) * 2017-10-27 2018-01-09 深信服科技股份有限公司 The localization method and equipment of a kind of main frame by malicious code infections
CN108449218A (en) * 2018-05-29 2018-08-24 广西电网有限责任公司 The network security situation sensing system of next-generation key message infrastructure

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112434894A (en) * 2019-08-23 2021-03-02 上海哔哩哔哩科技有限公司 Real-time risk control method, computer equipment and readable storage medium
CN110719291A (en) * 2019-10-16 2020-01-21 杭州安恒信息技术股份有限公司 Network threat identification method and identification system based on threat information
CN112583843A (en) * 2020-12-23 2021-03-30 北京珞安科技有限责任公司 Joint protection system and method and computer equipment
CN113328996A (en) * 2021-05-08 2021-08-31 中国电子科技集团公司第三十研究所 Intelligent security policy configuration method based on target perception

Similar Documents

Publication Publication Date Title
EP3664411B1 (en) Generating attack graphs in agile security platforms
KR102017810B1 (en) Preventive Instrusion Device and Method for Mobile Devices
CN103842965B (en) Malware analysis system
JP4405248B2 (en) Communication relay device, communication relay method, and program
Serpanos et al. Security challenges in embedded systems
Schmerl et al. Architecture-based self-protection: composing and reasoning about denial-of-service mitigations
CN109120626A (en) Security threat processing method, system, safety perception server and storage medium
US20110276604A1 (en) Reputation based access control
EP3987728B1 (en) Dynamically controlling access to linked content in electronic communications
Johari et al. Penetration testing in IoT network
CN113868659B (en) Vulnerability detection method and system
CN111464526A (en) Network intrusion detection method, device, equipment and readable storage medium
CN113411295A (en) Role-based access control situation awareness defense method and system
US20190349756A1 (en) Sealant: security for end-users of android via light-weight analysis techniques
Zhu et al. Detecting privilege escalation attacks through instrumenting web application source code
Rao et al. A framework to automate cloud based service attacks detection and prevention
Korać et al. A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity
CN108429746B (en) Privacy data protection method and system for cloud tenants
CN110378120A (en) Application programming interfaces attack detection method, device and readable storage medium storing program for executing
Rouached et al. An efficient formal framework for intrusion detection systems
Barika et al. Agent IDS based on misuse approach
Elsbroek et al. Fidius: Intelligent support for vulnerability testing
Gaur et al. Prevention of Security Attacks in Cloud Computing
Jain et al. Web scanner: An innovative prototype for checking web vulnerability
Bhardwaj Cybersecurity Incident Response Against Advanced Persistent Threats (APTs)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190101

RJ01 Rejection of invention patent application after publication