CN109379384A - Wireless network secure partition method, device and electronic equipment - Google Patents

Wireless network secure partition method, device and electronic equipment Download PDF

Info

Publication number
CN109379384A
CN109379384A CN201811509106.9A CN201811509106A CN109379384A CN 109379384 A CN109379384 A CN 109379384A CN 201811509106 A CN201811509106 A CN 201811509106A CN 109379384 A CN109379384 A CN 109379384A
Authority
CN
China
Prior art keywords
data packet
transmission data
object transmission
isolation
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811509106.9A
Other languages
Chinese (zh)
Inventor
李舒
范群滔
黄翠莲
刘永平
赖阳涌
古俊馥
周永强
李伟青
王映萍
刘燕龙
胡红
李旺
戴金万
黄晓明
田康
陈文娟
刘新让
甘斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN201811509106.9A priority Critical patent/CN109379384A/en
Publication of CN109379384A publication Critical patent/CN109379384A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • G06F18/24155Bayesian classification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity

Abstract

The present invention provides a kind of wireless network secure partition method, device and electronic equipments, are related to technical field of network security, this method comprises: obtaining object transmission data packet to be isolated;Determine the security level of the object transmission data packet;According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.Wireless network secure partition method, device and electronic equipment provided by the invention, judged by the security level to object transmission data packet, different partition methods is used further according to different security levels, the ability for improving power distribution network wireless public network communication multi-service operation, data security transmission, to provide guarantee for the multiple services safe and stable operation of power distribution network.

Description

Wireless network secure partition method, device and electronic equipment
Technical field
The present invention relates to technical field of network security, more particularly, to a kind of wireless network secure partition method, device and Electronic equipment.
Background technique
Important component of the electric power terminal communication access net as smart grid, the end in electric power communication network End, wide coverage, communication node are more dispersed.As network coverage and construction scale expand year by year, light is only relied only on Fiber communication has been difficult to meet different zones, all demands of different business.Therefore, the ground covered is difficult in Networks of Fiber Communications Area, selecting reasonable cordless communication network is the important link of building security, reliable, real-time, economic electric power terminal access net.
Current electric power terminal communication access net, in particular by the network of wireless public network access technology, in multiple service supporting There is also many problems with network performance evaluation aspect.Since the access service type of power distribution network wireless public network is more and more, respectively The data volume of business transmission is very huge, and data exchange frequency improves, the situation of system concurrency processing capacity deficiency, wireless network It is easier experience rogue attacks relative to wired network system and invades, usurp, wireless user's information is ravesdropping, wirelessly fishing is attacked The a series of safety problem such as hit, it is therefore desirable to which security isolation is carried out to the data transmission of each business.
The method of wireless network secure isolation at present has very much, including based on wireless access shared (RAN-SHARING) and Based on physically-isolated multiple service supporting isolation scheme, more APN (Access Point Name, access point) logic isolation scheme Etc. a variety of methods, but it is substantially and is directed to for electric power wireless private network field, and do not meet wireless public network demand and Related service situation, and the research in terms of distribution business wireless public network security isolation is seldom.So using existing wireless network When network security isolation method, power distribution network wireless public network communication multi-service operation, the ability of data security transmission are poor.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of wireless network secure partition method, device and electronic equipment, To improve the ability of power distribution network wireless public network communication multi-service operation, data security transmission, to be the multiple services peace of power distribution network Full stable operation provides safeguard.
In a first aspect, being applied to multiple services nothing the embodiment of the invention provides a kind of wireless network secure partition method Line public network, which comprises
Obtain object transmission data packet to be isolated;
Determine the security level of the object transmission data packet;
According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein institute State the security level for determining the object transmission data packet, comprising:
Extract the service feature of the object transmission data packet;
Classification processing is carried out using service feature of the preparatory trained classifier to the object transmission data packet, is obtained The class of service of the object transmission data packet;
The security level of the object transmission data packet is determined according to the class of service of the object transmission data packet.
The possible embodiment of with reference to first aspect the first, the embodiment of the invention provides second of first aspect Possible embodiment, wherein the classifier is trained in the following manner:
Obtain training sample;Wherein, the training sample includes the transmission data packet of corresponding multiple classs of service;
Extract the service feature of the training sample;
The classifier is trained according to the service feature of the training sample and corresponding class of service.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein institute The security level according to the object transmission data packet is stated, isolation processing is carried out to the object transmission data packet, comprising:
According to the corresponding relationship of the security level of the object transmission data packet and preset security level and isolation scheme, Determine the corresponding target isolation scheme of the object transmission data packet;
Isolation processing is carried out to the object transmission data packet using the target isolation scheme.
The third possible embodiment with reference to first aspect, the embodiment of the invention provides the 4th kind of first aspect Possible embodiment, wherein the target isolation scheme includes any one of following: logic isolation, channel isolation, port Isolation and physical isolation.
Second aspect, the embodiment of the present invention also provide a kind of wireless network secure isolating device, are applied to multiple services nothing Line public network, described device include:
Module is obtained, for obtaining object transmission data packet to be isolated;
Determining module, for determining the security level of the object transmission data packet;
Isolation module, for the security level according to the object transmission data packet, to the object transmission data packet into Row isolation processing.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein institute Determining module is stated to be specifically used for:
Extract the service feature of the object transmission data packet;
Classification processing is carried out using service feature of the preparatory trained classifier to the object transmission data packet, is obtained The class of service of the object transmission data packet;
The security level of the object transmission data packet is determined according to the class of service of the object transmission data packet.
In conjunction with the first possible embodiment of second aspect, the embodiment of the invention provides second of second aspect Possible embodiment, wherein described device further includes training module, and the training module is used for:
Obtain training sample;Wherein, the training sample includes the transmission data packet of corresponding multiple classs of service;
Extract the service feature of the training sample;
The classifier is trained according to the service feature of the training sample and corresponding class of service.
In conjunction with second aspect, the embodiment of the invention provides the third possible embodiments of second aspect, wherein institute Isolation module is stated to be specifically used for:
According to the corresponding relationship of the security level of the object transmission data packet and preset security level and isolation scheme, Determine the corresponding target isolation scheme of the object transmission data packet;
Isolation processing is carried out to the object transmission data packet using the target isolation scheme.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, the memory In be stored with the computer program that can be run on the processor, the processor is realized when executing the computer program State method described in first aspect or its any possible embodiment.
The embodiment of the present invention bring it is following the utility model has the advantages that
In the embodiment of the present invention, object transmission data packet to be isolated is obtained;Determine the safety of the object transmission data packet Grade;According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.The present invention is implemented Example provide wireless network secure partition method, device and electronic equipment, by the security level to object transmission data packet into Row judgement uses different partition methods further according to different security levels, improves the communication multi-service of power distribution network wireless public network It runs, the ability of data security transmission, to provide guarantee for the multiple services safe and stable operation of power distribution network.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification and attached drawing Specifically noted structure is achieved and obtained.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of wireless network secure partition method provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of trained classifier provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of wireless network secure isolating device provided in an embodiment of the present invention;
Fig. 4 is the structural schematic diagram of another wireless network secure isolating device provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Wireless public network is laid with the communications cable due to not needing, and eliminates the corresponding communications cable and corresponding erection, reduces Information risk of missing and difficulty of construction, are applied in distribution network more and more widely.As wireless public network is being matched Popularization and application in power grid, carry power distribution network type of business and data bulk all has a big promotion, it is therefore desirable to right The data of different business carry out security isolation in power distribution network wireless public network.
Demand due to different energy communication services to communication quality with communication security is different, wirelessly communicates number to power distribution network It is put forward new requirements according to transmission channel security isolation.Class of safety protection requirement of the different distribution network services to wireless public network Different from;Meanwhile power distribution network wirelessly communicates the risk concurrent there are emergency event and multiple affair, it is therefore desirable to each business Data transmission carries out security isolation.Based on this, a kind of wireless network secure partition method provided in an embodiment of the present invention, device and Electronic equipment can realize power distribution network wireless communication different business data according to the demand for security of wireless public network different business Safe transmission provides safeguard to improve power distribution network multi-services ability.
For convenient for understanding the present embodiment, first to a kind of wireless network secure disclosed in the embodiment of the present invention every It describes in detail from method.
Embodiment one:
The embodiment of the invention provides a kind of wireless network secure partition method, this method is applied to multiple services wireless public affairs Net can be executed by the electronic equipment of business main website.This method is for power distribution network wireless communication multi-service operation, each business number According to big feature is measured, switch isolation scheme according to the security level of business, it is different that power distribution network wireless communication not only may be implemented The safe transmission of business datum also provides guarantee to improve the multiple services safe and stable operation of power distribution network.
Fig. 1 is a kind of flow diagram of wireless network secure partition method provided in an embodiment of the present invention, such as Fig. 1 institute Show, this method including the following steps:
Step S102 obtains object transmission data packet to be isolated.
For the power distribution network wireless public network of multi-service operation, business main website obtains the data packet transmitted in the wireless public network (transmission data).
Step S104 determines the security level of above-mentioned object transmission data packet.
In some possible embodiments, it is contemplated that the corresponding security level of different business is different, business main website root Channel is isolated according to what power distribution network class of service and system main website established different safety class.Based on this, above-mentioned steps S104 includes: Extract the service feature of object transmission data packet;Using preparatory trained classifier to the service feature of object transmission data packet Classification processing is carried out, the class of service of the object transmission data packet is obtained;Class of service according to the object transmission data packet is true The security level of the fixed object transmission data packet.
Step S106 is isolated the object transmission data packet according to the security level of above-mentioned object transmission data packet Processing.
Specifically, the corresponding relationship of security level and isolation scheme is previously stored in business main website, it can be first according to mesh The security level of mark transmission data packet and the corresponding relationship of the security level and isolation scheme, determine that object transmission data packet is corresponding Target isolation scheme;Then isolation processing is carried out to object transmission data packet using the target isolation scheme.
In some possible embodiments, isolation scheme according to sequence from low to high include logic isolation, channel every From, port isolation and physical isolation.Based on this, target isolation scheme includes any one of following: logic isolation, channel every From, port isolation and physical isolation.
In the embodiment of the present invention, object transmission data packet to be isolated is obtained;Determine the safety of the object transmission data packet Grade;According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.The present invention is implemented The wireless network secure partition method that example provides, is judged by the security level to object transmission data packet, further according to not Same security level uses different partition methods, improves power distribution network wireless public network communication multi-service operation, data safety passes Defeated ability, to provide guarantee for the multiple services safe and stable operation of power distribution network.
In one possible implementation, by Bayesian Classification Arithmetic to the class of service of object transmission data packet into Row judgement, further according to security level corresponding from class of service using different isolation schemes to object transmission data packet carry out every From so that the safe transmission for improving power distribution network wireless communication data business (improves the operation of power distribution network secure wireless communication Ability), create advantageous condition for the safe and stable operation of power distribution network.
Fig. 2 is a kind of flow diagram of trained classifier provided in an embodiment of the present invention, as shown in Fig. 2, using pattra leaves This sorting algorithm passes through following steps training classifier:
Step S202 obtains training sample.
Wherein, above-mentioned training sample includes the transmission data packet of corresponding multiple classs of service.Assuming that there is k class of service pair The k training sample A answered1、A2···、Ak, the class of service collection of training sample is denoted as B=(y1,y2,…,yk)。
Step S204 extracts the service feature of above-mentioned training sample.
Business main website carries out feature extraction to above-mentioned training sample, obtains characteristic attribute (the business spy of each training sample Sign) X=(a1,a2,…,am) (being assumed to be m dimensional vector).
Step S206 is trained classifier according to the service feature of above-mentioned training sample and corresponding class of service.
The frequency of occurrences and each characteristic attribute of each class of service in training sample is calculated to divide to each service class Other conditional probability estimation.Input is the corresponding relationship of characteristic attribute and characteristic attribute and class of service, and output is classifier.
Specifically, it calculates separately each characteristic attribute and divides and the conditional probability of each class of service is estimated: P (a1|y1), P (a2|y1), P (am|y1);P(a1|y2), P (a2|y2), P (am|y2);···;P(a1|yk), P (a2| yk), P (am|yk).In one possible implementation, it can count to obtain each characteristic attribute division to each The conditional probability of class of service is estimated.
In addition, having following derivation according to Bayes' theorem if each characteristic attribute is conditional sampling:
Wherein, yiIndicate the class of service of i-th of training sample, P (yi) indicate y in training sampleiFrequency, P (X) table Show the frequency of characteristic attribute X in training sample.Because denominator is that constant need to only maximize molecule for all classs of service, together When consider that each characteristic condition is independent, then have formula (2):
Based on this, when being classified using the classifier of above-mentioned training, each training sample can be calculated according to formula (2) P (X | yi)P(yi), with P (X | yi)P(yi) maximal term is as the affiliated class of service of characteristic attribute X.
The embodiment of the present invention in order to improve power distribution network wireless public network communication multi-service operation, data security transmission ability, In conjunction with Bayesian Classification Arithmetic, a kind of wireless network secure isolation side based on business safety grade switching isolation scheme is proposed Method.This method is judged by class of service of the Bayesian Classification Arithmetic to transmission data packet, further according to the different peace of business Congruent grade uses different isolation schemes.This method may insure the harmful attack of isolation wireless public network, except trustable network Under the premise of guaranteeing that trustable network internal information does not leak, the secure exchange of data between net is completed.It is this different according to business Security level carry out multiple network isolation technology switching, compensate for the deficiency of existing safe practice, have advantage outstanding. The method achieve the safe transmissions of power distribution network wireless communication different business data, mention to improve power distribution network multi-services ability It has supplied to ensure, has protected wireless public network high degree of safety network environment.
In summary, method provided in an embodiment of the present invention has the advantages that
(1) feature big for power distribution network wireless communication multi-service operation, each business datum amount, using logic isolation, letter The scheme of road isolation, the four kinds of security isolation methods switching of port isolation and physical isolation, it can be ensured that according to the specific need of network It asks to select suitable security isolation method, has saved Internet resources, improve the resource utilization of network.
(2) by Bayesian Classification Arithmetic learn and classify process high efficiency, to power distribution network secure wireless communication every From method switch over, effectively improve power distribution network secure wireless communication isolation efficiency, ensured that power distribution network is multiple services Safe and stable operation.
Embodiment two:
Corresponding to the method for above-described embodiment one, the embodiment of the invention also provides a kind of isolation of wireless network secure to fill It sets, which is applied to multiple services wireless public network, as shown in figure 3, the device includes:
Module 32 is obtained, for obtaining object transmission data packet to be isolated;
Determining module 34, for determining the security level of object transmission data packet;
Isolation module 36, for the security level according to object transmission data packet, to the object transmission data packet carry out every From processing.
Optionally, above-mentioned determining module 34 is specifically used for:
Extract the service feature of the object transmission data packet;Using preparatory trained classifier to object transmission data The service feature of packet carries out classification processing, obtains the class of service of object transmission data packet;According to the industry of object transmission data packet Business classification determines the security level of the object transmission data packet.
Fig. 4 is the structural schematic diagram of another wireless network secure isolating device provided in an embodiment of the present invention, such as Fig. 4 institute Show, on the basis of Fig. 3, which further includes training module 38, and training module 38 is used for:
Obtain training sample;Wherein, training sample includes the transmission data packet of corresponding multiple classs of service;Extract training sample This service feature;Classifier is trained according to the service feature of training sample and corresponding class of service.
Optionally, above-mentioned isolation module 36 is specifically used for:
According to the corresponding relationship of the security level of object transmission data packet and preset security level and isolation scheme, determine The corresponding target isolation scheme of object transmission data packet;Object transmission data packet is carried out at isolation using target isolation scheme Reason.
Optionally, above-mentioned target isolation scheme includes any one of following: logic isolation, channel isolation, port isolation And physical isolation.
In the embodiment of the present invention, object transmission data packet to be isolated is obtained;Determine the safety of the object transmission data packet Grade;According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.The present invention is implemented The wireless network secure isolating device that example provides, is judged by the security level to object transmission data packet, further according to not Same security level uses different partition methods, improves power distribution network wireless public network communication multi-service operation, data safety passes Defeated ability, to provide guarantee for the multiple services safe and stable operation of power distribution network.
Embodiment three:
Referring to Fig. 5, the embodiment of the present invention also provides a kind of electronic equipment 100, comprising: processor 40, memory 41, bus 42 and communication interface 43, the processor 40, communication interface 43 and memory 41 are connected by bus 42;Processor 40 is for holding The executable module stored in line storage 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, RandomAccessMemory), can also It can further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Pass through at least one A communication interface 43 (can be wired or wireless) realizes the communication link between the system network element and at least one other network element It connects, internet, wide area network, local network, Metropolitan Area Network (MAN) etc. can be used.
Bus 42 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 5, it is not intended that an only bus or A type of bus.
Wherein, memory 41 is for storing program, and the processor 40 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle In device 40, or realized by processor 40.
Processor 40 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 40 or the instruction of software form.Above-mentioned Processor 40 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 41, and processor 40 reads the information in memory 41, in conjunction with Its hardware completes the step of above method.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description And the specific work process of electronic equipment, it can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
Wireless network secure isolating device provided in an embodiment of the present invention and electronic equipment, with nothing provided by the above embodiment Gauze network security isolation method technical characteristic having the same reaches identical skill so also can solve identical technical problem Art effect.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table It is not limit the scope of the invention up to formula and numerical value.
The flow chart and block diagram in the drawings show the productions of the method and computer program of multiple embodiments according to the present invention The architecture, function and operation in the cards of product.In this regard, each box in flowchart or block diagram can represent one A part of a module, section or code, a part of the module, section or code include one or more for real The executable instruction of logic function as defined in existing.It should also be noted that in some implementations as replacements, it is marked in the box Function can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually substantially simultaneously It executes capablely, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that frame The combination of figure and/or each box in flow chart and the box in block diagram and or flow chart, can be as defined in executing Function or the dedicated hardware based system of movement are realized, or can be come using a combination of dedicated hardware and computer instructions It realizes.
The computer program product of wireless network secure partition method, including storage are carried out provided by the embodiment of the present invention The computer readable storage medium of the executable non-volatile program code of processor, the instruction that said program code includes can For executing previous methods method as described in the examples, specific implementation can be found in embodiment of the method, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it Its mode is realized.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can combine Or it is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed phase Coupling, direct-coupling or communication connection between mutually can be through some communication interfaces, the INDIRECT COUPLING of device or unit or Communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of wireless network secure partition method, which is characterized in that be applied to multiple services wireless public network, the method packet It includes:
Obtain object transmission data packet to be isolated;
Determine the security level of the object transmission data packet;
According to the security level of the object transmission data packet, isolation processing is carried out to the object transmission data packet.
2. the method according to claim 1, wherein the safety etc. of the determination object transmission data packet Grade, comprising:
Extract the service feature of the object transmission data packet;
Classification processing is carried out using service feature of the preparatory trained classifier to the object transmission data packet, is obtained described The class of service of object transmission data packet;
The security level of the object transmission data packet is determined according to the class of service of the object transmission data packet.
3. according to the method described in claim 2, it is characterized in that, the classifier is trained in the following manner:
Obtain training sample;Wherein, the training sample includes the transmission data packet of corresponding multiple classs of service;
Extract the service feature of the training sample;
The classifier is trained according to the service feature of the training sample and corresponding class of service.
4. the method according to claim 1, wherein the safety etc. according to the object transmission data packet Grade carries out isolation processing to the object transmission data packet, comprising:
According to the corresponding relationship of the security level of the object transmission data packet and preset security level and isolation scheme, determine The corresponding target isolation scheme of the object transmission data packet;
Isolation processing is carried out to the object transmission data packet using the target isolation scheme.
5. according to the method described in claim 4, it is characterized in that, the target isolation scheme includes any one of following: Logic isolation, channel isolation, port isolation and physical isolation.
6. a kind of wireless network secure isolating device, which is characterized in that be applied to multiple services wireless public network, described device packet It includes:
Module is obtained, for obtaining object transmission data packet to be isolated;
Determining module, for determining the security level of the object transmission data packet;
Isolation module, for the security level according to the object transmission data packet, to the object transmission data packet carry out every From processing.
7. device according to claim 6, which is characterized in that the determining module is specifically used for:
Extract the service feature of the object transmission data packet;
Classification processing is carried out using service feature of the preparatory trained classifier to the object transmission data packet, is obtained described The class of service of object transmission data packet;
The security level of the object transmission data packet is determined according to the class of service of the object transmission data packet.
8. device according to claim 7, which is characterized in that described device further includes training module, the training module For:
Obtain training sample;Wherein, the training sample includes the transmission data packet of corresponding multiple classs of service;
Extract the service feature of the training sample;
The classifier is trained according to the service feature of the training sample and corresponding class of service.
9. device according to claim 6, which is characterized in that the isolation module is specifically used for:
According to the corresponding relationship of the security level of the object transmission data packet and preset security level and isolation scheme, determine The corresponding target isolation scheme of the object transmission data packet;
Isolation processing is carried out to the object transmission data packet using the target isolation scheme.
10. a kind of electronic equipment, including memory, processor, it is stored with and can runs on the processor in the memory Computer program, which is characterized in that the processor realizes any one of claim 1-5 when executing the computer program The method.
CN201811509106.9A 2018-12-10 2018-12-10 Wireless network secure partition method, device and electronic equipment Pending CN109379384A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811509106.9A CN109379384A (en) 2018-12-10 2018-12-10 Wireless network secure partition method, device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811509106.9A CN109379384A (en) 2018-12-10 2018-12-10 Wireless network secure partition method, device and electronic equipment

Publications (1)

Publication Number Publication Date
CN109379384A true CN109379384A (en) 2019-02-22

Family

ID=65373068

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811509106.9A Pending CN109379384A (en) 2018-12-10 2018-12-10 Wireless network secure partition method, device and electronic equipment

Country Status (1)

Country Link
CN (1) CN109379384A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110516442A (en) * 2019-08-29 2019-11-29 南方电网科学研究院有限责任公司 A kind of power distribution network safety defense system, method, apparatus, equipment and storage medium
CN113055950A (en) * 2019-12-27 2021-06-29 成都鼎桥通信技术有限公司 Method and device for switching public network and private network
CN116341824A (en) * 2023-02-01 2023-06-27 江苏瑞莫德电气科技有限公司 Intelligent power grid transformer substation management system and method based on cloud computing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1791008A (en) * 2004-12-17 2006-06-21 北邮英科(北京)信息技术研究所有限公司 Isolation method and isolation switch apparatus between multiple different safety class networks
CN102043920A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Access quarantine method of public file in data divulgence protection system
CN102843385A (en) * 2012-09-24 2012-12-26 东南大学 Method for guarding against side channel attack virtual machine in cloud computing environment
CN103581183A (en) * 2013-10-30 2014-02-12 华为技术有限公司 Virtualization security isolation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1791008A (en) * 2004-12-17 2006-06-21 北邮英科(北京)信息技术研究所有限公司 Isolation method and isolation switch apparatus between multiple different safety class networks
CN102043920A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Access quarantine method of public file in data divulgence protection system
CN102843385A (en) * 2012-09-24 2012-12-26 东南大学 Method for guarding against side channel attack virtual machine in cloud computing environment
CN103581183A (en) * 2013-10-30 2014-02-12 华为技术有限公司 Virtualization security isolation method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王永成: "《机载多传感器管理与信息融合技术》", 30 September 2014 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110516442A (en) * 2019-08-29 2019-11-29 南方电网科学研究院有限责任公司 A kind of power distribution network safety defense system, method, apparatus, equipment and storage medium
CN113055950A (en) * 2019-12-27 2021-06-29 成都鼎桥通信技术有限公司 Method and device for switching public network and private network
CN116341824A (en) * 2023-02-01 2023-06-27 江苏瑞莫德电气科技有限公司 Intelligent power grid transformer substation management system and method based on cloud computing

Similar Documents

Publication Publication Date Title
CN109379384A (en) Wireless network secure partition method, device and electronic equipment
CN110276210A (en) Based on the determination method and device of the model parameter of federation's study
CN102904794A (en) Method and device for mapping virtual network
CN108027789A (en) The service quality of interconnection piece with multistage arbitration
CN105721354B (en) Network-on-chip interconnected method and device
CN104125153B (en) Method for discovering network topology and equipment
CN108173727A (en) A kind of intelligent appliance method of network entry and equipment
CN107370685A (en) A kind of internet-of-things terminal cut-in method and device
CN109587072A (en) Distributed system overall situation speed limiting system and method
CN113890831B (en) Method, device and storage medium for simulating network equipment
CN109739433A (en) The method and terminal device of data processing
CN109558518A (en) The method, apparatus and storage medium of community discovery in a kind of determining social networks
CN109039826B (en) Collecting method, device and electronic equipment
CN107277896A (en) Wifi hotspot management method, device and terminal device
CN104618231B (en) Deep packet identification method, device and system in the Wi-fi systems of high in the clouds
CN104484619B (en) It is a kind of to solve the method that client multi-logical channel accesses PKCS#15 file conflicts
CN108234687A (en) A kind of smart IP address configuration method, device and terminal device
CN108966350A (en) A kind of method and apparatus selecting wireless router bandwidth
CN110597248B (en) Park unmanned intelligent inspection method, device, equipment and storage medium
CN109784795A (en) Inventory status calculation method, device, equipment and medium
CN114979148B (en) Data transmission method, device and computer readable storage medium
CN107294812B (en) Network detecting method, network detection device and intelligent terminal
CN109242321A (en) Custom power load on-line analysis and terminal device
CN109949421A (en) Triangulation network cutting method and device
CN109523634A (en) Optimize the method and device of grid

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190222