CN109802960A - Firewall policy processing method and processing device, computer equipment and storage medium - Google Patents
Firewall policy processing method and processing device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN109802960A CN109802960A CN201910017248.1A CN201910017248A CN109802960A CN 109802960 A CN109802960 A CN 109802960A CN 201910017248 A CN201910017248 A CN 201910017248A CN 109802960 A CN109802960 A CN 109802960A
- Authority
- CN
- China
- Prior art keywords
- security
- flows
- nonredundancy
- firewall
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention provides a kind of firewall policy processing method and processing device, computer equipment and computer readable storage mediums, wherein the firewall policy processing method includes: to acquire the initial network data on flows for entering and leaving firewall in the first preset time period in real time;The initial network data on flows is inputted in trained flow detection model in advance, abnormal flow data wherein included are identified and remove, to obtain target network data on flows;Determine all nonredundancy security strategies for including in all security strategies of the firewall;Processing is optimized to the putting in order for all nonredundancy security strategies according to the target network data on flows.According to the technical solution of the present invention, it can reduce the randomness in tactful sequence determination process, the sequence of firewall policy is reasonably determined with more scientific, and the sequence of firewall policy can be adjusted according to the sequence of the optimized processing, thus the safety for enhancing the protective action of firewall, improving firewall.
Description
Technical field
The present invention relates to firewall policy optimisation technique fields, in particular to firewall policy processing method, fire prevention
Wall strategy processing unit, computer equipment and computer readable storage medium.
Background technique
Currently, existing traditional firewall policy sequence method of determination are as follows: life of the administrator generally according to firewall policy
Middle number is arranged firewall policy by hits descending order.But the life of firewall policy that administrator is generally seen
Middle number is all the flow in the short period and is random flow, can not embody actual regular traffic flow size, so
Determine that the sequence of firewall policy lacks reasonability according to flow in a short time and at random.Moreover, because the life of firewall policy
Middle number is usually to be determined by administrator's subjectivity, i.e., administrator subjectively thinks that some flow is larger just its corresponding firewall
Strategy is placed on front, that is to say, that and the big firewall policy of network flow comes front, then when policing rule is when changeable,
Administrator's subjectivity also bad determining uninterrupted, it is seen that by the side of its sequence of hits administrator's manual configuration of firewall policy
Formula randomness is larger and lacks scientific.
Therefore, how more rationally scientifically to determine firewall sequence, become technical problem urgently to be resolved.
Summary of the invention
The present invention is directed to solve at least one of the technical problems existing in the prior art or related technologies.
It, can more section for this purpose, an object of the present invention is to provide a kind of new firewall policy processing method
The sequence of firewall policy is learned and reasonably determines, the sequence of firewall policy can be adjusted according to optimal sequential optimization.
It is another object of the present invention to correspondences to propose firewall policy processing unit, computer equipment and computer
Readable storage medium storing program for executing.
To realize at least one above-mentioned purpose, according to the first aspect of the invention, a kind of firewall policy processing is proposed
Method, comprising: enter and leave the initial network data on flows of firewall in the first preset time period of acquisition in real time;By the initial network
Data on flows inputs in trained flow detection model in advance, identifies and remove abnormal flow data wherein included, with
To target network data on flows;Determine all nonredundancy security strategies for including in all security strategies of the firewall;Root
Processing is optimized to the putting in order for all nonredundancy security strategies according to the target network data on flows.
In the technical scheme, it is identified and is removed in the first preset time period based on preparatory trained flow detection model
The abnormal flow data in the initial network data on flows of firewall are entered and left in real time, are not had to remove in initial network data on flows
There are general and lasting stochastic-flow data, to embody actual normal data flow size, and to the peace of firewall
Full strategy carries out de-redundancy processing, then according to the target network data on flows obtained after removal abnormal flow data to through de-redundant
The remaining obtained all nonredundancy security strategies that handle are ranked up optimization processing, in this way, can reduce tactful sequence determination process
In randomness, the sequence of firewall policy is reasonably determined with more scientific, and can be according to the suitable of the optimized processing
Sequence adjusts the sequence of firewall policy, thus the safety for enhancing the protective action of firewall, improving firewall.
In the above-mentioned technical solutions, it is preferable that it is described according to the target network data on flows to all nonredundancies
Putting in order for security strategy optimizes processing, comprising: by each network flow data in the target network data on flows
Field information matched respectively with each nonredundancy security strategy;Statistics and each nonredundancy security strategy
The data on flows sum matched, using the hits as the target network data on flows to each nonredundancy security strategy;
The optimal ordering of all nonredundancy security strategies is determined according to the hits of each nonredundancy security strategy;According to institute
It states optimal ordering and adjusts putting in order for all nonredundancy security strategies.
In the technical scheme, de-redundancy is handled when according to the target network data on flows for not including abnormal flow data
When the sequence of all nonredundancy security strategies of obtained firewall is adjusted, the word based on each target network data on flows
The match condition of segment information and each nonredundancy security strategy determines the hits of each nonredundancy security strategy, and then then can be with
Optimal ordering is reasonably obtained according to each hits science, for adjusting putting in order for all nonredundancy security strategies.
Further, in the above-mentioned technical solutions, the optimal ordering is preferably in the form of sequential optimization suggests report
Output, then adjusting further tying when putting in order for administrator for all nonredundancy security strategies based on optimal ordering
Actual needs is closed, keeps sequence adjusted more reasonable.
In any of the above-described technical solution, it is preferable that include in all security strategies of the determination firewall
All nonredundancy security strategies, comprising: according to the initial arrangement sequence of all security strategies, successively by two adjacent peaces
The first security strategy being arranged in front in full strategy is compared with posterior second security strategy is arranged;It is true according to comparison result
The redundant safety strategy for including in fixed all security strategies, and the redundant safety strategy is successively deleted, it is described to obtain
All nonredundancy security strategies.
In the technical scheme, when carrying out de-redundancy processing to all security strategies of firewall, successively by existing residue
All security strategies in adjacent two security strategies according to the front and back precedence in initial arrangement sequence to be compared screening superfluous
Remaining security strategy, and to all further delete operations of redundant safety strategy execution, to complete to all security strategies
It simplifies to obtain all nonredundancy security strategies, helps to improve the regulated efficiency to put in order to the security strategy of firewall.
In any of the above-described technical solution, it is preferable that described determined in all security strategies according to comparison result is wrapped
The redundant safety strategy contained, and the redundant safety strategy is successively deleted, to obtain all nonredundancy security strategies, packet
It includes: when determining that first security strategy includes second security strategy, using second security strategy as described superfluous
Remaining security strategy is deleted;When determining that first security strategy does not include second security strategy, by described second
Security strategy is as new first security strategy, and according to the initial arrangement sequence and new second security strategy
It is compared, until the comparison to all security strategies is completed, the safe plan that at least one that will be obtained is not deleted
It is slightly the nonredundancy security strategy.
In the technical scheme, when screening and rejecting redundant safety strategy, specifically in all safe plans of firewall
In initial arrangement sequence slightly, if the first security strategy for coming front precedence has completely included the adjacent precedence below of coming
All the elements of second security strategy can then determine that coming the security strategy of precedence below is redundancy, then can will be current
Second security strategy is determined as redundant safety strategy, if the first security strategy is not interior comprising second security strategy safely
Hold, then can using current second security strategy as the first new security strategy, with arrange it is behind and adjacent new
The second security strategy be compared, be sequentially completed the comparison of all security strategies, and deleting all redundant safety strategies
After obtain all nonredundancy security strategies, be simple and efficient and ensure exhaustive.
In any of the above-described technical solution, it is preferable that the firewall policy processing method is in acquisition acquisition in real time
Initial network data on flows before further include: obtain preset time period in network flow data sample;According to default engineering
It practises algorithm to be trained the network flow data sample, obtains the flow detection model.
It in the technical scheme, specifically can be according to default machine learning algorithm in the long period (i.e. preset time period)
The normal network flow data sample for entering and leaving firewall is trained to obtain data on flows model, wherein network flow data
Sample is the web-based history data on flows that data on flows without exception has occurred for entering and leaving firewall, and then passes through the data on flows mould
Type identifies the abnormal flow data in real-time network flow, it is ensured that for adjusting the network of nonredundancy security strategy to put in order
The reliability in data on flows source.
In any of the above-described technical solution, it is preferable that the default machine learning algorithm includes that isolated forest iForest is calculated
Method.
In any of the above-described technical solution, it is preferable that the target network data on flows is to change in chronological order just
Normal network flow data.
According to the second aspect of the invention, a kind of firewall policy processing unit is proposed, comprising: acquisition module is used for
Acquire the initial network data on flows for entering and leaving firewall in the first preset time period in real time;Detection module, being used for will be described initial
Network flow data inputs in trained flow detection model in advance, identifies and remove abnormal flow data wherein included,
To obtain target network data on flows;Determining module, include in all security strategies for determining the firewall is all
Nonredundancy security strategy;Processing module is used for according to the target network data on flows to all nonredundancy security strategies
Put in order and optimize processing.
In the technical scheme, it is identified and is removed in the first preset time period based on preparatory trained flow detection model
The abnormal flow data in the initial network data on flows of firewall are entered and left in real time, are not had to remove in initial network data on flows
There are general and lasting stochastic-flow data, to embody actual normal data flow size, and to the peace of firewall
Full strategy carries out de-redundancy processing, then according to the target network data on flows obtained after removal abnormal flow data to through de-redundant
The remaining obtained all nonredundancy security strategies that handle are ranked up optimization processing, in this way, can reduce tactful sequence determination process
In randomness, the sequence of firewall policy is reasonably determined with more scientific, and can be according to the suitable of the optimized processing
Sequence adjusts the sequence of firewall policy, thus the safety for enhancing the protective action of firewall, improving firewall.
According to the third aspect of the invention we, a kind of computer equipment is provided, comprising: processor;For storing processor
The memory of executable instruction, wherein processor is for realizing such as above-mentioned the when executing the executable instruction stored in memory
The step of firewall policy processing method of any one of the technical solution of one side.
According to the fourth aspect of the invention, a kind of computer readable storage medium is provided, computer journey is stored thereon with
Sequence is realized when computer program is executed by processor at the firewall policy such as any one of the technical solution of above-mentioned first aspect
The step of reason method.
Additional aspect and advantage of the invention will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect of the invention and advantage will become from the description of the embodiment in conjunction with the following figures
Obviously and it is readily appreciated that, in which:
Fig. 1 shows the flow diagram of the firewall policy processing method of the embodiment of the present invention;
Fig. 2 shows the method flow schematic diagrams of the determination nonredundancy security strategy of the embodiment of the present invention;
Fig. 3 shows the schematic block diagram of the firewall policy processing unit of the embodiment of the present invention;
Fig. 4 shows the schematic block diagram of the computer equipment of the embodiment of the present invention.
Specific embodiment
To better understand the objects, features and advantages of the present invention, with reference to the accompanying drawing and specific real
Applying mode, the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
In the following description, numerous specific details are set forth in order to facilitate a full understanding of the present invention, still, the present invention may be used also
To be implemented using other than the one described here other modes, therefore, protection scope of the present invention is not by described below
Specific embodiment limitation.
It is specifically described below with reference to firewall policy processing method of the Fig. 1 and Fig. 2 to the embodiment of the present invention.
As shown in Figure 1, firewall policy processing method according to an embodiment of the present invention, specifically includes following below scheme step:
Step S102 acquires the initial network data on flows for entering and leaving firewall in first time period in real time.
Specifically the initial network data flow can be acquired in interchanger/big data storage server of connection firewall
Amount.
Step S104 inputs the initial network data on flows in trained flow detection model in advance, and identification is simultaneously
Abnormal flow data wherein included are removed, to obtain target network data on flows.
Specifically, the target network data on flows is the proper network data on flows changed in chronological order, described different
Normal flow data set includes the network flow data of the generations such as the big file transmission of burst.
Step S106 determines all nonredundancy security strategies for including in all security strategies of the firewall.
Step S108, according to the target network data on flows to all nonredundancy security strategies put in order into
Row optimization processing.
In this embodiment, it is identified and is removed real in the first preset time period based on preparatory trained flow detection model
When enter and leave firewall initial network data on flows in abnormal flow data, do not have to remove in initial network data on flows
General and lasting stochastic-flow data, to embody actual normal data flow size, and to the safety of firewall
Strategy carries out de-redundancy processing, then according to the target network data on flows obtained after removal abnormal flow data to through de-redundancy
It handles obtained all nonredundancy security strategies and is ranked up optimization processing, in this way, can reduce in tactful sequence determination process
Randomness, the sequence of firewall policy is reasonably determined with more scientific, and can be according to the sequence of the optimized processing
The sequence of firewall policy is adjusted, thus the safety for enhancing the protective action of firewall, improving firewall.
Further, the step S108 in above-described embodiment can specifically be executed are as follows: by the target network data on flows
In the field information of each network flow data matched respectively with each nonredundancy security strategy;Statistics and each institute
State nonredundancy security strategy matched data on flows sum, using as the target network data on flows to each nonredundancy
The hits of security strategy;All nonredundancy security strategies are determined according to the hits of each nonredundancy security strategy
Optimal ordering;Putting in order for all nonredundancy security strategies is adjusted according to the optimal ordering.
In this embodiment, when the target network data on flows that basis does not include abnormal flow data is to de-redundancy processing
When the sequence of all nonredundancy security strategies for the firewall that static analysis obtains is adjusted, it is based on each target network flow
The match condition of the field information of data and each nonredundancy security strategy determines the hits of each nonredundancy security strategy, into
And then optimal ordering can be reasonably obtained according to each hits science, with the row for adjusting all nonredundancy security strategies
Column sequence.
Wherein, the field information of each network flow data includes source IP address, purpose IP address, source port, destination
Mouth, flow protocol etc..
Therefore the above-mentioned hits for each nonredundancy security strategy be based on removal abnormal flow data and into
Gone a period of time (i.e. the first preset time period, such as one week) data accumulation and the target network data on flows that persistently changes
Obtain, in this way, it is possible to prevente effectively from existing configuration unalterable strategy and manual operation mistake, and can be improved fire prevention
The system treatment effeciency of wall.
Further, in the above-described embodiments, the optimal ordering is preferably defeated in the form of sequential optimization suggests report
Out, then based on optimal ordering adjust all nonredundancy security strategies when putting in order for administrator further combined with
Actual needs, keeps sequence adjusted more reasonable.
Further, the step S106 in above-described embodiment can be executed specifically as process step as shown in Figure 2, packet
It includes:
Step S202, according to the initial arrangement sequence of all security strategies, successively by two adjacent security strategies
In the first security strategy for being arranged in front be compared with posterior second security strategy is arranged.
Step S204 determines the redundant safety strategy for including in all security strategies according to comparison result, and successively
The redundant safety strategy is deleted, to obtain all nonredundancy security strategies.
It in this embodiment, successively will be existing remaining when carrying out de-redundancy processing to all security strategies of firewall
Two adjacent security strategies are compared screening redundancy according to the front and back precedence in initial arrangement sequence in all security strategies
Security strategy, and to all further delete operations of redundant safety strategy execution, to complete the essence to all security strategies
Letter obtains all nonredundancy security strategies, helps to improve the regulated efficiency to put in order to the security strategy of firewall.
Further, the step S204 in above-described embodiment can be executed specifically are as follows: when determining first security strategy
When comprising second security strategy, deleted second security strategy as the redundant safety strategy;Work as determination
When first security strategy does not include second security strategy, using second security strategy as new first peace
Full strategy, and be compared according to the initial arrangement sequence with new second security strategy, until completing to the institute
There is the comparison of security strategy, using at least one obtained security strategy not being deleted as the nonredundancy security strategy.
In this embodiment, when screening and rejecting redundant safety strategy, specifically in all security strategies of firewall
Initial arrangement sequence in, if the first security strategy for coming front precedence has completely included adjacent come precedence below
All the elements of two security strategies can then determine that coming the security strategy of precedence below is redundancy, then can be somebody's turn to do current
Second security strategy is determined as redundant safety strategy, and prompt management can be carried out to it to delete, if the first security strategy is not
Safety includes the content of second security strategy, then can be using current second security strategy as the first new safe plan
Slightly, behind and adjacent the second new security strategy is compared, to be sequentially completed the comparison of all security strategies with arrangement,
And all nonredundancy security strategies are obtained after deleting all redundant safety strategies, it is simple and efficient and ensures exhaustive.
Specifically, by comparing the first security strategy and the source IP address of the second security strategy, purpose IP address, source
Mouth, destination port, service content etc. determine whether the first security strategy completely includes the second security strategy.
Further, firewall policy processing method described in above-described embodiment is before the step S102, further includes:
Obtain the network flow data sample in preset time period;According to default machine learning algorithm to the network flow data sample
It is trained, obtains the flow detection model.
In this embodiment, can specifically go out according to default machine learning algorithm in the long period (i.e. preset time period)
The normal network flow data sample for entering firewall is trained to obtain data on flows model, wherein network flow data sample
This is to enter and leave the web-based history data on flows that data on flows without exception has occurred of firewall, and then pass through the data on flows model
Identify the abnormal flow data in real-time network flow, it is ensured that for adjusting the network flow of nonredundancy security strategy to put in order
Measure the reliability of data source.
Further, in the above-described embodiments, the default machine learning algorithm includes isolated forest iForest algorithm.
In a specific embodiment for constructing above-mentioned data on flows model, adopting for network flow data sample is carried out first
Collection, for example use the network flow data for entering and leaving firewall in nearest one month of current time as sample data, then
The network flow data being based further in network flow data sample uses isolated forest iForest (Isolation
Forest) algorithm, parsing obtain the related datas such as access IP address, port, flow of services agreement and access time and analyze it
Changing rule eliminates the influence of abnormal flow data, to generate normal flow detection model, to acquire in real time for detecting
The abnormal flow data for including in network flow data, and then help to form the normal network flow data changed at any time.
It is appreciated that isolated forest iForest algorithm is a kind of rapid abnormal detection side for being based on Ensemble (integrated)
Method has linear time complexity and high accurancy and precision, is the algorithm for meeting big data processing requirement.
It is specifically described below with reference to firewall policy processing unit of the Fig. 3 to the embodiment of the present invention.
As shown in figure 3, calligraphy practicing device 30 according to an embodiment of the present invention, comprising: acquisition module 302, detection module
304, determining module 306 and processing module 308.
Wherein, the acquisition module 302 is for acquiring the initial network for entering and leaving firewall in the first preset time period in real time
Data on flows;The detection module 304 is used to inputting the initial network data on flows into trained flow detection mould in advance
In type, abnormal flow data wherein included are identified and remove, to obtain target network data on flows;The determining module 306
All nonredundancy security strategies for including in all security strategies for determining the firewall;The processing module 308 is used
In optimizing processing to the putting in order for all nonredundancy security strategies according to the target network data on flows.
In this embodiment, it is identified and is removed real in the first preset time period based on preparatory trained flow detection model
When enter and leave firewall initial network data on flows in abnormal flow data, do not have to remove in initial network data on flows
General and lasting stochastic-flow data, to embody actual normal data flow size, and to the safety of firewall
Strategy carries out de-redundancy processing, then according to the target network data on flows obtained after removal abnormal flow data to through de-redundancy
It handles obtained all nonredundancy security strategies and is ranked up optimization processing, in this way, can reduce in tactful sequence determination process
Randomness, the sequence of firewall policy is reasonably determined with more scientific, and can be according to the sequence of the optimized processing
The sequence of firewall policy is adjusted, thus the safety for enhancing the protective action of firewall, improving firewall.
Further, in the above-described embodiments, the processing module 308 is specifically used for: by the target network flow number
The field information of each network flow data is matched with each nonredundancy security strategy respectively in;It counts and each
The matched data on flows sum of the nonredundancy security strategy, using as the target network data on flows to each described non-superfluous
The hits of remaining security strategy;All safe plans of the nonredundancy are determined according to the hits of each nonredundancy security strategy
Optimal ordering slightly;Putting in order for all nonredundancy security strategies is adjusted according to the optimal ordering.
Further, in the above-described embodiments, the optimal ordering is preferably defeated in the form of sequential optimization suggests report
Out.
Further, in the above-described embodiments, the determining module 306 is specifically used for: according to all security strategies
Initial arrangement sequence, successively by the first security strategy being arranged in front in two adjacent security strategies and arrange posterior the
Two security strategies are compared;Determine the redundant safety strategy for including in all security strategies according to comparison result, and according to
It is secondary to delete the redundant safety strategy, to obtain all nonredundancy security strategies.
Further, in the above-described embodiments, the determining module 306 is specifically also used to: when determine it is described first safety
When strategy includes second security strategy, deleted second security strategy as the redundant safety strategy;When
When determining that first security strategy does not include second security strategy, using second security strategy as newly described the
One security strategy, and be compared according to the initial arrangement sequence with new second security strategy, until completing to institute
The comparison for stating all security strategies, using at least one obtained security strategy not being deleted as the safe plan of the nonredundancy
Slightly.
Further, in the above-described embodiments, the initial network flow number that the acquisition module 302 acquires in real time in acquisition
According to being preceding also used to: obtaining the network flow data sample in the second preset time period;The processing module 308 is also used to: according to
Default machine learning algorithm is trained the network flow data sample, obtains the flow detection model.
Further, in the above-described embodiments, the default machine learning algorithm includes isolated forest iForest algorithm.
Further, in the above-described embodiments, the target network data on flows is the normal net changed in chronological order
Network data on flows.
Fig. 4 shows the schematic block diagram of the computer equipment of the embodiment of the present invention.
As shown in figure 4, computer equipment 40 according to an embodiment of the present invention, including processor 402 and memory 404,
In, the computer program that can be run on the processor 402 is stored on memory 404, wherein memory 404 and processor 402
Between can be connected by bus, the processor 402 is as above for realizing when executing the computer program stored in memory 404
The step of firewall policy processing method in embodiment.
Step in the firewall policy processing method of the embodiment of the present invention can according to actual needs the adjustment of carry out sequence,
Merge and deletes.
Unit in the firewall policy processing unit and computer equipment of the embodiment of the present invention can be according to actual needs
It is combined, divided and deleted.
According to an embodiment of the invention, proposing a kind of computer readable storage medium, it is stored thereon with computer program,
The step of firewall policy processing method in embodiment as above is realized when computer program is executed by processor.
Further, it is to be understood that any process described otherwise above or method are retouched in flow chart or herein
It states and is construed as, expression includes the steps that one or more executable fingers for realizing specific logical function or process
Module, segment or the part of the code of order, and the range of the preferred embodiment of the present invention includes other realization, wherein can
Not press sequence shown or discussed, including according to related function by it is basic and meanwhile in the way of or in the opposite order,
Function is executed, this should understand by the embodiment of the present invention person of ordinary skill in the field.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that can on it the paper of print routine or other suitable be situated between
Matter, because can then be edited, be interpreted or when necessary with other for example by carrying out optical scanner to paper or other media
Suitable method is handled electronically to obtain program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.If integrated module with
The form of software function module is realized and when sold or used as an independent product, also can store computer-readable at one
It takes in storage medium.
Storage medium mentioned above can be read-only memory, disk or CD etc.;And computer mentioned above
Equipment can be server.
In an embodiment of the present invention, term " first " and " second " are only used for the purpose of description, and should not be understood as referring to
Show or imply relative importance, for the ordinary skill in the art, can understand above-mentioned term as the case may be
Concrete meaning in embodiments of the present invention.
These are only the preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art
For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification,
Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of firewall policy processing method characterized by comprising
Acquire the initial network data on flows for entering and leaving firewall in the first preset time period in real time;
The initial network data on flows is inputted in trained flow detection model in advance, identifies and removes wherein included
Abnormal flow data, to obtain target network data on flows;
Determine all nonredundancy security strategies for including in all security strategies of the firewall;
Processing is optimized to the putting in order for all nonredundancy security strategies according to the target network data on flows.
2. firewall policy processing method according to claim 1, which is characterized in that described according to the target network stream
Amount data optimize processing to the putting in order for all nonredundancy security strategies, comprising:
The field information of each network flow data in the target network data on flows is pacified with each nonredundancy respectively
Full strategy is matched;
Statistics and the matched data on flows sum of each nonredundancy security strategy, using as the target network data on flows
To the hits of each nonredundancy security strategy;
The optimal ordering of all nonredundancy security strategies is determined according to the hits of each nonredundancy security strategy;
Putting in order for all nonredundancy security strategies is adjusted according to the optimal ordering.
3. firewall policy processing method according to claim 1, which is characterized in that the institute of the determination firewall
There are all nonredundancy security strategies for including in security strategy, comprising:
According to the initial arrangement sequence of all security strategies, the will be successively arranged in front in two adjacent security strategies
One security strategy is compared with posterior second security strategy is arranged;
The redundant safety strategy for including in all security strategies is determined according to comparison result, and successively deletes the redundancy peace
Full strategy, to obtain all nonredundancy security strategies.
4. firewall policy processing method according to claim 3, which is characterized in that described to determine institute according to comparison result
The redundant safety strategy for including in all security strategies is stated, and successively deletes the redundant safety strategy, it is described all to obtain
Nonredundancy security strategy, comprising:
When determining that first security strategy includes second security strategy, using second security strategy as described superfluous
Remaining security strategy is deleted;
When determine first security strategy do not include second security strategy when, using second security strategy as newly
First security strategy, and be compared according to the initial arrangement sequence with new second security strategy, until complete
The comparison of pairs of all security strategies, using at least one obtained security strategy not being deleted as the nonredundancy
Security strategy.
5. firewall policy processing method according to any one of claim 1 to 4, which is characterized in that in the acquisition
Before the initial network data on flows acquired in real time, further includes:
Obtain the network flow data sample in the second preset time period;
The network flow data sample is trained according to default machine learning algorithm, obtains the flow detection model.
6. firewall policy processing method according to claim 5, which is characterized in that the default machine learning algorithm packet
Include isolated forest iForest algorithm.
7. firewall policy processing method according to any one of claim 1 to 4, which is characterized in that the target network
Network data on flows is the proper network data on flows changed in chronological order.
8. a kind of firewall policy processing unit characterized by comprising
Acquisition module, for acquiring the initial network data on flows for entering and leaving firewall in the first preset time period in real time;
Detection module, for inputting the initial network data on flows in trained flow detection model in advance, identification is simultaneously
Abnormal flow data wherein included are removed, to obtain target network data on flows;
Determining module, all nonredundancy security strategies for including in all security strategies for determining the firewall;
Processing module, for according to the target network data on flows to all nonredundancy security strategies put in order into
Row optimization processing.
9. a kind of computer equipment characterized by comprising
Processor;
For storing the memory of the processor-executable instruction, wherein the processor is for executing in the memory
It realizes when the executable instruction of storage such as the step of any one of claims 1 to 7 the method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
It realizes when being executed by processor such as the step of any one of claims 1 to 7 the method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910017248.1A CN109802960A (en) | 2019-01-08 | 2019-01-08 | Firewall policy processing method and processing device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910017248.1A CN109802960A (en) | 2019-01-08 | 2019-01-08 | Firewall policy processing method and processing device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109802960A true CN109802960A (en) | 2019-05-24 |
Family
ID=66556810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910017248.1A Pending CN109802960A (en) | 2019-01-08 | 2019-01-08 | Firewall policy processing method and processing device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109802960A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200590A (en) * | 2019-12-09 | 2020-05-26 | 杭州安恒信息技术股份有限公司 | Algorithm for checking consistency of multiple period statistical data |
| CN111988273A (en) * | 2020-07-07 | 2020-11-24 | 国网思极网安科技(北京)有限公司 | Firewall policy management method and device |
| CN112839049A (en) * | 2021-01-18 | 2021-05-25 | 北京长亭未来科技有限公司 | Web application firewall protection method and device, storage medium and electronic equipment |
| CN113141369A (en) * | 2021-04-28 | 2021-07-20 | 平安证券股份有限公司 | Artificial intelligence-based firewall policy management method and related equipment |
| CN113572780A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Equipment security policy configuration method |
| CN113794690A (en) * | 2021-08-20 | 2021-12-14 | 山石网科通信技术股份有限公司 | Data processing method, data processing device, nonvolatile storage medium and processor |
| CN114039853A (en) * | 2021-11-15 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Method, device, storage medium and electronic equipment for detecting security policy |
| CN114050908A (en) * | 2020-07-24 | 2022-02-15 | 中国移动通信集团浙江有限公司 | Method and device for automatically auditing firewall policy and computer storage medium of computing equipment |
| CN114143088A (en) * | 2021-11-30 | 2022-03-04 | 北京天融信网络安全技术有限公司 | Network fault diagnosis method, device, equipment and computer readable storage medium |
| WO2022100028A1 (en) * | 2020-11-16 | 2022-05-19 | 平安科技(深圳)有限公司 | Interface traffic anomaly detection method and apparatus, terminal device, and storage medium |
| CN115065491A (en) * | 2022-03-30 | 2022-09-16 | 成都市以太节点科技有限公司 | Function and information security policy comprehensive selection method, electronic equipment and storage medium |
| CN115842664A (en) * | 2022-11-23 | 2023-03-24 | 紫光云技术有限公司 | Public cloud network flow security implementation method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090067440A1 (en) * | 2007-09-07 | 2009-03-12 | Chadda Sanjay | Systems and Methods for Bridging a WAN Accelerator with a Security Gateway |
| CN104135461A (en) * | 2013-05-02 | 2014-11-05 | 中国移动通信集团河北有限公司 | Firewall policy processing method and device |
| CN108418801A (en) * | 2018-02-01 | 2018-08-17 | 杭州安恒信息技术股份有限公司 | A kind of firewall policy optimization method and system based on big data analysis |
| CN108494747A (en) * | 2018-03-08 | 2018-09-04 | 上海观安信息技术股份有限公司 | Traffic anomaly detection method, electronic equipment and computer program product |
| CN108900476A (en) * | 2018-06-07 | 2018-11-27 | 桂林电子科技大学 | Based on Spark and the parallel network flow method for detecting abnormality that forest is isolated |
-
2019
- 2019-01-08 CN CN201910017248.1A patent/CN109802960A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090067440A1 (en) * | 2007-09-07 | 2009-03-12 | Chadda Sanjay | Systems and Methods for Bridging a WAN Accelerator with a Security Gateway |
| CN104135461A (en) * | 2013-05-02 | 2014-11-05 | 中国移动通信集团河北有限公司 | Firewall policy processing method and device |
| CN108418801A (en) * | 2018-02-01 | 2018-08-17 | 杭州安恒信息技术股份有限公司 | A kind of firewall policy optimization method and system based on big data analysis |
| CN108494747A (en) * | 2018-03-08 | 2018-09-04 | 上海观安信息技术股份有限公司 | Traffic anomaly detection method, electronic equipment and computer program product |
| CN108900476A (en) * | 2018-06-07 | 2018-11-27 | 桂林电子科技大学 | Based on Spark and the parallel network flow method for detecting abnormality that forest is isolated |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200590A (en) * | 2019-12-09 | 2020-05-26 | 杭州安恒信息技术股份有限公司 | Algorithm for checking consistency of multiple period statistical data |
| CN111200590B (en) * | 2019-12-09 | 2022-08-19 | 杭州安恒信息技术股份有限公司 | Algorithm for checking consistency of multiple period statistical data |
| CN111988273A (en) * | 2020-07-07 | 2020-11-24 | 国网思极网安科技(北京)有限公司 | Firewall policy management method and device |
| CN114050908B (en) * | 2020-07-24 | 2023-07-21 | 中国移动通信集团浙江有限公司 | Method, device, computing equipment and computer storage medium for automatically auditing firewall policy |
| CN114050908A (en) * | 2020-07-24 | 2022-02-15 | 中国移动通信集团浙江有限公司 | Method and device for automatically auditing firewall policy and computer storage medium of computing equipment |
| WO2022100028A1 (en) * | 2020-11-16 | 2022-05-19 | 平安科技(深圳)有限公司 | Interface traffic anomaly detection method and apparatus, terminal device, and storage medium |
| CN112839049A (en) * | 2021-01-18 | 2021-05-25 | 北京长亭未来科技有限公司 | Web application firewall protection method and device, storage medium and electronic equipment |
| CN113141369A (en) * | 2021-04-28 | 2021-07-20 | 平安证券股份有限公司 | Artificial intelligence-based firewall policy management method and related equipment |
| CN113141369B (en) * | 2021-04-28 | 2023-02-07 | 平安证券股份有限公司 | Artificial intelligence-based firewall policy management method and related equipment |
| CN113572780A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Equipment security policy configuration method |
| CN113794690A (en) * | 2021-08-20 | 2021-12-14 | 山石网科通信技术股份有限公司 | Data processing method, data processing device, nonvolatile storage medium and processor |
| CN113794690B (en) * | 2021-08-20 | 2024-02-09 | 山石网科通信技术股份有限公司 | Data processing method, device, nonvolatile storage medium and processor |
| CN114039853A (en) * | 2021-11-15 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Method, device, storage medium and electronic equipment for detecting security policy |
| CN114039853B (en) * | 2021-11-15 | 2024-02-09 | 天融信雄安网络安全技术有限公司 | Method and device for detecting security policy, storage medium and electronic equipment |
| CN114143088A (en) * | 2021-11-30 | 2022-03-04 | 北京天融信网络安全技术有限公司 | Network fault diagnosis method, device, equipment and computer readable storage medium |
| CN114143088B (en) * | 2021-11-30 | 2024-02-09 | 天融信雄安网络安全技术有限公司 | Network fault diagnosis method, device, equipment and computer readable storage medium |
| CN115065491A (en) * | 2022-03-30 | 2022-09-16 | 成都市以太节点科技有限公司 | Function and information security policy comprehensive selection method, electronic equipment and storage medium |
| CN115842664A (en) * | 2022-11-23 | 2023-03-24 | 紫光云技术有限公司 | Public cloud network flow security implementation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109802960A (en) | Firewall policy processing method and processing device, computer equipment and storage medium | |
| CN105812177B (en) | A kind of network failure processing method and processing equipment | |
| CN105721187B (en) | A kind of traffic failure diagnostic method and device | |
| WO2005038598B1 (en) | Policy-based network security management | |
| CN106980627A (en) | The display methods and device of log content | |
| CN104796300B (en) | A kind of packet feature extracting method and device | |
| CN107909330A (en) | Work stream data processing method, device, storage medium and computer equipment | |
| CN107784404A (en) | Alarm method and device are carried out in business procession | |
| CN108351988A (en) | Data compare after repair | |
| CN107508722A (en) | A kind of business monitoring method and device | |
| CN106528388A (en) | Database detection method and apparatus | |
| CN108256788A (en) | The method of end-to-end process performance analysis | |
| US11852686B2 (en) | Fault diagnosis method and system for high-voltage generator | |
| CN106095965A (en) | A kind of data processing method and device | |
| CN110661716A (en) | Network packet loss notification method, monitoring device, switch and storage medium | |
| CN113328867B (en) | Conference summary storage system based on block chain | |
| CN106453971A (en) | Method for acquiring voices of call center for quality inspection, and call center quality inspection system | |
| CN110493806A (en) | Mobile network complains source tracing method and device | |
| DE112019002591T5 (en) | FORWARDING ELEMENT DATA LEVEL WITH FLOW SIZE DETECTOR | |
| CN107623599A (en) | A kind of method and system of data configuration | |
| CN109102245A (en) | A kind of processing method of approval process, system and device | |
| CN114612018A (en) | Internal control risk monitoring method and system and readable storage medium | |
| CN109525683B (en) | Vacant address diving method and device for IPV4 address of metropolitan area network | |
| CN114841789A (en) | Block chain-based auditing and auditing pricing fault data online editing method and system | |
| CN114401158A (en) | Flow charging method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190524 |