CN110138731A - A kind of network anti-attack method based on big data - Google Patents
A kind of network anti-attack method based on big data Download PDFInfo
- Publication number
- CN110138731A CN110138731A CN201910267036.9A CN201910267036A CN110138731A CN 110138731 A CN110138731 A CN 110138731A CN 201910267036 A CN201910267036 A CN 201910267036A CN 110138731 A CN110138731 A CN 110138731A
- Authority
- CN
- China
- Prior art keywords
- data
- detection
- attack
- alert
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The invention discloses a kind of network anti-attack methods based on big data, belong to network security and big data information technology field.The described method includes: the first detection node receives detection request from the user, equipment where detecting itself obtains detection data, analysis detecting data is place equipment there are when attack when analyzing result, generates data with alert according to detection data and be sent to first node server;The data with alert that first node server authentication receives, and when being verified, data with alert is sent to each second node server;Second node server carries out common recognition verifying to the data with alert received, and sends attack when being verified and stop order to corresponding second detection node;Second detection node stops order according to attack, carries out attack obstruction to the equipment where itself.In the present invention, using the information sharing of big data information realization, to reduce the infringement range of network attack, the safety of more equipment has been ensured to a certain extent.
Description
Technical field
The present invention relates to network security and big data information technology field more particularly to a kind of network anti-attack methods.
Background technique
With the fast development of Internet technology, huge change also has occurred in people's lives mode therewith, and people pass through
Web browsing news, by shopping at network, pass through network office, it may be said that ten hundreds of equipment is had accumulated in network and can not
The information of appraisal.Consequent, network security also become the thing that people are concerned, in recent years, the nets such as viral wooden horse
Network attack happens occasionally, most due to it and in society when some equipment are found or when by network attack
Equipment between be isolated, thus found that timely network attack information cannot be passed by the equipment of network attack
More equipment are passed, so that the range for causing network attack incrementally increases, cause certain loss.
Summary of the invention
The purpose of the present invention is what is be achieved through the following technical solutions.
In a first aspect, the present invention proposes a kind of network anti-attack method based on big data, comprising:
First detection node receives detection request from the user, and equipment where detecting itself obtains detection data;
First detection node analyzes the detection data, when analysis result is that there are attacks for place equipment
When, data with alert is generated according to the detection data and is sent to first node server, for the first node server
It is propagated in big data information network.
Optionally, when equipment where the detection itself obtains detection data, further includes: record detection time stamp;
It is described that data with alert is generated according to the detection data, comprising:
Detection data abstract is generated according to the detection data;
The detection data is encrypted using private key to obtain detection data ciphertext;
According to the first of detection data abstract, the detection data ciphertext, the detection time stamp and place equipment
The data with alert of device identification generation preset format.
Second aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
First node server receives the data with alert from the first detection node;
Data with alert described in the first node server authentication, and when being verified, send the data with alert to
Each second node server, so that each second node server carries out common recognition verifying.
Optionally, data with alert described in the first node server authentication, comprising:
The first node server parses the data with alert, obtains detection data abstract, detection data ciphertext, detection
Timestamp and the first device identification;
The first node server obtains corresponding public key according to the device identification, according to the public key decryptions
Detection data ciphertext obtains detection data in plain text;
The abstract of the detection data plaintext is calculated, and the detection data abstract for judging that the abstract calculated is obtained with parsing is
It is no consistent, it is that decision verification passes through;Otherwise decision verification does not pass through.
Optionally, before the transmission data with alert is to each second node server, further includes: save the alarm
Data.
Optionally, the preservation data with alert includes:
The detection data is saved in plain text to local data base;
By detection data abstract, detection time stamp, first device identification and the second equipment mark of itself
Know and saves to big data information bank;
It is described to send the data with alert to each second node server, specifically: send the detection data abstract, institute
Detection time stamp, first device identification and the second device identification of itself are stated to each second node server.
The third aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
Second node server receives the data with alert that first node server is sent;
The second node server carries out common recognition verifying to the data with alert, and attack resistance is sent when being verified
Order is blocked to corresponding second detection node.
Optionally, the second node server receives the data with alert that first node server is sent, specifically: second
Node server receives detection data abstract, the detection time stamp, the first device identification and second that first node server is sent
Device identification;
Corresponding, the second node server carries out common recognition verifying to the data with alert, specifically: verifying described the
Whether two device identifications are effective device identification, are that decision verification passes through;Otherwise decision verification does not pass through.
Optionally, the transmission attack when being verified, which stops, orders to corresponding second detection node, specifically:
When being verified, attack is sent to corresponding second detection node and stops order.
Optionally, when being verified further include: saving the data with alert to big data information bank.
Fourth aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
Second detection node receives the attack from second node server and stops order;
Second detection node is stopped according to the attack and being ordered, and carries out attack obstruction to the equipment where itself.
Optionally, the equipment to where itself carries out attack obstruction, specifically: the equipment where itself is examined
Survey and/or update black and white lists library.
The present invention has the advantages that
In the present invention, each server of each enterprise in various regions is interconnected and form alliance's chain, while each server and corresponding equipment
Detection node in (such as computer) carries out data communication;There are networks for equipment where the first detection node detects itself
When attack, by sending corresponding data with alert to corresponding first node server, so that first node server is logical
Excessive data information network transmits network attack information, and then each second detection node transmission in big data information network is attacked
Obstruction order is hit to corresponding second detection node, the second detection node carries out attack and stops operation.In this method, firstly, answering
With big data information technology, information island is effectively avoided, but by information sharing, realize the big of network attack information
Range transmitting;Secondly, being verified by first node server to data with alert, the common recognition of second node server is tested in addition
Card, by double verification, effectively ensured data with alert safety and effectively;Again, big data information is taken full advantage of
System of obligation, the relevant information of network attack quickly, is automatically transferred to each second detection when network attack occurs
Node makes each second detection node carry out attack obstruction, to effectively reduce the infringement range of network attack, largely
On ensured the safety of more equipment;Finally, take full advantage of the anti-tamper and traceable characteristic of big data information, by by net
Big data information is written in the relevant information of network attack, ensure that the traceable of assault and can inquire, is subsequent net
The work such as network attack analysis and device systems leak analysis provide accurate data basis.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Attached drawing 1 is a kind of network anti-attack method process applied to the first detection node according to embodiment of the present invention
Figure;
Attached drawing 2 is a kind of network anti-attack method stream applied to first node server according to embodiment of the present invention
Cheng Tu;
Attached drawing 3 is a kind of network anti-attack method stream applied to second node server according to embodiment of the present invention
Cheng Tu;
Attached drawing 4 is a kind of network anti-attack method flow chart according to embodiment of the present invention
Attached drawing 5 is the first network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 6 is second of network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 7 is the third network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 8 is the 4th kind of network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 9 is the 5th kind of network anti-attack apparatus module composition block diagram according to embodiment of the present invention.
Specific embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this public affairs in attached drawing
The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here
The mode of applying is limited.It is to be able to thoroughly understand the disclosure on the contrary, providing these embodiments, and can be by this public affairs
The range opened is fully disclosed to those skilled in the art.
In the present invention, using each server of each enterprise in various regions as big data information node, so that each server is established mutually
Company forms alliance's chain;Each server (is installed in equipment and has with the detection node in corresponding equipment (such as computer) simultaneously
Have the application of equipment detection function, such as security guard) data communication is carried out, when the net that the correspondence detection node received is sent
When network attacks information, network attack information is passed to by other each servers by big data information network, services other respectively
Device sends attack in time and stops order to corresponding detection node, to reduce the infringement range of network attack;That is, of the invention
In, by forming distributed network attack protection system, quickly and effectively network attack information can not only be transmitted, and solves
Trust problem between Liao Ge enterprise, realizes information sharing, improves the utilization rate of information.
Further, for convenient for distinguishing, the detection node that will test attack in the present invention is denoted as the first inspection
Node is surveyed, the corresponding server of the first detection node is denoted as first node server, and will be in big data information network except the
Other servers outside one node server are denoted as second node server, by the corresponding detection node of each second node server
It is denoted as the second detection node;The network anti-attack method in the present invention is described in detail below.
Embodiment one
Embodiment according to the present invention proposes a kind of network anti-attack method applied to the first detection node, such as Fig. 1
It is shown, comprising:
Step 101: the first detection node receives detection request from the user, and equipment where detecting itself obtains testing number
According to;
Specifically, the first detection node receives detection request from the user, the safe condition of equipment where detecting itself
Detection data is obtained, and records detection time stamp.
Step 102: the detection data that the first detection node is analyzed, when analysis result is that there are networks to attack for place equipment
When hitting behavior, data with alert is generated according to obtained detection data and is sent to first node server, for first node clothes
Business device is propagated in big data information network.
Embodiment according to the present invention generates data with alert according to obtained detection data, comprising:
Step A1: detection data abstract is generated according to detection data;
Step A2: detection data is encrypted using private key to obtain detection data ciphertext;
Step A3: according to the first of detection data abstract, detection data ciphertext, the detection time of record stamp and place equipment
The data with alert of device identification generation preset format.
Wherein, preset format can sets itself according to demand, such as preset format is that will test data summarization, testing number
Conjunction symbol "-" splicing is passed sequentially through according to the first device identification of ciphertext, the detection time of record stamp and place equipment.
Further, the detailed process for the detection data analyzed in step 102 can be in the prior art arbitrarily can be real
The analysis method applied, which is not limited by the present invention.
In the present embodiment, when the first detection node detects attack, by the way that corresponding data with alert is sent out
First node server is given, is quickly and effectively transmitted network attack information by big data information network with realizing.
Embodiment two
Embodiment according to the present invention proposes a kind of network anti-attack method applied to first node server, such as
Shown in Fig. 2, comprising:
Step 201: first node server receives the data with alert from the first detection node;
Step 202: the data with alert that first node server authentication receives, and when being verified, send alarm number
According to each second node server is given, so that each second node server carries out common recognition verifying.
Embodiment according to the present invention, data with alert described in first node server authentication in step 202, comprising:
Step B1: first node server parses the data with alert received, and it is close to obtain detection data abstract, detection data
Text, detection time stamp and the first device identification;
Specifically, reading the detection data abstract in data with alert, detection data ciphertext, detection time according to preset format
Stamp and the first device identification.
Step B2: first node server obtains corresponding public key according to obtained device identification, is obtained using public key decryptions
To detection data ciphertext obtain detection data in plain text;
Specifically, the device identification that first node server is searched in the local database, and reads and to find
The corresponding public key of device identification, the detection data ciphertext obtained using the public key decryptions of reading obtain detection data in plain text.
Step B3: the abstract for the detection data plaintext being calculated, and judge the detection that the abstract calculated and parsing obtain
Whether data summarization is consistent, is, decision verification passes through;Otherwise decision verification does not pass through.
In the present invention, the data with alert received is verified by first node server, has effectively ensured police
The safety of count off evidence avoids after being attacked because of the corresponding equipment of the first detection node with effectively, promoter's benefit of attack
Malicious messages are sent to first node server with the first detection node, further avoid malicious messages in big data Information Network
It is propagated in network.
Embodiment according to the present invention is also wrapped before sending data with alert in step 202 to each second node server
It includes: saving the data with alert.
It saves specifically, will test data clear text to local data base, and will test data summarization, detection time stamp, the
One device identification and the second device identification of itself are saved to big data information bank;
It is corresponding, data with alert is sent in step 202 to each second node server, specifically: it sends detection data and plucks
It wants, detection time is stabbed, the first device identification and the second device identification of itself are to each second node server.
In the present invention, needs to occupy biggish memory space in plain text due to saving detection data, only will test in the present invention
Data summarization is saved to big data information bank, and be will test data clear text and saved to first node server local, thus can
It is enough that assault is being traced and inquired subsequently through the data in big data information;It again can be in server local
The details of viral wooden horse etc. are consulted, while improving the utilization rate of big data information storage space.
In the present embodiment, after the data with alert that the first detection node that second node server receives is sent, by right
Data with alert is verified, to be sent in big data information network under the premise of guaranteeing that data with alert is safe and effective
Each second node server not only avoids and causes malicious messages in big data Information Network since the first detection node is attacked
The risk propagated in network, and realize the fast and effective transmitting of network attack information.
Embodiment three
Embodiment according to the present invention proposes a kind of network anti-attack method applied to second node server, such as
Shown in Fig. 3, comprising:
Step 301: second node server receives the data with alert that first node server is sent;
Specifically, second node server receives, the detection data that first node server is sent is made a summary, detection time is stabbed,
First device identification and the second device identification.
Step 302: second node server carries out common recognition verifying, and the hair when being verified to the data with alert received
Attack is sent to stop order to corresponding second detection node.
Embodiment according to the present invention, second node server is total to the data with alert received in step 302
Know verifying, specifically: it verifies whether the second device identification received is effective device identification, is that decision verification passes through;
Otherwise decision verification does not pass through.
More specifically, whether second node server judges in the device identification of itself preservation containing second received
Device identification is to determine that the second device identification received is effective device identification;Otherwise determine that receive second sets
Standby mark is not effective device identification.
In the present invention, common recognition verifying is carried out to the second device identification received by second node server, to ensure
Corresponding first node server is effective server in big data information network, and then ensures the standard of the data received
True property.
Embodiment according to the present invention sends attack in step 302 when being verified and stops order to corresponding the
Two detection nodes, specifically: when being verified, attack is sent to corresponding second detection node and stops order.
In the present invention, the agreement for sending attack and stopping order is disposed in each node server in advance, the quantity of agreement can be with
Can also be for one it is multiple, can sets itself according to demand.
Further, embodiment according to the present invention, when being verified in step 302 further include: by what is received
Data with alert is saved to big data information bank.
Specifically, extremely by the detection data received abstract, detection time stamp, the first device identification and the second device identification
Big data information.
In the present invention, by the way that big data information is written in the relevant information of network attack, assault ensure that
It can be traced and can inquire, provide accurate data base for the work such as subsequent Analysis of Network Attack and device systems leak analysis
Plinth.
In the present embodiment, when each second detection node is verified the data with alert received, to corresponding second
Detection node sends attack and stops order, so that each second detection node is carried out attack obstruction, quickly and effectively.
Example IV
Embodiment according to the present invention proposes a kind of network anti-attack method applied to the second detection node, such as Fig. 4
It is shown, comprising:
Step 401: the second detection node receives the attack from second node server and stops order;
Step 402: the second detection node stops order according to the attack received, attacks the equipment where itself
It stops.
Wherein, attack obstruction is carried out to the equipment where itself, specifically: to the equipment where itself carry out detection and/
Or update black and white lists library.
In the present invention, when the second detection node, which receives attack, stops order, the ring of equipment where detecting itself automatically
Border safe condition carries out the operations such as loophole reparation or patch installation and effectively to avoid network attack;And/or it is stopped according to attack
The relevant information of the attack contained in order updates local black and white lists library, to stop the invasion of network attack.
In the present embodiment, each second detection node receive attack stop order when, automatically to the equipment where itself into
Row attack stops, to effectively reduce the infringement range of network attack.
Embodiment five
Embodiment according to the present invention proposes a kind of network anti-attack method, as shown in Figure 5, comprising:
Step 501: the first detection node receives detection request from the user, and equipment where detecting itself obtains testing number
According to;
Step 502: the detection data that the first detection node is analyzed, when analysis result is that there are networks to attack for place equipment
When hitting behavior, data with alert is generated according to obtained detection data and is sent to first node server;
Wherein, the process that data with alert is generated according to obtained detection data, with step A1- step A3 in embodiment one
The method is identical, and details are not described herein.
Step 503: the data with alert that first node server authentication receives, and when being verified, send alarm number
According to each second node server;
Wherein, the process for the data with alert that first node server authentication receives is walked with step B1- in embodiment two
Method described in rapid 3 is identical, and details are not described herein.
Step 504: second node server carries out common recognition verifying, and the hair when being verified to the data with alert received
Attack is sent to stop order to corresponding second detection node;
Wherein, second node server carries out the process of common recognition verifying to the data with alert received, with three step of embodiment
The process that second node server described in rapid 302 carries out common recognition verifying to the data with alert received is identical, herein no longer
It repeats.
Step 505: the second detection node stops order according to the attack received, attacks the equipment where itself
It stops.
Wherein, attack obstruction is carried out to the equipment where itself, specifically: to the equipment where itself carry out detection and/
Or update black and white lists library.
In the present embodiment, it is based on big data information, realizes the fast and effective transmitting of network attack relevant information, and then hold
Row attack stops operation, to reduce the infringement range of network attack.
Embodiment six
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in Figure 6, comprising:
First receiving module 601, for receiving detection request from the user;
Detection module 602 detects itself institute when receiving detection from the user request for the first receiving module 601
Detection data is obtained in equipment;
Analysis module 603, the detection data obtained for analysis detection module 602;
Generation module 604, for when the analysis result of analysis module 603 is place equipment there are when attack,
Data with alert is generated according to the detection data that detection module 602 obtains;
First sending module 605, the data with alert for sending the generation of generation module 604 give first node server, with
It is propagated in big data information network for first node server.
Embodiment according to the present invention, the device further include: logging modle;
Logging modle, for recording detection time stamp.
Embodiment according to the present invention, generation module 604 include: the first generation submodule, encryption submodule and second
Generate submodule, in which:
First generates submodule, and the detection data for being obtained according to detection module 602 generates detection data abstract;
Submodule is encrypted, the detection data for obtaining using private key to detection module 602 encrypts to obtain detection data close
Text;
Second generates submodule, and the detection data abstract, encryption submodule for being generated according to the first generation submodule obtain
The detection time stamp of detection data ciphertext, logging modle record and the first device identification of place equipment arrived generates preset format
Data with alert.
Embodiment seven
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in fig. 7, comprises:
Second receiving module 701, for receiving the data with alert from the first detection node;
First authentication module 702, the data with alert received for verifying the second receiving module 701;
Second sending module 703 connects for when the first authentication module 702 is verified, sending the second receiving module 701
The data with alert received gives each second node server, so that each second node server carries out common recognition verifying.
Embodiment according to the present invention, the first authentication module 702 include: analyzing sub-module, acquisition submodule, decryption
Module, computational submodule and judging submodule, in which:
Analyzing sub-module, the data with alert received for parsing the second receiving module 701, obtain detection data abstract,
Detection data ciphertext, detection time stamp and the first device identification;
Acquisition submodule, the first device identification for being obtained according to analyzing sub-module obtain corresponding public key;
Decrypt submodule, the testing number that the second receiving module of public key decryptions for obtaining according to acquisition submodule receives
Detection data is obtained in plain text according to ciphertext;
Computational submodule, for calculating the abstract for the detection data plaintext that analyzing sub-module obtains;
Judging submodule, for judging the abstract that computational submodule calculates and the detection data that analyzing sub-module parses
It whether consistent makes a summary, is that decision verification passes through;Otherwise decision verification does not pass through.
Embodiment according to the present invention, the device further include: the first preserving module;
First preserving module is saved to local data base in plain text for that will decrypt the detection data that submodule obtains, will be solved
Detection data abstract that analysis submodule obtains, detection time stamp, the first device identification and the second device identification of device save to
Big data information bank;
Corresponding, the second sending module 703 is specifically used for: when the detection data that analyzing sub-module is obtained is made a summary, detected
Between stamp, the first device identification and the second device identification of device be sent to each second node server.
Embodiment eight
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in Figure 8, comprising:
Third receiving module 801, for receiving the data with alert of first node server transmission;
Second authentication module 802, the data with alert for receiving to third receiving module 801 carry out common recognition verifying;
Third sending module 803 stops order to correspondence for sending attack when the second authentication module 802 is verified
The second detection node.
Embodiment according to the present invention, third receiving module 801 are specifically used for: receiving what first node server was sent
Detection data abstract, detection time stamp, the first device identification and the second device identification;
Corresponding, the second authentication module 802 is specifically used for: whether the second device identification of verifying is effective device identification,
It is that decision verification passes through;Otherwise decision verification does not pass through.
Embodiment according to the present invention, third sending module 803 are specifically used for: logical in the verifying of the second authentication module 802
It is out-of-date, attack, which is sent, to corresponding second detection node stops order.
Further, device further include: the second preserving module;
Second preserving module, the alarm for when the second authentication module is verified, third receiving module to be received
Data are saved to big data information bank.
Embodiment nine
Embodiment according to the present invention, a kind of network anti-attack device, as shown in Figure 9, comprising:
4th receiving module 901 stops order for receiving the attack from second node server;
Attack stops module 902, and the attack for being received according to the 4th receiving module 901 stops order, to device institute
Equipment carry out attack obstruction.
Embodiment according to the present invention, attack stop module 902 and are specifically used for: detecting to the equipment where device
And/or update black and white lists library.
Embodiment ten
Embodiment according to the present invention proposes a kind of network anti-attack system, comprising: embodiment six to embodiment nine is appointed
Device described in one.
Embodiment 11
Embodiment according to the present invention proposes a kind of network anti-attack equipment, comprising:
One or more processors store the storage device of one or more programs;
When one or more of programs are executed by one or more of processors, realize such as embodiment one to implementation
Any method of example four.
In the present invention, each server of each enterprise in various regions is interconnected and form alliance's chain, while each server and corresponding equipment
Detection node in (such as computer) carries out data communication;There are networks for equipment where the first detection node detects itself
When attack, by sending corresponding data with alert to corresponding first node server, so that first node server is logical
Excessive data information network transmits network attack information, and then each second detection node transmission in big data information network is attacked
Obstruction order is hit to corresponding second detection node, the second detection node carries out attack and stops operation.In this method, firstly, answering
With big data information technology, information island is effectively avoided, but by information sharing, realize the big of network attack information
Range transmitting;Secondly, being verified by first node server to data with alert, the common recognition of second node server is tested in addition
Card, by double verification, effectively ensured data with alert safety and effectively;Again, big data information is taken full advantage of
System of obligation, the relevant information of network attack quickly, is automatically transferred to each second detection when network attack occurs
Node makes each second detection node carry out attack obstruction, to effectively reduce the infringement range of network attack, largely
On ensured the safety of equipment;Finally, the anti-tamper and traceable characteristic of big data information is taken full advantage of, by attacking network
The relevant information write-in big data information bank hit, ensure that the traceable of assault and can inquire, be subsequent network
The work such as attack analysis and device systems leak analysis provide accurate data basis.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of the claim
Subject to enclosing.
Claims (10)
1. a kind of network anti-attack method based on big data characterized by comprising
First detection node receives detection request from the user, and equipment where detecting itself obtains detection data;
First detection node analyzes the detection data, when analysis result is place equipment there are when attack,
Data with alert is generated according to the detection data and is sent to first node server, so that the first node server is big
It is propagated in data information network.
2. the method according to claim 1, wherein equipment where the detection itself is when obtaining detection data,
Further include: record detection time stamp;
It is described that data with alert is generated according to the detection data, comprising:
Detection data abstract is generated according to the detection data;
The detection data is encrypted using private key to obtain detection data ciphertext;
According to the first equipment of detection data abstract, the detection data ciphertext, the detection time stamp and place equipment
Mark generates the data with alert of preset format.
3. a kind of network anti-attack method characterized by comprising
First node server receives the data with alert from the first detection node;
Data with alert described in the first node server authentication, and when being verified, the data with alert is sent to each
Two node servers, so that each second node server carries out common recognition verifying.
4. according to the method described in claim 3, it is characterized in that, data with alert described in the first node server authentication,
Include:
The first node server parses the data with alert, obtains detection data abstract, detection data ciphertext, detection time
Stamp and the first device identification;
The first node server obtains corresponding public key according to the device identification, detects according to the public key decryptions
Data ciphertext obtains detection data in plain text;
Calculate the abstract of the detection data plaintext, and judge calculate abstract and parsing obtain detection data abstract whether one
It causes, is that decision verification passes through;Otherwise decision verification does not pass through.
5. according to the method described in claim 4, it is characterized in that, the preservation data with alert includes:
The detection data is saved in plain text to local data base;
Detection data abstract, detection time stamp, first device identification and the second device identification of itself are protected
It deposits to big data information bank;
It is described to send the data with alert to each second node server, specifically: send the detection data abstract, the inspection
Timestamp, first device identification and the second device identification of itself are surveyed to each second node server.
6. a kind of network anti-attack method based on big data characterized by comprising
Second node server receives the data with alert that first node server is sent;
The second node server carries out common recognition verifying to the data with alert, and sends attack when being verified and stop life
It enables to corresponding second detection node.
7. according to the method described in claim 6, it is characterized in that, the second node server receives first node server
The data with alert of transmission, specifically: second node server receives detection data abstract, the detection that first node server is sent
Timestamp, the first device identification and the second device identification;
The second node server carries out common recognition verifying to the data with alert, specifically: verifying second device identification
Whether it is effective device identification, is that decision verification passes through;Otherwise decision verification does not pass through.
8. according to the method described in claim 6, it is characterized in that, described send attack obstruction order when being verified to right
The second detection node answered, specifically: when being verified, attack is sent to corresponding second detection node and stops order.
9. according to the method described in claim 6, it is characterized in that, when being verified further include: protect the data with alert
It deposits to big data information bank.
10. a kind of network anti-attack method based on big data characterized by comprising
Second detection node receives the attack from second node server and stops order;
Second detection node is stopped according to the attack and being ordered, and carries out attack obstruction to the equipment where itself.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910267036.9A CN110138731B (en) | 2019-04-03 | 2019-04-03 | Network anti-attack method based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910267036.9A CN110138731B (en) | 2019-04-03 | 2019-04-03 | Network anti-attack method based on big data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110138731A true CN110138731A (en) | 2019-08-16 |
CN110138731B CN110138731B (en) | 2020-02-14 |
Family
ID=67569076
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910267036.9A Active CN110138731B (en) | 2019-04-03 | 2019-04-03 | Network anti-attack method based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110138731B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505243A (en) * | 2019-09-18 | 2019-11-26 | 浙江大华技术股份有限公司 | The processing method and processing device of network attack, storage medium, electronic device |
CN112732193A (en) * | 2021-01-12 | 2021-04-30 | 广州威创信息技术有限公司 | Information security storage system based on big data |
CN113315752A (en) * | 2021-04-22 | 2021-08-27 | 阚中强 | Intelligent medical attack tracing method based on block chain and medical big data system |
CN115189912A (en) * | 2022-06-07 | 2022-10-14 | 广西双正工程监理服务有限公司 | Multiple alarm information system safety management system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050125548A1 (en) * | 2003-10-23 | 2005-06-09 | Paul England | Securely identifying an executable to a trust-determining entity |
CN105426771A (en) * | 2015-10-28 | 2016-03-23 | 成都比特信安科技有限公司 | Method for realizing security of big data |
CN107566381A (en) * | 2017-09-12 | 2018-01-09 | 中国联合网络通信集团有限公司 | Equipment safety control method, apparatus and system |
CN108616534A (en) * | 2018-04-28 | 2018-10-02 | 中国科学院信息工程研究所 | A kind of method and system for protecting internet of things equipment ddos attack based on block chain |
CN108881233A (en) * | 2018-06-21 | 2018-11-23 | 中国联合网络通信集团有限公司 | anti-attack processing method, device, equipment and storage medium |
CN108881494A (en) * | 2018-08-10 | 2018-11-23 | 三门峡速达交通节能科技股份有限公司 | Secure messaging methods based on In-vehicle networking and block chain |
-
2019
- 2019-04-03 CN CN201910267036.9A patent/CN110138731B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050125548A1 (en) * | 2003-10-23 | 2005-06-09 | Paul England | Securely identifying an executable to a trust-determining entity |
CN105426771A (en) * | 2015-10-28 | 2016-03-23 | 成都比特信安科技有限公司 | Method for realizing security of big data |
CN107566381A (en) * | 2017-09-12 | 2018-01-09 | 中国联合网络通信集团有限公司 | Equipment safety control method, apparatus and system |
CN108616534A (en) * | 2018-04-28 | 2018-10-02 | 中国科学院信息工程研究所 | A kind of method and system for protecting internet of things equipment ddos attack based on block chain |
CN108881233A (en) * | 2018-06-21 | 2018-11-23 | 中国联合网络通信集团有限公司 | anti-attack processing method, device, equipment and storage medium |
CN108881494A (en) * | 2018-08-10 | 2018-11-23 | 三门峡速达交通节能科技股份有限公司 | Secure messaging methods based on In-vehicle networking and block chain |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505243A (en) * | 2019-09-18 | 2019-11-26 | 浙江大华技术股份有限公司 | The processing method and processing device of network attack, storage medium, electronic device |
CN112732193A (en) * | 2021-01-12 | 2021-04-30 | 广州威创信息技术有限公司 | Information security storage system based on big data |
CN113315752A (en) * | 2021-04-22 | 2021-08-27 | 阚中强 | Intelligent medical attack tracing method based on block chain and medical big data system |
CN115189912A (en) * | 2022-06-07 | 2022-10-14 | 广西双正工程监理服务有限公司 | Multiple alarm information system safety management system |
CN115189912B (en) * | 2022-06-07 | 2024-01-12 | 广西双正工程监理服务有限公司 | Multiple alarm information system safety management system |
Also Published As
Publication number | Publication date |
---|---|
CN110138731B (en) | 2020-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11089045B2 (en) | User and entity behavioral analysis with network topology enhancements | |
CN106411578B (en) | A kind of web publishing system and method being adapted to power industry | |
US10594714B2 (en) | User and entity behavioral analysis using an advanced cyber decision platform | |
US11818169B2 (en) | Detecting and mitigating attacks using forged authentication objects within a domain | |
US11799900B2 (en) | Detecting and mitigating golden ticket attacks within a domain | |
US11005824B2 (en) | Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform | |
CN110138731A (en) | A kind of network anti-attack method based on big data | |
CN110049043A (en) | Server log monitoring method and system based on block chain | |
CN111800395A (en) | Threat information defense method and system | |
US11818150B2 (en) | System and methods for detecting and mitigating golden SAML attacks against federated services | |
CN106789964B (en) | Cloud resource pool data security detection method and system | |
CN104620225B (en) | Method and system for server security checking | |
US11757849B2 (en) | Detecting and mitigating forged authentication object attacks in multi-cloud environments | |
CN112787992A (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
US20210281609A1 (en) | Rating organization cybersecurity using probe-based network reconnaissance techniques | |
JP2022037896A (en) | Automation method for responding to threat | |
US20230319019A1 (en) | Detecting and mitigating forged authentication attacks using an advanced cyber decision platform | |
CN115694932A (en) | Method and equipment for realizing community sensitive data protection based on block chain technology | |
KR102414334B1 (en) | Method and apparatus for detecting threats of cooperative-intelligent transport road infrastructure | |
Ametepe et al. | Data provenance collection and security in a distributed environment: a survey | |
Beigh et al. | Intrusion detection and prevention system: issues and challenges | |
Dorigo | Security information and event management | |
Ling et al. | Blockchain-based network hawkeye function: building the trust triangle in 6G | |
CN110149324A (en) | A kind of network anti-attack method, device and equipment | |
Osako et al. | Proactive Defense model based on Cyber threat analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |