CN110138731A - A kind of network anti-attack method based on big data - Google Patents

A kind of network anti-attack method based on big data Download PDF

Info

Publication number
CN110138731A
CN110138731A CN201910267036.9A CN201910267036A CN110138731A CN 110138731 A CN110138731 A CN 110138731A CN 201910267036 A CN201910267036 A CN 201910267036A CN 110138731 A CN110138731 A CN 110138731A
Authority
CN
China
Prior art keywords
data
detection
attack
alert
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910267036.9A
Other languages
Chinese (zh)
Other versions
CN110138731B (en
Inventor
李莉莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Terminus Beijing Technology Co Ltd
Original Assignee
Terminus Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Terminus Beijing Technology Co Ltd filed Critical Terminus Beijing Technology Co Ltd
Priority to CN201910267036.9A priority Critical patent/CN110138731B/en
Publication of CN110138731A publication Critical patent/CN110138731A/en
Application granted granted Critical
Publication of CN110138731B publication Critical patent/CN110138731B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The invention discloses a kind of network anti-attack methods based on big data, belong to network security and big data information technology field.The described method includes: the first detection node receives detection request from the user, equipment where detecting itself obtains detection data, analysis detecting data is place equipment there are when attack when analyzing result, generates data with alert according to detection data and be sent to first node server;The data with alert that first node server authentication receives, and when being verified, data with alert is sent to each second node server;Second node server carries out common recognition verifying to the data with alert received, and sends attack when being verified and stop order to corresponding second detection node;Second detection node stops order according to attack, carries out attack obstruction to the equipment where itself.In the present invention, using the information sharing of big data information realization, to reduce the infringement range of network attack, the safety of more equipment has been ensured to a certain extent.

Description

A kind of network anti-attack method based on big data
Technical field
The present invention relates to network security and big data information technology field more particularly to a kind of network anti-attack methods.
Background technique
With the fast development of Internet technology, huge change also has occurred in people's lives mode therewith, and people pass through Web browsing news, by shopping at network, pass through network office, it may be said that ten hundreds of equipment is had accumulated in network and can not The information of appraisal.Consequent, network security also become the thing that people are concerned, in recent years, the nets such as viral wooden horse Network attack happens occasionally, most due to it and in society when some equipment are found or when by network attack Equipment between be isolated, thus found that timely network attack information cannot be passed by the equipment of network attack More equipment are passed, so that the range for causing network attack incrementally increases, cause certain loss.
Summary of the invention
The purpose of the present invention is what is be achieved through the following technical solutions.
In a first aspect, the present invention proposes a kind of network anti-attack method based on big data, comprising:
First detection node receives detection request from the user, and equipment where detecting itself obtains detection data;
First detection node analyzes the detection data, when analysis result is that there are attacks for place equipment When, data with alert is generated according to the detection data and is sent to first node server, for the first node server It is propagated in big data information network.
Optionally, when equipment where the detection itself obtains detection data, further includes: record detection time stamp;
It is described that data with alert is generated according to the detection data, comprising:
Detection data abstract is generated according to the detection data;
The detection data is encrypted using private key to obtain detection data ciphertext;
According to the first of detection data abstract, the detection data ciphertext, the detection time stamp and place equipment The data with alert of device identification generation preset format.
Second aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
First node server receives the data with alert from the first detection node;
Data with alert described in the first node server authentication, and when being verified, send the data with alert to Each second node server, so that each second node server carries out common recognition verifying.
Optionally, data with alert described in the first node server authentication, comprising:
The first node server parses the data with alert, obtains detection data abstract, detection data ciphertext, detection Timestamp and the first device identification;
The first node server obtains corresponding public key according to the device identification, according to the public key decryptions Detection data ciphertext obtains detection data in plain text;
The abstract of the detection data plaintext is calculated, and the detection data abstract for judging that the abstract calculated is obtained with parsing is It is no consistent, it is that decision verification passes through;Otherwise decision verification does not pass through.
Optionally, before the transmission data with alert is to each second node server, further includes: save the alarm Data.
Optionally, the preservation data with alert includes:
The detection data is saved in plain text to local data base;
By detection data abstract, detection time stamp, first device identification and the second equipment mark of itself Know and saves to big data information bank;
It is described to send the data with alert to each second node server, specifically: send the detection data abstract, institute Detection time stamp, first device identification and the second device identification of itself are stated to each second node server.
The third aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
Second node server receives the data with alert that first node server is sent;
The second node server carries out common recognition verifying to the data with alert, and attack resistance is sent when being verified Order is blocked to corresponding second detection node.
Optionally, the second node server receives the data with alert that first node server is sent, specifically: second Node server receives detection data abstract, the detection time stamp, the first device identification and second that first node server is sent Device identification;
Corresponding, the second node server carries out common recognition verifying to the data with alert, specifically: verifying described the Whether two device identifications are effective device identification, are that decision verification passes through;Otherwise decision verification does not pass through.
Optionally, the transmission attack when being verified, which stops, orders to corresponding second detection node, specifically: When being verified, attack is sent to corresponding second detection node and stops order.
Optionally, when being verified further include: saving the data with alert to big data information bank.
Fourth aspect, the present invention propose a kind of network anti-attack method based on big data, comprising:
Second detection node receives the attack from second node server and stops order;
Second detection node is stopped according to the attack and being ordered, and carries out attack obstruction to the equipment where itself.
Optionally, the equipment to where itself carries out attack obstruction, specifically: the equipment where itself is examined Survey and/or update black and white lists library.
The present invention has the advantages that
In the present invention, each server of each enterprise in various regions is interconnected and form alliance's chain, while each server and corresponding equipment Detection node in (such as computer) carries out data communication;There are networks for equipment where the first detection node detects itself When attack, by sending corresponding data with alert to corresponding first node server, so that first node server is logical Excessive data information network transmits network attack information, and then each second detection node transmission in big data information network is attacked Obstruction order is hit to corresponding second detection node, the second detection node carries out attack and stops operation.In this method, firstly, answering With big data information technology, information island is effectively avoided, but by information sharing, realize the big of network attack information Range transmitting;Secondly, being verified by first node server to data with alert, the common recognition of second node server is tested in addition Card, by double verification, effectively ensured data with alert safety and effectively;Again, big data information is taken full advantage of System of obligation, the relevant information of network attack quickly, is automatically transferred to each second detection when network attack occurs Node makes each second detection node carry out attack obstruction, to effectively reduce the infringement range of network attack, largely On ensured the safety of more equipment;Finally, take full advantage of the anti-tamper and traceable characteristic of big data information, by by net Big data information is written in the relevant information of network attack, ensure that the traceable of assault and can inquire, is subsequent net The work such as network attack analysis and device systems leak analysis provide accurate data basis.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Attached drawing 1 is a kind of network anti-attack method process applied to the first detection node according to embodiment of the present invention Figure;
Attached drawing 2 is a kind of network anti-attack method stream applied to first node server according to embodiment of the present invention Cheng Tu;
Attached drawing 3 is a kind of network anti-attack method stream applied to second node server according to embodiment of the present invention Cheng Tu;
Attached drawing 4 is a kind of network anti-attack method flow chart according to embodiment of the present invention
Attached drawing 5 is the first network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 6 is second of network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 7 is the third network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 8 is the 4th kind of network anti-attack apparatus module composition block diagram according to embodiment of the present invention;
Attached drawing 9 is the 5th kind of network anti-attack apparatus module composition block diagram according to embodiment of the present invention.
Specific embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this public affairs in attached drawing The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here The mode of applying is limited.It is to be able to thoroughly understand the disclosure on the contrary, providing these embodiments, and can be by this public affairs The range opened is fully disclosed to those skilled in the art.
In the present invention, using each server of each enterprise in various regions as big data information node, so that each server is established mutually Company forms alliance's chain;Each server (is installed in equipment and has with the detection node in corresponding equipment (such as computer) simultaneously Have the application of equipment detection function, such as security guard) data communication is carried out, when the net that the correspondence detection node received is sent When network attacks information, network attack information is passed to by other each servers by big data information network, services other respectively Device sends attack in time and stops order to corresponding detection node, to reduce the infringement range of network attack;That is, of the invention In, by forming distributed network attack protection system, quickly and effectively network attack information can not only be transmitted, and solves Trust problem between Liao Ge enterprise, realizes information sharing, improves the utilization rate of information.
Further, for convenient for distinguishing, the detection node that will test attack in the present invention is denoted as the first inspection Node is surveyed, the corresponding server of the first detection node is denoted as first node server, and will be in big data information network except the Other servers outside one node server are denoted as second node server, by the corresponding detection node of each second node server It is denoted as the second detection node;The network anti-attack method in the present invention is described in detail below.
Embodiment one
Embodiment according to the present invention proposes a kind of network anti-attack method applied to the first detection node, such as Fig. 1 It is shown, comprising:
Step 101: the first detection node receives detection request from the user, and equipment where detecting itself obtains testing number According to;
Specifically, the first detection node receives detection request from the user, the safe condition of equipment where detecting itself Detection data is obtained, and records detection time stamp.
Step 102: the detection data that the first detection node is analyzed, when analysis result is that there are networks to attack for place equipment When hitting behavior, data with alert is generated according to obtained detection data and is sent to first node server, for first node clothes Business device is propagated in big data information network.
Embodiment according to the present invention generates data with alert according to obtained detection data, comprising:
Step A1: detection data abstract is generated according to detection data;
Step A2: detection data is encrypted using private key to obtain detection data ciphertext;
Step A3: according to the first of detection data abstract, detection data ciphertext, the detection time of record stamp and place equipment The data with alert of device identification generation preset format.
Wherein, preset format can sets itself according to demand, such as preset format is that will test data summarization, testing number Conjunction symbol "-" splicing is passed sequentially through according to the first device identification of ciphertext, the detection time of record stamp and place equipment.
Further, the detailed process for the detection data analyzed in step 102 can be in the prior art arbitrarily can be real The analysis method applied, which is not limited by the present invention.
In the present embodiment, when the first detection node detects attack, by the way that corresponding data with alert is sent out First node server is given, is quickly and effectively transmitted network attack information by big data information network with realizing.
Embodiment two
Embodiment according to the present invention proposes a kind of network anti-attack method applied to first node server, such as Shown in Fig. 2, comprising:
Step 201: first node server receives the data with alert from the first detection node;
Step 202: the data with alert that first node server authentication receives, and when being verified, send alarm number According to each second node server is given, so that each second node server carries out common recognition verifying.
Embodiment according to the present invention, data with alert described in first node server authentication in step 202, comprising:
Step B1: first node server parses the data with alert received, and it is close to obtain detection data abstract, detection data Text, detection time stamp and the first device identification;
Specifically, reading the detection data abstract in data with alert, detection data ciphertext, detection time according to preset format Stamp and the first device identification.
Step B2: first node server obtains corresponding public key according to obtained device identification, is obtained using public key decryptions To detection data ciphertext obtain detection data in plain text;
Specifically, the device identification that first node server is searched in the local database, and reads and to find The corresponding public key of device identification, the detection data ciphertext obtained using the public key decryptions of reading obtain detection data in plain text.
Step B3: the abstract for the detection data plaintext being calculated, and judge the detection that the abstract calculated and parsing obtain Whether data summarization is consistent, is, decision verification passes through;Otherwise decision verification does not pass through.
In the present invention, the data with alert received is verified by first node server, has effectively ensured police The safety of count off evidence avoids after being attacked because of the corresponding equipment of the first detection node with effectively, promoter's benefit of attack Malicious messages are sent to first node server with the first detection node, further avoid malicious messages in big data Information Network It is propagated in network.
Embodiment according to the present invention is also wrapped before sending data with alert in step 202 to each second node server It includes: saving the data with alert.
It saves specifically, will test data clear text to local data base, and will test data summarization, detection time stamp, the One device identification and the second device identification of itself are saved to big data information bank;
It is corresponding, data with alert is sent in step 202 to each second node server, specifically: it sends detection data and plucks It wants, detection time is stabbed, the first device identification and the second device identification of itself are to each second node server.
In the present invention, needs to occupy biggish memory space in plain text due to saving detection data, only will test in the present invention Data summarization is saved to big data information bank, and be will test data clear text and saved to first node server local, thus can It is enough that assault is being traced and inquired subsequently through the data in big data information;It again can be in server local The details of viral wooden horse etc. are consulted, while improving the utilization rate of big data information storage space.
In the present embodiment, after the data with alert that the first detection node that second node server receives is sent, by right Data with alert is verified, to be sent in big data information network under the premise of guaranteeing that data with alert is safe and effective Each second node server not only avoids and causes malicious messages in big data Information Network since the first detection node is attacked The risk propagated in network, and realize the fast and effective transmitting of network attack information.
Embodiment three
Embodiment according to the present invention proposes a kind of network anti-attack method applied to second node server, such as Shown in Fig. 3, comprising:
Step 301: second node server receives the data with alert that first node server is sent;
Specifically, second node server receives, the detection data that first node server is sent is made a summary, detection time is stabbed, First device identification and the second device identification.
Step 302: second node server carries out common recognition verifying, and the hair when being verified to the data with alert received Attack is sent to stop order to corresponding second detection node.
Embodiment according to the present invention, second node server is total to the data with alert received in step 302 Know verifying, specifically: it verifies whether the second device identification received is effective device identification, is that decision verification passes through; Otherwise decision verification does not pass through.
More specifically, whether second node server judges in the device identification of itself preservation containing second received Device identification is to determine that the second device identification received is effective device identification;Otherwise determine that receive second sets Standby mark is not effective device identification.
In the present invention, common recognition verifying is carried out to the second device identification received by second node server, to ensure Corresponding first node server is effective server in big data information network, and then ensures the standard of the data received True property.
Embodiment according to the present invention sends attack in step 302 when being verified and stops order to corresponding the Two detection nodes, specifically: when being verified, attack is sent to corresponding second detection node and stops order.
In the present invention, the agreement for sending attack and stopping order is disposed in each node server in advance, the quantity of agreement can be with Can also be for one it is multiple, can sets itself according to demand.
Further, embodiment according to the present invention, when being verified in step 302 further include: by what is received Data with alert is saved to big data information bank.
Specifically, extremely by the detection data received abstract, detection time stamp, the first device identification and the second device identification Big data information.
In the present invention, by the way that big data information is written in the relevant information of network attack, assault ensure that It can be traced and can inquire, provide accurate data base for the work such as subsequent Analysis of Network Attack and device systems leak analysis Plinth.
In the present embodiment, when each second detection node is verified the data with alert received, to corresponding second Detection node sends attack and stops order, so that each second detection node is carried out attack obstruction, quickly and effectively.
Example IV
Embodiment according to the present invention proposes a kind of network anti-attack method applied to the second detection node, such as Fig. 4 It is shown, comprising:
Step 401: the second detection node receives the attack from second node server and stops order;
Step 402: the second detection node stops order according to the attack received, attacks the equipment where itself It stops.
Wherein, attack obstruction is carried out to the equipment where itself, specifically: to the equipment where itself carry out detection and/ Or update black and white lists library.
In the present invention, when the second detection node, which receives attack, stops order, the ring of equipment where detecting itself automatically Border safe condition carries out the operations such as loophole reparation or patch installation and effectively to avoid network attack;And/or it is stopped according to attack The relevant information of the attack contained in order updates local black and white lists library, to stop the invasion of network attack.
In the present embodiment, each second detection node receive attack stop order when, automatically to the equipment where itself into Row attack stops, to effectively reduce the infringement range of network attack.
Embodiment five
Embodiment according to the present invention proposes a kind of network anti-attack method, as shown in Figure 5, comprising:
Step 501: the first detection node receives detection request from the user, and equipment where detecting itself obtains testing number According to;
Step 502: the detection data that the first detection node is analyzed, when analysis result is that there are networks to attack for place equipment When hitting behavior, data with alert is generated according to obtained detection data and is sent to first node server;
Wherein, the process that data with alert is generated according to obtained detection data, with step A1- step A3 in embodiment one The method is identical, and details are not described herein.
Step 503: the data with alert that first node server authentication receives, and when being verified, send alarm number According to each second node server;
Wherein, the process for the data with alert that first node server authentication receives is walked with step B1- in embodiment two Method described in rapid 3 is identical, and details are not described herein.
Step 504: second node server carries out common recognition verifying, and the hair when being verified to the data with alert received Attack is sent to stop order to corresponding second detection node;
Wherein, second node server carries out the process of common recognition verifying to the data with alert received, with three step of embodiment The process that second node server described in rapid 302 carries out common recognition verifying to the data with alert received is identical, herein no longer It repeats.
Step 505: the second detection node stops order according to the attack received, attacks the equipment where itself It stops.
Wherein, attack obstruction is carried out to the equipment where itself, specifically: to the equipment where itself carry out detection and/ Or update black and white lists library.
In the present embodiment, it is based on big data information, realizes the fast and effective transmitting of network attack relevant information, and then hold Row attack stops operation, to reduce the infringement range of network attack.
Embodiment six
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in Figure 6, comprising:
First receiving module 601, for receiving detection request from the user;
Detection module 602 detects itself institute when receiving detection from the user request for the first receiving module 601 Detection data is obtained in equipment;
Analysis module 603, the detection data obtained for analysis detection module 602;
Generation module 604, for when the analysis result of analysis module 603 is place equipment there are when attack, Data with alert is generated according to the detection data that detection module 602 obtains;
First sending module 605, the data with alert for sending the generation of generation module 604 give first node server, with It is propagated in big data information network for first node server.
Embodiment according to the present invention, the device further include: logging modle;
Logging modle, for recording detection time stamp.
Embodiment according to the present invention, generation module 604 include: the first generation submodule, encryption submodule and second Generate submodule, in which:
First generates submodule, and the detection data for being obtained according to detection module 602 generates detection data abstract;
Submodule is encrypted, the detection data for obtaining using private key to detection module 602 encrypts to obtain detection data close Text;
Second generates submodule, and the detection data abstract, encryption submodule for being generated according to the first generation submodule obtain The detection time stamp of detection data ciphertext, logging modle record and the first device identification of place equipment arrived generates preset format Data with alert.
Embodiment seven
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in fig. 7, comprises:
Second receiving module 701, for receiving the data with alert from the first detection node;
First authentication module 702, the data with alert received for verifying the second receiving module 701;
Second sending module 703 connects for when the first authentication module 702 is verified, sending the second receiving module 701 The data with alert received gives each second node server, so that each second node server carries out common recognition verifying.
Embodiment according to the present invention, the first authentication module 702 include: analyzing sub-module, acquisition submodule, decryption Module, computational submodule and judging submodule, in which:
Analyzing sub-module, the data with alert received for parsing the second receiving module 701, obtain detection data abstract, Detection data ciphertext, detection time stamp and the first device identification;
Acquisition submodule, the first device identification for being obtained according to analyzing sub-module obtain corresponding public key;
Decrypt submodule, the testing number that the second receiving module of public key decryptions for obtaining according to acquisition submodule receives Detection data is obtained in plain text according to ciphertext;
Computational submodule, for calculating the abstract for the detection data plaintext that analyzing sub-module obtains;
Judging submodule, for judging the abstract that computational submodule calculates and the detection data that analyzing sub-module parses It whether consistent makes a summary, is that decision verification passes through;Otherwise decision verification does not pass through.
Embodiment according to the present invention, the device further include: the first preserving module;
First preserving module is saved to local data base in plain text for that will decrypt the detection data that submodule obtains, will be solved Detection data abstract that analysis submodule obtains, detection time stamp, the first device identification and the second device identification of device save to Big data information bank;
Corresponding, the second sending module 703 is specifically used for: when the detection data that analyzing sub-module is obtained is made a summary, detected Between stamp, the first device identification and the second device identification of device be sent to each second node server.
Embodiment eight
Embodiment according to the present invention proposes a kind of network anti-attack device, as shown in Figure 8, comprising:
Third receiving module 801, for receiving the data with alert of first node server transmission;
Second authentication module 802, the data with alert for receiving to third receiving module 801 carry out common recognition verifying;
Third sending module 803 stops order to correspondence for sending attack when the second authentication module 802 is verified The second detection node.
Embodiment according to the present invention, third receiving module 801 are specifically used for: receiving what first node server was sent Detection data abstract, detection time stamp, the first device identification and the second device identification;
Corresponding, the second authentication module 802 is specifically used for: whether the second device identification of verifying is effective device identification, It is that decision verification passes through;Otherwise decision verification does not pass through.
Embodiment according to the present invention, third sending module 803 are specifically used for: logical in the verifying of the second authentication module 802 It is out-of-date, attack, which is sent, to corresponding second detection node stops order.
Further, device further include: the second preserving module;
Second preserving module, the alarm for when the second authentication module is verified, third receiving module to be received Data are saved to big data information bank.
Embodiment nine
Embodiment according to the present invention, a kind of network anti-attack device, as shown in Figure 9, comprising:
4th receiving module 901 stops order for receiving the attack from second node server;
Attack stops module 902, and the attack for being received according to the 4th receiving module 901 stops order, to device institute Equipment carry out attack obstruction.
Embodiment according to the present invention, attack stop module 902 and are specifically used for: detecting to the equipment where device And/or update black and white lists library.
Embodiment ten
Embodiment according to the present invention proposes a kind of network anti-attack system, comprising: embodiment six to embodiment nine is appointed Device described in one.
Embodiment 11
Embodiment according to the present invention proposes a kind of network anti-attack equipment, comprising:
One or more processors store the storage device of one or more programs;
When one or more of programs are executed by one or more of processors, realize such as embodiment one to implementation Any method of example four.
In the present invention, each server of each enterprise in various regions is interconnected and form alliance's chain, while each server and corresponding equipment Detection node in (such as computer) carries out data communication;There are networks for equipment where the first detection node detects itself When attack, by sending corresponding data with alert to corresponding first node server, so that first node server is logical Excessive data information network transmits network attack information, and then each second detection node transmission in big data information network is attacked Obstruction order is hit to corresponding second detection node, the second detection node carries out attack and stops operation.In this method, firstly, answering With big data information technology, information island is effectively avoided, but by information sharing, realize the big of network attack information Range transmitting;Secondly, being verified by first node server to data with alert, the common recognition of second node server is tested in addition Card, by double verification, effectively ensured data with alert safety and effectively;Again, big data information is taken full advantage of System of obligation, the relevant information of network attack quickly, is automatically transferred to each second detection when network attack occurs Node makes each second detection node carry out attack obstruction, to effectively reduce the infringement range of network attack, largely On ensured the safety of equipment;Finally, the anti-tamper and traceable characteristic of big data information is taken full advantage of, by attacking network The relevant information write-in big data information bank hit, ensure that the traceable of assault and can inquire, be subsequent network The work such as attack analysis and device systems leak analysis provide accurate data basis.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of the claim Subject to enclosing.

Claims (10)

1. a kind of network anti-attack method based on big data characterized by comprising
First detection node receives detection request from the user, and equipment where detecting itself obtains detection data;
First detection node analyzes the detection data, when analysis result is place equipment there are when attack, Data with alert is generated according to the detection data and is sent to first node server, so that the first node server is big It is propagated in data information network.
2. the method according to claim 1, wherein equipment where the detection itself is when obtaining detection data, Further include: record detection time stamp;
It is described that data with alert is generated according to the detection data, comprising:
Detection data abstract is generated according to the detection data;
The detection data is encrypted using private key to obtain detection data ciphertext;
According to the first equipment of detection data abstract, the detection data ciphertext, the detection time stamp and place equipment Mark generates the data with alert of preset format.
3. a kind of network anti-attack method characterized by comprising
First node server receives the data with alert from the first detection node;
Data with alert described in the first node server authentication, and when being verified, the data with alert is sent to each Two node servers, so that each second node server carries out common recognition verifying.
4. according to the method described in claim 3, it is characterized in that, data with alert described in the first node server authentication, Include:
The first node server parses the data with alert, obtains detection data abstract, detection data ciphertext, detection time Stamp and the first device identification;
The first node server obtains corresponding public key according to the device identification, detects according to the public key decryptions Data ciphertext obtains detection data in plain text;
Calculate the abstract of the detection data plaintext, and judge calculate abstract and parsing obtain detection data abstract whether one It causes, is that decision verification passes through;Otherwise decision verification does not pass through.
5. according to the method described in claim 4, it is characterized in that, the preservation data with alert includes:
The detection data is saved in plain text to local data base;
Detection data abstract, detection time stamp, first device identification and the second device identification of itself are protected It deposits to big data information bank;
It is described to send the data with alert to each second node server, specifically: send the detection data abstract, the inspection Timestamp, first device identification and the second device identification of itself are surveyed to each second node server.
6. a kind of network anti-attack method based on big data characterized by comprising
Second node server receives the data with alert that first node server is sent;
The second node server carries out common recognition verifying to the data with alert, and sends attack when being verified and stop life It enables to corresponding second detection node.
7. according to the method described in claim 6, it is characterized in that, the second node server receives first node server The data with alert of transmission, specifically: second node server receives detection data abstract, the detection that first node server is sent Timestamp, the first device identification and the second device identification;
The second node server carries out common recognition verifying to the data with alert, specifically: verifying second device identification Whether it is effective device identification, is that decision verification passes through;Otherwise decision verification does not pass through.
8. according to the method described in claim 6, it is characterized in that, described send attack obstruction order when being verified to right The second detection node answered, specifically: when being verified, attack is sent to corresponding second detection node and stops order.
9. according to the method described in claim 6, it is characterized in that, when being verified further include: protect the data with alert It deposits to big data information bank.
10. a kind of network anti-attack method based on big data characterized by comprising
Second detection node receives the attack from second node server and stops order;
Second detection node is stopped according to the attack and being ordered, and carries out attack obstruction to the equipment where itself.
CN201910267036.9A 2019-04-03 2019-04-03 Network anti-attack method based on big data Active CN110138731B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910267036.9A CN110138731B (en) 2019-04-03 2019-04-03 Network anti-attack method based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910267036.9A CN110138731B (en) 2019-04-03 2019-04-03 Network anti-attack method based on big data

Publications (2)

Publication Number Publication Date
CN110138731A true CN110138731A (en) 2019-08-16
CN110138731B CN110138731B (en) 2020-02-14

Family

ID=67569076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910267036.9A Active CN110138731B (en) 2019-04-03 2019-04-03 Network anti-attack method based on big data

Country Status (1)

Country Link
CN (1) CN110138731B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505243A (en) * 2019-09-18 2019-11-26 浙江大华技术股份有限公司 The processing method and processing device of network attack, storage medium, electronic device
CN112732193A (en) * 2021-01-12 2021-04-30 广州威创信息技术有限公司 Information security storage system based on big data
CN113315752A (en) * 2021-04-22 2021-08-27 阚中强 Intelligent medical attack tracing method based on block chain and medical big data system
CN115189912A (en) * 2022-06-07 2022-10-14 广西双正工程监理服务有限公司 Multiple alarm information system safety management system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125548A1 (en) * 2003-10-23 2005-06-09 Paul England Securely identifying an executable to a trust-determining entity
CN105426771A (en) * 2015-10-28 2016-03-23 成都比特信安科技有限公司 Method for realizing security of big data
CN107566381A (en) * 2017-09-12 2018-01-09 中国联合网络通信集团有限公司 Equipment safety control method, apparatus and system
CN108616534A (en) * 2018-04-28 2018-10-02 中国科学院信息工程研究所 A kind of method and system for protecting internet of things equipment ddos attack based on block chain
CN108881233A (en) * 2018-06-21 2018-11-23 中国联合网络通信集团有限公司 anti-attack processing method, device, equipment and storage medium
CN108881494A (en) * 2018-08-10 2018-11-23 三门峡速达交通节能科技股份有限公司 Secure messaging methods based on In-vehicle networking and block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125548A1 (en) * 2003-10-23 2005-06-09 Paul England Securely identifying an executable to a trust-determining entity
CN105426771A (en) * 2015-10-28 2016-03-23 成都比特信安科技有限公司 Method for realizing security of big data
CN107566381A (en) * 2017-09-12 2018-01-09 中国联合网络通信集团有限公司 Equipment safety control method, apparatus and system
CN108616534A (en) * 2018-04-28 2018-10-02 中国科学院信息工程研究所 A kind of method and system for protecting internet of things equipment ddos attack based on block chain
CN108881233A (en) * 2018-06-21 2018-11-23 中国联合网络通信集团有限公司 anti-attack processing method, device, equipment and storage medium
CN108881494A (en) * 2018-08-10 2018-11-23 三门峡速达交通节能科技股份有限公司 Secure messaging methods based on In-vehicle networking and block chain

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505243A (en) * 2019-09-18 2019-11-26 浙江大华技术股份有限公司 The processing method and processing device of network attack, storage medium, electronic device
CN112732193A (en) * 2021-01-12 2021-04-30 广州威创信息技术有限公司 Information security storage system based on big data
CN113315752A (en) * 2021-04-22 2021-08-27 阚中强 Intelligent medical attack tracing method based on block chain and medical big data system
CN115189912A (en) * 2022-06-07 2022-10-14 广西双正工程监理服务有限公司 Multiple alarm information system safety management system
CN115189912B (en) * 2022-06-07 2024-01-12 广西双正工程监理服务有限公司 Multiple alarm information system safety management system

Also Published As

Publication number Publication date
CN110138731B (en) 2020-02-14

Similar Documents

Publication Publication Date Title
US11089045B2 (en) User and entity behavioral analysis with network topology enhancements
CN106411578B (en) A kind of web publishing system and method being adapted to power industry
US10594714B2 (en) User and entity behavioral analysis using an advanced cyber decision platform
US11818169B2 (en) Detecting and mitigating attacks using forged authentication objects within a domain
US11799900B2 (en) Detecting and mitigating golden ticket attacks within a domain
US11005824B2 (en) Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform
CN110138731A (en) A kind of network anti-attack method based on big data
CN110049043A (en) Server log monitoring method and system based on block chain
CN111800395A (en) Threat information defense method and system
US11818150B2 (en) System and methods for detecting and mitigating golden SAML attacks against federated services
CN106789964B (en) Cloud resource pool data security detection method and system
CN104620225B (en) Method and system for server security checking
US11757849B2 (en) Detecting and mitigating forged authentication object attacks in multi-cloud environments
CN112787992A (en) Method, device, equipment and medium for detecting and protecting sensitive data
US20210281609A1 (en) Rating organization cybersecurity using probe-based network reconnaissance techniques
JP2022037896A (en) Automation method for responding to threat
US20230319019A1 (en) Detecting and mitigating forged authentication attacks using an advanced cyber decision platform
CN115694932A (en) Method and equipment for realizing community sensitive data protection based on block chain technology
KR102414334B1 (en) Method and apparatus for detecting threats of cooperative-intelligent transport road infrastructure
Ametepe et al. Data provenance collection and security in a distributed environment: a survey
Beigh et al. Intrusion detection and prevention system: issues and challenges
Dorigo Security information and event management
Ling et al. Blockchain-based network hawkeye function: building the trust triangle in 6G
CN110149324A (en) A kind of network anti-attack method, device and equipment
Osako et al. Proactive Defense model based on Cyber threat analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant