CN110784473A - Wisdom piping lane trade cloud security defense system - Google Patents

Wisdom piping lane trade cloud security defense system Download PDF

Info

Publication number
CN110784473A
CN110784473A CN201911049942.8A CN201911049942A CN110784473A CN 110784473 A CN110784473 A CN 110784473A CN 201911049942 A CN201911049942 A CN 201911049942A CN 110784473 A CN110784473 A CN 110784473A
Authority
CN
China
Prior art keywords
program
module
cloud security
pipe gallery
security defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911049942.8A
Other languages
Chinese (zh)
Inventor
杨华斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu I-Front Science & Technology Co Ltd
Original Assignee
Jiangsu I-Front Science & Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu I-Front Science & Technology Co Ltd filed Critical Jiangsu I-Front Science & Technology Co Ltd
Priority to CN201911049942.8A priority Critical patent/CN110784473A/en
Publication of CN110784473A publication Critical patent/CN110784473A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Abstract

The invention belongs to the technical field of network security, and particularly relates to a cloud security defense system in the intelligent pipe gallery industry, which comprises: the system comprises a plurality of pipe gallery user sides and a cloud security defense server connected with the pipe gallery user sides through a network; piping lane user side includes: the authority management unit is used for judging whether the pipe gallery user side has authority to establish normal network communication connection with the cloud security defense server; and the black and white list database unit is used for storing the black and white list program characteristics and the program behaviors of the user side of the pipe gallery. According to the method, the design of the cloud security defense server is added, the data recorded by the plurality of pipe gallery user terminals are collected, so that the data in the black and white list database unit of each pipe gallery user terminal are updated, the identification range of malicious software is widened, the safety is improved, meanwhile, unknown software is identified and analyzed in the cloud security defense server, and the pipe gallery user terminals can be prevented from being attacked and interfered by unknown programs.

Description

Wisdom piping lane trade cloud security defense system
Technical Field
The invention relates to the technical field of network security, in particular to a cloud security defense system for the intelligent pipe gallery industry.
Background
Malicious programs are a general term referring to any software program that is intentionally created to perform unauthorized and often harmful actions. Computer viruses, back door programs, keyloggers, password thieves, Word and Excel macro viruses, boot viruses, script viruses (batch, windows shell, java, etc.), trojans, criminal software, spyware, adware, and the like, are examples of what may be referred to as malware.
The existing pipe gallery equipment and monitoring are managed and monitored in a unified mode through the Internet, therefore, network security protection is needed to be carried out on a user side, malicious programs are prevented from attacking and infecting the user side to cause pipe gallery data loss and infection, the existing coping method is to install a firewall at the user side, but a data packet of the firewall is updated slowly, and the firewall cannot share data with other pipe gallery user sides, malicious programs are updated and attacked increasingly at present in a big data era, traditional security measures cannot be coped with, and therefore the intelligent pipe gallery industry cloud security defense system is provided.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a cloud security defense system in the intelligent pipe gallery industry, and solves the problems in the background technology.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme: a wisdom piping lane trade cloud security defense system includes:
the system comprises a plurality of pipe gallery user sides and a cloud security defense server connected with the pipe gallery user sides through a network;
piping lane user side includes:
the authority management unit is used for judging whether the pipe gallery user side has authority to establish normal network communication connection with the cloud security defense server;
the black and white list database unit is used for storing black and white list program characteristics and program behaviors of the user side of the pipe gallery;
the program processing unit is used for identifying and judging the program and the file and carrying out corresponding processing;
the defense log data unit is used for recording and transmitting defense log data of the pipe gallery user side to the cloud security defense server;
the program file backup unit is used for backing up the safe program and file of the user side of the pipe gallery in the cloud security defense server;
the cloud security defense server is used for establishing normal communication connection with the pipe gallery user sides, identifying and judging unknown programs of the pipe gallery user sides and feeding back the unknown programs, receiving data of the black and white list database units and the defense log data units of the plurality of pipe gallery user sides, arranging and summarizing the data, and updating the black and white list database units of each pipe gallery user side.
As a preferred technical solution of the present invention, the right management unit includes a request connection module and a security authentication module;
the request connection module is used for sending a request instruction for requesting to establish communication connection to the cloud security defense server;
the security authentication module is used for authenticating request feedback verification information of the cloud security defense server.
As a preferred technical solution of the present invention, the request instruction further includes an IP address and a user code of the user side of the pipe rack;
the verification information is a verification password initially set by the pipe gallery user side in the cloud security defense server.
As a preferred technical solution of the present invention, the verification password is a character composed of letters, numbers and symbols.
As a preferred technical solution of the present invention, the black and white list database unit includes a black list program module, a white list program module, and an unknown program module;
the blacklist program module is used for storing program characteristics and program behaviors of dangerous programs and suspicious programs;
the white list program module is used for storing program characteristics and program behaviors of the security program;
the unknown program module is used for storing the program characteristics and the program behaviors of the unknown program.
As a preferred technical solution of the present invention, the program processing unit includes a program analysis module, a program transfer module, a program deletion module, and a program permission module;
the program analysis module is used for analyzing and identifying the installed and to-be-installed programs according to the black and white list database unit and judging whether the programs are safe or not;
the program transfer module is used for transferring a program which cannot be specifically judged into the cloud security defense server for analysis;
the program deleting module is used for deleting the dangerous program and cleaning the related files;
the program enable module is for enabling a program to be installed on the user side of the pipe rack.
As a preferred technical scheme of the invention, the defense log data unit comprises a log data record storage module and a log data sending module;
the log data record storage module is used for recording and storing the attack times, attack time, program characteristics and program behaviors of the malicious programs received by the user side of the pipe rack;
the log data sending module is used for sending the data stored in the log data record storage module to the cloud security defense system.
(III) advantageous effects
Compared with the prior art, the invention provides a cloud security defense system for the intelligent pipe gallery industry, which has the following beneficial effects:
this wisdom piping lane trade cloud defense system, design through increasing cloud defense server, gather the data of a plurality of piping lane user side records, thereby data to in the blacklist database unit of every piping lane user side are updated, thereby malware's identification range has been improved, the security has been improved, simultaneously carry out the identification analysis with unknown software in cloud defense server, can guarantee that the piping lane user side does not receive the attack and the interference of unknown procedure, known malware can be cleared up by automation simultaneously, thereby the security of piping lane user side has been improved, can protect data, guarantee the normal work of piping lane user side simultaneously.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
The invention provides the following technical scheme: a wisdom piping lane trade cloud security defense system includes:
a plurality of piping lane user sides and rather than the cloud security defense server through network connection.
Piping lane user includes:
and the authority management unit is used for judging whether the pipe gallery user side has authority to establish normal network communication connection with the cloud security defense server.
And the black and white list database unit is used for storing the black and white list program characteristics and the program behaviors of the user side of the pipe gallery.
And the program processing unit is used for identifying and judging the program and the file and carrying out corresponding processing.
And the defense log data unit is used for recording and transmitting the defense log data of the pipe gallery user side to the cloud security defense server.
And the program file backup unit is used for backing up the safe program and file of the user side of the pipe gallery in the cloud security defense server.
The cloud security defense server is used for establishing normal communication connection with the pipe gallery user sides, identifying and judging unknown programs of the pipe gallery user sides and feeding back the unknown programs, receiving data of the black and white list database units and the defense log data units of the plurality of pipe gallery user sides, arranging and summarizing the data, and updating the black and white list database units of each pipe gallery user side.
In the embodiment, a plurality of pipe rack user sides are in communication connection with the cloud security defense server through the network, so that malicious software and security software data can be shared, the identification range of each pipe rack user side is enlarged, the protection effect can be better achieved in the environment of the big data era at present, meanwhile, the cloud security defense server can be used for comprehensively carrying out security analysis on the plurality of pipe rack user sides, and malicious programs can be found in time in the global angle; because the program file backup unit can backup safe programs and files in the cloud security defense server, after the user side of the pipe rack detects malicious software, the malicious software and infected programs and files need to be cleaned, and the backed-up safe programs and files are covered by the cloud security defense server, so that the normal use of the user side of the pipe rack is ensured.
Specifically, the authority management unit comprises a request connection module and a security authentication module.
The request connection module is used for sending a request instruction for requesting to establish communication connection to the cloud security defense server, a large amount of data are stored in the cloud security defense server, and in order to protect the security of the cloud security defense server, authority authentication is required to be carried out before the pipe gallery user side and the cloud security defense server are in communication connection, when the cloud security defense server agrees to establish normal communication connection with the pipe gallery user side, the pipe gallery user side can transmit the data to the cloud security defense server, and meanwhile, the cloud security defense server updates the data of the black-and-white list database unit.
The safety certification module is used for feeding back verification information to the request of the cloud safety defense server for certification, when the cloud safety defense server agrees to establish normal communication connection with the pipe rack user side, the pipe rack user side is required to be certified, a user of the pipe rack user side is determined to be a worker, and when the certification information is correct, the communication connection can be established.
Specifically, the request instruction further comprises an IP address and a user code of the pipe gallery user side, after the cloud security defense server receives the request instruction of the pipe gallery user side, the IP address and the user code are compared with data stored in the pipe gallery user side, whether the IP address corresponds to the user code or not is judged, when the request instruction is correct, the cloud security defense server transmits feedback authentication information to the pipe gallery user side, if the request instruction of the pipe gallery user side is incorrect, the request instruction of the pipe gallery user side is rejected, and the rejected information is recorded.
The verification information is the verification password that the pipe rack user side originally set up in the cloud security defense server, wherein verify that the password is that the initial pipe rack user side is manual input and is stored in the cloud security defense server, when the cloud security defense server agrees to establish communication connection with the pipe rack user side, it can to need the user of pipe rack user side to input the correct verification password.
Specifically, the verification password is a character consisting of letters, numbers and symbols.
Specifically, the black and white list database unit comprises a black list program module, a white list program module and an unknown program module.
The blacklist program module is used for storing program characteristics and program behaviors of the dangerous program and the suspicious program.
The white list program module is used for storing the program characteristics and the program behaviors of the security program.
The unknown program module is used for storing the program characteristics and the program behaviors of the unknown program.
Specifically, the program processing unit includes a program analysis module, a program transfer module, a program deletion module, and a program permission module.
The program analysis module is used for analyzing and identifying the installed and to-be-installed programs according to the black-and-white list database unit, judging whether the programs are safe or not, comparing the program behaviors and the program behaviors of the installed and to-be-installed programs with the program characteristics and the program behaviors in the black-list program module by using the program analysis module, and judging whether malicious software or safety software is infected or not, so that countermeasures can be taken in time, and the data safety of the user side of the pipe gallery is improved.
The program transfer module is used for transferring the program which cannot be specifically judged into the cloud security defense server for analysis, when the program which cannot be identified and judged appears, the program is transmitted into the cloud security defense server for identification and analysis, more accurate judgment can be obtained by utilizing the big data and the analysis processing capacity of the cloud security defense server, and meanwhile, the influence of the unknown program on the management user side can be avoided.
The program deleting module is used for deleting dangerous programs and cleaning related files, the program deleting module not only deletes malicious programs, but also cleans files and programs infected by the malicious programs, and as safe programs and files are backed up in the cloud security defense server, the cloud security defense server can directly cover the files and the programs.
The program allowing module is used for allowing the program to be installed on the user end of the pipe gallery, determining the safety of the program after the program is judged, and installing the program on the user end of the pipe gallery after the program is manually determined by a user at the user end of the pipe gallery.
Specifically, the defense log data unit comprises a log data record storage module and a log data sending module.
The log data record storage module is used for recording and storing the attack times, attack time, program characteristics and program behaviors of the malicious programs received by the user side of the pipe rack.
The log data sending module is used for sending the data stored in the log data record storage module to the cloud security defense system.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. The utility model provides a wisdom piping lane trade cloud security defense system which characterized in that: the method comprises the following steps:
the system comprises a plurality of pipe gallery user sides and a cloud security defense server connected with the pipe gallery user sides through a network;
piping lane user side includes:
the authority management unit is used for judging whether the pipe gallery user side has authority to establish normal network communication connection with the cloud security defense server;
the black and white list database unit is used for storing black and white list program characteristics and program behaviors of the user side of the pipe gallery;
the program processing unit is used for identifying and judging the program and the file and carrying out corresponding processing;
the defense log data unit is used for recording and transmitting defense log data of the pipe gallery user side to the cloud security defense server;
the program file backup unit is used for backing up the safe program and file of the user side of the pipe gallery in the cloud security defense server;
the cloud security defense server is used for establishing normal communication connection with the pipe gallery user sides, identifying and judging unknown programs of the pipe gallery user sides and feeding back the unknown programs, receiving data of the black and white list database units and the defense log data units of the plurality of pipe gallery user sides, arranging and summarizing the data, and updating the black and white list database units of each pipe gallery user side.
2. The intelligent management corridor industry cloud security defense system according to claim 1, characterized in that: the authority management unit comprises a request connection module and a security authentication module;
the request connection module is used for sending a request instruction for requesting to establish communication connection to the cloud security defense server;
the security authentication module is used for authenticating request feedback verification information of the cloud security defense server.
3. The intelligent management corridor industry cloud security defense system according to claim 2, characterized in that: the request instruction further comprises an IP address and a user code of the user side of the pipe gallery;
the verification information is a verification password initially set by the pipe gallery user side in the cloud security defense server.
4. The intelligent pipe gallery industry cloud security defense system of claim 3, wherein: the verification password is a character consisting of letters, numbers and symbols.
5. The intelligent management corridor industry cloud security defense system according to claim 1, characterized in that: the black and white list database unit comprises a black list program module, a white list program module and an unknown program module;
the blacklist program module is used for storing program characteristics and program behaviors of dangerous programs and suspicious programs;
the white list program module is used for storing program characteristics and program behaviors of the security program;
the unknown program module is used for storing the program characteristics and the program behaviors of the unknown program.
6. The intelligent management corridor industry cloud security defense system according to claim 5, characterized in that: the program processing unit comprises a program analysis module, a program transfer module, a program deletion module and a program permission module;
the program analysis module is used for analyzing and identifying the installed and to-be-installed programs according to the black and white list database unit and judging whether the programs are safe or not;
the program transfer module is used for transferring a program which cannot be specifically judged into the cloud security defense server for analysis;
the program deleting module is used for deleting the dangerous program and cleaning the related files;
the program enable module is for enabling a program to be installed on the user side of the pipe rack.
7. The intelligent management corridor industry cloud security defense system according to claim 1, characterized in that: the defense log data unit comprises a log data record storage module and a log data sending module;
the log data record storage module is used for recording and storing the attack times, attack time, program characteristics and program behaviors of the malicious programs received by the user side of the pipe rack;
the log data sending module is used for sending the data stored in the log data record storage module to the cloud security defense system.
CN201911049942.8A 2019-10-31 2019-10-31 Wisdom piping lane trade cloud security defense system Pending CN110784473A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911049942.8A CN110784473A (en) 2019-10-31 2019-10-31 Wisdom piping lane trade cloud security defense system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911049942.8A CN110784473A (en) 2019-10-31 2019-10-31 Wisdom piping lane trade cloud security defense system

Publications (1)

Publication Number Publication Date
CN110784473A true CN110784473A (en) 2020-02-11

Family

ID=69388160

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911049942.8A Pending CN110784473A (en) 2019-10-31 2019-10-31 Wisdom piping lane trade cloud security defense system

Country Status (1)

Country Link
CN (1) CN110784473A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103077352A (en) * 2012-12-24 2013-05-01 重庆远衡科技发展有限公司 Active defense method of program behavior analysis on basis of cloud platform
CN105262739A (en) * 2015-09-25 2016-01-20 上海斐讯数据通信技术有限公司 Security defense method, terminal, server, and system
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment
CN109460660A (en) * 2018-10-18 2019-03-12 广州市网欣计算机科技有限公司 A kind of mobile device safety management system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103077352A (en) * 2012-12-24 2013-05-01 重庆远衡科技发展有限公司 Active defense method of program behavior analysis on basis of cloud platform
CN105262739A (en) * 2015-09-25 2016-01-20 上海斐讯数据通信技术有限公司 Security defense method, terminal, server, and system
CN107682333A (en) * 2017-09-30 2018-02-09 北京奇虎科技有限公司 Virtualization safety defense system and method based on cloud computing environment
CN109460660A (en) * 2018-10-18 2019-03-12 广州市网欣计算机科技有限公司 A kind of mobile device safety management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘桥喜等: "面向多源数据集成的城市地下综合管廊安全运营与智慧管控研究", 《地理信息世界》 *

Similar Documents

Publication Publication Date Title
US11489855B2 (en) System and method of adding tags for use in detecting computer attacks
RU2680736C1 (en) Malware files in network traffic detection server and method
US9264441B2 (en) System and method for securing a network from zero-day vulnerability exploits
RU2536663C2 (en) System and method of protecting cloud infrastructure from illegal use
US11438349B2 (en) Systems and methods for protecting devices from malware
CN104468632A (en) Loophole attack prevention method, device and system
CN112637220A (en) Industrial control system safety protection method and device
EP3345116A1 (en) Process launch, monitoring and execution control
CN110868403B (en) Method and equipment for identifying advanced persistent Attack (APT)
CN113660224A (en) Situation awareness defense method, device and system based on network vulnerability scanning
CN113364799A (en) Method and system for processing network threat behaviors
CN112651021A (en) Information security defense system based on big data
CN113438249A (en) Attack tracing method based on strategy
CN115720161A (en) Network security vulnerability type analysis, vulnerability detection and information protection method
CN114625074A (en) Safety protection system and method for DCS (distributed control System) of thermal power generating unit
CN113660222A (en) Situation awareness defense method and system based on mandatory access control
CN110417578B (en) Abnormal FTP connection alarm processing method
CN110784473A (en) Wisdom piping lane trade cloud security defense system
CN113194088B (en) Access interception method, device, log server and computer readable storage medium
KR101872605B1 (en) Network recovery system in advanced persistent threat
JP3851263B2 (en) Preventing recurrence of multiple system outages
CN114861168A (en) Anti-escape attack behavior deception honeypot construction method
CN113641997A (en) Safety protection method, device and system for industrial host and storage medium
CN113824678A (en) System and method for processing information security events to detect network attacks
US20200382552A1 (en) Replayable hacktraps for intruder capture with reduced impact on false positives

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200211

RJ01 Rejection of invention patent application after publication