CN111224979A - Link communication monitoring view construction method based on IP data flow analysis - Google Patents

Link communication monitoring view construction method based on IP data flow analysis Download PDF

Info

Publication number
CN111224979A
CN111224979A CN201911425168.6A CN201911425168A CN111224979A CN 111224979 A CN111224979 A CN 111224979A CN 201911425168 A CN201911425168 A CN 201911425168A CN 111224979 A CN111224979 A CN 111224979A
Authority
CN
China
Prior art keywords
data
transmission
detected
server
transmission rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911425168.6A
Other languages
Chinese (zh)
Other versions
CN111224979B (en
Inventor
张晶
黄龙飞
刘琦
石小川
刘家祥
赵昆杨
陈瑜靓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Useear Information Technology Co ltd
Original Assignee
Xiamen Useear Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Useear Information Technology Co ltd filed Critical Xiamen Useear Information Technology Co ltd
Priority to CN201911425168.6A priority Critical patent/CN111224979B/en
Publication of CN111224979A publication Critical patent/CN111224979A/en
Application granted granted Critical
Publication of CN111224979B publication Critical patent/CN111224979B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A link communication monitoring view construction method based on IP data flow analysis comprises the following steps: s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; s2, the monitoring server acquires the transmission rule A1 of each data stream; s3, analyzing and judging the transmission rule A1 of the data to be detected; s4, acquiring a data transmission query request carrying a transmission rule A2 sent by a target server; s5, judging whether the transmission rule A2 is completely the same as the transmission rule A1, and if so, sending the data to be detected to a target server; if not, interrupting the data to be detected and generating a data interruption transmission record; and the monitoring server sends alarm information of transmission failure to the background server. The invention can effectively prevent important data of the company from being leaked and effectively protect the network security of the company.

Description

Link communication monitoring view construction method based on IP data flow analysis
Technical Field
The invention relates to the technical field of communication, in particular to a link communication monitoring view construction method based on IP data flow analysis.
Background
With the progress of society and the development of companies, computers and networks are needed in daily work of people, and more work needs to process mass data streams, but confidential documents of companies are intentionally or unintentionally leaked through the networks during the working process of employees, or confidential documents inside the companies are stolen by lawless persons through the networks, so that huge damage is brought to the companies; therefore, the application provides a link communication monitoring view construction method based on IP data flow analysis.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides a link communication monitoring view construction method based on IP data flow analysis, which can effectively prevent important data of a company or an enterprise from being leaked and effectively protect the network security of the company or the enterprise.
(II) technical scheme
The invention provides a link communication monitoring view construction method based on IP data flow analysis, which comprises the following steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
and S6, the monitoring server sends alarm information of transmission failure to the background server.
Preferably, the transmission rule of each data flow includes an internet protocol IP address and a port number of the processing device corresponding to the data flow.
Preferably, the transmission rule of each data stream includes that each data stream is determined to contain a unique identifier; and when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code.
Preferably, the characters in the digital verification code comprise one or more of capital English letters, lowercase English letters, Arabic numerals and Chinese characters.
Preferably, the transmission rule a1 of each data stream is processed by the data stream processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
Preferably, the monitoring server comprises
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server;
the data acquisition module is used for acquiring data to be detected;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected;
and a comparison module for determining whether the transmission rule A2 is identical to the transmission rule A1.
Preferably, the monitoring server further comprises
And the record generating module is used for generating a data transmission record or a data interruption transmission record.
Preferably, the monitoring server further comprises
And the storage module is used for storing and generating the data transmission record or the data interruption transmission record.
Preferably, in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is encrypted and protected.
Preferably, the background server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
The technical scheme of the invention has the following beneficial technical effects:
when the system is used, if the confidential documents of a company need to be transmitted to the target server, the target server needs to send a data transmission query request carrying a transmission rule A2 to the internal data server when downloading the confidential documents; the monitoring server acquires data included in the confidential file to obtain data to be detected, acquires at least one data stream from the data to be detected, and acquires a transmission rule A1 of each data stream; the monitoring server judges the transmission rule A2 and the transmission rule A1, and when the transmission rule A2 is completely the same as the transmission rule A1, the data to be detected is sent to the target server; when the transmission rule A2 is different from the transmission rule A1, the data to be detected is interrupted, the monitoring server sends alarm information of transmission failure to the background server so that a worker can know the alarm information in time, unauthorized data transmission is processed, and leakage of confidential documents is avoided; in addition, the monitoring of the monitoring server can also prevent external personnel from downloading confidential files of the company from the internal data server, thereby effectively preventing important data of the company or the enterprise from being leaked and effectively protecting the network security of the company or the enterprise.
Drawings
Fig. 1 is a flowchart of a method for constructing a link communication monitoring view based on IP dataflow analysis according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1, the method for constructing a link communication monitoring view based on IP dataflow analysis provided by the present invention includes the following specific steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
s6, the monitoring server sends alarm information of transmission failure to the background server to enable workers to know in time, and unauthorized data transmission is processed to avoid leakage of confidential documents.
When the system is used, if the confidential documents of a company need to be transmitted to the target server, the target server needs to send a data transmission query request carrying a transmission rule A2 to the internal data server when downloading the confidential documents; the monitoring server acquires data included in the confidential file to obtain data to be detected, acquires at least one data stream from the data to be detected, and acquires a transmission rule A1 of each data stream; the monitoring server judges the transmission rule A2 and the transmission rule A1, and when the transmission rule A2 is completely the same as the transmission rule A1, the data to be detected is sent to the target server; when the transmission rule A2 is different from the transmission rule A1, the data to be detected is interrupted, the monitoring server sends alarm information of transmission failure to the background server so that a worker can know the alarm information in time, unauthorized data transmission is processed, and leakage of confidential documents is avoided; in addition, the monitoring of the monitoring server can also prevent external personnel from downloading confidential files of the company from the internal data server.
In an optional embodiment, the transmission rule of each data flow includes an internet protocol IP address and a port number of a processing device corresponding to the data flow.
In an alternative embodiment, the transmission rule for each data stream includes that each data stream is determined to contain a unique identifier; when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code; and when the verification code carried in the data transmission query request sent by the target server is consistent with the verification code generated when the data to be detected is sent, the data to be detected can be continuously transmitted.
In an alternative embodiment, the characters in the numeric validation code include one or more of uppercase english letters, lowercase english letters, arabic numerals, and chinese characters.
In an alternative embodiment, the transmission rule a1 for each data stream is processed by the data stream processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
In an alternative embodiment, the monitoring server comprises
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server; the signal receiving module is connected with the target server and the background server through network communication and is connected with the data acquisition module through communication;
the data acquisition module is used for acquiring data to be detected; the data acquisition module is in communication connection with the acquisition module;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request; the acquisition module is in communication connection with the data stream processing module;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected; the data stream processing module is in communication connection with the comparison module;
a comparison module for determining whether the transmission rule A2 is identical to the transmission rule A1; the comparison module is connected with the background server through network communication.
In an optional embodiment, the monitoring server further comprises
And the record generating module is used for generating a data transmission record or a data interruption transmission record.
In an optional embodiment, the monitoring server further comprises
And the storage module is used for storing and generating the data transmission record or the data interruption transmission record.
In an alternative embodiment, in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is encrypted and protected.
In an optional embodiment, the backend server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (10)

1. A link communication monitoring view construction method based on IP data flow analysis is characterized by comprising the following specific steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
and S6, the monitoring server sends alarm information of transmission failure to the background server.
2. The method as claimed in claim 1, wherein the transmission rule of each data flow includes an internet protocol IP address and a port number of a processing device corresponding to the data flow.
3. The method according to claim 2, wherein the transmission rule of each data flow comprises that each data flow is determined to contain a unique identifier; and when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code.
4. The method as claimed in claim 3, wherein the characters in the digital verification code include one or more of capital English letters, lowercase English letters, Arabic numerals, and Chinese characters.
5. The method for constructing the link communication monitoring view based on the IP data flow analysis as claimed in claim 2, wherein the transmission rule A1 of each data flow is processed by a data flow processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
6. The method as claimed in claim 1, wherein the monitoring server comprises a monitoring server
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server;
the data acquisition module is used for acquiring data to be detected;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected;
and a comparison module for determining whether the transmission rule A2 is identical to the transmission rule A1.
7. The method as claimed in claim 6, wherein the monitoring server further comprises a monitoring view constructing module for constructing the link communication monitoring view based on the IP dataflow analysis
And the record generating module is used for generating a data transmission record or a data interruption transmission record.
8. The method as claimed in claim 7, wherein the monitoring server further comprises a monitoring view constructing module for constructing the link communication monitoring view based on the IP dataflow analysis
And the storage module is used for storing and generating the data transmission record or the data interruption transmission record.
9. The method as claimed in claim 1, wherein in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is protected by encryption.
10. The method for constructing the link communication monitoring view based on the IP data flow analysis as claimed in claim 1, wherein the background server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
CN201911425168.6A 2019-12-31 2019-12-31 Link communication monitoring view construction method based on IP data flow analysis Active CN111224979B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911425168.6A CN111224979B (en) 2019-12-31 2019-12-31 Link communication monitoring view construction method based on IP data flow analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911425168.6A CN111224979B (en) 2019-12-31 2019-12-31 Link communication monitoring view construction method based on IP data flow analysis

Publications (2)

Publication Number Publication Date
CN111224979A true CN111224979A (en) 2020-06-02
CN111224979B CN111224979B (en) 2022-02-18

Family

ID=70830995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911425168.6A Active CN111224979B (en) 2019-12-31 2019-12-31 Link communication monitoring view construction method based on IP data flow analysis

Country Status (1)

Country Link
CN (1) CN111224979B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346135A (en) * 2013-08-08 2015-02-11 腾讯科技(深圳)有限公司 Method, device and system for parallel processing of data flows
CN105763251A (en) * 2016-04-19 2016-07-13 广东睿江云计算股份有限公司 Optical fibre link quality monitoring method and apparatus
CN105933149A (en) * 2016-04-19 2016-09-07 广东睿江云计算股份有限公司 Circuit link quality monitoring method and device
US20170041255A1 (en) * 2014-04-21 2017-02-09 Tencent Technology (Shenzhen) Company Limited Information transmission control method, apparatus, and system
CN107294966A (en) * 2017-06-21 2017-10-24 四川大学 A kind of IP white list construction methods based on Intranet flow
CN109005189A (en) * 2018-08-27 2018-12-14 广东电网有限责任公司信息中心 A kind of access transmission platform suitable for double net isolation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104346135A (en) * 2013-08-08 2015-02-11 腾讯科技(深圳)有限公司 Method, device and system for parallel processing of data flows
US20170041255A1 (en) * 2014-04-21 2017-02-09 Tencent Technology (Shenzhen) Company Limited Information transmission control method, apparatus, and system
CN105763251A (en) * 2016-04-19 2016-07-13 广东睿江云计算股份有限公司 Optical fibre link quality monitoring method and apparatus
CN105933149A (en) * 2016-04-19 2016-09-07 广东睿江云计算股份有限公司 Circuit link quality monitoring method and device
CN107294966A (en) * 2017-06-21 2017-10-24 四川大学 A kind of IP white list construction methods based on Intranet flow
CN109005189A (en) * 2018-08-27 2018-12-14 广东电网有限责任公司信息中心 A kind of access transmission platform suitable for double net isolation

Also Published As

Publication number Publication date
CN111224979B (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN112217835B (en) Message data processing method and device, server and terminal equipment
CN101141447B (en) HTTPS communication tunnel safety examination and content filtering system and method
US20140143538A1 (en) Data Security and Integrity by Remote Attestation
WO2016028067A2 (en) System and method for detecting malicious code using visualization
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
US20140195793A1 (en) Remotely Establishing Device Platform Integrity
CN108063833B (en) HTTP DNS analysis message processing method and device
JP2015225500A (en) Authentication information theft detection method, authentication information theft detection device, and program
CN110138731B (en) Network anti-attack method based on big data
CN111756702A (en) Data security protection method, device, equipment and storage medium
KR101996471B1 (en) Network Securing Device and Securing method Using The Same
CN113918945A (en) Big data computer network safety protection system
CN113411297A (en) Situation awareness defense method and system based on attribute access control
CN111783092B (en) Malicious attack detection method and system for communication mechanism between Android applications
CN115694932A (en) Method and equipment for realizing community sensitive data protection based on block chain technology
CN113411295A (en) Role-based access control situation awareness defense method and system
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN113660222A (en) Situation awareness defense method and system based on mandatory access control
CN107995616B (en) User behavior data processing method and device
KR102542213B1 (en) Real-time encryption/decryption security system and method for data in network based storage
CN111224979B (en) Link communication monitoring view construction method based on IP data flow analysis
KR101551537B1 (en) Information spill prevention apparatus
CN116894259A (en) Safety access control system of database
CN115150137B (en) Redis-based high-frequency access early warning method and device
JP5743822B2 (en) Information leakage prevention device and restriction information generation device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant