CN111224979B - A construction method of link communication monitoring view based on IP data flow analysis - Google Patents
A construction method of link communication monitoring view based on IP data flow analysis Download PDFInfo
- Publication number
- CN111224979B CN111224979B CN201911425168.6A CN201911425168A CN111224979B CN 111224979 B CN111224979 B CN 111224979B CN 201911425168 A CN201911425168 A CN 201911425168A CN 111224979 B CN111224979 B CN 111224979B
- Authority
- CN
- China
- Prior art keywords
- data
- transmission
- detected
- server
- transmission rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 55
- 238000004891 communication Methods 0.000 title claims abstract description 25
- 238000005206 flow analysis Methods 0.000 title claims abstract description 10
- 238000010276 construction Methods 0.000 title claims description 7
- 230000005540 biological transmission Effects 0.000 claims abstract description 128
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000001514 detection method Methods 0.000 claims abstract description 4
- 238000012545 processing Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000005111 flow chemistry technique Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
一种基于IP数据流分析的链路通信监控视图构建方法,包括以下具体步骤:S1、后台服务器控制监控服务器向待检测通信电路链路发送链路检测指令;监控服务器获取内部数据服务器发送至目标服务器的待检测数据;S2、监控服务器获取每个数据流的传输规则A1;S3、分析判断待检测数据所具有的传输规则A1;S4、获取目标服务器发出的携带传输规则A2数据传输查询请求;S5、判断传输规则A2与传输规则A1是否完全相同,若完全相同则将待检测数据发送至目标服务器;若不相同则中断待检测数据,并生成数据中断传输记录;监控服务器向后台服务器发送传输失败的报警信息。本发明能有效的防止公司重要数据泄漏,有效的保护公司的网络安全。
A method for constructing a link communication monitoring view based on IP data flow analysis, comprising the following specific steps: S1, a background server controls a monitoring server to send a link detection instruction to a communication circuit link to be detected; the monitoring server obtains an internal data server and sends it to a target The data to be detected of the server; S2, the monitoring server obtains the transmission rule A1 of each data stream; S3, analyzes and judges the transmission rule A1 of the data to be detected; S4, obtains the data transmission query request carrying the transmission rule A2 issued by the target server; S5. Determine whether the transmission rule A2 is the same as the transmission rule A1. If they are the same, send the data to be detected to the target server; if they are not the same, interrupt the data to be detected, and generate a data interruption transmission record; the monitoring server sends the transmission to the background server Failed alarm message. The invention can effectively prevent the leakage of important data of the company and effectively protect the network security of the company.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a link communication monitoring view construction method based on IP data flow analysis.
Background
With the progress of society and the development of companies, computers and networks are needed in daily work of people, and more work needs to process mass data streams, but confidential documents of companies are intentionally or unintentionally leaked through the networks during the working process of employees, or confidential documents inside the companies are stolen by lawless persons through the networks, so that huge damage is brought to the companies; therefore, the application provides a link communication monitoring view construction method based on IP data flow analysis.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides a link communication monitoring view construction method based on IP data flow analysis, which can effectively prevent important data of a company or an enterprise from being leaked and effectively protect the network security of the company or the enterprise.
(II) technical scheme
The invention provides a link communication monitoring view construction method based on IP data flow analysis, which comprises the following steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
and S6, the monitoring server sends alarm information of transmission failure to the background server.
Preferably, the transmission rule of each data flow includes an internet protocol IP address and a port number of the processing device corresponding to the data flow.
Preferably, the transmission rule of each data stream includes that each data stream is determined to contain a unique identifier; and when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code.
Preferably, the characters in the digital verification code comprise one or more of capital English letters, lowercase English letters, Arabic numerals and Chinese characters.
Preferably, the transmission rule a1 of each data stream is processed by the data stream processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
Preferably, the monitoring server comprises
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server;
the data acquisition module is used for acquiring data to be detected;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected;
and the comparison module is used for judging whether the transmission rule A2 is completely the same as the transmission rule A1.
Preferably, the monitoring server further comprises
And the record generating module is used for generating a data transmission record or a data interrupt transmission record.
Preferably, the monitoring server further comprises
And the storage module is used for storing the generated data transmission record or the generated data interrupt transmission record.
Preferably, in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is encrypted and protected.
Preferably, the background server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
The technical scheme of the invention has the following beneficial technical effects:
when the system is used, if the confidential documents of a company need to be transmitted to the target server, the target server needs to send a data transmission query request carrying a transmission rule A2 to the internal data server when downloading the confidential documents; the monitoring server acquires data included in the confidential file to obtain data to be detected, acquires at least one data stream from the data to be detected, and acquires a transmission rule A1 of each data stream; the monitoring server judges the transmission rule A2 and the transmission rule A1, and when the transmission rule A2 is completely the same as the transmission rule A1, the data to be detected is sent to the target server; when the transmission rule A2 is different from the transmission rule A1, the data to be detected is interrupted, the monitoring server sends alarm information of transmission failure to the background server so that a worker can know the alarm information in time, unauthorized data transmission is processed, and leakage of confidential documents is avoided; in addition, the monitoring of the monitoring server can also prevent external personnel from downloading confidential files of the company from the internal data server, thereby effectively preventing important data of the company or the enterprise from being leaked and effectively protecting the network security of the company or the enterprise.
Drawings
Fig. 1 is a flowchart of a method for constructing a link communication monitoring view based on IP dataflow analysis according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1, the method for constructing a link communication monitoring view based on IP dataflow analysis provided by the present invention includes the following specific steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
s6, the monitoring server sends alarm information of transmission failure to the background server to enable workers to know in time, and unauthorized data transmission is processed to avoid leakage of confidential documents.
When the system is used, if the confidential documents of a company need to be transmitted to the target server, the target server needs to send a data transmission query request carrying a transmission rule A2 to the internal data server when downloading the confidential documents; the monitoring server acquires data included in the confidential file to obtain data to be detected, acquires at least one data stream from the data to be detected, and acquires a transmission rule A1 of each data stream; the monitoring server judges the transmission rule A2 and the transmission rule A1, and when the transmission rule A2 is completely the same as the transmission rule A1, the data to be detected is sent to the target server; when the transmission rule A2 is different from the transmission rule A1, the data to be detected is interrupted, the monitoring server sends alarm information of transmission failure to the background server so that a worker can know the alarm information in time, unauthorized data transmission is processed, and leakage of confidential documents is avoided; in addition, the monitoring of the monitoring server can also prevent external personnel from downloading confidential files of the company from the internal data server.
In an optional embodiment, the transmission rule of each data flow includes an internet protocol IP address and a port number of a processing device corresponding to the data flow.
In an alternative embodiment, the transmission rule for each data stream includes that each data stream is determined to contain a unique identifier; when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code; and when the verification code carried in the data transmission query request sent by the target server is consistent with the verification code generated when the data to be detected is sent, the data to be detected can be continuously transmitted.
In an alternative embodiment, the characters in the numeric validation code include one or more of uppercase english letters, lowercase english letters, arabic numerals, and chinese characters.
In an alternative embodiment, the transmission rule a1 for each data stream is processed by the data stream processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
In an alternative embodiment, the monitoring server comprises
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server; the signal receiving module is connected with the target server and the background server through network communication and is connected with the data acquisition module through communication;
the data acquisition module is used for acquiring data to be detected; the data acquisition module is in communication connection with the acquisition module;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request; the acquisition module is in communication connection with the data stream processing module;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected; the data stream processing module is in communication connection with the comparison module;
the comparison module is used for judging whether the transmission rule A2 is completely the same as the transmission rule A1; the comparison module is connected with the background server through network communication.
In an optional embodiment, the monitoring server further comprises
And the record generating module is used for generating a data transmission record or a data interrupt transmission record.
In an optional embodiment, the monitoring server further comprises
And the storage module is used for storing the generated data transmission record or the generated data interrupt transmission record.
In an alternative embodiment, in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is encrypted and protected.
In an optional embodiment, the backend server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (10)
1. A link communication monitoring view construction method based on IP data flow analysis is characterized by comprising the following specific steps:
s1, the background server controls the monitoring server to send a link detection instruction to the communication circuit link to be detected in the monitoring range; the monitoring server acquires to-be-detected data sent to a target server by an internal data server; the data to be detected is predefined target server network data;
s2, the monitoring server obtains at least one data stream according to the data to be detected and obtains the transmission rule A1 of each data stream;
s3, analyzing the data to be detected, and judging the transmission rule A1 of the data to be detected;
s4, acquiring a data transmission query request sent by a target server, wherein the data transmission query request carries a transmission rule A2;
s5, judging whether the transmission rule A2 is identical to the transmission rule A1,
if the transmission rule A2 is completely the same as the transmission rule A1, sending the data to be detected to a target server to generate a data transmission record;
if the transmission rule A2 is not the same as the transmission rule A1, interrupting the data to be detected, generating a data interruption transmission record and continuing to execute S6;
and S6, the monitoring server sends alarm information of transmission failure to the background server.
2. The method as claimed in claim 1, wherein the transmission rule of each data flow includes an internet protocol IP address and a port number of a processing device corresponding to the data flow.
3. The method according to claim 2, wherein the transmission rule of each data flow comprises that each data flow is determined to contain a unique identifier; and when the identification is that the internal data server sends the data to be detected, the internal data server randomly generates a digital verification code.
4. The method as claimed in claim 3, wherein the characters in the digital verification code include one or more of capital English letters, lowercase English letters, Arabic numerals, and Chinese characters.
5. The method for constructing the link communication monitoring view based on the IP data flow analysis as claimed in claim 2, wherein the transmission rule A1 of each data flow is processed by a data flow processing device; if the acquired transmission rule of any data stream includes the IP addresses and port numbers of the multiple processing devices, the IP address and port number of one processing device is selected from the IP addresses and port numbers of the multiple processing devices as the information of the processing device corresponding to any determined data stream.
6. The method as claimed in claim 1, wherein the monitoring server comprises a monitoring server
The signal receiving module is used for receiving a signal instruction sent by the background server and a data transmission query request signal sent by the target server;
the data acquisition module is used for acquiring data to be detected;
the acquisition module is used for acquiring a transmission rule A1 of each data stream and a transmission rule A2 carried in the data transmission query request;
the data flow processing module is used for analyzing the data to be detected and judging a transmission rule A1 of the data to be detected;
and the comparison module is used for judging whether the transmission rule A2 is completely the same as the transmission rule A1.
7. The method as claimed in claim 6, wherein the monitoring server further comprises a monitoring view constructing module for constructing the link communication monitoring view based on the IP dataflow analysis
And the record generating module is used for generating a data transmission record or a data interrupt transmission record.
8. The method as claimed in claim 7, wherein the monitoring server further comprises a monitoring view constructing module for constructing the link communication monitoring view based on the IP dataflow analysis
And the storage module is used for storing the generated data transmission record or the generated data interrupt transmission record.
9. The method as claimed in claim 1, wherein in S5, when the transmission rule a2 is different from the transmission rule a1, the data to be detected is protected by encryption.
10. The method for constructing the link communication monitoring view based on the IP data flow analysis as claimed in claim 1, wherein the background server comprises an encryption storage module;
the encryption storage module is used for encrypting and storing the data to be detected which are interrupted in transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911425168.6A CN111224979B (en) | 2019-12-31 | 2019-12-31 | A construction method of link communication monitoring view based on IP data flow analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911425168.6A CN111224979B (en) | 2019-12-31 | 2019-12-31 | A construction method of link communication monitoring view based on IP data flow analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111224979A CN111224979A (en) | 2020-06-02 |
| CN111224979B true CN111224979B (en) | 2022-02-18 |
Family
ID=70830995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911425168.6A Expired - Fee Related CN111224979B (en) | 2019-12-31 | 2019-12-31 | A construction method of link communication monitoring view based on IP data flow analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111224979B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763251A (en) * | 2016-04-19 | 2016-07-13 | 广东睿江云计算股份有限公司 | Optical fibre link quality monitoring method and apparatus |
| CN105933149A (en) * | 2016-04-19 | 2016-09-07 | 广东睿江云计算股份有限公司 | Circuit link quality monitoring method and device |
| CN107294966A (en) * | 2017-06-21 | 2017-10-24 | 四川大学 | A kind of IP white list construction methods based on Intranet flow |
| CN109005189A (en) * | 2018-08-27 | 2018-12-14 | 广东电网有限责任公司信息中心 | A kind of access transmission platform suitable for double net isolation |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104346135B (en) * | 2013-08-08 | 2018-06-15 | 腾讯科技(深圳)有限公司 | Method, equipment and the system of data streams in parallel processing |
| CN103916311B (en) * | 2014-04-21 | 2016-01-20 | 腾讯科技(深圳)有限公司 | A kind of information transmission and control method, Apparatus and system |
-
2019
- 2019-12-31 CN CN201911425168.6A patent/CN111224979B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763251A (en) * | 2016-04-19 | 2016-07-13 | 广东睿江云计算股份有限公司 | Optical fibre link quality monitoring method and apparatus |
| CN105933149A (en) * | 2016-04-19 | 2016-09-07 | 广东睿江云计算股份有限公司 | Circuit link quality monitoring method and device |
| CN107294966A (en) * | 2017-06-21 | 2017-10-24 | 四川大学 | A kind of IP white list construction methods based on Intranet flow |
| CN109005189A (en) * | 2018-08-27 | 2018-12-14 | 广东电网有限责任公司信息中心 | A kind of access transmission platform suitable for double net isolation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111224979A (en) | 2020-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN101141447B (en) | HTTPS communication tunnel safety examination and content filtering system and method | |
| US20140143538A1 (en) | Data Security and Integrity by Remote Attestation | |
| TWI424726B (en) | Method and system for defeating the man in the middle computer hacking technique | |
| CN113098846A (en) | Industrial control flow monitoring method, equipment, storage medium and device | |
| US10142343B2 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
| US9690598B2 (en) | Remotely establishing device platform integrity | |
| CN108063833B (en) | HTTP DNS analysis message processing method and device | |
| CN112597462A (en) | Industrial network safety system | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN104883364B (en) | Method and device for judging abnormity of user access server | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| CN113918945A (en) | Big data computer network safety protection system | |
| CN103856443B (en) | Methods of judging and blocking outlets | |
| CN115694932A (en) | Method and equipment for realizing community sensitive data protection based on block chain technology | |
| KR102542213B1 (en) | Real-time encryption/decryption security system and method for data in network based storage | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| TW201421936A (en) | Method for distinguishing and blocking off network node | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN113992430B (en) | Method and device for processing defect | |
| JP2006094258A (en) | Terminal device, its policy forcing method, and its program | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| CN111224979B (en) | A construction method of link communication monitoring view based on IP data flow analysis | |
| KR101551537B1 (en) | Information spill prevention apparatus | |
| JP5743822B2 (en) | Information leakage prevention device and restriction information generation device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220218 |