CN111464502A - Network security protection method and system based on big data platform - Google Patents
Network security protection method and system based on big data platform Download PDFInfo
- Publication number
- CN111464502A CN111464502A CN202010162706.3A CN202010162706A CN111464502A CN 111464502 A CN111464502 A CN 111464502A CN 202010162706 A CN202010162706 A CN 202010162706A CN 111464502 A CN111464502 A CN 111464502A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- file
- host
- big data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000011156 evaluation Methods 0.000 claims abstract description 36
- 238000001514 detection method Methods 0.000 claims abstract description 22
- 238000012545 processing Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 11
- 238000013500 data storage Methods 0.000 claims abstract description 10
- 230000009545 invasion Effects 0.000 claims description 7
- 241000700605 Viruses Species 0.000 claims description 6
- 230000006399 behavior Effects 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 230000007123 defense Effects 0.000 claims description 3
- 230000009467 reduction Effects 0.000 claims description 2
- 230000004044 response Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 7
- 239000008186 active pharmaceutical agent Substances 0.000 description 5
- 239000007787 solid Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technical field of network security protection, and discloses a network security protection method and a system based on a big data platform, wherein the network security protection system based on the big data platform comprises: the system comprises a network security detection module, a big data processing module, a data encryption module, a central control module, a backup module, a network evaluation module, an IP tracking module, an early warning module, a data storage module and a display module. According to the method for setting the changed file object according to the gear-returning identification, the process of comparing the file object attributes and the occupied space of an extra file attribute copy are eliminated, the process of searching the changed file is simplified, and the efficiency of incremental backup of the cloud storage file object is improved; the network evaluation module reserves the characteristic of being convenient for endowing the subsystems with important degrees according to application system division, is convenient for evaluators to carry out actual evaluation operation according to network equipment and hosts, and increases and refines evaluation elements for evaluating the network equipment and the hosts.
Description
Technical Field
The invention belongs to the technical field of network security protection, and particularly relates to a network security protection method and system based on a big data platform.
Background
Network security, which generally refers to the security of computer networks, may actually also refer to the security of computer communication networks. The computer communication network is a system which interconnects a plurality of computers with independent functions through communication equipment and transmission media and realizes information transmission and exchange among the computers under the support of communication software. The computer network is a system that connects a plurality of independent computer systems, terminals, and data devices, which are relatively dispersed geographically, by a communication means for the purpose of sharing resources, and performs data exchange under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are the way to implement network resource sharing, so that computer networks are secure, and corresponding computer communication networks must also be secure, and information exchange and resource sharing should be implemented for network users. Hereinafter, network security refers to both computer network security and computer communication network security. However, the existing network security protection method and system based on the big data platform have low backup efficiency; meanwhile, the network security assessment is inaccurate.
In summary, the problems of the prior art are as follows: the existing network security protection method and system based on the big data platform have low backup efficiency; meanwhile, the network security assessment is inaccurate and the illegal intrusion cannot be pre-warned.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a network security protection method and system based on a big data platform.
The invention is realized in such a way that a network security protection method based on a big data platform comprises the following steps:
step one, a backup program is controlled by a main control computer to perform backup operation on network data: (1) initiating a full backup request through a backup program;
(2) traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in a restored state as a filed state, backing up the directory, file information and data blocks of the traversed file object, and reserving the backed-up complete file object;
(3) initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state in sequence from bottom to top according to the path of the corresponding file object;
(4) traversing all file objects, and judging whether the file objects are in an archived state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, entering the step (5);
(5) saving the path of the file object to be incrementally backed up in a local information file, covering the path of the file object saved before, setting the reduction position of the file object to be in an archived state, and backing up the directory, the file information and the data blocks of the file object traversed to the data center.
And step two, evaluating the network security situation through a network evaluation program: (I) determining importance degree weights of each network device and each host through an evaluation program;
(II) evaluating each network device and the host respectively;
and (III) integrating the evaluation results of the network devices and the host computer into the evaluation result of the whole network system.
Step three, tracking the illegal IP by a tracking program: 1) registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time;
2) intercepting the IP which fails in login in the system log, and marking the IP as a suspicious IP;
3) tracking the suspicious IP, and judging the suspicious IP as an attack IP according to the number of times of the continuous login failure of the suspicious IP;
4) and adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP within the shielding time.
Further, before the step one, the following steps are required: step I, detecting information of network bugs, illegal intrusions and viruses through a network security program;
step II, processing the network data through a big data calculation program;
and III, encrypting the network data through an encryption program.
After the third step, the following steps are required:
step 1, carrying out early warning on illegal intrusion behaviors through an acousto-optic early warning device;
and 3, displaying the real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
Further, in the first step, the step (2) further includes the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
Further, in the first step, in the step (5), before backing up each file object in the incremental backup, a currently archived path is firstly reserved in a local information file of the backup client, when the incremental backup is initiated next time, an archived path saved under the local information file is firstly acquired, an API is called to allocate the path of the file object, and the file-returning state is sequentially set as unarchived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
Further, in step (ii), the specific determination process of the importance weights of the network device and the host in step (I) includes the following steps:
step a, supposing that the network comprises n information systems and is distributed and deployed in m devices, wherein the importance degrees of the n information systems to the network are x respectively1,x2,...,xnThen, there are:
step b, constructing an m × n matrix:
wherein,
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
wherein, A is the m × n matrix constructed in the step b.
Further, in step (II), the evaluation elements for evaluating the network device and the host in step (II) include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition;
the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
Further, in step three, the method for tracking the illegal IP intrusion by the tracking program further includes:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
and updating the state tracking records of the source IP address and the target IP address every time an IP message is received, and discovering the IP address or the IP subnet without response in the network by analyzing the continuously updated state tracking records.
Another object of the present invention is to provide a big data platform based network security protection system applying the big data platform based network security protection method, where the big data platform based network security protection system includes:
the system comprises a network security detection module, a big data processing module, a data encryption module, a central control module, a backup module, a network evaluation module, an IP tracking module, an early warning module, a data storage module and a display module.
The network security detection module is connected with the central control module and is used for detecting information of network bugs, illegal invasion and viruses through a network security program;
the big data processing module is connected with the central control module and used for processing the network data through a big data calculation program;
the data encryption module is connected with the central control module and used for encrypting the network data through an encryption program;
the central control module is connected with the network security detection module, the big data processing module, the data encryption module, the backup module, the network evaluation module, the IP tracking module, the early warning module, the data storage module and the display module and is used for controlling each module to normally work through the main control computer;
the backup module is connected with the central control module and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module is connected with the central control module and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module is connected with the central control module and is used for tracking the illegal IP intrusion through a tracking program;
the early warning module is connected with the central control module and is used for early warning illegal invasion behaviors through the acousto-optic early warning device;
the data storage module is connected with the central control module and used for storing network detection information, tracking results, evaluation results and early warning information through the memory;
and the display module is connected with the central control module and used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through the display.
Another object of the present invention is to provide a computer program product stored on a computer readable medium, which includes a computer readable program for providing a user input interface to implement the big data platform-based network security protection method when the computer program product is executed on an electronic device.
Another object of the present invention is to provide a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to execute the network security protection method based on big data platform.
The invention has the advantages and positive effects that: according to the method for setting the changed file object according to the gear-returning identification through the backup module, the long file object attribute comparison process and the extra occupied space of the file attribute copy are eliminated, the file-changing searching process is simplified, and the incremental backup efficiency of the cloud-stored file object is improved; meanwhile, in the network security situation assessment, the importance degree of the business system is easy to determine according to the strategic objective of the organization through the network assessment module, but the equipment assets are easy to assess in the actual assessment, and the business system is inconvenient to directly assess, so that the importance degree of the business system is converted into the importance degree of the equipment assets, and the assessment factors are divided into 8 types, compared with other methods, the considered factors are more comprehensive, and the assessment result is more accurate; the invention not only retains the characteristic of the importance degree which is convenient to be given to the subsystem according to the application system division, but also is convenient for the evaluators to carry out the actual evaluation operation according to the network equipment and the host, and increases and refines the evaluation elements for evaluating the network equipment and the host.
Drawings
Fig. 1 is a flowchart of a network security protection method based on a big data platform according to an embodiment of the present invention.
Fig. 2 is a block diagram of a network security protection system based on a big data platform according to an embodiment of the present invention.
In the figure: 1. a network security detection module; 2. a big data processing module; 3. a data encryption module; 4. a central control module; 5. a backup module; 6. a network evaluation module; 7. an IP tracing module; 8. an early warning module; 9. a data storage module; 10. and a display module.
Fig. 3 is a flowchart of a method for performing a backup operation on network data through a backup program according to an embodiment of the present invention.
Fig. 4 is a flowchart of a method for evaluating a network security situation through a network evaluation program according to an embodiment of the present invention.
Fig. 5 is a flowchart of a method for tracking an IP hacked by a tracking program according to an embodiment of the present invention.
Detailed Description
In order to further understand the contents, features and effects of the present invention, the following embodiments are illustrated and described in detail with reference to the accompanying drawings.
The structure of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the network security protection method based on the big data platform provided by the embodiment of the present invention includes the following steps:
s101, detecting information of network loopholes, illegal invasion and viruses through a network security program; and processing the network data through a big data calculation program.
S102, encrypting network data through an encryption program; and controlling the normal work of the network safety protection system by the main control machine.
S103, performing backup operation on the network data through a backup program; and evaluating the network security situation through a network evaluation program.
S104, tracking the illegal IP by a tracking program; and an acousto-optic early warning device is used for early warning illegal intrusion behaviors.
S105, storing the network detection information, the tracking result, the evaluation result and the early warning information through a memory; and displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
As shown in fig. 2, the network security protection system based on the big data platform provided in the embodiment of the present invention includes: the system comprises a network security detection module 1, a big data processing module 2, a data encryption module 3, a central control module 4, a backup module 5, a network evaluation module 6, an IP tracking module 7, an early warning module 8, a data storage module 9 and a display module 10.
The network security detection module 1 is connected with the central control module 4 and is used for detecting information of network loopholes, illegal invasion and viruses through a network security program;
the big data processing module 2 is connected with the central control module 4 and is used for processing the network data through a big data calculation program;
the data encryption module 3 is connected with the central control module 4 and is used for encrypting the network data through an encryption program;
the central control module 4 is connected with the network security detection module 1, the big data processing module 2, the data encryption module 3, the backup module 5, the network evaluation module 6, the IP tracking module 7, the early warning module 8, the data storage module 9 and the display module 10 and is used for controlling each module to normally work through the main control computer;
the backup module 5 is connected with the central control module 4 and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module 6 is connected with the central control module 4 and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module 7 is connected with the central control module 4 and used for tracking the illegal IP intrusion through a tracking program;
the early warning module 8 is connected with the central control module 4 and is used for early warning illegal invasion behaviors through an acousto-optic early warning device;
the data storage module 9 is connected with the central control module 4 and used for storing network detection information, tracking results, evaluation results and early warning information through a memory;
and the display module 10 is connected with the central control module 4 and is used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
The invention is further described with reference to specific examples.
Example 1
Fig. 1 shows a network security protection method based on a big data platform according to an embodiment of the present invention, and fig. 3 shows a preferred embodiment of the method according to an embodiment of the present invention, where the method for performing a backup operation on network data through a backup program includes:
s201, a full backup request is initiated through the backup program.
S202, traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in the filing state, backing up the directory, the file information and the data block of the traversed file object, and reserving the backed-up complete file object.
S203, initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state according to the path of the corresponding file object from bottom to top in sequence.
S204, traversing all file objects, and judging whether the file objects are in a filed state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, the process proceeds to step S205.
S205, saving the path of the file object to be incrementally backed up in the local information file, covering the path of the file object saved before, setting the file object in the archived state, and backing up the directory, the file information and the data blocks of the traversed file object to the data center.
Step S202 provided in the embodiment of the present invention further includes the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
In step S205 provided by the embodiment of the present invention, a path currently being archived is first reserved in a local information file of a backup client before each file object is backed up in incremental backup, when incremental backup is initiated next time, an archive path saved under the local information file is first acquired and an API is called to allocate the path where the file object is located, and a restore state is sequentially set as unarchived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
Example 2
As shown in fig. 1 and fig. 4, the method for network security protection based on a big data platform according to an embodiment of the present invention is a preferred embodiment, and the method for evaluating a network security situation through a network evaluation program according to an embodiment of the present invention includes:
s301, determining importance degree weights of the network devices and the hosts through an evaluation program.
S302, each network device and the host are evaluated respectively.
And S303, integrating the evaluation results of the network devices and the host into the evaluation result of the whole network system.
The specific determination process of the importance degree weights of the network device and the host in step S301 provided by the embodiment of the present invention includes the following steps:
step a, supposing that the network comprises n information systems which are distributed and deployed in m devices, wherein the n information systemsThe importance of the system to the network is x1,x2,...,xnThen, there are:
step b, constructing an m × n matrix:
wherein,
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
wherein, A is the m × n matrix constructed in the step b.
The evaluation elements for evaluating the network device and the host in step S302 provided by the embodiment of the present invention include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition; the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
Example 3
As shown in fig. 1 and fig. 5, the method for protecting a network based on a big data platform according to an embodiment of the present invention is a preferred embodiment, and the method for tracking an illegal IP intrusion by a tracking program according to an embodiment of the present invention includes:
s401, registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time.
S402, intercepting the IP which fails in login in the system log, and marking as a suspicious IP.
S403, tracking the suspicious IP, and judging the suspicious IP to be an attack IP according to the number of times of the continuous login failure of the suspicious IP.
S404, adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP in the shielding time.
The method for tracking the illegal IP intrusion through the tracking program provided by the embodiment of the invention also comprises the following steps:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
when an IP message is received, the state tracking records of the source IP address and the target IP address are updated, and the nonresponsive IP address or IP subnet in the network is discovered through analyzing the continuously updated state tracking records
The computer instructions may be stored on or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g., from one website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DS L) or wireless (e.g., infrared, wireless, microwave, etc.) means to another website site, computer, server, or data center via a solid state storage medium, such as a solid state Disk, or the like, (e.g., a solid state Disk, a magnetic storage medium, such as a DVD, a SSD, etc.), or any combination thereof.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A network security protection method based on a big data platform is characterized by comprising the following steps:
step one, a backup program is controlled by a main control computer to perform backup operation on network data: (1) initiating a full backup request through a backup program;
(2) traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in a restored state as a filed state, backing up the directory, file information and data blocks of the traversed file object, and reserving the backed-up complete file object;
(3) initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state in sequence from bottom to top according to the path of the corresponding file object;
(4) traversing all file objects, and judging whether the file objects are in an archived state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, entering the step (5);
(5) saving the path of the file object to be incrementally backed up in a local information file, covering the path of the file object saved before, setting the reduction position of the file object to be in an archived state, and backing up the directory, the file information and the data blocks of the file object traversed to a data center;
and step two, evaluating the network security situation through a network evaluation program: (I) determining importance degree weights of each network device and each host through an evaluation program;
(II) evaluating each network device and the host respectively;
(III) integrating the evaluation results of each network device and the host into the evaluation result of the whole network system;
step three, tracking the illegal IP by a tracking program: 1) registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time;
2) intercepting the IP which fails in login in the system log, and marking the IP as a suspicious IP;
3) tracking the suspicious IP, and judging the suspicious IP as an attack IP according to the number of times of the continuous login failure of the suspicious IP;
4) and adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP within the shielding time.
2. The big data platform-based network security protection method according to claim 1, wherein before the first step, the following steps are performed: step I, detecting information of network bugs, illegal intrusions and viruses through a network security program;
step II, processing the network data through a big data calculation program;
step III, encrypting the network data through an encryption program;
after the third step, the following steps are required:
step 1, carrying out early warning on illegal intrusion behaviors through an acousto-optic early warning device;
step 2, storing the network detection information, the tracking result, the evaluation result and the early warning information through a memory;
and 3, displaying the real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
3. The big data platform-based network security protection method according to claim 1, wherein in step one, the step (2) further comprises the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
4. The network security protection method based on the big data platform as claimed in claim 1, wherein in step one, in the step (5), before backing up each file object in incremental backup, the currently archived path is firstly reserved to the local information file of the backup client, when the incremental backup is initiated next time, the archived path saved under the local information file is firstly obtained and the API is called to call the path where the file object is located, and the archive level state is sequentially set to be not archived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
5. The big data platform-based network security protection method according to claim 1, wherein in step two, the specific determination process of importance level weights of the network device and the host in step (I) includes the following steps:
step a, supposing that the network comprises n information systems and is distributed and deployed in m devices, wherein the importance degrees of the n information systems to the network are x respectively1,x2,...,xnThen, there are:
step b, constructing an m × n matrix:
wherein,
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
wherein, A is the m × n matrix constructed in the step b.
6. The big data platform-based network security protection method according to claim 1, wherein in step (II), the evaluation elements for evaluating the network device and the host in step (II) include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition;
the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
7. The method for network security protection based on big data platform as claimed in claim 1, wherein in step three, the method for tracing the illegal IP intrusion by the tracing program further comprises:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
and updating the state tracking records of the source IP address and the target IP address every time an IP message is received, and discovering the IP address or the IP subnet without response in the network by analyzing the continuously updated state tracking records.
8. A big data platform-based network security protection system applying the big data platform-based network security protection method according to any one of claims 1 to 7, wherein the big data platform-based network security protection system comprises:
the network security detection module is connected with the central control module and is used for detecting information of network bugs, illegal invasion and viruses through a network security program;
the big data processing module is connected with the central control module and used for processing the network data through a big data calculation program;
the data encryption module is connected with the central control module and used for encrypting the network data through an encryption program;
the central control module is connected with the network security detection module, the big data processing module, the data encryption module, the backup module, the network evaluation module, the IP tracking module, the early warning module, the data storage module and the display module and is used for controlling each module to normally work through the main control computer;
the backup module is connected with the central control module and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module is connected with the central control module and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module is connected with the central control module and is used for tracking the illegal IP intrusion through a tracking program;
the early warning module is connected with the central control module and is used for early warning illegal invasion behaviors through the acousto-optic early warning device;
the data storage module is connected with the central control module and used for storing network detection information, tracking results, evaluation results and early warning information through the memory;
and the display module is connected with the central control module and used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through the display.
9. A computer program product stored on a computer readable medium, comprising a computer readable program for providing a user input interface to implement the big data platform based network security protection method according to any one of claims 1 to 7 when executed on an electronic device.
10. A computer-readable storage medium storing instructions which, when executed on a computer, cause the computer to perform the method for securing network based on big data platform as claimed in any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010162706.3A CN111464502A (en) | 2020-03-10 | 2020-03-10 | Network security protection method and system based on big data platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010162706.3A CN111464502A (en) | 2020-03-10 | 2020-03-10 | Network security protection method and system based on big data platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111464502A true CN111464502A (en) | 2020-07-28 |
Family
ID=71685148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010162706.3A Pending CN111464502A (en) | 2020-03-10 | 2020-03-10 | Network security protection method and system based on big data platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111464502A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111867190A (en) * | 2020-08-04 | 2020-10-30 | 珠海银工科技有限公司 | Connection method of intelligent street lamp |
CN112272176A (en) * | 2020-10-23 | 2021-01-26 | 常州市同济科技有限公司 | Network security protection method and system based on big data platform |
CN112506699A (en) * | 2020-11-25 | 2021-03-16 | 江苏恒信和安电子科技有限公司 | Data security backup method, equipment and system |
CN112615842A (en) * | 2020-12-11 | 2021-04-06 | 黑龙江亿林网络股份有限公司 | Network security implementation system and method based on big data platform |
CN112866278A (en) * | 2021-02-04 | 2021-05-28 | 许昌学院 | Computer network information safety protection system based on big data |
CN114374532A (en) * | 2021-12-06 | 2022-04-19 | 国网山东省电力公司聊城供电公司 | Network security monitoring system |
CN115296870A (en) * | 2022-07-25 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Network security protection method and network security protection platform based on big data |
CN115694883A (en) * | 2022-09-13 | 2023-02-03 | 江苏省未来网络创新研究院 | Network sensing anomaly detection system and method based on big data |
CN117118753A (en) * | 2023-10-23 | 2023-11-24 | 深圳市科力锐科技有限公司 | Network attack protection method, device, equipment and storage medium |
CN117879977A (en) * | 2024-03-11 | 2024-04-12 | 北京易用时代科技有限公司 | Network security protection method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110145563A1 (en) * | 2009-12-14 | 2011-06-16 | Michael Thomas Kain | Secured file-based application programming interface |
CN105373452A (en) * | 2015-12-11 | 2016-03-02 | 上海爱数信息技术股份有限公司 | Data backup method |
CN106789955A (en) * | 2016-11-30 | 2017-05-31 | 山东省计算中心(国家超级计算济南中心) | A kind of network security situation evaluating method |
CN107800724A (en) * | 2017-12-08 | 2018-03-13 | 北京百度网讯科技有限公司 | Cloud main frame anti-crack method, system and processing equipment |
CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
-
2020
- 2020-03-10 CN CN202010162706.3A patent/CN111464502A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110145563A1 (en) * | 2009-12-14 | 2011-06-16 | Michael Thomas Kain | Secured file-based application programming interface |
CN105373452A (en) * | 2015-12-11 | 2016-03-02 | 上海爱数信息技术股份有限公司 | Data backup method |
CN106789955A (en) * | 2016-11-30 | 2017-05-31 | 山东省计算中心(国家超级计算济南中心) | A kind of network security situation evaluating method |
CN107800724A (en) * | 2017-12-08 | 2018-03-13 | 北京百度网讯科技有限公司 | Cloud main frame anti-crack method, system and processing equipment |
CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111867190A (en) * | 2020-08-04 | 2020-10-30 | 珠海银工科技有限公司 | Connection method of intelligent street lamp |
CN112272176A (en) * | 2020-10-23 | 2021-01-26 | 常州市同济科技有限公司 | Network security protection method and system based on big data platform |
CN112506699A (en) * | 2020-11-25 | 2021-03-16 | 江苏恒信和安电子科技有限公司 | Data security backup method, equipment and system |
CN112615842A (en) * | 2020-12-11 | 2021-04-06 | 黑龙江亿林网络股份有限公司 | Network security implementation system and method based on big data platform |
CN112866278A (en) * | 2021-02-04 | 2021-05-28 | 许昌学院 | Computer network information safety protection system based on big data |
CN112866278B (en) * | 2021-02-04 | 2023-04-07 | 许昌学院 | Computer network information safety protection system based on big data |
CN114374532A (en) * | 2021-12-06 | 2022-04-19 | 国网山东省电力公司聊城供电公司 | Network security monitoring system |
CN115296870A (en) * | 2022-07-25 | 2022-11-04 | 北京科能腾达信息技术股份有限公司 | Network security protection method and network security protection platform based on big data |
CN115694883A (en) * | 2022-09-13 | 2023-02-03 | 江苏省未来网络创新研究院 | Network sensing anomaly detection system and method based on big data |
CN117118753A (en) * | 2023-10-23 | 2023-11-24 | 深圳市科力锐科技有限公司 | Network attack protection method, device, equipment and storage medium |
CN117879977A (en) * | 2024-03-11 | 2024-04-12 | 北京易用时代科技有限公司 | Network security protection method and device, electronic equipment and storage medium |
CN117879977B (en) * | 2024-03-11 | 2024-05-31 | 北京易用时代科技有限公司 | Network security protection method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111464502A (en) | Network security protection method and system based on big data platform | |
US10050997B2 (en) | Method and system for secure delivery of information to computing environments | |
US9516062B2 (en) | System and method for determining and using local reputations of users and hosts to protect information in a network environment | |
US9021595B2 (en) | Asset risk analysis | |
CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
US7941854B2 (en) | Method and system for responding to a computer intrusion | |
CN104662517A (en) | Techniques for detecting a security vulnerability | |
US10037425B2 (en) | Detecting suspicious file prospecting activity from patterns of user activity | |
US10958687B2 (en) | Generating false data for suspicious users | |
CN109379347B (en) | Safety protection method and equipment | |
US8392998B1 (en) | Uniquely identifying attacked assets | |
CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
US20240256668A1 (en) | Detecting and Preventing Installation and Execution of Malicious Browser Extensions | |
WO2023026114A1 (en) | Encryption monitor register and system | |
CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
US10791128B2 (en) | Intrusion detection | |
CN117032894A (en) | Container security state detection method and device, electronic equipment and storage medium | |
US11895155B2 (en) | Resilient self-detection of malicious exfiltration of sensitive data | |
KR102541888B1 (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same | |
CN111092886A (en) | Terminal defense method, system, equipment and computer readable storage medium | |
US11425156B2 (en) | Dynamic gathering of attack symptoms | |
US20230132611A1 (en) | Abnormal classic authorization detection systems | |
WO2023249577A1 (en) | Systems and methods for detection of advanced persistent threats in an information network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200728 |
|
RJ01 | Rejection of invention patent application after publication |