CN111464502A - Network security protection method and system based on big data platform - Google Patents

Network security protection method and system based on big data platform Download PDF

Info

Publication number
CN111464502A
CN111464502A CN202010162706.3A CN202010162706A CN111464502A CN 111464502 A CN111464502 A CN 111464502A CN 202010162706 A CN202010162706 A CN 202010162706A CN 111464502 A CN111464502 A CN 111464502A
Authority
CN
China
Prior art keywords
network
module
file
host
big data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010162706.3A
Other languages
Chinese (zh)
Inventor
王兴柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University of Arts and Science
Original Assignee
Hunan University of Arts and Science
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University of Arts and Science filed Critical Hunan University of Arts and Science
Priority to CN202010162706.3A priority Critical patent/CN111464502A/en
Publication of CN111464502A publication Critical patent/CN111464502A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the technical field of network security protection, and discloses a network security protection method and a system based on a big data platform, wherein the network security protection system based on the big data platform comprises: the system comprises a network security detection module, a big data processing module, a data encryption module, a central control module, a backup module, a network evaluation module, an IP tracking module, an early warning module, a data storage module and a display module. According to the method for setting the changed file object according to the gear-returning identification, the process of comparing the file object attributes and the occupied space of an extra file attribute copy are eliminated, the process of searching the changed file is simplified, and the efficiency of incremental backup of the cloud storage file object is improved; the network evaluation module reserves the characteristic of being convenient for endowing the subsystems with important degrees according to application system division, is convenient for evaluators to carry out actual evaluation operation according to network equipment and hosts, and increases and refines evaluation elements for evaluating the network equipment and the hosts.

Description

Network security protection method and system based on big data platform
Technical Field
The invention belongs to the technical field of network security protection, and particularly relates to a network security protection method and system based on a big data platform.
Background
Network security, which generally refers to the security of computer networks, may actually also refer to the security of computer communication networks. The computer communication network is a system which interconnects a plurality of computers with independent functions through communication equipment and transmission media and realizes information transmission and exchange among the computers under the support of communication software. The computer network is a system that connects a plurality of independent computer systems, terminals, and data devices, which are relatively dispersed geographically, by a communication means for the purpose of sharing resources, and performs data exchange under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are the way to implement network resource sharing, so that computer networks are secure, and corresponding computer communication networks must also be secure, and information exchange and resource sharing should be implemented for network users. Hereinafter, network security refers to both computer network security and computer communication network security. However, the existing network security protection method and system based on the big data platform have low backup efficiency; meanwhile, the network security assessment is inaccurate.
In summary, the problems of the prior art are as follows: the existing network security protection method and system based on the big data platform have low backup efficiency; meanwhile, the network security assessment is inaccurate and the illegal intrusion cannot be pre-warned.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a network security protection method and system based on a big data platform.
The invention is realized in such a way that a network security protection method based on a big data platform comprises the following steps:
step one, a backup program is controlled by a main control computer to perform backup operation on network data: (1) initiating a full backup request through a backup program;
(2) traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in a restored state as a filed state, backing up the directory, file information and data blocks of the traversed file object, and reserving the backed-up complete file object;
(3) initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state in sequence from bottom to top according to the path of the corresponding file object;
(4) traversing all file objects, and judging whether the file objects are in an archived state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, entering the step (5);
(5) saving the path of the file object to be incrementally backed up in a local information file, covering the path of the file object saved before, setting the reduction position of the file object to be in an archived state, and backing up the directory, the file information and the data blocks of the file object traversed to the data center.
And step two, evaluating the network security situation through a network evaluation program: (I) determining importance degree weights of each network device and each host through an evaluation program;
(II) evaluating each network device and the host respectively;
and (III) integrating the evaluation results of the network devices and the host computer into the evaluation result of the whole network system.
Step three, tracking the illegal IP by a tracking program: 1) registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time;
2) intercepting the IP which fails in login in the system log, and marking the IP as a suspicious IP;
3) tracking the suspicious IP, and judging the suspicious IP as an attack IP according to the number of times of the continuous login failure of the suspicious IP;
4) and adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP within the shielding time.
Further, before the step one, the following steps are required: step I, detecting information of network bugs, illegal intrusions and viruses through a network security program;
step II, processing the network data through a big data calculation program;
and III, encrypting the network data through an encryption program.
After the third step, the following steps are required:
step 1, carrying out early warning on illegal intrusion behaviors through an acousto-optic early warning device;
step 2, storing the network detection information, the tracking result, the evaluation result and the early warning information through a memory;
and 3, displaying the real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
Further, in the first step, the step (2) further includes the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
Further, in the first step, in the step (5), before backing up each file object in the incremental backup, a currently archived path is firstly reserved in a local information file of the backup client, when the incremental backup is initiated next time, an archived path saved under the local information file is firstly acquired, an API is called to allocate the path of the file object, and the file-returning state is sequentially set as unarchived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
Further, in step (ii), the specific determination process of the importance weights of the network device and the host in step (I) includes the following steps:
step a, supposing that the network comprises n information systems and is distributed and deployed in m devices, wherein the importance degrees of the n information systems to the network are x respectively1,x2,...,xnThen, there are:
Figure BDA0002406357190000031
step b, constructing an m × n matrix:
Figure BDA0002406357190000041
wherein,
Figure BDA0002406357190000042
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
Figure BDA0002406357190000043
wherein, A is the m × n matrix constructed in the step b.
Further, in step (II), the evaluation elements for evaluating the network device and the host in step (II) include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition;
the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
Further, in step three, the method for tracking the illegal IP intrusion by the tracking program further includes:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
and updating the state tracking records of the source IP address and the target IP address every time an IP message is received, and discovering the IP address or the IP subnet without response in the network by analyzing the continuously updated state tracking records.
Another object of the present invention is to provide a big data platform based network security protection system applying the big data platform based network security protection method, where the big data platform based network security protection system includes:
the system comprises a network security detection module, a big data processing module, a data encryption module, a central control module, a backup module, a network evaluation module, an IP tracking module, an early warning module, a data storage module and a display module.
The network security detection module is connected with the central control module and is used for detecting information of network bugs, illegal invasion and viruses through a network security program;
the big data processing module is connected with the central control module and used for processing the network data through a big data calculation program;
the data encryption module is connected with the central control module and used for encrypting the network data through an encryption program;
the central control module is connected with the network security detection module, the big data processing module, the data encryption module, the backup module, the network evaluation module, the IP tracking module, the early warning module, the data storage module and the display module and is used for controlling each module to normally work through the main control computer;
the backup module is connected with the central control module and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module is connected with the central control module and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module is connected with the central control module and is used for tracking the illegal IP intrusion through a tracking program;
the early warning module is connected with the central control module and is used for early warning illegal invasion behaviors through the acousto-optic early warning device;
the data storage module is connected with the central control module and used for storing network detection information, tracking results, evaluation results and early warning information through the memory;
and the display module is connected with the central control module and used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through the display.
Another object of the present invention is to provide a computer program product stored on a computer readable medium, which includes a computer readable program for providing a user input interface to implement the big data platform-based network security protection method when the computer program product is executed on an electronic device.
Another object of the present invention is to provide a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to execute the network security protection method based on big data platform.
The invention has the advantages and positive effects that: according to the method for setting the changed file object according to the gear-returning identification through the backup module, the long file object attribute comparison process and the extra occupied space of the file attribute copy are eliminated, the file-changing searching process is simplified, and the incremental backup efficiency of the cloud-stored file object is improved; meanwhile, in the network security situation assessment, the importance degree of the business system is easy to determine according to the strategic objective of the organization through the network assessment module, but the equipment assets are easy to assess in the actual assessment, and the business system is inconvenient to directly assess, so that the importance degree of the business system is converted into the importance degree of the equipment assets, and the assessment factors are divided into 8 types, compared with other methods, the considered factors are more comprehensive, and the assessment result is more accurate; the invention not only retains the characteristic of the importance degree which is convenient to be given to the subsystem according to the application system division, but also is convenient for the evaluators to carry out the actual evaluation operation according to the network equipment and the host, and increases and refines the evaluation elements for evaluating the network equipment and the host.
Drawings
Fig. 1 is a flowchart of a network security protection method based on a big data platform according to an embodiment of the present invention.
Fig. 2 is a block diagram of a network security protection system based on a big data platform according to an embodiment of the present invention.
In the figure: 1. a network security detection module; 2. a big data processing module; 3. a data encryption module; 4. a central control module; 5. a backup module; 6. a network evaluation module; 7. an IP tracing module; 8. an early warning module; 9. a data storage module; 10. and a display module.
Fig. 3 is a flowchart of a method for performing a backup operation on network data through a backup program according to an embodiment of the present invention.
Fig. 4 is a flowchart of a method for evaluating a network security situation through a network evaluation program according to an embodiment of the present invention.
Fig. 5 is a flowchart of a method for tracking an IP hacked by a tracking program according to an embodiment of the present invention.
Detailed Description
In order to further understand the contents, features and effects of the present invention, the following embodiments are illustrated and described in detail with reference to the accompanying drawings.
The structure of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the network security protection method based on the big data platform provided by the embodiment of the present invention includes the following steps:
s101, detecting information of network loopholes, illegal invasion and viruses through a network security program; and processing the network data through a big data calculation program.
S102, encrypting network data through an encryption program; and controlling the normal work of the network safety protection system by the main control machine.
S103, performing backup operation on the network data through a backup program; and evaluating the network security situation through a network evaluation program.
S104, tracking the illegal IP by a tracking program; and an acousto-optic early warning device is used for early warning illegal intrusion behaviors.
S105, storing the network detection information, the tracking result, the evaluation result and the early warning information through a memory; and displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
As shown in fig. 2, the network security protection system based on the big data platform provided in the embodiment of the present invention includes: the system comprises a network security detection module 1, a big data processing module 2, a data encryption module 3, a central control module 4, a backup module 5, a network evaluation module 6, an IP tracking module 7, an early warning module 8, a data storage module 9 and a display module 10.
The network security detection module 1 is connected with the central control module 4 and is used for detecting information of network loopholes, illegal invasion and viruses through a network security program;
the big data processing module 2 is connected with the central control module 4 and is used for processing the network data through a big data calculation program;
the data encryption module 3 is connected with the central control module 4 and is used for encrypting the network data through an encryption program;
the central control module 4 is connected with the network security detection module 1, the big data processing module 2, the data encryption module 3, the backup module 5, the network evaluation module 6, the IP tracking module 7, the early warning module 8, the data storage module 9 and the display module 10 and is used for controlling each module to normally work through the main control computer;
the backup module 5 is connected with the central control module 4 and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module 6 is connected with the central control module 4 and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module 7 is connected with the central control module 4 and used for tracking the illegal IP intrusion through a tracking program;
the early warning module 8 is connected with the central control module 4 and is used for early warning illegal invasion behaviors through an acousto-optic early warning device;
the data storage module 9 is connected with the central control module 4 and used for storing network detection information, tracking results, evaluation results and early warning information through a memory;
and the display module 10 is connected with the central control module 4 and is used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
The invention is further described with reference to specific examples.
Example 1
Fig. 1 shows a network security protection method based on a big data platform according to an embodiment of the present invention, and fig. 3 shows a preferred embodiment of the method according to an embodiment of the present invention, where the method for performing a backup operation on network data through a backup program includes:
s201, a full backup request is initiated through the backup program.
S202, traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in the filing state, backing up the directory, the file information and the data block of the traversed file object, and reserving the backed-up complete file object.
S203, initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state according to the path of the corresponding file object from bottom to top in sequence.
S204, traversing all file objects, and judging whether the file objects are in a filed state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, the process proceeds to step S205.
S205, saving the path of the file object to be incrementally backed up in the local information file, covering the path of the file object saved before, setting the file object in the archived state, and backing up the directory, the file information and the data blocks of the traversed file object to the data center.
Step S202 provided in the embodiment of the present invention further includes the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
In step S205 provided by the embodiment of the present invention, a path currently being archived is first reserved in a local information file of a backup client before each file object is backed up in incremental backup, when incremental backup is initiated next time, an archive path saved under the local information file is first acquired and an API is called to allocate the path where the file object is located, and a restore state is sequentially set as unarchived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
Example 2
As shown in fig. 1 and fig. 4, the method for network security protection based on a big data platform according to an embodiment of the present invention is a preferred embodiment, and the method for evaluating a network security situation through a network evaluation program according to an embodiment of the present invention includes:
s301, determining importance degree weights of the network devices and the hosts through an evaluation program.
S302, each network device and the host are evaluated respectively.
And S303, integrating the evaluation results of the network devices and the host into the evaluation result of the whole network system.
The specific determination process of the importance degree weights of the network device and the host in step S301 provided by the embodiment of the present invention includes the following steps:
step a, supposing that the network comprises n information systems which are distributed and deployed in m devices, wherein the n information systemsThe importance of the system to the network is x1,x2,...,xnThen, there are:
Figure BDA0002406357190000101
step b, constructing an m × n matrix:
Figure BDA0002406357190000102
wherein,
Figure BDA0002406357190000103
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
Figure BDA0002406357190000104
wherein, A is the m × n matrix constructed in the step b.
The evaluation elements for evaluating the network device and the host in step S302 provided by the embodiment of the present invention include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition; the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
Example 3
As shown in fig. 1 and fig. 5, the method for protecting a network based on a big data platform according to an embodiment of the present invention is a preferred embodiment, and the method for tracking an illegal IP intrusion by a tracking program according to an embodiment of the present invention includes:
s401, registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time.
S402, intercepting the IP which fails in login in the system log, and marking as a suspicious IP.
S403, tracking the suspicious IP, and judging the suspicious IP to be an attack IP according to the number of times of the continuous login failure of the suspicious IP.
S404, adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP in the shielding time.
The method for tracking the illegal IP intrusion through the tracking program provided by the embodiment of the invention also comprises the following steps:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
when an IP message is received, the state tracking records of the source IP address and the target IP address are updated, and the nonresponsive IP address or IP subnet in the network is discovered through analyzing the continuously updated state tracking records
The computer instructions may be stored on or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g., from one website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DS L) or wireless (e.g., infrared, wireless, microwave, etc.) means to another website site, computer, server, or data center via a solid state storage medium, such as a solid state Disk, or the like, (e.g., a solid state Disk, a magnetic storage medium, such as a DVD, a SSD, etc.), or any combination thereof.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A network security protection method based on a big data platform is characterized by comprising the following steps:
step one, a backup program is controlled by a main control computer to perform backup operation on network data: (1) initiating a full backup request through a backup program;
(2) traversing the file to be completely backed up, saving the path of the file object to be completely backed up, covering the path of the file object saved before, setting the file object in a restored state as a filed state, backing up the directory, file information and data blocks of the traversed file object, and reserving the backed-up complete file object;
(3) initiating an incremental backup request, and setting the gear returning state of the file objects on the path to be an unarchived state in sequence from bottom to top according to the path of the corresponding file object;
(4) traversing all file objects, and judging whether the file objects are in an archived state or not; if yes, ignoring the file object and the subordinate file objects thereof; if not, entering the step (5);
(5) saving the path of the file object to be incrementally backed up in a local information file, covering the path of the file object saved before, setting the reduction position of the file object to be in an archived state, and backing up the directory, the file information and the data blocks of the file object traversed to a data center;
and step two, evaluating the network security situation through a network evaluation program: (I) determining importance degree weights of each network device and each host through an evaluation program;
(II) evaluating each network device and the host respectively;
(III) integrating the evaluation results of each network device and the host into the evaluation result of the whole network system;
step three, tracking the illegal IP by a tracking program: 1) registering a state tracking record containing three fields for each discovered IP host, positioning the system log position of the host and acquiring the system log in real time;
2) intercepting the IP which fails in login in the system log, and marking the IP as a suspicious IP;
3) tracking the suspicious IP, and judging the suspicious IP as an attack IP according to the number of times of the continuous login failure of the suspicious IP;
4) and adding a shielding rule in the firewall and setting shielding time, wherein the shielding rule is used for shielding the login of the attack IP within the shielding time.
2. The big data platform-based network security protection method according to claim 1, wherein before the first step, the following steps are performed: step I, detecting information of network bugs, illegal intrusions and viruses through a network security program;
step II, processing the network data through a big data calculation program;
step III, encrypting the network data through an encryption program;
after the third step, the following steps are required:
step 1, carrying out early warning on illegal intrusion behaviors through an acousto-optic early warning device;
step 2, storing the network detection information, the tracking result, the evaluation result and the early warning information through a memory;
and 3, displaying the real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through a display.
3. The big data platform-based network security protection method according to claim 1, wherein in step one, the step (2) further comprises the steps of: and in the process of complete backup or after the complete backup is finished, if the file object is changed, setting the file objects on the path to be in the non-filing state from bottom to top according to the path of the changed file object.
4. The network security protection method based on the big data platform as claimed in claim 1, wherein in step one, in the step (5), before backing up each file object in incremental backup, the currently archived path is firstly reserved to the local information file of the backup client, when the incremental backup is initiated next time, the archived path saved under the local information file is firstly obtained and the API is called to call the path where the file object is located, and the archive level state is sequentially set to be not archived from bottom to top; in order to meet the requirement that subsequent incremental backups can continue to backup last unarchived file objects when a task is abnormally ended or stopped, when the incremental backups are initiated, a filing path saved under a local information file is obtained first, an API is called to enable the path where the file objects are located, and the returning state is set to be unarchived from bottom to top in sequence.
5. The big data platform-based network security protection method according to claim 1, wherein in step two, the specific determination process of importance level weights of the network device and the host in step (I) includes the following steps:
step a, supposing that the network comprises n information systems and is distributed and deployed in m devices, wherein the importance degrees of the n information systems to the network are x respectively1,x2,...,xnThen, there are:
Figure FDA0002406357180000031
step b, constructing an m × n matrix:
Figure FDA0002406357180000032
wherein,
Figure FDA0002406357180000033
step c, the importance degree of m devices is y1,y2,...,ymLet Y be [ Y ═ Y1y2...ym]T,X=[x1x2...xn]TThen there are:
Figure FDA0002406357180000034
wherein, A is the m × n matrix constructed in the step b.
6. The big data platform-based network security protection method according to claim 1, wherein in step (II), the evaluation elements for evaluating the network device and the host in step (II) include: attacker ability, attack consequence, vulnerability damage, vulnerability propagation, attack resistance, configuration correctness, security policy and security policy execution condition;
the attacker capability is the attack capability of the attacker when the network equipment and the host are attacked; the attack result is the damage of the network equipment and the host caused by the attack on the network equipment and the host; the vulnerability hazards are potential threats to vulnerabilities and vulnerabilities of network equipment and a host; the vulnerability propagation threatens the network equipment and the host computer as a plurality of vulnerabilities of the network equipment and the host computer are potentially utilized by attackers; the anti-attack capability is a security defense measure deployed by the network equipment and the host; the configuration correctness is the correctness of the network equipment and the host safety measure configuration; the security policy is the integrity and correctness of the security policy in the network equipment and the host; the security policy execution condition is the execution condition of the security policy in the network device and the host.
7. The method for network security protection based on big data platform as claimed in claim 1, wherein in step three, the method for tracing the illegal IP intrusion by the tracing program further comprises:
presetting a threshold value of the continuous login failure times;
the judging that the suspicious IP is the attack IP according to the number of the continuous login failures of the suspicious IP comprises the following steps: based on the fact that the number of times of the suspicious IP continuous login failure exceeds the threshold value, judging the suspicious IP to be an attack IP;
and updating the state tracking records of the source IP address and the target IP address every time an IP message is received, and discovering the IP address or the IP subnet without response in the network by analyzing the continuously updated state tracking records.
8. A big data platform-based network security protection system applying the big data platform-based network security protection method according to any one of claims 1 to 7, wherein the big data platform-based network security protection system comprises:
the network security detection module is connected with the central control module and is used for detecting information of network bugs, illegal invasion and viruses through a network security program;
the big data processing module is connected with the central control module and used for processing the network data through a big data calculation program;
the data encryption module is connected with the central control module and used for encrypting the network data through an encryption program;
the central control module is connected with the network security detection module, the big data processing module, the data encryption module, the backup module, the network evaluation module, the IP tracking module, the early warning module, the data storage module and the display module and is used for controlling each module to normally work through the main control computer;
the backup module is connected with the central control module and is used for carrying out backup operation on the network data through a backup program;
the network evaluation module is connected with the central control module and is used for evaluating the network security situation through a network evaluation program;
the IP tracking module is connected with the central control module and is used for tracking the illegal IP intrusion through a tracking program;
the early warning module is connected with the central control module and is used for early warning illegal invasion behaviors through the acousto-optic early warning device;
the data storage module is connected with the central control module and used for storing network detection information, tracking results, evaluation results and early warning information through the memory;
and the display module is connected with the central control module and used for displaying real-time data of the network detection information, the tracking result, the evaluation result and the early warning information through the display.
9. A computer program product stored on a computer readable medium, comprising a computer readable program for providing a user input interface to implement the big data platform based network security protection method according to any one of claims 1 to 7 when executed on an electronic device.
10. A computer-readable storage medium storing instructions which, when executed on a computer, cause the computer to perform the method for securing network based on big data platform as claimed in any one of claims 1 to 7.
CN202010162706.3A 2020-03-10 2020-03-10 Network security protection method and system based on big data platform Pending CN111464502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010162706.3A CN111464502A (en) 2020-03-10 2020-03-10 Network security protection method and system based on big data platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010162706.3A CN111464502A (en) 2020-03-10 2020-03-10 Network security protection method and system based on big data platform

Publications (1)

Publication Number Publication Date
CN111464502A true CN111464502A (en) 2020-07-28

Family

ID=71685148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010162706.3A Pending CN111464502A (en) 2020-03-10 2020-03-10 Network security protection method and system based on big data platform

Country Status (1)

Country Link
CN (1) CN111464502A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111867190A (en) * 2020-08-04 2020-10-30 珠海银工科技有限公司 Connection method of intelligent street lamp
CN112272176A (en) * 2020-10-23 2021-01-26 常州市同济科技有限公司 Network security protection method and system based on big data platform
CN112506699A (en) * 2020-11-25 2021-03-16 江苏恒信和安电子科技有限公司 Data security backup method, equipment and system
CN112615842A (en) * 2020-12-11 2021-04-06 黑龙江亿林网络股份有限公司 Network security implementation system and method based on big data platform
CN112866278A (en) * 2021-02-04 2021-05-28 许昌学院 Computer network information safety protection system based on big data
CN114374532A (en) * 2021-12-06 2022-04-19 国网山东省电力公司聊城供电公司 Network security monitoring system
CN115296870A (en) * 2022-07-25 2022-11-04 北京科能腾达信息技术股份有限公司 Network security protection method and network security protection platform based on big data
CN115694883A (en) * 2022-09-13 2023-02-03 江苏省未来网络创新研究院 Network sensing anomaly detection system and method based on big data
CN117118753A (en) * 2023-10-23 2023-11-24 深圳市科力锐科技有限公司 Network attack protection method, device, equipment and storage medium
CN117879977A (en) * 2024-03-11 2024-04-12 北京易用时代科技有限公司 Network security protection method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145563A1 (en) * 2009-12-14 2011-06-16 Michael Thomas Kain Secured file-based application programming interface
CN105373452A (en) * 2015-12-11 2016-03-02 上海爱数信息技术股份有限公司 Data backup method
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107800724A (en) * 2017-12-08 2018-03-13 北京百度网讯科技有限公司 Cloud main frame anti-crack method, system and processing equipment
CN109889476A (en) * 2018-12-05 2019-06-14 国网冀北电力有限公司信息通信分公司 A kind of network safety protection method and network security protection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145563A1 (en) * 2009-12-14 2011-06-16 Michael Thomas Kain Secured file-based application programming interface
CN105373452A (en) * 2015-12-11 2016-03-02 上海爱数信息技术股份有限公司 Data backup method
CN106789955A (en) * 2016-11-30 2017-05-31 山东省计算中心(国家超级计算济南中心) A kind of network security situation evaluating method
CN107800724A (en) * 2017-12-08 2018-03-13 北京百度网讯科技有限公司 Cloud main frame anti-crack method, system and processing equipment
CN109889476A (en) * 2018-12-05 2019-06-14 国网冀北电力有限公司信息通信分公司 A kind of network safety protection method and network security protection system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111867190A (en) * 2020-08-04 2020-10-30 珠海银工科技有限公司 Connection method of intelligent street lamp
CN112272176A (en) * 2020-10-23 2021-01-26 常州市同济科技有限公司 Network security protection method and system based on big data platform
CN112506699A (en) * 2020-11-25 2021-03-16 江苏恒信和安电子科技有限公司 Data security backup method, equipment and system
CN112615842A (en) * 2020-12-11 2021-04-06 黑龙江亿林网络股份有限公司 Network security implementation system and method based on big data platform
CN112866278A (en) * 2021-02-04 2021-05-28 许昌学院 Computer network information safety protection system based on big data
CN112866278B (en) * 2021-02-04 2023-04-07 许昌学院 Computer network information safety protection system based on big data
CN114374532A (en) * 2021-12-06 2022-04-19 国网山东省电力公司聊城供电公司 Network security monitoring system
CN115296870A (en) * 2022-07-25 2022-11-04 北京科能腾达信息技术股份有限公司 Network security protection method and network security protection platform based on big data
CN115694883A (en) * 2022-09-13 2023-02-03 江苏省未来网络创新研究院 Network sensing anomaly detection system and method based on big data
CN117118753A (en) * 2023-10-23 2023-11-24 深圳市科力锐科技有限公司 Network attack protection method, device, equipment and storage medium
CN117879977A (en) * 2024-03-11 2024-04-12 北京易用时代科技有限公司 Network security protection method and device, electronic equipment and storage medium
CN117879977B (en) * 2024-03-11 2024-05-31 北京易用时代科技有限公司 Network security protection method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111464502A (en) Network security protection method and system based on big data platform
US10050997B2 (en) Method and system for secure delivery of information to computing environments
US9516062B2 (en) System and method for determining and using local reputations of users and hosts to protect information in a network environment
US9021595B2 (en) Asset risk analysis
CN111274583A (en) Big data computer network safety protection device and control method thereof
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
US7941854B2 (en) Method and system for responding to a computer intrusion
CN104662517A (en) Techniques for detecting a security vulnerability
US10037425B2 (en) Detecting suspicious file prospecting activity from patterns of user activity
US10958687B2 (en) Generating false data for suspicious users
CN109379347B (en) Safety protection method and equipment
US8392998B1 (en) Uniquely identifying attacked assets
CN111431753A (en) Asset information updating method, device, equipment and storage medium
CN113411297A (en) Situation awareness defense method and system based on attribute access control
US20240256668A1 (en) Detecting and Preventing Installation and Execution of Malicious Browser Extensions
WO2023026114A1 (en) Encryption monitor register and system
CN113660222A (en) Situation awareness defense method and system based on mandatory access control
US10791128B2 (en) Intrusion detection
CN117032894A (en) Container security state detection method and device, electronic equipment and storage medium
US11895155B2 (en) Resilient self-detection of malicious exfiltration of sensitive data
KR102541888B1 (en) Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same
CN111092886A (en) Terminal defense method, system, equipment and computer readable storage medium
US11425156B2 (en) Dynamic gathering of attack symptoms
US20230132611A1 (en) Abnormal classic authorization detection systems
WO2023249577A1 (en) Systems and methods for detection of advanced persistent threats in an information network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200728

RJ01 Rejection of invention patent application after publication