CN111464516B - Safety network computer for effectively blocking attack from internal network system - Google Patents

Safety network computer for effectively blocking attack from internal network system Download PDF

Info

Publication number
CN111464516B
CN111464516B CN202010205358.3A CN202010205358A CN111464516B CN 111464516 B CN111464516 B CN 111464516B CN 202010205358 A CN202010205358 A CN 202010205358A CN 111464516 B CN111464516 B CN 111464516B
Authority
CN
China
Prior art keywords
module
unit
information
output end
input end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010205358.3A
Other languages
Chinese (zh)
Other versions
CN111464516A (en
Inventor
李晓岩
苏娜
尹成波
周雪芳
史宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Huanghai University
Original Assignee
Qingdao Huanghai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Huanghai University filed Critical Qingdao Huanghai University
Priority to CN202010205358.3A priority Critical patent/CN111464516B/en
Publication of CN111464516A publication Critical patent/CN111464516A/en
Application granted granted Critical
Publication of CN111464516B publication Critical patent/CN111464516B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a secure network computer for effectively blocking attacks from an internal network system, which comprises an internal network interface, a scanning unit, a data storage unit, a second data isolation unit, a first data isolation unit, a formatting unit, a control system unit and a virtual control system unit, and relates to the technical field of network computers. The file is conveyed into a data temporary storage module in a data storage unit through an information output module and then is input into a virtual control system unit to perform trial operation, when detection is correct, the file is conveyed into the information storage module for storage after being screened by a firewall module, at the moment, a second data partition unit is connected, the safe information is conveyed into the control system unit to work, and the internal attack can be effectively prevented by detecting through a virtual system in one-way data connection.

Description

Safety network computer for effectively blocking attack from internal network system
Technical Field
The invention relates to the technical field of network computers, in particular to a secure network computer which can effectively block attacks from an internal network system.
Background
In the modern society of increasingly developing computer networks, the network security of the local area network is more and more emphasized. At present, the border security of the local area network (mainly referring to preventing unsafe factors from the wide area network) generally adopts special security equipment arranged in each local area network, can provide functions of firewall, internet behavior analysis, internet behavior management and the like, is to monitor and control computers in the local area network, and Emulex manages the rapid development of the internet aiming at the processes of internet activities (internet monitoring) on the internal computer, internal behaviors and assets and the like related to non-internet (intranet monitoring), and the use of the internet is more and more common, so that the network and the internet not only become a communication bridge inside an enterprise, but also are important pipelines for various business transactions between the enterprise and the outside.
The security of the internal network and the data is crucial, the problem of the security of the internal network and the data mainly lies in preventing attacks from the internal network system and the external network system, and the basic defense is usually performed by adopting a hardware/software firewall technology, but the firewall may be broken along with the development and change of an attack means.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a secure network computer for effectively blocking attacks from an internal network system, which solves the problems of internal network and data security, mainly aims at preventing attacks from the internal network system and an external network system, and generally adopts a hardware/software firewall technology to perform basic defense, but the firewall can be broken along with the development and change of attack means.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a secure network computer for effectively blocking attacks from an internal network system comprises an internal network interface, a scanning unit, a data storage unit, a second data isolation unit, a first data isolation unit, a formatting unit, a control system unit, a virtual control system unit, an information encryption output unit, an arithmetic unit and a self-checking unit, wherein the output end of the internal network interface is connected with the input end of the scanning unit, the output end of the scanning unit is connected with the input end of the data storage unit, the output end of the data storage unit is connected with the input end of the first data isolation unit, the output end of the first data isolation unit is connected with the input end of the virtual control system unit, the output end of the virtual control system unit is connected with the input end of the arithmetic unit, and the output end of the arithmetic unit is connected with the input end of the self-checking unit, the output end of the self-checking unit is connected with the input end of the formatting unit, the output end of the formatting unit is respectively connected with the input ends of the first data partition unit and the data storage unit, the output end of the data storage unit is connected with the input end of the second data partition unit, the output end of the second data partition unit is connected with the input end of the control system unit, and the output end of the control system unit is connected with the input end of the information encryption output unit.
Preferably, the scanning unit comprises an information receiving module, a searching and killing recording module, an information scanning module, a hidden danger searching and killing module and an information output module.
Preferably, the output end of the information receiving module is connected with the input end of the information scanning module, the output end of the information scanning module is connected with the input end of the hidden danger searching and killing module, the output end of the hidden danger searching and killing module is connected with the input end of the information output module, and the output end of the information scanning module is connected with the input end of the searching and killing recording module.
Preferably, the data storage unit comprises a data temporary storage module, a partition module, a firewall module and an information storage module.
Preferably, the output end of the temporary data storage module is connected with the input end of the partition module, the output end of the partition module is connected with the input end of the firewall module, and the output end of the firewall module is connected with the input end of the information storage module.
Preferably, the information encryption output unit comprises an information conversion module, an information encryption module, an encryption database and an encryption information sending module.
Preferably, the output end of the information conversion module is connected with the input end of the information encryption module, the output end of the information encryption module is connected with the input end of the encrypted information sending module, and the output end of the encrypted database is connected with the input end of the information encryption module.
Preferably, the operation unit comprises a file reading module and a file operation module, and an output end of the file reading module is connected with an input end of the file operation module.
(III) advantageous effects
The present invention provides a secure network computer that effectively blocks attacks from an internal network system. Compared with the prior art, the method has the following beneficial effects:
(1) the output end of the internal network interface is connected with the input end of the scanning unit, the output end of the scanning unit is connected with the input end of the data storage unit, the output end of the data storage unit is connected with the input end of the first data isolating unit, the output end of the first data isolating unit is connected with the input end of the virtual control system unit, the output end of the virtual control system unit is connected with the input end of the arithmetic unit, the output end of the arithmetic unit is connected with the input end of the self-checking unit, the output end of the self-checking unit is connected with the input end of the formatting unit, the output end of the formatting unit is respectively connected with the input ends of the first data isolating unit and the data storage unit, and the output end of the data storage unit is connected with the input end of the second data isolating unit, the output end of the second data partition unit is connected with the input end of the control system unit, the output end of the control system unit is connected with the input end of the information encryption output unit, the file is conveyed into a data temporary storage module in the data storage unit through the information output module and then is input into the virtual control system unit for trial operation, when detection is correct, the file is conveyed into the information storage module for storage after being screened by the firewall module, at the moment, the second data partition unit is connected, safe information is conveyed into the control system unit for working, the detection is carried out through the virtual system in one-way data connection, and internal attack can be effectively prevented.
(2) The safe network computer for effectively resisting the attack from the internal network system comprises an information receiving module, a searching and killing recording module, an information scanning module, a hidden danger searching and killing module and an information output module in a scanning unit, wherein the output end of the information receiving module is connected with the input end of the information scanning module, the output end of the information scanning module is connected with the input end of the hidden danger searching and killing module, the output end of the hidden danger searching and killing module is connected with the input end of the information output module, the output end of the information scanning module is connected with the input end of the searching and killing recording module, the information in the computer is transmitted through an internal network interface, the information is received through the information receiving module in the scanning unit, the safety scanning is carried out through the information scanning module, the scanned potential safety hazard is searched and killed through the hidden danger searching and killing recording module, the searched and killed files are transmitted into a data temporary storage module in a data storage unit through an information output module, the received information and the files are temporarily stored after being checked, and the files are transmitted into a database after being detected to be correct.
(3) The output end of the data temporary storage module is connected with the input end of the partition module, the output end of the partition module is connected with the input end of the firewall module, the output end of the firewall module is connected with the input end of the information storage module, the operation is carried out through a file operation unit, the self-checking unit carries out self-checking on the virtual control system unit after the operation is carried out, when the safety hazard is found through the checking, the information stored in the data temporary storage module in the data storage unit is formatted through the formatting unit, the data is separated through the first data separation unit, and when the problem is detected, the separated files and the information are formatted, the protection is more thorough.
Drawings
FIG. 1 is a schematic block diagram of the system of the present invention;
FIG. 2 is a schematic block diagram of a scan cell of the present invention;
FIG. 3 is a functional block diagram of a data storage unit according to the present invention;
FIG. 4 is a schematic block diagram of an information encryption output unit according to the present invention;
FIG. 5 is a schematic block diagram of an arithmetic unit according to the present invention.
In the figure, 1-internal network interface, 2-scanning unit, 3-data storage unit, 4-second data partition unit, 5-first data partition unit, 6-formatting unit, 7-control system unit, 8-virtual control system unit, 9-information encryption output unit, 10-operation unit, 11-self-checking unit, 21-information receiving module, 22-checking and killing recording module, 23-information scanning module, 24-hidden danger checking and killing module, 25-information output module, 31-data temporary storage module, 32-partition module, 33-firewall module, 34-information storage module, 91-information conversion module, 92-information encryption module, 93-encryption database, 94-encryption information sending module, 3-information encryption module, 101-file reading module, 102-file operation module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-5, an embodiment of the present invention provides a technical solution: a safe network computer for effectively blocking attacks from an internal network system comprises an internal network interface 1, a scanning unit 2, a data storage unit 3, a second data isolation unit 4, a first data isolation unit 5, a formatting unit 6, a control system unit 7, a virtual control system unit 8, an information encryption output unit 9, an operation unit 10 and a self-checking unit 11, wherein the scanning unit 2 comprises an information receiving module 21, an information scanning module 22, an information scanning module 23, a hidden danger searching and killing module 24 and an information output module 25, information in the computer is transmitted through the internal network interface 1, the information is received through the information receiving module 21 in the scanning unit 2, safety scanning is carried out through the information scanning module 23, the scanned potential safety hazards are searched and killed through the hidden danger searching and killing module 24, and recording is carried out through the searching and killing and recording module 22, the searched and killed files are transmitted into a data temporary storage module 31 in a data storage unit 3 through an information output module 25, the received information and files are temporarily stored after being checked and then transmitted into a database after being checked without errors, the output end of an information receiving module 21 is connected with the input end of an information scanning module 23, the output end of the information scanning module 23 is connected with the input end of a hidden danger searching and killing module 24, the output end of the hidden danger searching and killing module 24 is connected with the input end of the information output module 25, the output end of the information scanning module 23 is connected with the input end of a searching and killing recording module 22, the data storage unit 3 comprises a data temporary storage module 31, a partition module 32, a firewall module 33 and an information storage module 34, the output end of the data temporary storage module 31 is connected with the input end of the partition module 32, and the output end of the partition module 32 is connected with the input end of the firewall module 33, the output end of the firewall module 33 is connected with the input end of the information storage module 34, the information encryption output unit 9 comprises an information conversion module 91, an information encryption module 92, an encryption database 93 and an encryption information sending module 94, the output end of the information conversion module 91 is connected with the input end of the information encryption module 92, the output end of the information encryption module 92 is connected with the input end of the encryption information sending module 94, the output end of the encryption database 93 is connected with the input end of the information encryption module 92, the operation unit 10 comprises a file reading module 101 and a file operation module 102, the output end of the file reading module 101 is connected with the input end of the file operation module 102, the output end of the internal network interface 1 is connected with the input end of the scanning unit 2, the output end of the scanning unit 2 is connected with the input end of the data storage unit 3, and the file is conveyed to the data temporary storage module 31 in the data storage unit 3 through the information output module 25, then inputting into the virtual control system unit 8, performing trial operation, when no error is detected, the information is screened by the firewall module 33 and then is transmitted into the information storage module 34 for storage, at the moment, the second data isolation unit 4 is connected to transmit the safe information into the control system unit 7 for operation, the internal attack can be effectively prevented by detecting through a virtual system with unidirectional data connection, the output end of the data storage unit 3 is connected with the input end of the first data isolation unit 5, the output end of the first data isolation unit 5 is connected with the input end of the virtual control system unit 8, the output end of the virtual control system unit 8 is connected with the input end of the operation unit 10, the output end of the operation unit 10 is connected with the input end of the self-checking unit 11, and the output end of the self-checking unit 11 is connected with the input end of the formatting unit 6, the output end of the formatting unit 6 is respectively connected with the input ends of the first data isolation unit 5 and the data storage unit 3, the output end of the data storage unit 3 is connected with the input end of the second data isolation unit 4, the output end of the second data isolation unit 4 is connected with the input end of the control system unit 7, the output end of the control system unit 7 is connected with the input end of the information encryption output unit 9, the operation is carried out through the file operation unit 102, the self-checking unit 11 carries out self-checking on the virtual control system unit 8 after the operation is carried out, when the potential safety hazard is found through checking, the information stored in the data temporary storage module 31 in the data storage unit 3 is formatted through the formatting unit 8, the data isolation is carried out through the first data isolation unit 5, and when the problem is detected, the files and the information which are isolated are formatted, the protection is more thorough.
When the system is used, information in a computer is transmitted through the internal network interface 1, the information is received through the information receiving module 21 in the scanning unit 2, safety scanning is carried out through the information scanning module 23, the scanned potential safety hazard is checked and killed through the potential safety hazard checking and killing module 24, recording is carried out through the checking and killing recording module 22, the checked and killed file is transmitted into the data temporary storage module 31 in the data storage unit 3 through the information output module 25, then the information is read through the file reading module 101 in the operation unit 10 in the virtual control system unit 8, operation is carried out through the file operation unit 102, the operated virtual control system unit 8 is self-checked through the self-checking unit 11, when the potential safety hazard is found through checking, the information stored in the data temporary storage module 31 in the data storage unit 3 is formatted through the formatting unit 8, and the data is cut off by the first data cut-off unit 5, when the operation is not in problem, the information is transmitted to the information storage module 34 for storage after being screened by the firewall module 33, and at the moment, the second data cut-off unit 4 is connected to transmit the safe information to the control system unit 7 for operation.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. The utility model provides a safe network computer that effective blocking comes from internal network system to attack, includes internal network interface (1), scanning unit (2), data memory cell (3), second data cut off unit (4), first data cut off unit (5), formatting unit (6), control system unit (7), virtual control system unit (8), information encryption output unit (9), arithmetic element (10) and self-checking unit (11), its characterized in that: the output end of the internal network interface (1) is connected with the input end of the scanning unit (2), the output end of the scanning unit (2) is connected with the input end of the data storage unit (3), the output end of the data storage unit (3) is connected with the input end of the first data partition unit (5), the output end of the first data partition unit (5) is connected with the input end of the virtual control system unit (8), the output end of the virtual control system unit (8) is connected with the input end of the operation unit (10), the output end of the operation unit (10) is connected with the input end of the self-checking unit (11), the output end of the self-checking unit (11) is connected with the input end of the formatting unit (6), and the output end of the formatting unit (6) is respectively connected with the input ends of the first data partition unit (5) and the data storage unit (3), the output end of the data storage unit (3) is connected with the input end of the second data partition unit (4), the output end of the second data partition unit (4) is connected with the input end of the control system unit (7), and the output end of the control system unit (7) is connected with the input end of the information encryption output unit (9).
2. The secure network computer effective to thwart attacks from internal network systems of claim 1, wherein: the scanning unit (2) comprises an information receiving module (21), a searching and killing recording module (22), an information scanning module (23), a hidden danger searching and killing module (24) and an information output module (25).
3. The secure network computer effective to thwart attacks from internal network systems of claim 2, wherein: the output end of the information receiving module (21) is connected with the input end of the information scanning module (23), the output end of the information scanning module (23) is connected with the input end of the hidden danger searching and killing module (24), the output end of the hidden danger searching and killing module (24) is connected with the input end of the information output module (25), and the output end of the information scanning module (23) is connected with the input end of the searching and killing recording module (22).
4. The secure network computer effective to thwart attacks from internal network systems of claim 1, wherein: the data storage unit (3) comprises a data temporary storage module (31), a partition module (32), a firewall module (33) and an information storage module (34).
5. The secure network computer effective to thwart attacks from internal network systems of claim 4, wherein: the output end of the data temporary storage module (31) is connected with the input end of the partition module (32), the output end of the partition module (32) is connected with the input end of the firewall module (33), and the output end of the firewall module (33) is connected with the input end of the information storage module (34).
6. The secure network computer effective to thwart attacks from internal network systems of claim 1, wherein: the information encryption output unit (9) comprises an information conversion module (91), an information encryption module (92), an encryption database (93) and an encryption information sending module (94).
7. The secure network computer effective to thwart attacks from internal network systems of claim 6, wherein: the output end of the information conversion module (91) is connected with the input end of the information encryption module (92), the output end of the information encryption module (92) is connected with the input end of the encryption information sending module (94), and the output end of the encryption database (93) is connected with the input end of the information encryption module (92).
8. The secure network computer effective to thwart attacks from internal network systems of claim 1, wherein: the operation unit (10) comprises a file reading module (101) and a file operation module (102), and the output end of the file reading module (101) is connected with the input end of the file operation module (102).
CN202010205358.3A 2020-03-23 2020-03-23 Safety network computer for effectively blocking attack from internal network system Active CN111464516B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010205358.3A CN111464516B (en) 2020-03-23 2020-03-23 Safety network computer for effectively blocking attack from internal network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010205358.3A CN111464516B (en) 2020-03-23 2020-03-23 Safety network computer for effectively blocking attack from internal network system

Publications (2)

Publication Number Publication Date
CN111464516A CN111464516A (en) 2020-07-28
CN111464516B true CN111464516B (en) 2021-12-03

Family

ID=71682916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010205358.3A Active CN111464516B (en) 2020-03-23 2020-03-23 Safety network computer for effectively blocking attack from internal network system

Country Status (1)

Country Link
CN (1) CN111464516B (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1690960A (en) * 2004-04-21 2005-11-02 中国长城计算机深圳股份有限公司 Safety network computer
CN110557251B (en) * 2019-09-27 2022-07-22 武汉控安融科技有限公司 Industrial data safety isolation acquisition system and internal and external network data one-way transmission method

Also Published As

Publication number Publication date
CN111464516A (en) 2020-07-28

Similar Documents

Publication Publication Date Title
US12047396B2 (en) System and method for monitoring security attack chains
Linger et al. Requirements definition for survivable network systems
US8091127B2 (en) Heuristic malware detection
US10885185B2 (en) Graph model for alert interpretation in enterprise security system
CN107004088B (en) Determining device, determining method and recording medium
CN111683157B (en) Network security protection method for Internet of things equipment
US20200153865A1 (en) Sensor based rules for responding to malicious activity
CN111885210A (en) Cloud computing network monitoring system based on end user environment
CN113360475B (en) Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN114006748A (en) Network security comprehensive monitoring method, system, equipment and storage medium
CN115567235A (en) Network security emergency disposal system and application method
CN110826094A (en) Information leakage monitoring method and device
CN111464516B (en) Safety network computer for effectively blocking attack from internal network system
CN116708157A (en) Computer security operation and maintenance service system
Kurra et al. An agent based approach to perform damage assessment and recovery efficiently after a cyber attack to ensure E-government database security
KR101968633B1 (en) Method for providing real-time recent malware and security handling service
CN115361182B (en) Botnet behavior analysis method, device, electronic equipment and medium
KR100310860B1 (en) Method for detecting real-time intrusion using agent structure on real-time intrustion detecting system
KR102541888B1 (en) Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same
CN112989403B (en) Database damage detection method, device, equipment and storage medium
CN106789988A (en) A kind of network inquiry platform
CN114745166B (en) Industrial asset risk perception method and device and electronic equipment
GB2475877A (en) Monitoring the retransmission of private information to a different network address
Ma et al. A Survey of Cyber Security and Safety in Industrial Control Systems
Colajanni et al. Selective alerts for runtime protection of distributed systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant