CN111865944A - Method and device for terminal isolation protection - Google Patents
Method and device for terminal isolation protection Download PDFInfo
- Publication number
- CN111865944A CN111865944A CN202010637436.7A CN202010637436A CN111865944A CN 111865944 A CN111865944 A CN 111865944A CN 202010637436 A CN202010637436 A CN 202010637436A CN 111865944 A CN111865944 A CN 111865944A
- Authority
- CN
- China
- Prior art keywords
- terminal
- abnormal
- data
- proxy server
- execution process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The embodiment of the invention provides a method and a device for terminal isolation protection. The method comprises the following steps: acquiring terminal data uploaded by each terminal; analyzing abnormal data behaviors of each terminal according to the terminal data to obtain an analysis result of each terminal; if the analysis result is an abnormal terminal, interrupting the abnormal resource execution process of the abnormal terminal in each terminal; and sending a warning instruction to a non-abnormal terminal in each terminal, wherein the warning instruction is used for forbidding the non-abnormal terminal to execute abnormal resources. By adopting the method, the safety of terminal isolation protection can be improved.
Description
Technical Field
The invention relates to the technical field of industrial Internet of things, in particular to a method and a device for terminal isolation protection.
Background
With the rapid development of the industrial internet of things, the safety of the ubiquitous terminal is more and more important. The terminal security protection in the prior art is mostly based on a firewall, a virtual local network filters data and separates networks, and once the firewall is broken or bypasses the firewall to attack the terminal, the security of the terminal cannot be guaranteed because the key point of the protection is mainly on the firewall. Therefore, the prior art has the problem of low safety.
Disclosure of Invention
In view of the foregoing, there is a need to provide a method and apparatus for terminal isolation protection, which can improve security.
In order to achieve the above object, a first aspect of the present invention provides a method for terminal isolation protection, the method comprising:
acquiring terminal data uploaded by each terminal;
analyzing abnormal data behaviors of each terminal according to the terminal data to obtain an analysis result of each terminal;
if the analysis result is an abnormal terminal, interrupting the abnormal resource execution process of the abnormal terminal in each terminal;
and sending a warning instruction to a non-abnormal terminal in each terminal, wherein the warning instruction is used for forbidding the non-abnormal terminal to execute abnormal resources.
In this embodiment of the present application, acquiring terminal data uploaded by each terminal includes: issuing a data acquisition instruction to each terminal; and receiving the terminal data uploaded by each terminal.
In an embodiment of the present application, the method further comprises: before data abnormal behavior analysis is carried out on each terminal according to the terminal data, the terminal data are filtered according to a preset filtering rule, so that the terminal data meeting the preset filtering rule are obtained.
In an embodiment of the present application, the method further comprises: after interrupting the abnormal resource execution process of the abnormal terminal in each terminal, sending a network warning message to a peer proxy server; the network link with the peer proxy server is broken.
In an embodiment of the present application, the method further comprises: and after the abnormal resource execution process of the abnormal terminal in each terminal is interrupted, fixing the network link of the current proxy server.
In this embodiment of the present application, filtering the terminal data according to the preset filtering rule includes: and filtering the terminal data passing through the terminal external interface based on a preset filtering rule.
In this embodiment of the present application, if the analysis result is an abnormal terminal, interrupting the abnormal resource execution process of the abnormal terminal in each terminal, including: if the analysis result is an abnormal terminal, acquiring abnormal resource information corresponding to the abnormal terminal; and interrupting the abnormal resource execution process of the abnormal terminal according to the abnormal resource information.
In the embodiment of the application, the terminal data includes at least one of application program running data, a system running log, occupied traffic and alarm information.
The second aspect of the present invention provides a device for terminal isolation protection, comprising:
the data acquisition module is used for acquiring terminal data uploaded by each terminal;
the data analysis module is used for analyzing the abnormal data behaviors of the terminals according to the terminal data to obtain the analysis results of the terminals;
The internal isolation module is used for interrupting the abnormal resource execution process of the abnormal terminal in each terminal if the analysis result is the abnormal terminal;
and the grading isolation module is used for sending an alarm instruction to a non-abnormal terminal in each terminal, and the alarm instruction is used for forbidding the non-abnormal terminal to execute abnormal resources.
In an embodiment of the present application, the apparatus further includes: and the data filtering module is used for filtering the terminal data according to the preset filtering rule so as to obtain the terminal data meeting the preset filtering rule.
According to the technical scheme, the proxy server acquires the terminal data uploaded by each terminal, performs data abnormal behavior analysis on each terminal according to the terminal data to obtain the analysis result of each terminal, interrupts the abnormal resource execution process of the abnormal terminal in each terminal if the analysis result is the abnormal terminal, effectively isolates the terminal with the abnormal behavior, and simultaneously sends the warning instruction to the non-abnormal terminal in each terminal, wherein the warning instruction is used for prohibiting the non-abnormal terminal from executing the abnormal resource, so that the network safety of other terminals is ensured, and the safety of terminal isolation protection is improved.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is an application environment diagram of a method for terminal isolation protection according to an embodiment of the present application;
fig. 2 is a flowchart illustrating a method for terminal isolation protection according to an embodiment of the present application;
fig. 3 is a flowchart illustrating a method for terminal isolation protection according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a method for terminal isolation protection according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a method for terminal isolation protection according to an embodiment of the present application;
FIG. 6 is a block diagram of an apparatus for terminal isolation protection according to an embodiment of the present application;
fig. 7 is a block diagram of a device for terminal isolation protection according to an embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
The method for terminal isolation protection provided by the embodiment of the application can be applied to the application environment shown in fig. 1. Wherein each terminal (101 to 10N) communicates with the proxy server 120 through a network. Specifically, the proxy server 120 acquires terminal data uploaded by each terminal (101 to 10N), performs data abnormal behavior analysis on each terminal (101 to 10N) according to the terminal data to obtain an analysis result of each terminal (101 to 10N), and if the analysis result is an abnormal terminal, the proxy server 120 interrupts an abnormal resource execution process of the abnormal terminal in each terminal (101 to 10N) and sends a warning instruction to a non-abnormal terminal in each terminal (101 to 10N), wherein the warning instruction is used for prohibiting the non-abnormal terminal from executing the abnormal resource. The terminals (101 to 10N) may be, but are not limited to, various terminals having an operating system, such as various personal computers and controllers, and the proxy server 120 may be a terminal upper-level server and may be implemented by an independent proxy server or a server cluster including a plurality of proxy servers.
Fig. 2 is a flowchart illustrating a method for terminal isolation protection in one embodiment. In one embodiment of the present application, a method for terminal isolation protection is provided, as shown in fig. 2. Taking the example that the method is applied to the proxy server in fig. 1 as an example, the method may include the following steps:
Step S202, acquiring terminal data uploaded by each terminal.
The terminal data is related data of a terminal application program and system operation, and comprises terminal logs, data flow, alarm information and the like. Each terminal is positioned in the same local area network with the proxy server. Optionally, in an embodiment, the terminal data includes at least one of application program running data, a system running log, occupied traffic, and alarm information.
Specifically, the proxy server obtains terminal data uploaded by each terminal in the local area network, wherein the proxy server and each terminal below the proxy server are a local area network. Further, the obtaining mode may be that the proxy server passively receives the terminal data, that is, each terminal actively reports the terminal data to the proxy server, or that the proxy server actively obtains the terminal data, that is, the proxy server monitors each terminal to obtain the terminal data.
Optionally, in an embodiment, the obtaining terminal data uploaded by each terminal includes: issuing a data acquisition instruction to each terminal; and receiving the terminal data uploaded by each terminal.
The data acquisition instruction is sent to each terminal of the local area network by the proxy server and is used for acquiring terminal data corresponding to each terminal. Specifically, the proxy server sends a data acquisition instruction to each terminal in the local area network, each terminal uploads terminal data to the proxy server after receiving the data acquisition instruction, the proxy server and each terminal can upload the data acquisition instruction, data or files through software, and the communication time length can be set to be real-time communication, timing communication or preset interval time.
In the embodiment, the proxy server actively sends the instruction to the terminal to acquire the terminal data, namely, the proxy server actively monitors the terminal data, so that the efficiency of terminal isolation protection is improved.
And step S204, performing data abnormal behavior analysis on each terminal according to the terminal data to obtain an analysis result of each terminal.
The data abnormal behavior is an abnormal behavior occurring at the terminal, for example, an abnormal behavior such as a network attack, an infection virus, a malware or an illegal connection. The analysis result of each terminal is the result of performing data abnormal behavior analysis on the terminal data of each terminal, and the analysis result comprises an abnormal terminal and a non-abnormal terminal.
Specifically, the proxy server analyzes data abnormal behaviors of each terminal according to the obtained terminal data, wherein the specific analysis method is that the proxy server judges the terminal data according to an analysis rule stored by the proxy server so as to analyze whether the terminal has abnormal behaviors, for example, a common website accessed by the terminal is a Baidu website, and if the terminal accesses a Google website, the proxy server judges that the terminal has abnormal behaviors.
Step S206, if the analysis result is an abnormal terminal, the abnormal resource execution process of the abnormal terminal in each terminal is interrupted.
The abnormal resource is an event of abnormal behavior of the terminal, for example, a process of accessing an unusual website by the terminal. The abnormal terminal is a terminal with abnormal behavior in each terminal.
Specifically, if the analysis result of the proxy server for the terminal is an abnormal terminal, the proxy server interrupts the execution process of the abnormal resource of the abnormal terminal, for example, disconnecting the network connection, blocking the port, closing the running program, deleting the file, and other isolation methods, and each isolation method is implemented based on the execution of own software in the terminal according to the server instruction.
Further, in an embodiment, the step S206 specifically includes: if the analysis result is an abnormal terminal, acquiring abnormal resource information corresponding to the abnormal terminal; and interrupting the abnormal resource execution process of the abnormal terminal according to the abnormal resource information.
The abnormal resource information is specific task process information of the terminal in abnormal behavior, and may be terminal application program running data or a system running log. Specifically, if the analysis result is an abnormal terminal, the proxy server obtains abnormal resource information corresponding to the abnormal terminal, and interrupts the abnormal resource execution process of the abnormal terminal according to the obtained abnormal resource information.
Step S208, sending a warning command to a non-abnormal terminal among the terminals.
The warning instruction is used for forbidding the non-abnormal terminal to execute the abnormal resource. The non-abnormal terminal is a terminal which does not have abnormal behavior in each terminal.
Specifically, the proxy server sends a warning instruction to a non-abnormal terminal among the terminals, for example, the proxy server sends a warning instruction to prohibit other non-abnormal terminals from accessing the google website.
In the method for terminal isolation protection, terminal data uploaded by each terminal is acquired through the proxy server, data abnormal behavior analysis is performed on each terminal according to the terminal data to obtain an analysis result of each terminal, if the analysis result is an abnormal terminal, an abnormal resource execution process of the abnormal terminal in each terminal is interrupted, and the terminal with the abnormal behavior is effectively isolated; and simultaneously sending a warning instruction to a non-abnormal terminal in each terminal, wherein the warning instruction is used for forbidding the non-abnormal terminal to execute abnormal resources.
In an embodiment, as shown in fig. 3, before performing data abnormal behavior analysis on each terminal according to terminal data, the method further includes step S303: and filtering the terminal data according to a preset filtering rule to obtain the terminal data meeting the preset filtering rule.
The preset filtering rule is a rule set which is prestored by the proxy server and is used for filtering the terminal data of each terminal. Specifically, the terminal filters the terminal data of each terminal according to a preset filtering rule to obtain the terminal data meeting the preset filtering rule.
Optionally, in an embodiment, the filtering the terminal data according to the preset filtering rule includes: and filtering the terminal data passing through the terminal external interface based on a preset filtering rule.
The external interface of the terminal is a connection mode of the terminal and external communication data. Specifically, the proxy server filters terminal data passing through the terminal external interface based on a preset filtering rule, and if data meeting the preset filtering rule appear, performs data abnormal behavior analysis on each terminal according to the terminal data. Further, if data which do not meet the preset filtering rule appear, the proxy server prohibits the data from passing through the external interface of the terminal, and performs key monitoring on the server which issues the data.
In this embodiment, adopt the filtering rule base to terminal external interface, filter the data through the interface, only when data satisfy filtering rule, can pass through the interface, filter before data analysis, can promote data analysis's high efficiency.
In an embodiment, as shown in fig. 4, after the process of executing the abnormal resource of the abnormal terminal in each terminal is interrupted, step S4071 and step S4072 are further included:
step S4071, sending a network warning message to the peer proxy server.
The network warning message is a message which is sent by the proxy server to other peer proxy servers and used for interrupting communication between the proxy servers. Specifically, the proxy server sends a network alert message to the peer proxy server.
Step S4072, the network link with the peer proxy server is interrupted.
Specifically, the proxy server interrupts the network link with the peer proxy server after sending the network alert message.
In this embodiment, after sending an alert to another proxy server, the proxy server starts a lateral isolation policy, and prohibits the proxy server from communicating with another proxy server by using a blacklist sharing technique, so as to restrict communication between the proxy servers and improve security of a network communication process.
In an embodiment, as shown in fig. 5, after the process of executing the abnormal resource of the abnormal terminal in each terminal is interrupted, the method further includes step S507: the network link of the current proxy server is fixed.
In this embodiment, after monitoring that the terminal is attacked, the proxy server starts a longitudinal isolation policy, and uses a fixed network route, and specifies that the network route is only used by the current proxy server, and the current proxy server uses a discard policy for other network data packets, and does not accept any data other than the cloud, and the data of the fixed current proxy server can only be forwarded from the current network, thereby avoiding other networks from being attacked.
It should be understood that although the various steps in the flow charts of fig. 2-5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 6, there is provided an apparatus 600 for terminal isolation protection, comprising: a data acquisition module 602, a data analysis module 604, an internal isolation module 606, and a hierarchical isolation module 608, wherein:
a data obtaining module 602, configured to obtain terminal data uploaded by each terminal.
And the data analysis module 604 is configured to perform data abnormal behavior analysis on each terminal according to the terminal data to obtain an analysis result of each terminal.
And an internal isolation module 606, configured to interrupt an abnormal resource execution process of an abnormal terminal in each terminal if the analysis result is the abnormal terminal.
The hierarchical isolation module 608 is configured to send an alarm instruction to a non-abnormal terminal in each terminal, where the alarm instruction is used to prohibit the non-abnormal terminal from executing an abnormal resource.
In an embodiment, as shown in fig. 7, the apparatus 700 for terminal isolation protection further includes a data filtering module 603, configured to filter the terminal data according to a preset filtering rule before performing data abnormal behavior analysis on each terminal according to the terminal data, so as to obtain the terminal data meeting the preset filtering rule.
In one embodiment, the data obtaining module 602 is further configured to issue a data obtaining instruction to each terminal; and receiving the terminal data uploaded by each terminal.
In one embodiment, as shown in fig. 7, the apparatus 700 for terminal isolation defense further includes a horizontal isolation module 6071, configured to send a network warning message to the peer proxy server after interrupting an abnormal resource execution process of an abnormal terminal among the terminals; the network link with the peer proxy server is broken.
In one embodiment, as shown in fig. 7, the apparatus 700 for terminal isolation defense further includes a vertical isolation module 6072 configured to fix the network link of the current proxy server after interrupting the abnormal resource execution process of the abnormal terminal among the terminals.
In one embodiment, the data filtering module 603 is further configured to filter the terminal data passing through the terminal external interface based on a preset filtering rule.
In one embodiment, the internal isolation module 606 is specifically configured to, if the analysis result is an abnormal terminal, obtain abnormal resource information corresponding to the abnormal terminal; and interrupting the abnormal resource execution process of the abnormal terminal according to the abnormal resource information.
In one embodiment, the terminal data in the apparatus for terminal isolation defense 700 includes at least one of application program running data, system running log, occupied traffic, and alarm information.
The device for terminal isolation protection comprises a processor and a memory, wherein the data acquisition module, the data analysis module, the internal isolation module, the grading isolation module, the data filtering module, the transverse isolation module, the longitudinal isolation module and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the safety of terminal isolation protection is improved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A method for terminal isolation protection, the method comprising:
acquiring terminal data uploaded by each terminal;
analyzing the abnormal data behavior of each terminal according to the terminal data to obtain the analysis result of each terminal;
If the analysis result is an abnormal terminal, interrupting the abnormal resource execution process of the abnormal terminal in each terminal;
and sending a warning instruction to a non-abnormal terminal in the terminals, wherein the warning instruction is used for forbidding the non-abnormal terminal to execute the abnormal resource.
2. The method according to claim 1, wherein the obtaining the terminal data uploaded by each terminal comprises:
issuing a data acquisition instruction to each terminal;
and receiving the terminal data uploaded by each terminal.
3. The method of claim 1, further comprising: and before the abnormal data behavior analysis is carried out on each terminal according to the terminal data, filtering the terminal data according to a preset filtering rule to obtain the terminal data meeting the preset filtering rule.
4. The method of claim 1, further comprising: after the abnormal resource execution process of the abnormal terminal in each terminal is interrupted, sending a network warning message to a peer proxy server; interrupting a network link with the peer proxy server.
5. The method of claim 1, further comprising: and after the abnormal resource execution process of the abnormal terminal in each terminal is interrupted, fixing the network link of the current proxy server.
6. The method according to claim 3, wherein the filtering the terminal data according to a preset filtering rule comprises: and filtering the terminal data passing through the external interface of the terminal based on a preset filtering rule.
7. The method according to claim 1, wherein if the analysis result is an abnormal terminal, interrupting an abnormal resource execution process of the abnormal terminal in the terminals includes:
if the analysis result is an abnormal terminal, acquiring abnormal resource information corresponding to the abnormal terminal;
and interrupting the abnormal resource execution process of the abnormal terminal according to the abnormal resource information.
8. The method of any one of claims 1 to 7, wherein the terminal data comprises at least one of application running data, system running logs, occupied traffic, and alarm information.
9. An apparatus for terminal isolation protection, the apparatus comprising:
the data acquisition module is used for acquiring terminal data uploaded by each terminal;
the data analysis module is used for analyzing the abnormal data behaviors of the terminals according to the terminal data to obtain the analysis results of the terminals;
The internal isolation module is used for interrupting the abnormal resource execution process of the abnormal terminal in each terminal if the analysis result is the abnormal terminal;
and the grading isolation module is used for sending an alarm instruction to a non-abnormal terminal in the terminals, wherein the alarm instruction is used for forbidding the non-abnormal terminal to execute the abnormal resource.
10. The apparatus of claim 9, further comprising:
and the data filtering module is used for filtering the terminal data according to a preset filtering rule before analyzing the abnormal data behavior of each terminal according to the terminal data so as to obtain the terminal data meeting the preset filtering rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637436.7A CN111865944B (en) | 2020-07-03 | 2020-07-03 | Method and device for terminal isolation protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637436.7A CN111865944B (en) | 2020-07-03 | 2020-07-03 | Method and device for terminal isolation protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111865944A true CN111865944A (en) | 2020-10-30 |
| CN111865944B CN111865944B (en) | 2023-06-13 |
Family
ID=73151875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010637436.7A Active CN111865944B (en) | 2020-07-03 | 2020-07-03 | Method and device for terminal isolation protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111865944B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457495A (en) * | 2010-10-21 | 2012-05-16 | 中华电信股份有限公司 | Method and system for defending network virus |
| CN103116723A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Method, device and system of web site interception process |
| CN103152323A (en) * | 2013-01-29 | 2013-06-12 | 深圳市深信服电子科技有限公司 | Method and system of controlling access behaviors of client network |
| US20140380480A1 (en) * | 2013-06-25 | 2014-12-25 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for identifying harmful websites |
| CN104253785A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Dangerous web address identification method, device and system |
| CN104539609A (en) * | 2014-12-25 | 2015-04-22 | 深圳联友科技有限公司 | Method for solving problem that illegal client end occupies server resources |
| CN105635126A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Malicious URL access protection method, client side, security server and system |
-
2020
- 2020-07-03 CN CN202010637436.7A patent/CN111865944B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457495A (en) * | 2010-10-21 | 2012-05-16 | 中华电信股份有限公司 | Method and system for defending network virus |
| CN103152323A (en) * | 2013-01-29 | 2013-06-12 | 深圳市深信服电子科技有限公司 | Method and system of controlling access behaviors of client network |
| CN103116723A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Method, device and system of web site interception process |
| US20150381645A1 (en) * | 2013-02-06 | 2015-12-31 | Beijing Qihoo Technology Company Limited | Method, Device And System For Intercepting Web Address |
| US20140380480A1 (en) * | 2013-06-25 | 2014-12-25 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for identifying harmful websites |
| CN104253785A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Dangerous web address identification method, device and system |
| CN104539609A (en) * | 2014-12-25 | 2015-04-22 | 深圳联友科技有限公司 | Method for solving problem that illegal client end occupies server resources |
| CN105635126A (en) * | 2015-12-24 | 2016-06-01 | 北京奇虎科技有限公司 | Malicious URL access protection method, client side, security server and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111865944B (en) | 2023-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10917417B2 (en) | Method, apparatus, server, and storage medium for network security joint defense | |
| US10893059B1 (en) | Verification and enhancement using detection systems located at the network periphery and endpoint devices | |
| US9104864B2 (en) | Threat detection through the accumulated detection of threat characteristics | |
| EP3619903B1 (en) | Non-protocol specific system and method for classifying suspect ip addresses as sources of non-targeted attacks on cloud based machines | |
| US11366908B2 (en) | Detecting unknown software vulnerabilities and system compromises | |
| US10320833B2 (en) | System and method for detecting creation of malicious new user accounts by an attacker | |
| CN114465739A (en) | Abnormality recognition method and system, storage medium, and electronic apparatus | |
| US11856011B1 (en) | Multi-vector malware detection data sharing system for improved detection | |
| US9946879B1 (en) | Establishing risk profiles for software packages | |
| WO2019145474A1 (en) | Method and system for managing iot-based devices in an internet-of-things environment | |
| CN114172718B (en) | Security policy configuration method and device, electronic equipment and storage medium | |
| EP3767913B1 (en) | Systems and methods for correlating events to detect an information security incident | |
| CN112583845A (en) | Access detection method and device, electronic equipment and computer storage medium | |
| US11399036B2 (en) | Systems and methods for correlating events to detect an information security incident | |
| CN110941823B (en) | Threat information acquisition method and device | |
| US9965618B1 (en) | Reducing privileges for imported software packages | |
| CN109729050B (en) | Network access monitoring method and device | |
| CN111680293B (en) | Information monitoring management method, device and server based on Internet | |
| CN111865944B (en) | Method and device for terminal isolation protection | |
| CN114189865B (en) | Network attack protection method in communication network, computer device and storage medium | |
| CN111683063B (en) | Message processing method, system, device, storage medium and processor | |
| Miatra et al. | Security Issues With Fog Computing | |
| US10019572B1 (en) | Detecting malicious activities by imported software packages | |
| CN114301689B (en) | Campus network security protection method and device, computing equipment and storage medium | |
| CN110995688B (en) | Personal data sharing method and device for internet financial platform and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |