CN111935070A - Data security exchange system and method based on automatic arrangement - Google Patents

Data security exchange system and method based on automatic arrangement Download PDF

Info

Publication number
CN111935070A
CN111935070A CN202010558534.1A CN202010558534A CN111935070A CN 111935070 A CN111935070 A CN 111935070A CN 202010558534 A CN202010558534 A CN 202010558534A CN 111935070 A CN111935070 A CN 111935070A
Authority
CN
China
Prior art keywords
parameters
task
protocol
module
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010558534.1A
Other languages
Chinese (zh)
Other versions
CN111935070B (en
Inventor
钏涛
漆振飞
吕垚
郭威
和悦
杭菲璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Center of Yunnan Power Grid Co Ltd
Original Assignee
Information Center of Yunnan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Center of Yunnan Power Grid Co Ltd filed Critical Information Center of Yunnan Power Grid Co Ltd
Priority to CN202010558534.1A priority Critical patent/CN111935070B/en
Publication of CN111935070A publication Critical patent/CN111935070A/en
Application granted granted Critical
Publication of CN111935070B publication Critical patent/CN111935070B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/03Protocol definition or specification 
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data security exchange system based on automatic arrangement, and the method based on the system is as follows: extracting input parameters from the service URL through a parameter extraction module and constructing the input parameters into parameters in a JSON format; extracting a protocol configuration table through a protocol configuration management module according to the parameters of the JSON format; building a script task table through a task control module according to the protocol configuration table and the parameters of the JSON format; transmitting the script task table to a task scheduling module and carrying out safety detection according to the script task table; and judging whether all the items in the safety detection pass, if so, allowing the intranet access request of the service URL, and otherwise, refusing the intranet access request of the service URL. The invention distinguishes the corresponding safe operation sequence of the next step according to the protocol of the data packet, so that 2 modules work in a coordinated mode in one system, and the operation and maintenance pressure of enterprise users is reduced.

Description

Data security exchange system and method based on automatic arrangement
Technical Field
The invention belongs to the field of data exchange, and particularly relates to a data security exchange system and method based on automatic arrangement.
Background
In the actual application scene, the protocols are often mixed for use, which not only causes great trouble to the safe operation and maintenance, but also causes the system to have low efficiency and affects the data exchange performance.
Disclosure of Invention
Aiming at the defects in the prior art, the data security exchange system and method based on automatic arrangement provided by the invention solve the problems in the prior art.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a data security exchange system based on automatic arrangement comprises a task control module, a parameter extraction module, a protocol configuration management module and a task scheduling module, wherein the parameter extraction module, the protocol configuration management module and the task scheduling module are connected with the task control module;
the parameter extraction module is used for extracting input parameters in the service URL and constructing the input parameters into parameters in a JSON format; the task control module is used for forming a script task table according to protocol configuration and JSON format parameters; the protocol configuration management module is used for extracting configuration information corresponding to the protocol parameters according to the protocol parameters in the JSON format parameters; the database is used for pre-storing configuration information; and the task scheduling module is used for playing a script task table and carrying out security item detection.
The invention has the beneficial effects that: a system for exchanging data between networks with different security levels is provided, which ensures the security of high security network during data exchange.
A data security exchange method based on an automatically arranged data security exchange system comprises the following steps:
s1, extracting input parameters from the service URL through a parameter extraction module, constructing the input parameters into parameters in a JSON format, and transmitting the parameters in the JSON format to a task control module and a protocol configuration management module;
s2, extracting a protocol configuration table through a protocol configuration management module according to the parameters of the JSON format;
s3, constructing a script task table through a task control module according to the protocol configuration table and the parameters of the JSON format;
s4, transmitting the script task list to a task scheduling module and carrying out safety detection according to the script task list;
and S5, judging whether all items in the safety detection pass, if so, allowing the intranet access request of the service URL, and otherwise, rejecting the intranet access request of the service URL.
Further, the parameters input in step S1 include a protocol parameter protocol, a session value Token, a request parameter request, an SQL injection check parameter, an XML attack check parameter, and an attack type parameter.
Further, the step S2 specifically includes: and extracting protocol parameters from the input parameters, and acquiring a protocol configuration table corresponding to the protocol parameters from the database through a protocol configuration management module.
Further, the data format in the protocol configuration table is: { serial number, mode type, parameter Key }.
Further, the step S3 includes the following sub-steps:
s3.1, standardizing sub-modules used for safety detection in the task scheduling module to a module factory;
s3.2, extracting a safety subtask parameter from the JSON format parameter through a task control module according to the task parameter Key of each piece of data in the protocol configuration;
s3.3, constructing a calling function of the safety detection sub-module according to the task type corresponding to the safety sub-task parameter;
and S3.4, sequencing the calling functions according to the sequence relation of the serial numbers to obtain a script task table.
Further, the security detection in step S4 includes SQL injection detection, XML detection, Web attack detection, and token detection.
The invention has the beneficial effects that:
the safety data transmission method based on arrangement can distinguish the safety operation sequence corresponding to the next step according to the protocol of the data packet, so that 2 modules work in a coordinated mode in one system, safety operation and maintenance personnel only need to maintain one system, safety analysts only need to process one system, and operation and maintenance pressure of enterprise users is relieved.
Drawings
Fig. 1 is a block diagram of a data security exchange system based on automatic layout according to the present invention.
Fig. 2 is a flow chart of a data security exchange method based on an automatically arranged data security exchange system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, a data security exchange system based on automatic arrangement includes a task control module, and a parameter extraction module, a protocol configuration management module and a task scheduling module connected to the task control module, where the protocol configuration management module is connected to the parameter extraction module and a database respectively;
the parameter extraction module is used for extracting input parameters in the service URL and constructing the input parameters into parameters in a JSON format; the task control module is used for forming a script task table according to protocol configuration and JSON format parameters; the protocol configuration management module is used for extracting configuration information corresponding to the protocol parameters according to the protocol parameters in the JSON format parameters; the database is used for pre-storing configuration information; and the task scheduling module is used for playing a script task table and carrying out security item detection.
The invention has the beneficial effects that: a system for exchanging data between networks with different security levels is provided, which ensures the security of high security network during data exchange.
As shown in fig. 2, a data security exchange method based on an automatically arranged data security exchange system includes:
s1, extracting input parameters from the service URL through a parameter extraction module, constructing the input parameters into parameters in a JSON format, and transmitting the parameters in the JSON format to a task control module and a protocol configuration management module;
s2, extracting a protocol configuration table through a protocol configuration management module according to the parameters of the JSON format;
s3, constructing a script task table through a task control module according to the protocol configuration table and the parameters of the JSON format;
s4, transmitting the script task list to a task scheduling module and carrying out safety detection according to the script task list;
and S5, judging whether all items in the safety detection pass, if so, allowing the intranet access request of the service URL, and otherwise, rejecting the intranet access request of the service URL.
The input parameters in the step S1 include protocol parameters protocol, session values Token, request parameters request, SQL injection check parameters, XML attack check parameters, and attack type parameters.
The step S2 is specifically: and extracting protocol parameters from the input parameters, and acquiring a protocol configuration table corresponding to the protocol parameters from the database through a protocol configuration management module.
The data format in the protocol configuration table is as follows: { serial number, mode type, parameter Key }.
The step S3 includes the following sub-steps:
s3.1, standardizing sub-modules used for safety detection in the task scheduling module to a module factory;
s3.2, extracting a safety subtask parameter from the JSON format parameter through a task control module according to the task parameter Key of each piece of data in the protocol configuration;
s3.3, constructing a calling function of the safety detection sub-module according to the task type corresponding to the safety sub-task parameter;
and S3.4, sequencing the calling functions according to the sequence relation of the serial numbers to obtain a script task table.
The security detection in step S4 includes SQL injection detection, XML detection, Web attack detection, and token detection.
In this embodiment, all modules for security inspection are normalized into task modules and put into a module factory; a module factory can construct a task module instance according to a module type (modetype of configuration information), and input parameters are extracted from input json parameters by using parameters key in a configuration information table; the task module constructs and finishes the sequential execution in the script task list. Each task module contains a run () function that returns a json string { result, info }.
And each safety detection has a corresponding safety detection submodule.
In this embodiment, the process of detecting the sql attack is as follows: adding a record { webservice, sqltype, sqlkey,2} to a database protocol table on a protocol configuration management interface, wherein the record represents that the webservice needs to detect an sql attack; wherein 2 represents the order of play of the tasks; the sqltype represents a task of an sqltype type when a script is used for constructing a task; the sqlkey is used for extracting task parameters, the webservice represents a protocol type, and all tasks of the same type are added into the script according to sequence numbers. And adding an sqltype task module and adding the sqltype task module into a task factory. Web url adds a sqlkey type parameter
The invention has the beneficial effects that:
the safety data transmission method based on arrangement can distinguish the safety operation sequence corresponding to the next step according to the protocol of the data packet, so that 2 modules work in a coordinated mode in one system, safety operation and maintenance personnel only need to maintain one system, safety analysts only need to process one system, and operation and maintenance pressure of enterprise users is relieved.

Claims (7)

1. A data security exchange system based on automatic arrangement is characterized by comprising a task control module, a parameter extraction module, a protocol configuration management module and a task scheduling module, wherein the parameter extraction module, the protocol configuration management module and the task scheduling module are connected with the task control module;
the parameter extraction module is used for extracting input parameters in the service URL and constructing the input parameters into parameters in a JSON format; the task control module is used for forming a script task table according to protocol configuration and JSON format parameters; the protocol configuration management module is used for extracting configuration information corresponding to the protocol parameters according to the protocol parameters in the JSON format parameters; the database is used for pre-storing configuration information; and the task scheduling module is used for playing a script task table and carrying out security item detection.
2. A data security exchange method based on the data security exchange system of claim 1, comprising:
s1, extracting input parameters from the service URL through a parameter extraction module, constructing the input parameters into parameters in a JSON format, and transmitting the parameters in the JSON format to a task control module and a protocol configuration management module;
s2, extracting a protocol configuration table through a protocol configuration management module according to the parameters of the JSON format;
s3, constructing a script task table through a task control module according to the protocol configuration table and the parameters of the JSON format;
s4, transmitting the script task list to a task scheduling module and carrying out safety detection according to the script task list;
and S5, judging whether all items in the safety detection pass, if so, allowing the intranet access request of the service URL, and otherwise, rejecting the intranet access request of the service URL.
3. The method for data security exchange based on automatic orchestration according to claim 2, wherein the input parameters in step S1 include protocol parameters protocol, session value Token, request parameter request, SQL injection check parameter, XML attack check parameter, and attack type parameter.
4. The method for data secure exchange based on automatic orchestration according to claim 3, wherein the step S2 specifically comprises: and extracting protocol parameters from the input parameters, and acquiring a protocol configuration table corresponding to the protocol parameters from the database through a protocol configuration management module.
5. The method for data security exchange based on automatic layout according to claim 4, wherein the data format in the protocol configuration table is: { serial number, mode type, parameter Key }.
6. The method for data secure exchange based on automatic orchestration according to claim 5, wherein the step S3 comprises the following sub-steps:
s3.1, standardizing sub-modules used for safety detection in the task scheduling module to a module factory;
s3.2, extracting a safety subtask parameter from the JSON format parameter through a task control module according to the task parameter Key of each piece of data in the protocol configuration;
s3.3, constructing a calling function of the safety detection sub-module according to the task type corresponding to the safety sub-task parameter;
and S3.4, sequencing the calling functions according to the sequence relation of the serial numbers to obtain a script task table.
7. The method for data security exchange based on automatic orchestration according to claim 6, wherein the security check in step S4 comprises SQL injection check, XML check, Web attack check, and token check.
CN202010558534.1A 2020-06-18 2020-06-18 Data security exchange system and method based on automatic arrangement Active CN111935070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010558534.1A CN111935070B (en) 2020-06-18 2020-06-18 Data security exchange system and method based on automatic arrangement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010558534.1A CN111935070B (en) 2020-06-18 2020-06-18 Data security exchange system and method based on automatic arrangement

Publications (2)

Publication Number Publication Date
CN111935070A true CN111935070A (en) 2020-11-13
CN111935070B CN111935070B (en) 2023-04-11

Family

ID=73317843

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010558534.1A Active CN111935070B (en) 2020-06-18 2020-06-18 Data security exchange system and method based on automatic arrangement

Country Status (1)

Country Link
CN (1) CN111935070B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581803A (en) * 2004-05-20 2005-02-16 中国科学院软件研究所 Safety platform for network data exchange
CN102158482A (en) * 2011-03-10 2011-08-17 易程(苏州)软件股份有限公司 JSON (JavaScript Object Notation) data protocol based passenger transport information communication method and system
CN103166933A (en) * 2011-12-15 2013-06-19 北京天行网安信息技术有限责任公司 System and method for data safe exchange
WO2013092661A1 (en) * 2011-12-22 2013-06-27 Thibaud Arnault Method, system and computer program product for providing composite web application
CN104994122A (en) * 2015-05-12 2015-10-21 深圳市微阳信息技术有限公司 Business communication method and system based on JSON data protocol
CN105553871A (en) * 2015-12-15 2016-05-04 厦门贝启科技有限公司 Method and system for remotely managing equipment parameters
CN107566526A (en) * 2017-10-13 2018-01-09 北京安控科技股份有限公司 A kind of device based on Web configuration RTU parameters
US20180232427A1 (en) * 2017-02-13 2018-08-16 Raytheon Company Data structure endian conversion system
CN109450730A (en) * 2018-11-09 2019-03-08 中电科仪器仪表有限公司 A kind of dynamic application layer protocol test method based on standard data interchange format
CN109842583A (en) * 2017-11-24 2019-06-04 航天信息股份有限公司 A kind of invoice issuing method and system based on JSON data protocol
CN111163074A (en) * 2019-12-25 2020-05-15 腾讯云计算(北京)有限责任公司 Gateway service control method and device

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581803A (en) * 2004-05-20 2005-02-16 中国科学院软件研究所 Safety platform for network data exchange
CN102158482A (en) * 2011-03-10 2011-08-17 易程(苏州)软件股份有限公司 JSON (JavaScript Object Notation) data protocol based passenger transport information communication method and system
CN103166933A (en) * 2011-12-15 2013-06-19 北京天行网安信息技术有限责任公司 System and method for data safe exchange
WO2013092661A1 (en) * 2011-12-22 2013-06-27 Thibaud Arnault Method, system and computer program product for providing composite web application
US20140344403A1 (en) * 2011-12-22 2014-11-20 Thibaud Arnault Method, system and computer program product for providing composite web application
CN104994122A (en) * 2015-05-12 2015-10-21 深圳市微阳信息技术有限公司 Business communication method and system based on JSON data protocol
CN105553871A (en) * 2015-12-15 2016-05-04 厦门贝启科技有限公司 Method and system for remotely managing equipment parameters
US20180232427A1 (en) * 2017-02-13 2018-08-16 Raytheon Company Data structure endian conversion system
CN107566526A (en) * 2017-10-13 2018-01-09 北京安控科技股份有限公司 A kind of device based on Web configuration RTU parameters
CN109842583A (en) * 2017-11-24 2019-06-04 航天信息股份有限公司 A kind of invoice issuing method and system based on JSON data protocol
CN109450730A (en) * 2018-11-09 2019-03-08 中电科仪器仪表有限公司 A kind of dynamic application layer protocol test method based on standard data interchange format
CN111163074A (en) * 2019-12-25 2020-05-15 腾讯云计算(北京)有限责任公司 Gateway service control method and device

Also Published As

Publication number Publication date
CN111935070B (en) 2023-04-11

Similar Documents

Publication Publication Date Title
CN111752799B (en) Service link tracking method, device, equipment and storage medium
CN101009004B (en) Warming device and warming method
Mori et al. Remote monitoring and maintenance system for CNC machine tools
CN102999716B (en) virtual machine monitoring system and method
CN112468472A (en) Security policy self-feedback method based on security log association analysis
CN112905261B (en) Application program interface API (application program interface) control method and device and electronic equipment
CN109639756A (en) A kind of terminal network incidence relation is shown and equipment accesses real-time monitoring system
CN113572757B (en) Server access risk monitoring method and device
CN113360475B (en) Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN114785613A (en) Method and system for processing safety alarm event based on automatic arrangement
CN114143015A (en) Abnormal access behavior detection method and electronic equipment
CN118054845B (en) Distributed optical network terminal fault monitoring method and system
CN110442582B (en) Scene detection method, device, equipment and medium
CN115941317A (en) Network security comprehensive analysis and situation awareness platform
CN106897185B (en) Method and device for outputting abnormity
CN113347060B (en) Method, device and system for detecting power network fault based on process automation
CN111935070B (en) Data security exchange system and method based on automatic arrangement
CN113918954A (en) Automated vulnerability scanning integration method, device, equipment and storage medium
CN113014587A (en) API detection method and device, electronic equipment and storage medium
CN111385253B (en) Vulnerability detection system for network security of power distribution automation system
CN114826788B (en) Equipment management and control system based on information security
CN109412861B (en) Method for establishing security association display of terminal network
CN113872686A (en) Customer self-service troubleshooting processing method based on optical broadband network service
CN100536413C (en) Method for real-time monitoring remote embedded system
CN116962072B (en) Automatic operation and maintenance method for secondary safety protection equipment of power dispatching data network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant