CN112019557A - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN112019557A CN112019557A CN202010912717.9A CN202010912717A CN112019557A CN 112019557 A CN112019557 A CN 112019557A CN 202010912717 A CN202010912717 A CN 202010912717A CN 112019557 A CN112019557 A CN 112019557A
- Authority
- CN
- China
- Prior art keywords
- data
- processing
- determining
- heterogeneous
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The application discloses a data processing method and device. The method comprises the following steps: determining the type of the data when the data is received; distributing the data to a plurality of heterogeneous executors corresponding to the data types; after a plurality of processing results of the data fed back by the plurality of heterogeneous executors are obtained, arbitrating the plurality of processing results; judging the validity of the data according to the judgment result; and correspondingly processing the data based on the legality of the data. The beneficial effect of this application lies in: when data is received, the data can be distributed to a plurality of heterogeneous executors for processing, and then the legality of the data is judged according to the judgment of the processing result, so that the legality of the data is comprehensively judged and judged through a plurality of processing results obtained by the plurality of heterogeneous executors, the data legality judgment result is more accurate, and the capabilities of a firewall in resisting attacks and protecting safety are improved.
Description
Technical Field
The present application relates to the field of firewalls, and in particular, to a data processing method and apparatus.
Background
The firewall is used as the core equipment of the network space information infrastructure, protects intranet users, equipment and services, provides the most basic security guarantee, and also becomes one of the main targets of major network attacks, and the security of the firewall directly influences and even restricts the network space security. Due to the foundation of the firewall in the network, once the firewall is utilized, the vulnerability and the backdoor can cause immeasurable harm, which not only relates to the safety of the firewall, but also has a great influence on users covered by the firewall. An attacker can tamper with and bypass access control rules based on firewall vulnerabilities and pre-set back doors, resulting in firewall paralysis or failure.
With the development of the technology, the attack method is also continuously renovated, and the security problem of the firewall is difficult to be thoroughly solved only by means of repairing firewall access control bugs and the like. Therefore, how to provide a data processing method to improve the capability of a firewall to resist attacks and safety protection is an urgent technical problem to be solved.
Disclosure of Invention
The embodiment of the application aims to provide a data processing method and device.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme: a data processing method is applied to a firewall and comprises the following steps:
determining the type of the data when the data is received;
distributing the data to a plurality of heterogeneous executors corresponding to the data types;
after a plurality of processing results of the data fed back by the plurality of heterogeneous executors are obtained, arbitrating the plurality of processing results;
judging the validity of the data according to the judgment result;
and correspondingly processing the data based on the legality of the data.
The beneficial effect of this application lies in: when data is received, the data can be distributed to a plurality of heterogeneous executors for processing, and then the legality of the data is judged according to the judgment of the processing result, so that the legality of the data is comprehensively judged and judged through a plurality of processing results obtained by the plurality of heterogeneous executors, the data legality judgment result is more accurate, and the capabilities of a firewall in resisting attacks and protecting safety are improved.
In one embodiment, the method further comprises:
and determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
In one embodiment, the method further comprises:
determining a plurality of heterogeneous executors corresponding to the data type according to the data type, including:
when the data is management data, determining a plurality of management executors corresponding to the data types;
and when the data is service data, determining a plurality of service executors corresponding to the data types.
In one embodiment, when the data is management data, the management executor processes the data as follows:
each management executive body receives the management request and respectively processes the management request; after the processing is completed, the processing content and the result are returned.
In one embodiment, when the data is service data, the service executor processes the data as follows:
detecting at least one of the following elements of the service data to obtain a processing result of the service data:
data quintuple, user, time, application, virus, and intrusion.
In one embodiment, arbitrating the plurality of processing results comprises:
comparing the processing results fed back by all the heterogeneous executors;
when the number of the processing results which are consistent in comparison is larger than a preset number, determining that the data are legal;
and carrying out configuration issuing or releasing operation on the data.
In one embodiment, determining the validity of the data according to the adjudication result includes:
when the number of the processing results which are consistent in comparison is smaller than a preset number, determining that the data are illegal;
and performing cleaning or restarting operation of the executive body, and scheduling the standby executive body to provide service online.
In one embodiment, determining a plurality of heterogeneous executors corresponding to the data type according to the data type comprises:
and selecting other executives except the currently used executives from the redundant heterogeneous executives as a plurality of heterogeneous executives corresponding to the data types.
The application also provides a data processing device, which is applied to a firewall and comprises:
the first determining module is used for determining the type of the data when the data is received;
a sending module, configured to distribute the data to a plurality of heterogeneous executors corresponding to the data type;
the arbitration module is used for arbitrating a plurality of processing results of the data fed back by the plurality of heterogeneous executors after the plurality of processing results are obtained;
the judging module is used for judging the legality of the data according to the judging result;
and the processing module is used for carrying out corresponding processing on the data based on the legality of the data.
In one embodiment, the apparatus further comprises:
and the second determining module is used for determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
In one embodiment, the second determining module includes:
the first determining submodule is used for determining a plurality of management executors corresponding to the data types when the data are management data;
and the second determining submodule is used for determining a plurality of service executors corresponding to the data types when the data is service data.
In one embodiment, when the data is management data, the management executor processes the data as follows:
each management executive body receives the management request and respectively processes the management request; after the processing is completed, the processing content and the result are returned.
In one embodiment, when the data is service data, the service executor processes the data as follows:
detecting at least one of the following elements of the service data to obtain a processing result of the service data:
data quintuple, user, time, application, virus, and intrusion.
In one embodiment, the arbitration module includes:
the comparison submodule is used for comparing the processing results fed back by all the heterogeneous executors;
the third determining submodule is used for determining that the data are legal when the number of the processing results which are compared to be consistent is larger than the preset number;
and the first execution submodule is used for carrying out configuration issuing or releasing operation on the data.
In one embodiment, the determining module includes:
the fourth determining submodule is used for determining that the data are illegal when the number of the processing results which are compared to be consistent is smaller than the preset number;
and the second execution submodule is used for performing cleaning or restarting operation on the execution body and scheduling the standby execution body to provide service online.
In one embodiment, the second determining module includes:
and the selection submodule is used for selecting other executives except the currently used executives from the redundant heterogeneous executives as a plurality of heterogeneous executives corresponding to the data types.
Drawings
FIG. 1 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a simulated firewall after modification in an embodiment of the present application;
FIG. 3 is a flow chart illustrating processing of management data according to an embodiment of the present application;
fig. 4 is a schematic flow chart illustrating processing of service data according to an embodiment of the present application;
FIG. 5 is a flow chart of a data processing method according to another embodiment of the present application;
fig. 6 is a block diagram of a data processing apparatus according to an embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It should also be understood that, although the present application has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of application, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
Fig. 1 is a flowchart of a data processing method according to an embodiment of the present application, where the method includes the following steps S11-S15:
in step S11, upon receiving the data, the type of the data is determined;
in step S12, distributing the data to a plurality of heterogeneous executors corresponding to the data type;
in step S13, after acquiring a plurality of processing results on data fed back by a plurality of heterogeneous executors, arbitrating the plurality of processing results;
in step S14, the validity of the data is judged according to the judgment result;
in step S15, the data is processed accordingly based on the validity of the data.
In this embodiment, a traditional firewall is subjected to mimicry transformation, and the transformed mimicry firewall is divided into an input proxy distribution unit, an output proxy arbitration unit, a feedback control unit, a dynamic scheduling unit, and a heterogeneous executive as shown in fig. 2, where the heterogeneous executive is divided into a management executive and a service executive.
Heterogeneous executives: the heterogeneous is realized on a plurality of layers, a plurality of executors are constructed, the number of the executors providing services each time is M, and M is more than or equal to 3. Respectively carrying out isomerism on the processing of a hardware platform, an operating system, a management application layer and a security service layer:
the hardware platform layer selects different hardware architectures, such as an x86 architecture, an arm (Advanced RISCMAchine, Advanced reduced instruction set machine) architecture, and the like;
the os layer selects centros (Community Enterprise Operating System), ubuntu (Linux Operating System mainly based on desktop application), and the like;
the management application layer selects a plurality of management services such as ssh (Secure Shell, a network security solution), telnet (a member of a TCP/IP protocol family, a standard protocol of Internet remote login service), web (an application program for developing distributed interactive operation), and the like, and here, taking web service as an example, selects service platforms such as apache (transliteration of apache, a web server software), nginx (high-performance HTTP and reverse proxy web server), php (computer programming language), python (computer programming language), and the like;
the safety business layer performs heterogeneous access control on the application layer and the network layer through a diversified compiling technology to realize safety control on business data.
The heterogeneous structure of the management application layer executer is realized by a hardware platform, an operating system, a web service platform, different applications and the like, different service platforms and application software have different vulnerabilities, and the processing results of data are different;
in addition, the management plane data processing flow comprises heterogeneous data processing such as user login state verification, module authority verification, illegal character filtering, parameter range verification and the like.
The heterogeneity of the security service layer in the data stream processing flow comprises the following steps: the network layer access control is mainly heterogeneous in the checking flows of five-tuple data, address, area, user, time, application and the like; the application layer is mainly heterogeneous in library files and security engine processing flows. Taking virus filtering as an example, such as using different virus library files; when the data stream enters the virus filtering security engine, the heterogeneity of the preprocessing of the data stream, such as the extraction of url, the extraction of file names, the matching process of virus characteristics and the like, can be made.
By the method, the executors are heterogeneous from different angles, and a large number of heterogeneous executors can be configured.
In the following, the functions of the other units are described:
1. the input agent distribution unit:
on the software level, copying multiple copies of the access data, and dynamically allocating the copies to heterogeneous executors for execution;
and at the hardware level, copying multiple copies of the access data, and dynamically allocating the copies to heterogeneous executors for execution.
2. An output agent arbitration unit:
the arbitration unit collects the processing results of the plurality of heterogeneous executives, compares the processing results and arbitrates through a large number or a consistency strategy. Judging that the processing result is normal, and normally performing system self management or service forwarding; and judging and displaying that the processing result is abnormal, blocking the continuous processing of the service, and transmitting information to the feedback control unit.
3. A feedback control unit:
performing offline cleaning operation on the execution body with the abnormal resolution to enable the attacked execution body to recover to normal, and scheduling a standby execution body to provide service online;
the method comprises the steps of periodically carrying out scheduling offline cleaning operation on an executive body, and preventing common-mode vulnerability from being attacked;
and feeding back the scheduling information to the dynamic scheduling unit.
4. A dynamic scheduling unit:
and dynamically scheduling the executive body of the online service through the feedback information of the random scheduling and feedback control unit, and increasing the uncertainty of the system for the input agent distribution unit to use.
After the traditional firewall is subjected to the pseudo-attitude transformation, the input and output relation of the firewall is changed through hierarchical heterogeneous redundancy from the self management of the system to the access control security service processing, the attack difficulty of a network attacker is increased on a plurality of layers, each link of an attack chain can be cut off under the conditions of not eliminating a bug, a back door and the like, attack disturbance based on the hidden functions of an unknown bug, the back door and the like is effectively prevented, and the security defense capability of a boundary network is greatly improved.
The mimicry of the firewall management data processing ensures the security of the system and the access control, while the mimicry of the service data flow processing enhances the security of the firewall forwarding service, and the two depend on each other and supplement each other to jointly improve the anti-attack capability of the firewall.
Determining the type of the data when the data is received; specifically, the data includes management data and service data, and different heterogeneous executors may be determined for different data types, for example, if the data is management data, the heterogeneous executors corresponding to the data types are management executors. And if the data is the service data, the heterogeneous executive bodies corresponding to the data types are service executive bodies.
Distributing the data to a plurality of heterogeneous executors corresponding to the data types;
the heterogeneous executors are adopted because the heterogeneous executors have different processing modes for the same data due to different hardware, software or protocol architectures, so that the data is distributed to a plurality of heterogeneous executors, namely the data is processed in a plurality of different modes, and if a plurality of heterogeneous executors can obtain a uniform processing result, the accuracy of the processing result is very high.
After a plurality of processing results of the data fed back by a plurality of heterogeneous executors are obtained, judging the plurality of processing results; judging the validity of the data according to the judgment result;
for example, the processing results fed back by the three heterogeneous executors are the results of determining the validity of the data, and the results of determining the data are all valid, so that the processing results fed back by the three heterogeneous executors are summarized and judged, and the data is finally obtained as valid data. Of course, the concrete arbitration may be according to a consistency voting manner, or a big number table decision manner, where the big number table decision manner refers to: and if the number of the judgment results fed back by two heterogeneous executors is larger than the judgment results that the data is judged to be illegal, the data is considered to be legal, and the voting mode is suitable for personal equipment or mechanisms with lower data confidentiality requirements. And the consistency voting mode is that all judgment results are consistent to judge that the judgment results are effective, and the voting mode is suitable for the organizations with higher data confidentiality requirements.
And correspondingly processing the data based on the legality of the data.
In this embodiment, the data is divided into management data and service data, and the following description is made for the management data and the service data by way of example:
FIG. 3 is a flow chart illustrating the processing of management data, when the data is management data, the firewall input agent receives the management data; inputting agent copy data; distributing data to a plurality of management executors according to the execution body set provided by the dynamic scheduling unit; after receiving the processing results of each executive, the arbitration output unit arbitrates the processing results according to a consistency arbitration mode; the arbitration method can be majority voting, consistency voting and the like. The sanction content may be response header fields, response body part content, etc. The arbitration algorithm can employ precision, ambiguity, and the like. The arbitration results are consistent, configuration is issued, and a configuration management processing result is returned; if the judging results are inconsistent, returning error information according to the judging results; and assigning state values to each executive body according to the judgment result for processing by the feedback control unit; and the feedback control unit performs cleaning or restarting operation on the executive body according to the judgment result and schedules the standby executive body to provide service online. If the judged response result is inconsistent, cleaning all executives in the executor set; and if the server is judged to have no response, restarting the service of the executive. In addition, the feedback control regularly schedules one execution body to be off-line cleaned and one standby execution body to be on-line, so as to prevent common-mode holes; and the dynamic scheduling unit performs dynamic scheduling on the executors according to the states of the executors managed by the feedback control for input distribution, wherein the executors used for each distribution are different in set. If m executives are being cleaned, then m executives are randomly selected from the n-m executives to be input and distributed.
Fig. 4 is a schematic flow chart of processing service data, where when the data is service data, a firewall receives the service data, copies and shunts the data through software and hardware, dynamically selects an execution entity set, and distributes a data stream to a corresponding service execution entity for processing; collecting detection results of access control various heterogeneous executors by using a message waiting mechanism of a service flow, mounting all the results on a session, and judging whether to forward or not by using a session unit; and the session unit judges the detection result according to the summarized result. And determining blocking or releasing action of the service flow according to the judging result. The arbitration method can be majority voting, consistency voting and the like. The arbitration content may be an action returned by each executive, such as release, block, etc. When the judgment results are inconsistent, sending the judgment results to a feedback unit for processing; and the feedback control unit performs cleaning or restarting operation on the executive body according to the judgment result and schedules the standby executive body to provide service online. If the judging result is not consistent, cleaning all executives in the executor set; in addition, the feedback control regularly schedules one execution body to be off-line cleaned and one standby execution body to be on-line, so as to prevent common-mode holes; and the dynamic scheduling unit performs dynamic scheduling on the executors according to the states of the executors managed by the feedback control for input distribution, wherein the executors used for each distribution are different in set. If m executives are being cleaned, then m executives are randomly selected from the n-m executives to be input and distributed.
It should be noted that the management data may refer to data configuring or controlling a firewall, and the service data may refer to interactive data relayed by the device through the firewall, such as chat information sent by the device through chat software, a data request sent to a server, and the like.
The beneficial effect of this application lies in: when data is received, the data can be distributed to a plurality of heterogeneous executors for processing, and then the legality of the data is judged according to the judgment of the processing result, so that the legality of the data is comprehensively judged and judged through a plurality of processing results obtained by the plurality of heterogeneous executors, the data legality judgment result is more accurate, and the capabilities of a firewall in resisting attacks and protecting safety are improved.
In one embodiment, the method may also be implemented as the steps of:
and determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
In one embodiment, determining a plurality of heterogeneous executables corresponding to a data type according to the data type may be implemented as the following steps a1-a 2:
in step a1, when the data is management data, a plurality of management executors corresponding to the data type are determined;
in step a2, when the data is business data, a plurality of business executors corresponding to the data type are determined.
When the data is management data, the firewall input agent receives the management data; inputting agent copy data; and distributing the data to a plurality of management executors according to the execution body set provided by the dynamic scheduling unit. When the data is service data, the firewall receives the service data, copies and shunts the data through software and hardware, dynamically selects an executive set, and distributes the data stream to the corresponding service executive set for processing.
In one embodiment, when the data is management data, the management executive processes the data as follows:
each management executive body receives the management request and respectively processes the management request; after the processing is completed, the processing content and the result are returned.
In one embodiment, when the data is service data, the service executor processes the data as follows:
detecting at least one of the following elements of the service data to obtain a processing result of the service data:
data quintuple, user, time, application, virus, and intrusion.
In one embodiment, as shown in FIG. 5, the above step S13 can be implemented as the following steps S51-S53:
in step S51, comparing the processing results fed back by all the heterogeneous executors;
in step S52, when the number of the processing results that match is greater than the preset number, it is determined that the data is legal;
in step S53, a configuration issue or release operation is performed on the data.
In this embodiment, arbitrating the plurality of processing results includes: comparing the processing results fed back by all the heterogeneous executors; when the number of the processing results which are consistent in comparison is larger than a preset number, determining that the data is legal; and carrying out configuration issuing or releasing operation on the data.
In this application, the processing result of the data by the heterogeneous executive body may refer to a determination result that the data is determined to be legal data. In this case, the number of processing results of matching refers to the number of determination results for determining that the data is legitimate data.
For example, the arbitration may be based on a consistent voting scheme, or a big-table decision scheme, which refers to: and if the number of the judgment results fed back by two heterogeneous executors is larger than the judgment results that the data is judged to be illegal, the data is considered to be legal, and the voting mode is suitable for personal equipment or mechanisms with lower data confidentiality requirements. And the consistency voting mode is that all judgment results are consistent to judge that the judgment results are effective, and the voting mode is suitable for the organizations with higher data confidentiality requirements. In one embodiment, the above step S14 can be implemented as the following steps B1-B2:
in step B1, when the number of the processing results that are consistent with each other is less than the preset number, determining that the data is illegal;
in step B2, a flush or restart operation of the executable is performed and the standby executable is scheduled to be serviced online.
In one embodiment, determining a plurality of heterogeneous executors corresponding to the data type according to the data type may be implemented as the following steps:
and selecting other executives except the currently used executives from the redundant heterogeneous executives as a plurality of heterogeneous executives corresponding to the data types.
For example, in the present application, 10 management executors are included, and 3 executors currently used or cleaned are included, so if new management data is received, 3 heterogeneous executors for processing the new management data are selected from 7 unused or unwashed executors. Similarly, the service executor may also adopt the above scheme, so that the heterogeneous executor set may be dynamically changed, and by dynamically changing the heterogeneous executor set, the difficulty of an attacker in deciphering the firewall defense mechanism may be increased, and the firewall defense capability may be further increased.
Fig. 6 is a block diagram of a data processing apparatus according to an embodiment of the present application, applied to a firewall, where the apparatus includes:
a first determining module 61, configured to determine a type of the data when the data is received;
a sending module 62, configured to distribute data to a plurality of heterogeneous executors corresponding to data types;
the arbitration module 63 is configured to, after obtaining multiple processing results on the data fed back by multiple heterogeneous executors, arbitrate the multiple processing results;
a judging module 64, configured to judge validity of the data according to the judgment result;
and the processing module 65 is configured to perform corresponding processing on the data based on the validity of the data.
In one embodiment, the apparatus further comprises:
and the second determining module is used for determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
In one embodiment, the second determining module includes:
the first determining submodule is used for determining a plurality of management executors corresponding to the data types when the data are management data;
and the second determining submodule is used for determining a plurality of service executors corresponding to the data types when the data is service data.
In one embodiment, when the data is management data, the management executor processes the data as follows:
each management executive body receives the management request and respectively processes the management request; after the processing is completed, the processing content and the result are returned.
In one embodiment, when the data is service data, the service executor processes the data as follows:
detecting at least one of the following elements of the service data to obtain a processing result of the service data:
data quintuple, user, time, application, virus, and intrusion.
In one embodiment, the arbitration module includes:
the comparison submodule is used for comparing the processing results fed back by all the heterogeneous executors;
the third determining submodule is used for determining that the data are legal when the number of the processing results which are compared to be consistent is larger than the preset number;
and the first execution submodule is used for carrying out configuration issuing or releasing operation on the data.
In one embodiment, the determining module includes:
the fourth determining submodule is used for determining that the data are illegal when the number of the processing results which are compared to be consistent is smaller than the preset number;
and the second execution submodule is used for performing cleaning or restarting operation on the execution body and scheduling the standby execution body to provide service online.
In one embodiment, the second determining module includes:
and the selection submodule is used for selecting other executives except the currently used executives from the redundant heterogeneous executives as a plurality of heterogeneous executives corresponding to the data types.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.
Claims (10)
1. A data processing method is applied to a firewall and is characterized by comprising the following steps:
determining the type of the data when the data is received;
distributing the data to a plurality of heterogeneous executors corresponding to the data types;
after a plurality of processing results of the data fed back by the plurality of heterogeneous executors are obtained, arbitrating the plurality of processing results;
judging the validity of the data according to the judgment result;
and correspondingly processing the data based on the legality of the data.
2. The method of claim 1, wherein the method further comprises:
and determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
3. The method of claim 2, wherein determining a plurality of heterogeneous executables corresponding to the type of data based on the type of data comprises:
when the data is management data, determining a plurality of management executors corresponding to the data types;
and when the data is service data, determining a plurality of service executors corresponding to the data types.
4. The method of claim 3, wherein when the data is management data, the management executor processes the data as follows:
each management executive body receives the management request and respectively processes the management request; after the processing is completed, the processing content and the result are returned.
5. The method of claim 3, wherein when the data is service data, the service executor processes the data as follows:
detecting at least one of the following elements of the service data to obtain a processing result of the service data:
data quintuple, user, time, application, virus, and intrusion.
6. The method of claim 1, wherein arbitrating the plurality of processing results comprises:
comparing the processing results fed back by all the heterogeneous executors;
when the number of the processing results which are consistent in comparison is larger than a preset number, determining that the data are legal;
and carrying out configuration issuing or releasing operation on the data.
7. The method of claim 1, wherein determining the validity of the data based on the adjudication result comprises:
when the number of the processing results which are consistent in comparison is smaller than a preset number, determining that the data are illegal;
and performing cleaning or restarting operation of the executive body, and scheduling the standby executive body to provide service online.
8. The method of any one of claims 2-5, wherein determining a plurality of heterogeneous executors corresponding to the data type according to the data type comprises:
and selecting other executives except the currently used executives from the redundant heterogeneous executives as a plurality of heterogeneous executives corresponding to the data types.
9. A data processing device applied to a firewall is characterized by comprising:
the first determining module is used for determining the type of the data when the data is received;
a sending module, configured to distribute the data to a plurality of heterogeneous executors corresponding to the data type;
the arbitration module is used for arbitrating a plurality of processing results of the data fed back by the plurality of heterogeneous executors after the plurality of processing results are obtained;
the judging module is used for judging the legality of the data according to the judging result;
and the processing module is used for carrying out corresponding processing on the data based on the legality of the data.
10. The apparatus of claim 9, wherein the apparatus further comprises:
and the second determining module is used for determining a plurality of heterogeneous executors corresponding to the data types according to the data types.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010912717.9A CN112019557A (en) | 2020-09-02 | 2020-09-02 | Data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010912717.9A CN112019557A (en) | 2020-09-02 | 2020-09-02 | Data processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112019557A true CN112019557A (en) | 2020-12-01 |
Family
ID=73516228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010912717.9A Pending CN112019557A (en) | 2020-09-02 | 2020-09-02 | Data processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019557A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113114696A (en) * | 2021-04-19 | 2021-07-13 | 北京天融信网络安全技术有限公司 | Mimicry defense processing method, mimicry defense processing device, electronic equipment and medium |
| CN113285917A (en) * | 2021-04-07 | 2021-08-20 | 中国人民解放军战略支援部队信息工程大学 | Method, equipment and architecture for protecting endogenous security boundary of industrial network |
| CN114338552A (en) * | 2021-12-31 | 2022-04-12 | 河南信大网御科技有限公司 | Simulation system for determining time delay |
| CN116633694A (en) * | 2023-07-24 | 2023-08-22 | 南京赛宁信息技术有限公司 | WEB defense method and system based on multimode heterogeneous component |
| CN117221014A (en) * | 2023-11-08 | 2023-12-12 | 之江实验室 | Network node operating system configuration data endogenous safety protection method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170161634A1 (en) * | 2015-12-08 | 2017-06-08 | International Business Machines Corporation | Using a plurality of heterogeneous decision engines to produce a single decision |
| CN109302421A (en) * | 2018-11-23 | 2019-02-01 | 国网浙江省电力有限公司电力科学研究院 | Application system security prevention policies optimization method and device |
| CN109491668A (en) * | 2018-10-11 | 2019-03-19 | 浙江工商大学 | A kind of the mimicry defence framework and method of SDN/NFV service arrangement |
| CN111460493A (en) * | 2020-03-24 | 2020-07-28 | 上海红阵信息科技有限公司 | SQ L database construction method based on mimicry structure |
-
2020
- 2020-09-02 CN CN202010912717.9A patent/CN112019557A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170161634A1 (en) * | 2015-12-08 | 2017-06-08 | International Business Machines Corporation | Using a plurality of heterogeneous decision engines to produce a single decision |
| CN109491668A (en) * | 2018-10-11 | 2019-03-19 | 浙江工商大学 | A kind of the mimicry defence framework and method of SDN/NFV service arrangement |
| CN109302421A (en) * | 2018-11-23 | 2019-02-01 | 国网浙江省电力有限公司电力科学研究院 | Application system security prevention policies optimization method and device |
| CN111460493A (en) * | 2020-03-24 | 2020-07-28 | 上海红阵信息科技有限公司 | SQ L database construction method based on mimicry structure |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285917A (en) * | 2021-04-07 | 2021-08-20 | 中国人民解放军战略支援部队信息工程大学 | Method, equipment and architecture for protecting endogenous security boundary of industrial network |
| CN113114696A (en) * | 2021-04-19 | 2021-07-13 | 北京天融信网络安全技术有限公司 | Mimicry defense processing method, mimicry defense processing device, electronic equipment and medium |
| CN113114696B (en) * | 2021-04-19 | 2022-12-09 | 北京天融信网络安全技术有限公司 | Mimicry defense processing method, mimicry defense processing device, electronic equipment and medium |
| CN114338552A (en) * | 2021-12-31 | 2022-04-12 | 河南信大网御科技有限公司 | Simulation system for determining time delay |
| CN116633694A (en) * | 2023-07-24 | 2023-08-22 | 南京赛宁信息技术有限公司 | WEB defense method and system based on multimode heterogeneous component |
| CN116633694B (en) * | 2023-07-24 | 2023-11-10 | 南京赛宁信息技术有限公司 | WEB defense method and system based on multimode heterogeneous component |
| CN117221014A (en) * | 2023-11-08 | 2023-12-12 | 之江实验室 | Network node operating system configuration data endogenous safety protection method |
| CN117221014B (en) * | 2023-11-08 | 2024-01-26 | 之江实验室 | Network node operating system configuration data endogenous safety protection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112019557A (en) | Data processing method and device | |
| JP6522707B2 (en) | Method and apparatus for coping with malware | |
| US7779465B2 (en) | Distributed peer attack alerting | |
| RU2536663C2 (en) | System and method of protecting cloud infrastructure from illegal use | |
| Saidane et al. | The design of a generic intrusion-tolerant architecture for web servers | |
| US7231637B1 (en) | Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server | |
| US20100192223A1 (en) | Detecting Malicious Network Content Using Virtual Environment Components | |
| US20110321166A1 (en) | System and Method for Identifying Unauthorized Activities on a Computer System Using a Data Structure Model | |
| WO2011023664A2 (en) | Threat detection in a data processing system | |
| Wu et al. | Automated adaptive intrusion containment in systems of interacting services | |
| CN111191229A (en) | Power Web application mimicry defense system | |
| US11665138B2 (en) | System and method for automatic WAF service configuration | |
| US20140007208A1 (en) | Interactive Authentication | |
| JP4844106B2 (en) | Program, method and computer system for user authentication control | |
| CN111478970A (en) | Power grid Web application mimicry defense system | |
| US10628764B1 (en) | Method of automatically generating tasks using control computer | |
| Powell et al. | Conceptual model and architecture of MAFTIA | |
| US8601102B1 (en) | Dynamic access management for network security | |
| CN102045309A (en) | Method and device for preventing computer from being attacked by virus | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| CN108347411B (en) | Unified security guarantee method, firewall system, equipment and storage medium | |
| Jiang et al. | A stochastic game theoretic approach to attack prediction and optimal active defense strategy decision | |
| US20220038502A1 (en) | Method and system for processing authentication requests | |
| Millen | Denial of service: A perspective | |
| JP2006018766A (en) | Network connection management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |