CN112769849A - Method, system, equipment and storage medium for virus confirmation and blocking - Google Patents
Method, system, equipment and storage medium for virus confirmation and blocking Download PDFInfo
- Publication number
- CN112769849A CN112769849A CN202110069494.9A CN202110069494A CN112769849A CN 112769849 A CN112769849 A CN 112769849A CN 202110069494 A CN202110069494 A CN 202110069494A CN 112769849 A CN112769849 A CN 112769849A
- Authority
- CN
- China
- Prior art keywords
- virus
- message
- message forwarding
- terminal
- blocking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The present specification provides a virus diagnosis and blocking method, in an existing local area network framework, a virus diagnosis device is connected beside a self-security device, the self-security device can copy one part of all messages and send the copied part to the virus diagnosis device, wherein most of the messages of a message forwarding device pass through the self-security device, and therefore, the virus diagnosis device can be used to detect most of the messages sent by a terminal. And the virus diagnosis equipment performs virus detection on all the messages, and if the viruses are detected, the detection result (including the source information of the viruses) is reported to the management platform. After receiving the detection result, the management platform issues a blocking instruction to the source message forwarding device of the virus according to the detection result to block all messages sent by the source terminal of the virus, so as to prevent the source terminal of the virus from continuing to send messages carrying the virus to attack other terminals.
Description
Technical Field
The present disclosure relates to the field of computer networks, and more particularly, to a method, system, device and storage medium for virus diagnosis and blocking.
Background
In the prior art, a message forwarding device (e.g., a switch) generally performs diagnosis and blocking of viruses. Specifically, the administrator issues configuration information for each message forwarding device, so that the message forwarding device can diagnose and block viruses according to the configuration information.
However, the main function of the message forwarding device is not virus diagnosis, which is limited. In practical application, because the virus diagnosis capability of the message forwarding device is limited, the function of virus protection is generally achieved by performing some configurations and virus library updating on the message forwarding device, and therefore, when a virus library or a protection strategy changes, configuration information needs to be issued for each message forwarding device, which is not beneficial to management of an administrator.
Disclosure of Invention
In order to overcome the problems of limited virus diagnosis capability and complicated configuration of the message forwarding equipment, the present specification provides a virus diagnosis and blocking method, system, equipment and storage medium.
The present specification provides a virus diagnosis and blocking method, which is applied to a virus diagnosis and blocking system and comprises a plurality of message forwarding devices, self-security devices, a management platform and a virus diagnosis device; message interaction is carried out among all message forwarding devices through the self-safety device; the self-safety equipment executes copy operation to each received message to obtain a corresponding message copy, and sends the message copy to the virus diagnosis equipment; the method comprises the following steps:
the virus confirmation equipment carries out virus detection on the received message copy; if the virus is detected, reporting the detection result of the virus to the management platform; the detection result comprises the source information of the virus; the virus source information comprises a terminal identification corresponding to the message copy source terminal and a message forwarding equipment identification corresponding to the message copy source message forwarding equipment;
the management platform sends a blocking instruction containing the terminal identification to the message forwarding equipment corresponding to the message forwarding equipment identification under the condition of specified blocking according to the detection result;
and the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identification according to the received blocking instruction.
The present specification also provides a virus diagnosis and blocking system, which includes a plurality of message forwarding devices, a self-security device, a management platform, and a virus diagnosis device;
the message forwarding devices perform message interaction through the self-security device; the self-safety equipment executes copy operation to each received message to obtain a corresponding message copy, and sends the message copy to the virus diagnosis equipment;
the virus confirmation equipment is used for carrying out virus detection on the received message copy; if the virus is detected, reporting the detection result of the virus to the management platform; the detection result comprises the source information of the virus; the virus source information comprises a terminal identification corresponding to the message copy source terminal and a message forwarding equipment identification corresponding to the message copy source message forwarding equipment;
the management platform issues a blocking instruction containing the terminal identifier to the message forwarding equipment corresponding to the message forwarding equipment identifier under the condition of specified blocking according to the detection result;
and the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identification according to the received blocking instruction.
In the technical solution of the embodiment of the present description, in an existing local area network framework, a virus diagnosis device is connected beside a self-security device, the self-security device can copy one part of all messages and send the copied part to the virus diagnosis device, wherein most of the messages of a message forwarding device pass through the self-security device, and therefore, the virus diagnosis device can be used to detect most of the messages sent by a terminal. And the virus diagnosis equipment performs virus detection on all the messages, and if the viruses are detected, the detection result (including the source information of the viruses) is reported to the management platform. After receiving the detection result, the management platform issues a blocking instruction to the source message forwarding device of the virus according to the detection result to block all messages sent by the source terminal of the virus, so as to prevent the source terminal of the virus from continuing to send messages carrying the virus to attack other terminals.
By the technical scheme of the embodiment of the specification, the virus diagnosis device with excellent performance is added, the message forwarding device does not need to perform virus detection on the message sent by the terminal, and does not need to judge whether blocking is needed, so that the workload of the message forwarding device is reduced. Moreover, the virus diagnosis equipment has better performance, can carry out all-around detection on the message sent by the terminal, improves the diagnosis capacity of concealing the network virus, and is more favorable for controlling the network virus. When the administrator manages the network, the administrator only needs to perform uniform configuration and management on the management platform, and does not need to configure and issue each message forwarding device, thereby facilitating the network management of the administrator.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic diagram of a local area network device structure shown in this specification.
Fig. 2 is a schematic flow chart of the prior art message diagnosis and blocking shown in this specification.
Fig. 3 is a schematic flow chart of a virus identification and blocking method shown in the present specification.
Fig. 4 is a schematic diagram illustrating interaction between devices in a virus identification and blocking method according to the present disclosure.
Detailed Description
An important step for preventing network viruses is to pick up from a source, that is, for viruses which are transmitted by depending on a network, the viruses need to be found and controlled in time, so that more terminals are prevented from being damaged. In the prior art, a message forwarding device is used to diagnose and block viruses in a message sent by a terminal, thereby preventing the viruses from infecting other terminals through a network. As shown in the schematic diagram of the local area network architecture shown in fig. 1, each message forwarding device interacts with a self-security device (also called an ianac device), so that, in order to prevent a terminal from spreading network viruses to other terminals, a message sent by each terminal is diagnosed by the message forwarding device. Specifically, as shown in fig. 2, an administrator issues configuration information of each message forwarding device to each message forwarding device through the management platform, the message forwarding device diagnoses the received message according to the configuration information, blocks all messages sent by the terminal that sends the message if a virus is detected, generates a security log, and reports the security log to the management platform through the security device, so that a manager can check the security log.
It should be noted that the network virus in the present description refers to a virus that can propagate through a network, and does not fall within the scope of the present description, with respect to a virus that is destroyed only inside a terminal and does not propagate through a network.
However, due to the limitations of functions and performance of the message forwarding device, the virus diagnosis capability of the message forwarding device is not very good, and generally an administrator needs to issue configuration (such as ACL configuration, safety policy making, message format checking, virus library easy to check, and the like) through a management platform, so that the message forwarding device has a certain virus diagnosis capability, but this does not satisfy increasingly complex network environments, for some hidden and complex network viruses, the message forwarding device cannot make effective diagnosis, and if the virus diagnosis capability of the message forwarding device is to be improved, the performance of each message forwarding device needs to be improved, which is expensive for enterprises. In addition, in a large-scale local area network, there is more than one message forwarding device, as shown in the connection diagram shown in fig. 1, an administrator needs to configure each message forwarding device on a management platform and issue the configuration to the corresponding message forwarding device, and in practical applications, viruses come out endlessly, and it is necessary to frequently update a protection policy and a virus library, which is not friendly to the administrator, and the configuration efficiency is low.
In one or more embodiments of the present disclosure, a virus diagnosis device (also referred to as an icac-X device) is connected to a self-security device in an existing lan framework, and the self-security device can copy and send one copy of all messages to the virus diagnosis device, wherein most of the messages of the message forwarding device pass through the self-security device, so that most of the messages sent by the terminal can be detected by the virus diagnosis device. And the virus diagnosis equipment performs virus detection on all the messages, and if the viruses are detected, the detection result (including the source information of the viruses) is reported to the management platform. After receiving the detection result, the management platform issues a blocking instruction to the source message forwarding device of the virus according to the detection result to block all messages sent by the source terminal of the virus, so as to prevent the source terminal of the virus from continuing to send messages carrying the virus to attack other terminals.
By utilizing one or more embodiments of the present disclosure, a virus diagnosis device with excellent performance is added, and the message forwarding device does not need to perform virus detection on the message sent by the terminal, and also does not need to judge whether blocking is needed, thereby reducing the workload of the message forwarding device. Moreover, the virus diagnosis equipment has better performance, can carry out all-around detection on the message sent by the terminal, improves the diagnosis capacity of concealing the network virus, and is more favorable for controlling the network virus. When the administrator manages the network, the administrator only needs to perform uniform configuration and management on the management platform, and does not need to configure and issue each message forwarding device, thereby facilitating the network management of the administrator.
It should be noted that, in one or more embodiments of the present disclosure, the functions of the virus identification device may be added to the management platform or the self-security device, but the management platform and the self-security device have their respective functions, the virus identification is a complex and huge work, and the functions of the virus identification device are added to the self-security device or the management platform, which needs to be improved in the existing performance and needs to balance the functions. Therefore, the function of the virus diagnosis device can be realized when the function of the virus diagnosis device is added to a management platform or a self-safety device, but the practical application value is not increased to be higher than that of the virus diagnosis device.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following provides a detailed description of examples of the present specification.
As shown in fig. 3, fig. 3 is a schematic flow chart of virus diagnosis and blocking according to an exemplary embodiment of the present disclosure, which includes the following steps:
step 201, the virus confirmation device performs virus detection on all received message copies.
The self-security device manages the message interaction between the message forwarding devices, so that most of the messages received by the message forwarding devices pass through the self-security device. After receiving the messages from the safety equipment, executing copy operation to each received message to obtain a corresponding message copy, and sending the message copy to the virus diagnosis equipment.
And the virus confirmation equipment performs virus detection on the received message copy. The virus diagnosis equipment is special equipment for detecting viruses, and has better virus diagnosis capability than the message forwarding equipment. In fact, the virus diagnosis capability of each message forwarding device can be improved, but with the improvement of the virus diagnosis capability, the original message forwarding function of the message forwarding device is inevitably affected, and the original message forwarding function of the message forwarding device is not compensated, and the self-security device and the management platform are the same. The other is to improve the performance of each message forwarding device, and the improvement of the performance means that the existing device needs to be replaced by a device with higher cost, and all the message forwarding devices are replaced, so that the cost is high.
Step 202, if the virus confirmation device detects the virus, the detection result including the virus source information is sent to the management platform.
The virus source information refers to a message copy for detecting the virus, which message forwarding device and which terminal the message copy comes from according to the content of the message copy, and then the determined message forwarding identifier and terminal identifier are used as the source information of the virus.
As shown in fig. 1, the terminal 1 needs to send a packet X to the terminal 6, the terminal 1 first forwards the packet to the packet forwarding device a, and after receiving the packet X, the packet forwarding device a forwards the packet X to the packet forwarding device C through the self-security device. After receiving the message X, the self-security device copies the message X to obtain a message copy X and forwards the message copy X to the virus diagnosis device. If the virus diagnosing device detects a virus in the message copy X, the sources of the virus (i.e., the source of the message copy X) are the message forwarding device a and the terminal 1, and the virus source information is the identifier of the message forwarding device a and the identifier of the terminal 1.
The identifier may be an MAC address, an IP address, or the like, and uniquely identifies each terminal and the packet forwarding device.
In practical applications, the detection result may further include virus attributes, such as virus names (e.g., win32.bho. anbp, win32.startpage. aggp [ Dropper ], win32.qqpass. yia), virus risk levels (e.g., high, medium, and low), virus types (e.g., smiling virus, macrovirus, metavirus, etc.), and the like.
Step 203, the management platform sends a blocking instruction containing the terminal identifier of the virus source to the message forwarding device of the virus source under the specified condition according to the detection result.
An administrator generally manages each device on a management platform, and if the management platform determines a specific message forwarding device to which a blocking instruction needs to be issued (i.e., determines a source message forwarding device) according to a message forwarding device identifier in the virus source information of the detection result under a default condition (i.e., under a specified blocking condition), then issues the blocking instruction including a terminal identifier corresponding to a source terminal to the source message forwarding device.
When the detection result includes the virus attribute, the administrator may configure the blocking policy of each packet forwarding device, that is, the set of virus attributes that each packet forwarding device needs to block. If the virus attribute is a virus name, the corresponding virus attribute set is a set formed by a plurality of virus names, if the virus attribute is a virus type, the corresponding virus attribute set is a set formed by a plurality of virus types, and if the virus attribute is a virus danger level, the corresponding virus attribute set is a set formed by a virus danger level.
Taking the virus danger level as an example, the virus danger level can be divided according to the prevalence (spread wide degree) of the existing virus, the higher the prevalence is, the higher the danger level is, the virus danger level can also be divided according to the hazard course (severity causing consequences) of the existing virus, the higher the danger level is, and the virus danger level can also be divided according to the prevalence and the danger level. Wherein, can divide according to actual need when dividing the grade, if can divide three grades: high, medium, low, or general, important, severe, five levels can also be divided: primary virus, secondary virus, tertiary virus, quaternary virus, and quinary virus.
As shown in fig. 1, it is assumed that the blocking policy of the message forwarding device B is to block viruses with middle-high level virus attributes, the set of virus attributes corresponding to the message forwarding device B is { middle-level virus, high-level virus }, and it is assumed that the virus identification device detects that the message sent by the terminal 3 carries low-level viruses, and the message sent by the terminal 3 is not in the blocking policy of the message forwarding device B, so the management platform does not issue a blocking instruction for the viruses; if the virus identification device detects that the packet sent by the terminal 4 carries a high-level virus, the packet sent by the terminal 4 is in the blocking policy of the packet forwarding device B, so that the management platform issues a blocking instruction containing a terminal identifier corresponding to the terminal 4 to the packet forwarding device B according to the virus.
It should be noted that, compared to the blocking configuration in the prior art, the embodiment of the present invention is more flexible and convenient, and different blocking strategies can be configured for each packet forwarding device without issuing configuration information to each packet forwarding device. For example, a terminal served by a certain message forwarding device has particularity and has a high requirement on security, so that viruses with all virus attributes are blocked only when the management platform configures the blocking policy of the message forwarding device. The terminal served by a certain message forwarding device sends a normal message, but is always easily identified as a low-level virus by mistake, so that only viruses with the properties of the medium-level and high-level viruses are blocked when a blocking strategy of the message forwarding device is configured.
And step 204, the message forwarding equipment blocks the message sent by the virus source terminal according to the blocking instruction.
After the message forwarding device receives the blocking instruction, it indicates that the message sent by the terminal contains the network virus in the terminal connected with the message forwarding device. The message forwarding equipment determines a terminal corresponding to the terminal identification in the terminal connected with the message forwarding equipment according to the terminal identification in the blocking instruction, and blocks all messages sent by the terminal so as to prevent the terminal from continuously sending messages containing network viruses to damage the network.
In practical application, the management platform may also release blocking of a message sent by a target terminal that meets the security requirement, for example, after a technician or an administrator confirms that the terminal that is blocked from sending the message has completed security detection, or the terminal that is blocked from sending the message is a misdiagnosed device, at this time, the management platform may issue a blocking-release instruction including a target terminal identifier to a message forwarding device that is responsible for forwarding the message sent by the target terminal, so that the target terminal normally sends the message to other terminals or devices.
Specifically, when the management platform issues the blocking instruction, the terminal identifier in the blocking instruction is added to the blocking list. As shown in fig. 1, after determining that the terminal 3 is safe, the administrator removes the terminal identifier 3 corresponding to the terminal 3 from the blocking list, and the management platform generates a unblocking instruction for the terminal identifier 3, and issues the unblocking instruction including the terminal identifier 3 to the message forwarding device B responsible for forwarding the message sent by the terminal 3, so that the terminal 3 normally sends the message to other terminals or devices.
As shown in fig. 4, which is an interaction process between various devices in one or more embodiments. The administrator configures the blocking strategy of each message forwarding device on the management platform according to the actual situation, and after the configuration is completed, sends a notification message to the successfully configured message forwarding devices to notify each message forwarding device that virus identification is not needed and a security log is not needed to be reported.
After the terminal is started and on-line, the message is sent through the message forwarding device, and when the message forwarding device forwards the message to other devices through the self-security device, the message is copied and sent to the virus diagnosis device through the self-security device.
And the virus confirmation equipment carries out virus detection on the received message, generates a detection result according to the source information and the attribute of the virus if the virus is detected, and reports the detection result to the management platform.
After receiving the detection result, the management platform searches for a blocking policy corresponding to the message forwarding device identifier (i.e., an attribute set corresponding to the message forwarding device identifier) according to the message forwarding device identifier in the virus source information, then determines whether the virus attribute is in the attribute set (i.e., determines whether the virus attribute is in a blocking range) according to the virus attribute and the blocking policy corresponding to the message forwarding device identifier, and if so, generates a blocking instruction according to the terminal identifier in the virus source information and sends the blocking instruction to the message forwarding device corresponding to the message forwarding device identifier; if not, no operation is performed.
If the message forwarding equipment receives a blocking instruction sent by the management platform, the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identifier according to the terminal identifier in the blocking instruction.
The present disclosure also provides a virus diagnosis and blocking system, which includes a plurality of message forwarding devices, a self-security device, a management platform, and a virus diagnosis device;
the message forwarding devices perform message interaction through the self-security device; the self-safety equipment executes copy operation to each received message to obtain a corresponding message copy, and sends the message copy to the virus diagnosis equipment;
the virus confirmation equipment is used for carrying out virus detection on the received message copy; if the virus is detected, reporting the detection result of the virus to the management platform; the detection result comprises the source information of the virus; the virus source information comprises a terminal identification corresponding to the message copy source terminal and a message forwarding equipment identification corresponding to the message copy source message forwarding equipment;
the management platform issues a blocking instruction containing the terminal identifier to the message forwarding equipment corresponding to the message forwarding equipment identifier under the condition of specified blocking according to the detection result;
and the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identification according to the received blocking instruction.
Wherein, the detection result also comprises a virus attribute corresponding to the virus;
the specified blocking condition is that the virus attribute is in an attribute set corresponding to the message forwarding equipment identifier; the set of attributes is configured by an administrator.
The virus attribute may be a virus risk level; the risk rating is based on the degree of harm and/or prevalence of existing viruses.
The virus confirmation and blocking system may further comprise:
the management platform sends a release instruction containing a terminal identifier corresponding to a target terminal to message forwarding equipment which is responsible for forwarding a message sent by the target terminal aiming at the target terminal meeting specified conditions;
and the message forwarding equipment removes the blocking aiming at the message sent by the target terminal according to a removing instruction.
The implementation process of the functions and actions of each device in the system is specifically described in the implementation process of the corresponding steps in the method, and is not described herein again.
The present specification also provides a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor is configured to execute the method performed by any one of the management platform, the message forwarding device, the virus identification device and the self-security device.
Embodiments of the present disclosure also provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform a method performed by any one of the management platform, the message forwarding device, the virus diagnosis device, and the self-security device.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. Information may be computer readable instructions, data structures, units of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A virus diagnosis and blocking method is characterized in that the method is applied to a virus diagnosis and blocking system and comprises a plurality of message forwarding devices, self-safety devices, a management platform and a virus diagnosis device; message interaction is carried out among all message forwarding devices through the self-safety device; the self-safety equipment executes copy operation to each received message to obtain a corresponding message copy, and sends the message copy to the virus diagnosis equipment; the method comprises the following steps:
the virus confirmation equipment carries out virus detection on the received message copy; if the virus is detected, reporting the detection result of the virus to the management platform; the detection result comprises virus source information of the virus; the virus source information comprises a terminal identification corresponding to the message copy source terminal and a message forwarding equipment identification corresponding to the message copy source message forwarding equipment;
the management platform sends a blocking instruction containing the terminal identification to the message forwarding equipment corresponding to the message forwarding equipment identification under the condition of specified blocking according to the detection result;
and the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identification according to the received blocking instruction.
2. The method of claim 1, wherein the detection result further comprises a virus attribute corresponding to the virus;
the specified blocking condition is that the virus attribute is in an attribute set corresponding to the message forwarding equipment identifier; the set of attributes is configured by an administrator.
3. The method of claim 2, wherein the virus attribute is a virus risk rating; the risk rating is based on the degree of harm and/or prevalence of existing viruses.
4. The method of any of claims 1-3, further comprising:
the management platform sends a release instruction containing a terminal identifier corresponding to a target terminal to message forwarding equipment which is responsible for forwarding a message sent by the target terminal aiming at the target terminal meeting specified conditions;
and the message forwarding equipment removes the blocking aiming at the message sent by the target terminal according to a removing instruction.
5. A virus diagnosis and blocking system is characterized in that the system comprises a plurality of message forwarding devices, self-safety devices, a management platform and virus diagnosis devices;
the message forwarding devices perform message interaction through the self-security device; the self-safety equipment executes copy operation to each received message to obtain a corresponding message copy, and sends the message copy to the virus diagnosis equipment;
the virus confirmation equipment is used for carrying out virus detection on the received message copy; if the virus is detected, reporting the detection result of the virus to the management platform; the detection result comprises the source information of the virus; the virus source information comprises a terminal identification corresponding to the message copy source terminal and a message forwarding equipment identification corresponding to the message copy source message forwarding equipment;
the management platform issues a blocking instruction containing the terminal identifier to the message forwarding equipment corresponding to the message forwarding equipment identifier under the condition of specified blocking according to the detection result;
and the message forwarding equipment blocks the message sent by the terminal corresponding to the terminal identification according to the received blocking instruction.
6. The system of claim 5, wherein the detection result further comprises a virus attribute corresponding to the virus;
the specified blocking condition is that the virus attribute is in an attribute set corresponding to the message forwarding equipment identifier; the set of attributes is configured by an administrator.
7. The system of claim 6, wherein the virus attribute is a virus risk level; the risk rating is based on the degree of harm and/or prevalence of existing viruses.
8. The system of any one of claims 5-7,
the management platform sends a release instruction containing a terminal identifier corresponding to a target terminal to message forwarding equipment which is responsible for forwarding a message sent by the target terminal aiming at the target terminal meeting specified conditions;
and the message forwarding equipment removes the blocking aiming at the message sent by the target terminal according to a removing instruction.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor is configured to perform the method performed by any one of the above management platform, message forwarding device, virus diagnosis device and self-security device.
10. A computer-readable storage medium having stored thereon a computer program for executing by a processor a method performed by any one of the above-mentioned management platform, message forwarding device, virus diagnosis device, and self-security device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110069494.9A CN112769849B (en) | 2021-01-19 | 2021-01-19 | Method, system, equipment and storage medium for virus diagnosis and blocking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110069494.9A CN112769849B (en) | 2021-01-19 | 2021-01-19 | Method, system, equipment and storage medium for virus diagnosis and blocking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112769849A true CN112769849A (en) | 2021-05-07 |
| CN112769849B CN112769849B (en) | 2023-06-09 |
Family
ID=75703167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110069494.9A Active CN112769849B (en) | 2021-01-19 | 2021-01-19 | Method, system, equipment and storage medium for virus diagnosis and blocking |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112769849B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114944930A (en) * | 2022-03-25 | 2022-08-26 | 国网浙江省电力有限公司杭州供电公司 | Intranet safe communication method based on high aggregation scene |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5414833A (en) * | 1993-10-27 | 1995-05-09 | International Business Machines Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
| US20070030539A1 (en) * | 2005-07-28 | 2007-02-08 | Mformation Technologies, Inc. | System and method for automatically altering device functionality |
| US20080222702A1 (en) * | 2007-03-05 | 2008-09-11 | Liu Lifeng | System and method for preventing viruses from intruding into network |
| WO2009125659A1 (en) * | 2008-04-11 | 2009-10-15 | 三菱電機株式会社 | Device state detecting device, device state detecting method, device state detecting server, device state detecting system, liver abnormality detecting device, liver abnormality detecting system, liver abnormality detecting method, and device state database maintaining server |
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
| CN105763351A (en) * | 2014-12-17 | 2016-07-13 | 华为技术有限公司 | Method for deploying value added service, forwarding equipment, detection equipment, and management equipment |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| US20170180421A1 (en) * | 2014-02-11 | 2017-06-22 | Varmour Networks, Inc. | Deception using Distributed Threat Detection |
| US20170257397A1 (en) * | 2016-03-04 | 2017-09-07 | Secureauth Corporation | Identity security and containment based on detected threat events |
| CN108551449A (en) * | 2018-04-13 | 2018-09-18 | 上海携程商务有限公司 | Anti-virus manages system and method |
| US20190182278A1 (en) * | 2016-12-12 | 2019-06-13 | Gryphon Online Safety, Inc. | Method for protecting iot devices from intrusions by performing statistical analysis |
| CN110505235A (en) * | 2019-09-02 | 2019-11-26 | 四川长虹电器股份有限公司 | A kind of detection system and method for the malicious requests around cloud WAF |
| CN111107087A (en) * | 2019-12-19 | 2020-05-05 | 杭州迪普科技股份有限公司 | Message detection method and device |
-
2021
- 2021-01-19 CN CN202110069494.9A patent/CN112769849B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5414833A (en) * | 1993-10-27 | 1995-05-09 | International Business Machines Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
| US20070030539A1 (en) * | 2005-07-28 | 2007-02-08 | Mformation Technologies, Inc. | System and method for automatically altering device functionality |
| US20080222702A1 (en) * | 2007-03-05 | 2008-09-11 | Liu Lifeng | System and method for preventing viruses from intruding into network |
| WO2009125659A1 (en) * | 2008-04-11 | 2009-10-15 | 三菱電機株式会社 | Device state detecting device, device state detecting method, device state detecting server, device state detecting system, liver abnormality detecting device, liver abnormality detecting system, liver abnormality detecting method, and device state database maintaining server |
| US20170180421A1 (en) * | 2014-02-11 | 2017-06-22 | Varmour Networks, Inc. | Deception using Distributed Threat Detection |
| CN105763351A (en) * | 2014-12-17 | 2016-07-13 | 华为技术有限公司 | Method for deploying value added service, forwarding equipment, detection equipment, and management equipment |
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
| US20170257397A1 (en) * | 2016-03-04 | 2017-09-07 | Secureauth Corporation | Identity security and containment based on detected threat events |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| US20190182278A1 (en) * | 2016-12-12 | 2019-06-13 | Gryphon Online Safety, Inc. | Method for protecting iot devices from intrusions by performing statistical analysis |
| CN108551449A (en) * | 2018-04-13 | 2018-09-18 | 上海携程商务有限公司 | Anti-virus manages system and method |
| CN110505235A (en) * | 2019-09-02 | 2019-11-26 | 四川长虹电器股份有限公司 | A kind of detection system and method for the malicious requests around cloud WAF |
| CN111107087A (en) * | 2019-12-19 | 2020-05-05 | 杭州迪普科技股份有限公司 | Message detection method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114944930A (en) * | 2022-03-25 | 2022-08-26 | 国网浙江省电力有限公司杭州供电公司 | Intranet safe communication method based on high aggregation scene |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112769849B (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109379347B (en) | Safety protection method and equipment | |
| CN110851311A (en) | Service fault identification method, device, equipment and storage medium | |
| US10936386B2 (en) | Method, device and computer program product for monitoring access request | |
| US20220353170A1 (en) | Method, apparatus, and system for controlling a flow entry | |
| CN112738095A (en) | Method, device, system, storage medium and equipment for detecting illegal external connection | |
| CN112769849A (en) | Method, system, equipment and storage medium for virus confirmation and blocking | |
| CN112737945B (en) | Server connection control method and device | |
| US10277484B2 (en) | Self organizing network event reporting | |
| US10298445B2 (en) | Method for dynamic adjustment of a level of verbosity of a component of a communications network | |
| CN115037653B (en) | Service flow monitoring method, device, electronic equipment and storage medium | |
| CN108845772B (en) | Hard disk fault processing method, system, equipment and computer storage medium | |
| JP2016513309A (en) | Control of error propagation due to faults in computing nodes of distributed computing systems | |
| CN110825542A (en) | Method, device and system for detecting fault disk in distributed system | |
| CN115361310A (en) | Link detection method and device of firewall | |
| CN109743733B (en) | Wireless signal control method and device | |
| WO2021144978A1 (en) | Attack estimation device, attack estimation method, and attack estimation program | |
| CN109255243B (en) | Method, system, device and storage medium for repairing potential threats in terminal | |
| CN108270614B (en) | SDN network-based fault processing method, device and equipment | |
| CN113641534A (en) | Network disconnection simulation method and device, electronic equipment and system | |
| CN108459899B (en) | Information protection method and device | |
| CN114465986B (en) | IP address conflict processing method, electronic device and computer readable storage medium | |
| US11343310B2 (en) | Detecting anomalies in a distributed application | |
| CN115150253B (en) | Fault root cause determining method and device and electronic equipment | |
| CN112825517B (en) | Safe acceleration wind control scheduling method and equipment | |
| CN114629874A (en) | Cloud protection node switching method, system, equipment and medium of source station server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |