CN113486256A - Big data processing system based on network security - Google Patents
Big data processing system based on network security Download PDFInfo
- Publication number
- CN113486256A CN113486256A CN202110742810.4A CN202110742810A CN113486256A CN 113486256 A CN113486256 A CN 113486256A CN 202110742810 A CN202110742810 A CN 202110742810A CN 113486256 A CN113486256 A CN 113486256A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- client
- internet
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 39
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 238000013500 data storage Methods 0.000 claims description 28
- 238000001914 filtration Methods 0.000 claims description 17
- 238000012217 deletion Methods 0.000 claims description 15
- 230000037430 deletion Effects 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 15
- 238000012216 screening Methods 0.000 claims description 4
- 230000002950 deficient Effects 0.000 claims 1
- 238000000034 method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000007619 statistical method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004630 mental health Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9536—Search customisation based on social or collaborative filtering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
- G06F16/9574—Browsing optimisation, e.g. caching or content distillation of access to content, e.g. by caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a big data processing system based on network security, in particular to the technical field of big data processing systems, which comprises a client access network system and a big data processing system, wherein the client access system comprises a client, the Internet, a VPN server, an enterprise local area network and a database server, the client is divided into a foreign client and a local client, the foreign client is connected with the Internet, the Internet is connected with the VPN server, and the VPN server is connected with the enterprise local area network. According to the scheme, the firewall is arranged between the Internet and the client, so that the data safety is guaranteed, meanwhile, when a client accesses an important enterprise database, a special network can be set, a user is connected with the enterprise local area network by logging in the VPN server, so that the data of the database server is obtained, and in the transmission process, the encryption password is also arranged between the enterprise local area network and the VPN server, so that the data cannot be stolen.
Description
Technical Field
The invention relates to the technical field of big data processing systems, in particular to a big data processing system based on network security.
Background
With the rise of big data processing, many problems are faced in the big data processing process, for example, how to improve the processing efficiency of the big data processing system, the data information security of the big data processing system is not perfect enough, and the stability of the big data processing system is affected by major loss caused by data information leakage.
A big data processing system based on network security according to patent number CN 109977700A published by the Chinese patent office: the system comprises a data acquisition module, a data induction module, the Internet, a data storage module, a data processing module, a data statistical analysis module, a data result display module and a data monitoring module; the data acquisition module is connected with the data summarization module, and the data summarization module is connected with the Internet; a safety firewall is arranged on the internet, and the internet is connected with the data storage module; the data storage module is connected with the data monitoring module; the data processing module is connected with the Internet; the data statistical analysis module is connected with the data processing module; and the data result display is connected with the data statistical analysis. According to the invention, the security protection is carried out on the big data processing through the network security, so that the data processing accuracy is improved, and the big data processing efficiency is improved through the network link; the system only adopts a firewall to protect the big data processing information, prevents the big data information from being leaked or lost in the transmission process, is not enough, and when a user accesses an important database, important data can still be lost to cause the leakage of the important information; secondly, when accessing a general server, a system capable of filtering and screening information is also lacked.
It is therefore desirable to provide a large data processing system based on network security.
Disclosure of Invention
In order to overcome the above-mentioned defects in the prior art, embodiments of the present invention provide a large data processing system based on network security, so as to solve the problems that important files are easily lost or stolen and a system capable of filtering bad information is lacking during the network access process in the prior art.
In order to solve the technical problems, the invention provides the following technical scheme: a big data processing system based on network security comprises a client access network system and a big data processing system, wherein the client access system comprises a client, the Internet, a VPN server, an enterprise local area network and a database server, the client is divided into a foreign client and a local client, the foreign client is connected with the Internet, the Internet is connected with the VPN server, the VPN server is connected with the enterprise local area network, the enterprise local area network is connected with the database server, the Internet is also connected with other servers, and the local client can be directly connected with the VPN server.
The big data processing system comprises a client, an internet, a data access unit, a data detection unit, a data filtering unit, a data storage unit and a background database, wherein the internet comprises an internal network and an external network, a firewall is arranged between the internal network and the external network, the internet is connected with the data access unit, the data access unit is connected with the data detection unit, the data detection unit is connected with the data filtering unit, the data filtering unit is connected with the data storage unit, and the data storage unit is connected with the background database.
Preferably, a unique encryption service is provided between the enterprise local area network and the VPN server, and the same encryption service is provided between the VPN server and the internet.
Preferably, the data detection unit includes a word recognition module, a picture recognition module and a video recognition module, the word recognition module is connected with a forbidden word database, the picture recognition module is connected with a forbidden picture database, the video recognition module is connected with a forbidden video database, the forbidden word database contains forbidden words such as pornography and violence, the word recognition module is used for detecting the forbidden words, the picture recognition module is used for comparing the picture with the forbidden pictures and detecting the forbidden pictures with high similarity.
Preferably, the data filtering unit includes a data identification and deletion module and a data transmission module, the data identification and deletion module is connected to the data transmission module, the data identification and deletion module is configured to delete the detected unqualified data, and the data transmission module is configured to transmit the filtered data.
Preferably, the data storage unit comprises a data cache module, a data offline backup module, a data classification module and a data storage module, the data offline backup module is connected with the data classification module, the data classification module is connected with the data storage module, the data classification module is further connected with an automatic data deletion module, the data offline backup module is used for automatically backing up data when the data offline backup module is offline, the data classification module is used for classifying the data and screening out useless data, the automatic data deletion module is used for automatically deleting the useless data screened out by the data classification module, and the data storage module is used for storing the remaining data into a background database.
Preferably, the data transmission module is connected with the data cache module, the data transmission module is connected with the data offline backup module, and the data storage module is connected with the background database.
The technical scheme of the invention has the following beneficial effects:
in the scheme, a firewall is arranged between the Internet and the client to ensure the safety of data, meanwhile, when a client accesses an important database of an enterprise, a special network can be set, a user is connected with an enterprise local area network by logging in a VPN server to obtain the data of the database server, and an encryption password is also arranged between the enterprise local area network and the VPN server in the transmission process to ensure that the data cannot be stolen;
in the scheme, by arranging the data detection unit and the data filtering unit, harmful forbidden words, pictures and videos can be deleted, the effect of filtering the accessed server content is achieved, the purpose of ensuring the online security of minors is achieved, and the network can be purified;
in the scheme, the data buffer module and the data offline backup module are arranged, so that the contents such as an access path, a current page and the like can be cached in an online process, when a network is disconnected suddenly, the contents can be backed up in time, meanwhile, in order to reduce the cached contents, the memory of the background can contain more useful contents, the data classification module can delete unimportant information and data in time, the contents are thinned, and finally the backed-up contents are contained in the background database so as to be convenient for viewing in time.
Drawings
FIG. 1 is a schematic diagram of a client-side access network system according to the present invention;
FIG. 2 is a block diagram of a big data processing system according to the present invention;
FIG. 3 is a schematic diagram of a data detection unit according to the present invention;
FIG. 4 is a schematic diagram of a data filtering unit according to the present invention;
FIG. 5 is a schematic diagram of a data storage unit according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
The embodiment of the present invention provides a big data processing system based on network security as shown in fig. 1 to fig. 5, which includes a client access network system and a big data processing system, wherein the client access system includes a client, an internet, a VPN server, an enterprise lan and a database server, the client is divided into a foreign client and a local client, the foreign client is connected to the internet, the internet is connected to the VPN server, the VPN server is connected to the enterprise lan, the enterprise lan is connected to the database server, the internet is further connected to other servers, and the local client can be directly connected to the VPN server; the big data processing system comprises a client, an internet, a data access unit, a data detection unit, a data filtering unit, a data storage unit and a background database, wherein the internet comprises an internal network and an external network, a firewall is arranged between the internal network and the external network, the internet is connected with the data access unit, the data access unit is connected with the data detection unit, the data detection unit is connected with the data filtering unit, the data filtering unit is connected with the data storage unit, and the data storage unit is connected with the background database; the data filtering unit comprises a data identification and deletion module and a data transmission module, the data identification and deletion module is connected with the data transmission module, the data identification and deletion module is used for deleting the detected unqualified data, and the data transmission module is used for transmitting the filtered data; the data transmission module is connected with the data cache module, the data transmission module is connected with the data offline backup module, and the data storage module is connected with the background database.
The special encryption service is arranged between the enterprise local area network and the VPN server, and the same encryption service is arranged between the VPN server and the Internet.
In particular, the encryption service may employ IPSec, which allows to provide stream-by-stream or connection-by-connection security, so that a very fine security control can be achieved. For the user, different levels of security protection can be defined for different needs. The IPSec provides security services such as data confidentiality, data integrity, data source authentication, anti-replay and the like for network data transmission, so that the data are not worried about monitoring, tampering and counterfeiting when being transmitted through a public network; IPSec achieves these goals by using various encryption algorithms, authentication algorithms, encapsulation protocols, and some special security mechanisms, and these algorithms and their parameters are the SAs stored at both ends of the IPSec communication, and when the settings in the SAs at both ends match, both ends can perform the IPSec communication.
The data detection unit comprises a word recognition module, a picture recognition module and a video recognition module, wherein the word recognition module is connected with a forbidden word database, the picture recognition module is connected with a forbidden picture database, the video recognition module is connected with a forbidden video database, the forbidden word database contains forbidden words such as pornography and violence, the word recognition module is used for detecting the forbidden words, the picture recognition module is used for comparing pictures with the forbidden pictures and detecting the forbidden pictures with high similarity.
Specifically, for words, a special forbidden word database is provided, and only simple comparison is needed, and when the articles contain the words, the words are deleted or treated with a horse mark; for the pictures, the difficulty is slightly high, the forbidden picture database needs to be searched for similar pictures, the similar pictures are compared, the similarity reaches a certain percentage, the pictures are immediately deleted, and the pictures are stored in the forbidden picture database; for videos, two directions of video content and video sound content need to be identified, a voice conversion function is further arranged inside the video identification module, voice can be converted into characters, and then the actions of word detection forbidding are repeated on the characters.
The data storage unit comprises a data caching module, a data offline backup module, a data classification module and a data storage module, wherein the data offline backup module is connected with the data classification module, the data classification module is connected with the data storage module, the data classification module is further connected with an automatic data deletion module, the data offline backup module is used for automatically backing up data when the data offline backup module is offline, the data classification module is used for classifying the data and screening out useless data, the automatic data deletion module is used for automatically deleting the useless data screened out by the data classification module, and the data storage module is used for storing the rest data into a background database.
Specifically, when the visitor is online, the access content of the visitor can be cached, so that the access path and the access content can be reserved when the visitor enters the system next time, and meanwhile, when the visitor is disconnected, the content can be immediately backed up and stored in a background database.
The working process of the invention is as follows:
for office workers, when working outside, and accessing a private database, the VPN server can be connected firstly, and then the VPN server is connected with a local area network of an enterprise, so that the data of the database server can be obtained, and when working in a company, the VPN server can be directly connected, so that the security of private data of the company is ensured, and the data is prevented from being lost or stolen; when a common person accesses a general server, the access content can be filtered through the big data processing system, the internet access safety is ensured, and the phenomenon that the physical and mental health of teenagers is damaged by forbidden words, such as yellow, violence and the like, is avoided; meanwhile, the access content can be stored and backed up in time, double insurance is achieved, the data are prevented from being lost, unimportant content is deleted in time, and the content capable of being cached in the background is enlarged.
The system not only ensures the security of network access, but also can process the big data content in time, filter the big data content, and finally can save and backup the content in time, thereby solving the problem that the current access network is unsafe.
The points to be finally explained are: first, in the description of the present application, it should be noted that, unless otherwise specified and limited, the terms "mounted," "connected," and "connected" should be understood broadly, and may be a mechanical connection or an electrical connection, or a communication between two elements, and may be a direct connection, and "upper," "lower," "left," and "right" are only used to indicate a relative positional relationship, and when the absolute position of the object to be described is changed, the relative positional relationship may be changed;
secondly, the method comprises the following steps: in the drawings of the disclosed embodiments of the invention, only the structures related to the disclosed embodiments are referred to, other structures can refer to common designs, and the same embodiment and different embodiments of the invention can be combined with each other without conflict;
and finally: the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that are within the spirit and principle of the present invention are intended to be included in the scope of the present invention.
Claims (6)
1. A big data processing system based on network security is characterized by comprising a client access network system and a big data processing system, wherein the client access system comprises a client, an internet, a VPN server, an enterprise local area network and a database server, the client is divided into a foreign client and a local client, the foreign client is connected with the internet, the internet is connected with the VPN server, the VPN server is connected with the enterprise local area network, the enterprise local area network is connected with the database server, the internet is also connected with other servers, and the local client can be directly connected with the VPN server;
the big data processing system comprises a client, an internet, a data access unit, a data detection unit, a data filtering unit, a data storage unit and a background database, wherein the internet comprises an internal network and an external network, a firewall is arranged between the internal network and the external network, the internet is connected with the data access unit, the data access unit is connected with the data detection unit, the data detection unit is connected with the data filtering unit, the data filtering unit is connected with the data storage unit, and the data storage unit is connected with the background database.
2. The big data processing system based on network security as claimed in claim 1, wherein a unique encryption service is provided between the enterprise LAN and a VPN server, and the same encryption service is provided between the VPN server and the Internet.
3. The big data processing system based on network security according to claim 1, wherein the data detection unit comprises a word recognition module, a picture recognition module and a video recognition module, the word recognition module is connected with a forbidden word database, the picture recognition module is connected with a forbidden picture database, the video recognition module is connected with a forbidden video database, the forbidden word database contains forbidden words such as pornography and violence, the word recognition module is used for detecting the forbidden words, and the picture recognition module is used for comparing pictures with the forbidden pictures and detecting the forbidden pictures with high similarity.
4. The big data processing system based on network security according to claim 1, wherein the data filtering unit comprises a data identification and deletion module and a data transmission module, the data identification and deletion module is connected with the data transmission module, the data identification and deletion module is used for deleting the detected defective data, and the data transmission module is used for transmitting the filtered data.
5. The big data processing system based on network security according to claim 1, wherein the data storage unit comprises a data cache module, a data offline backup module, a data classification module and a data storage module, the data offline backup module is connected with the data classification module, the data classification module is connected with the data storage module, the data classification module is further connected with an automatic data deletion module, the data offline backup module is used for automatically backing up data when the data offline backup module is offline, the data classification module is used for classifying the data and screening out useless data, the automatic data deletion module is used for automatically deleting the useless data screened out by the data classification module, and the data storage module is used for storing the remaining data into a background database.
6. The big data processing system based on network security as claimed in claim 1, wherein the data transmission module is connected to the data caching module, the data transmission module is connected to the data offline backup module, and the data storage module is connected to the background database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110742810.4A CN113486256A (en) | 2021-06-30 | 2021-06-30 | Big data processing system based on network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110742810.4A CN113486256A (en) | 2021-06-30 | 2021-06-30 | Big data processing system based on network security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113486256A true CN113486256A (en) | 2021-10-08 |
Family
ID=77937366
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110742810.4A Pending CN113486256A (en) | 2021-06-30 | 2021-06-30 | Big data processing system based on network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113486256A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790088A (en) * | 2016-12-23 | 2017-05-31 | 华北理工大学 | A kind of network security enforcement system and method based on big data platform |
| CN107395601A (en) * | 2017-07-26 | 2017-11-24 | 华迪计算机集团有限公司 | A kind of mobile office system and method based on the safe Intranets of VPN |
| CN206686205U (en) * | 2017-03-30 | 2017-11-28 | 福建师范大学福清分校 | The multiple-protection network architecture |
-
2021
- 2021-06-30 CN CN202110742810.4A patent/CN113486256A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790088A (en) * | 2016-12-23 | 2017-05-31 | 华北理工大学 | A kind of network security enforcement system and method based on big data platform |
| CN206686205U (en) * | 2017-03-30 | 2017-11-28 | 福建师范大学福清分校 | The multiple-protection network architecture |
| CN107395601A (en) * | 2017-07-26 | 2017-11-24 | 华迪计算机集团有限公司 | A kind of mobile office system and method based on the safe Intranets of VPN |
Non-Patent Citations (1)
| Title |
|---|
| 彭代渊: "《铁路信息安全技术》", 31 May 2010, 《中国铁道出版社》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230394175A1 (en) | Tagging and auditing sensitive information in a database environment | |
| US11947704B2 (en) | Tagging and auditing sensitive information in a database environment | |
| US20120180120A1 (en) | System for data leak prevention from networks using context sensitive firewall | |
| CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
| CN103166966B (en) | Identify the method to the unauthorized access request of website and device | |
| CN107403165B (en) | Data management architecture of intelligent face recognition system and use method | |
| CN102999732A (en) | Multi-stage domain protection method and system based on information security level identifiers | |
| US20150088933A1 (en) | Controlling disclosure of structured data | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN108696540A (en) | A kind of authorizing secure system and its authorization method | |
| Serafino | " I Know My Rights, So You Go'n Need a Warrant for That": The Fourth Amendment, Riley's Impact, and Warrantless Searches of Third-Party Clouds | |
| US20220272116A1 (en) | Systems and methods for network device discovery and vulnerability assessment | |
| WO2005031523A2 (en) | Systems and methods for sharing data between entities | |
| CN113486256A (en) | Big data processing system based on network security | |
| CN104010021A (en) | Network consultation platform | |
| US11853451B2 (en) | Controlled data access | |
| US20180204017A1 (en) | Systems and methods to convert a data source into a secure container with dynamic rights based on data location | |
| Nanda et al. | Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB | |
| US9497205B1 (en) | Global commonality and network logging | |
| KR101612893B1 (en) | Privacy information scanning system and scanning method | |
| Rahman et al. | Framework Analysis of IDFIF V2 in WhatsApp Investigation Process on Android Smartphones | |
| CN102546636A (en) | Protected resource monitoring method and device | |
| CN108134781B (en) | Important information data secrecy monitoring system | |
| CN111291400A (en) | Financial data protection system based on block chain | |
| CA3043983A1 (en) | Tagging and auditing sensitive information in a database environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211008 |
|
| RJ01 | Rejection of invention patent application after publication |