Disclosure of Invention
The invention aims to provide a computer network safety system based on virtualization technology, which analyzes external operation information to isolate and process dangerous information before entering virtualization so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a computer network security system based on virtualization technology comprises a computer system, wherein the computer system comprises a virtual machine and a host, and further comprises a virtual security system for protecting the computer system;
the virtual security system includes: the system comprises a communication layer, an identification layer, a defense layer, an isolation layer, a transfer layer, a virtual layer and an AI layer;
the communication layer is connected with an external terminal needing to access computer system resources;
the identification layer is connected with the communication layer and is used for identifying the external terminal information and the data information sent by the external terminal information;
the defense layer is connected with the identification layer, plays a role in isolation and prevents harmful data information from entering a computer system;
the isolation layer is connected with the defense layer and is used for blocking and isolating the data information which passes through the defense layer;
the transfer layer is connected with the isolation layer and transfers the data information in the isolation layer to the virtual layer for processing;
the AI layer is respectively connected with the identification layer, the defense layer, the isolation layer and the transfer layer;
the host is connected to the transfer layer through a virtual machine.
Preferably, the AI layer includes a deep learning convolution layer, a model library and a connection module, the deep learning convolution layer is respectively connected with the model library and the connection module, and the connection module is used for connecting the identification layer, the defense layer, the isolation layer and the transfer layer.
Preferably, the model library is internally provided with an identification model, a defense model, an isolation model and a transfer model.
Preferably, the identification model comprises a terminal characteristic acquisition module, a terminal characteristic identification module, a data information characteristic scanning module and a data information characteristic processing module, wherein the terminal characteristic module is connected with the terminal characteristic identification module, and the terminal characteristic identification module and the data information characteristic scanning module are connected with the data information characteristic processing module.
Preferably, the defense model comprises an identification module, a blocking module and an encapsulation processing module, and the identification module and the blocking module are respectively connected with the encapsulation processing module.
Preferably, the isolation model comprises a second identification module, an isolation module, a classification module, a secondary encapsulation module and an independent output module, the second identification module, the secondary encapsulation module and the isolation module are respectively connected, and the independent output module is connected with the classification module.
Preferably, the transfer model comprises a third identification module, a second blocking module and a transfer module, and the third identification module is respectively connected with the second blocking module and the transfer module.
Preferably, the deep learning convolutional layer trains the recognition model, the defense model, the isolation model and the transfer model through a preset algorithm.
Compared with the prior art, the invention has the beneficial effects that:
1. according to the invention, the identification layer, the defense layer, the isolation layer and the transfer layer are arranged to process and stop dangerous data for multiple times, so that the dangerous data can be effectively prevented from entering the virtual machine and damaging the virtual machine;
2. the model is trained through the deep learning convolutional layer, so that the model is more accurate and perfect, and meanwhile, the model is independently arranged in the AI layer instead of being respectively stored in the corresponding recognition layer, defense layer, isolation layer and transfer layer, so that the damage of dangerous data to the model can be avoided, and the effective defense and treatment cannot be carried out.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "disposed," "sleeved/connected," "connected," and the like are to be construed broadly, e.g., "connected," which may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1-2, the present invention provides a technical solution: a computer network security system based on virtualization technology comprises a virtual machine 2 and a host machine 3, and further comprises a virtual security system 1 for protecting the virtual machine 2 and the host machine 3;
the virtual security system 1 includes: a communication layer 11, an identification layer 12, a defense layer 13, an isolation layer 14, a transfer layer 15, a virtual layer 16 and an AI layer 17;
the communication layer 11 is connected with an external terminal which needs to access the computer system resource;
the identification layer 12 is connected with the communication layer 11 and is used for identifying the external terminal information and the data information sent by the external terminal information;
the defense layer 13 is connected with the identification layer 12, plays a role in isolation and prevents harmful data information from entering a computer system;
the isolation layer 14 is connected with the defense layer 13 and is used for blocking and isolating the data information which passes through the defense layer 13;
a transfer layer 15 connected to the separator 14 for transferring the data information in the separator 14 to the virtual layer 16 for processing;
an AI layer 17 connected to the discrimination layer 12, the defense layer 13, the isolation layer 14 and the transfer layer 15, respectively;
the host 3 is connected to the migration layer 15 through the virtual machine 2.
The AI layer 17 includes a deep learning convolution layer 171, a model library 172, and a connection module 173, the deep learning convolution layer 171 is connected to the model library 172 and the connection module 173, respectively, and the connection module 173 is used to connect the recognition layer 12, the defense layer 13, the isolation layer 14, and the transfer layer 15.
An identification model 1721, a defense model 1722, an isolation model 1723 and a transfer model 1724 are arranged in the model base 172.
The identification model 1721 includes a terminal characteristic obtaining module 17211, a terminal characteristic identifying module 17212, a data information characteristic scanning module 17213, and a data information characteristic processing module 17214, the terminal characteristic obtaining module 17211 is connected to the terminal characteristic identifying module 17212, the terminal characteristic identifying module 17212 and the data information characteristic scanning module 17213 are connected to the data information characteristic processing module 17214, the terminal characteristic obtaining module 17211 obtains external terminal information, the terminal characteristic identifying module 17212 identifies the type of the obtained terminal, the data information characteristic scanning module 17213 scans data information characteristics, and the data information characteristic processing module 17214 analyzes the characteristics of the data information and at the same time marks information such as the terminal and operation data of the access system.
The defense model 1722 includes an identification module 17221, a blocking module 17222, and an encapsulation processing module 17223, and the identification module 17221 and the blocking module 17222 are respectively connected to the encapsulation processing module 17223.
The isolation model 1723 comprises a second identification module 17231, an isolation module 17232, a classification module 17233, a secondary encapsulation module 17234 and an independent output module 17235, wherein the second identification module 17231 is connected with the classification module 17233, the secondary encapsulation module 17234 and the isolation module 17232 respectively, and the independent output module 17235 is connected with the classification module 17233.
Transfer model 1724 includes an identification module three 17241, a blocking module two 17242, and a transfer module 17243, where identification module three 17241 is connected to blocking module two 17242 and transfer module 17243, respectively.
Deep learning convolutional layer 171 trains recognition model 1721, defense model 1722, isolation model 1723 and transfer model 1724 through a preset algorithm.
The working principle is as follows: through the access data of the external terminal input by the communication layer 11, the identification model 1721 in the AI layer 17 is called through the connection module 173, the basic information and the access instruction information of the access terminal are identified, whether the access terminal and the access instruction information are safe or not is judged, and if the information has a safety risk or is attack information, the information is transmitted to the defense layer 13 for processing; the defense layer 13 calls the defense model 1722 to identify the information entering from the identification layer 12, and if the information is attack information, the blocking module 17222 is started to block the information of the identification layer 12 from entering the defense layer 13, and meanwhile, the entering harmful information is encapsulated; the isolation layer 14 identifies information input from the defense layer 13 by calling the isolation model 172, identifies the information through the second identification module 17231 if the information is unsafe, isolates dangerous data and safety data through the isolation module 17232 at the same time, so that the dangerous data cannot be transmitted to the next layer, identifies the packaged dangerous data and the unpacked dangerous data through the classification module 17233, secondarily packages the unpacked dangerous data entering the isolation layer 14 through the secondary packaging module 17234, and inputs the unpacked dangerous data into the transfer layer 15 through the independent output module 17235; the transfer layer 15 calls a transfer model 1724 to process data input from the isolation layer 14, whether the data are dangerous information is identified through an identification module III 17241, if the data are dangerous information, a blocking module II 17242 is started to block the dangerous information from penetrating into the virtual machine 2, meanwhile, the packaged information is transferred into the virtual layer 16 through a transfer module 17243 to be subjected to killing processing, warning information and counterattack information are fed back to the communication layer 11, and the communication layer 11 transfers the information to a terminal which is subjected to attack to warn the terminal and paralysis the terminal; through setting up discernment layer 12, defense layer 13, isolation layer 14 and transfer layer 15, handle data and block many times, can effectually avoid dangerous data to enter into virtual machine 2 in, destroy virtual machine 2.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.