CN113596006A - Network boundary safety defense equipment - Google Patents
Network boundary safety defense equipment Download PDFInfo
- Publication number
- CN113596006A CN113596006A CN202110834338.7A CN202110834338A CN113596006A CN 113596006 A CN113596006 A CN 113596006A CN 202110834338 A CN202110834338 A CN 202110834338A CN 113596006 A CN113596006 A CN 113596006A
- Authority
- CN
- China
- Prior art keywords
- data
- risk
- security
- primary
- detection module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 17
- 238000001514 detection method Methods 0.000 claims abstract description 93
- 231100000279 safety data Toxicity 0.000 claims abstract description 19
- 230000002265 prevention Effects 0.000 claims abstract description 13
- 238000007405 data analysis Methods 0.000 claims abstract description 7
- 241000700605 Viruses Species 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 11
- 238000012545 processing Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 description 6
- 230000007704 transition Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses network boundary security defense equipment, and relates to the technical field of network security defense. The invention comprises a data analysis system and a data intrusion prevention system; the data analysis system comprises a data security classification module, a primary security detection module, a middle-level security detection module and a high-level security detection module; the data intrusion prevention system includes a primary risk processor, a middle risk processor, and a high risk processor. The network data detection is classified into primary risk data, intermediate risk data and high-level risk data through a classification processor, and the primary risk data, the intermediate risk data and the high-level risk data are correspondingly transmitted to a primary safety detection module, an intermediate safety detection module and a high-level safety detection module; and the detected data are correspondingly transmitted to the primary risk processor, the intermediate risk processor and the high risk processor, and the processed safety data are transmitted to the server side, so that classified safety detection and classified processing of the network data are realized, and the efficiency of detecting and processing the network data is improved.
Description
Technical Field
The invention belongs to the technical field of network security defense, and particularly relates to network boundary security defense equipment.
Background
With the rapid development of computer internet technology, more and more security problems are gradually appearing in front of people. Computer networks also become targets of hackers, trojans or virus attacks, and problems of data loss, information leakage and the like occur from time to time, so that troubles are brought to network companies and users. Therefore, the network security protection problem has become the most important problem in the internet era, and is receiving attention from various aspects. The existing network security defense system has slow development speed, and some key technologies can not be solved all the time, so that the security protection becomes a nominal one. Certain network security defense systems with tighter protection can cause the access process to become abnormally difficult.
In the process of network data transmission, the detection and processing of the security of the transmitted network data are usually processed by adopting a uniform defense processor; the targeted detection and processor cannot be adopted for network data with different security, resulting in poor efficiency and effect of network data processing.
Disclosure of Invention
The invention aims to provide network boundary security defense equipment, which is used for acquiring security data after network data subjected to classification detection is processed by a primary risk processor, a middle-level risk processor and a high-level risk processor correspondingly, so that classification security detection and dangerous data classification processing of the network data are realized; the problems of low efficiency and poor effect of the existing network data security detection are solved.
In order to solve the technical problems, the invention is realized by the following technical scheme:
the invention is a network boundary security defense device, comprising: a data analysis system and a data intrusion prevention system; the data analysis system comprises a data security classification module, a primary security detection module, a middle security detection module and a high security detection module; the data security classification module is used for classifying the network data sent by the client to form primary risk data, intermediate risk data and high risk data; the data security classification module correspondingly transmits the primary risk data, the intermediate risk data and the high-level risk data to the primary security detection module, the intermediate security detection module and the high-level security detection module respectively; when the primary security detection module detects that the network data is primary risk data, the network data is transmitted to a primary risk processor; when the intermediate security detection module detects that the network data is intermediate risk data, the network data is transmitted to an intermediate risk processor; when the advanced security detection data detects that the network data is advanced risk data, transmitting the network data to an advanced risk processor; the system comprises a data intrusion prevention system, a data intrusion prevention system and a data intrusion prevention system, wherein the data intrusion prevention system comprises a primary risk processor, a middle risk processor and a high risk processor; the primary risk processor processes the transmitted primary risk data to obtain safety data and then transmits the safety data to the server side; the intermediate risk processor processes the transmitted intermediate risk data to obtain safety data and then transmits the safety data to the server side; and the advanced risk processor processes the transferred advanced risk data to obtain safety data and then transfers the safety data to the server side.
As a preferred technical scheme, after the primary security detection module detects that the network data is the security data, the security data is transmitted to the server side; and after the primary security detection module detects that the network data is not the security data and the primary risk data, the network data is transmitted to the intermediate security detection module.
As a preferred technical scheme, after the intermediate security detection module detects that the network data is the security data, the security data is transmitted to the server side; and when the intermediate security detection module detects that the network data is not intermediate risk data and security data, the network data is transmitted to the intermediate detection module.
As a preferred technical solution, after the advanced security detection module detects that the network data is the security data, the advanced security detection module transmits the security data to the server.
As a preferred technical solution, when the processed data is still the primary risk data, the primary risk data is transferred to the intermediate risk processor and processed as the intermediate risk data by the intermediate risk processor.
As a preferred technical solution, when the intermediate risk data is still the intermediate risk data after being processed by the intermediate risk processor, the intermediate risk data is transferred to the high risk processor to be processed by the high risk processor as the high risk data.
As a preferred technical solution, when the high-level risk data is still high-level risk data after being processed by the high-level risk processor, the network data is transmitted back to the client, and a dangerous data alarm is sent out.
As a preferred technical solution, the primary security detection module is configured to detect a primary virus of network data; the primary risk processor is used for clearing primary viruses.
As a preferred technical solution, the intermediate security detection module is configured to detect an intermediate virus in network data; the primary risk processor is used for removing the intermediate-level virus.
As a preferred technical solution, the advanced security detection module is configured to detect an advanced virus in network data; the high-level risk processor is used for clearing high-level viruses.
The invention has the following beneficial effects:
1. the network data detection is classified into primary risk data, intermediate risk data and high-level risk data through a classification processor, and the primary risk data, the intermediate risk data and the high-level risk data are correspondingly transmitted to a primary safety detection module, an intermediate safety detection module and a high-level safety detection module; and the detected data are correspondingly transmitted to the primary risk processor, the intermediate risk processor and the high risk processor, and the processed safety data are transmitted to the server side, so that classified safety detection and classified processing of the network data are realized, and the efficiency of detecting and processing the network data is improved.
2. According to the primary security detection module and the intermediate security detection module, when the corresponding security level cannot be detected, upward transition detection of network data is realized; and the accuracy of network data security risk category detection is ensured, so that the detection accuracy and the detection effect are improved.
3. When the network data is still not safe data after being processed by the primary risk processor and the intermediate risk processor, the method realizes successive transition; the safety of the processed network data is ensured, so that the network data processing effect is improved, and the network safety is improved.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a network boundary security defense device according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
referring to fig. 1, the present invention is a network boundary security defense device, including: a data analysis system and a data intrusion prevention system; the data analysis system comprises a data security classification module, a primary security detection module, a middle-level security detection module and a high-level security detection module; the data security classification module is used for classifying the network data sent by the client to form primary risk data, intermediate risk data and high risk data.
The data security classification module correspondingly transmits the primary risk data, the intermediate risk data and the high-level risk data to the primary security detection module, the intermediate security detection module and the high-level security detection module respectively; when the primary security detection module detects that the network data is primary risk data, the network data is transmitted to a primary risk processor; when the intermediate security detection module detects that the network data is intermediate risk data, the network data is transmitted to an intermediate risk processor; and when the advanced safety detection data detects that the network data is advanced risk data, transmitting the network data to an advanced risk processor.
The data intrusion prevention system comprises a primary risk processor, a middle risk processor and a high risk processor; the primary risk processor processes the transmitted primary risk data to obtain safety data and transmits the safety data to the server side; the intermediate risk processor processes the transmitted intermediate risk data to obtain safety data and then transmits the safety data to the server side; and the high-level risk processor processes the transmitted high-level risk data to obtain the security data and transmits the security data to the server side.
In addition, the primary security detection module is used for detecting primary viruses of the network data; a primary risk processor for clearance of primary viruses; the intermediate security detection module is used for detecting intermediate viruses in the network data; a primary risk processor for the removal of a secondary virus; the advanced security detection module is used for detecting advanced viruses in the network data; and the high-level risk processor is used for clearing high-level viruses.
When the system is actually used, the network data is detected and classified into primary risk data, intermediate risk data and high-level risk data through the classification processor, and the primary risk data, the intermediate risk data and the high-level risk data are correspondingly transmitted to the primary safety detection module, the intermediate safety detection module and the high-level safety detection module; and the detected data are correspondingly transmitted to the primary risk processor, the intermediate risk processor and the high risk processor, and the processed safety data are transmitted to the server side, so that classified safety detection and classified processing of the network data are realized, and the efficiency of detecting and processing the network data is improved.
Example two:
referring to fig. 1, in view of the technology of retaining all technical features of an embodiment, after a primary security detection module detects network data as security data, the primary security detection module transmits the security data to a server; and after the primary security detection module detects that the network data is not the security data and the primary risk data, the network data is transmitted to the intermediate security detection module.
Similarly, after the intermediate-level security detection module detects that the network data is the security data, the security data is transmitted to the server side; when the intermediate security detection module detects that the network data is not intermediate risk data and security data, the network data is transmitted to the high-level detection module; meanwhile, after the advanced security detection module detects that the network data is the security data, the security data is transmitted to the server side.
When the embodiment is actually used, the primary security detection module and the intermediate security detection module realize upward transition detection of network data when the corresponding security level cannot be detected; and the accuracy of network data security risk category detection is ensured, so that the detection accuracy and the detection effect are improved.
Example three:
referring to fig. 1, on the basis of keeping all the technical features of the first and second embodiments, when the processed data is still the primary risk data, the primary risk data is transmitted to the intermediate risk processor to be processed by the intermediate risk processor as the intermediate risk data.
Meanwhile, when the intermediate risk data are still the intermediate risk data after being processed by the intermediate risk processor, the intermediate risk data are transmitted to the high-level risk processor to be used as the high-level risk data to be processed by the high-level risk processor. And when the high-level risk data is still high-level risk data after being processed by the high-level risk processor, returning the network data to the client side, and sending out a dangerous data alarm.
When the embodiment is actually used, when the network data is still not safe data after being processed by the primary risk processor and the intermediate risk processor, successive transition is realized; the safety of the processed network data is ensured, so that the network data processing effect is improved, and the network safety is improved.
It should be noted that, in the above system embodiment, each included unit is only divided according to functional logic, but is not limited to the above division as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
In addition, it is understood by those skilled in the art that all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing associated hardware, and the corresponding program may be stored in a computer-readable storage medium.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (10)
1. A network boundary security defense device, comprising:
the data analysis system comprises a data security classification module, a primary security detection module, a middle security detection module and a high security detection module; the data security classification module is used for classifying the network data sent by the client to form primary risk data, intermediate risk data and high risk data;
the data security classification module correspondingly transmits the primary risk data, the intermediate risk data and the high-level risk data to the primary security detection module, the intermediate security detection module and the high-level security detection module respectively; when the primary security detection module detects that the network data is primary risk data, the network data is transmitted to a primary risk processor; when the intermediate security detection module detects that the network data is intermediate risk data, the network data is transmitted to an intermediate risk processor; when the advanced security detection data detects that the network data is advanced risk data, transmitting the network data to an advanced risk processor;
the system comprises a data intrusion prevention system, a data intrusion prevention system and a data intrusion prevention system, wherein the data intrusion prevention system comprises a primary risk processor, a middle risk processor and a high risk processor; the primary risk processor processes the transmitted primary risk data to obtain safety data and then transmits the safety data to the server side; the intermediate risk processor processes the transmitted intermediate risk data to obtain safety data and then transmits the safety data to the server side; and the advanced risk processor processes the transferred advanced risk data to obtain safety data and then transfers the safety data to the server side.
2. The device for defending network boundary security according to claim 1, wherein the primary security detection module transfers the security data to the server side after detecting the network data as the security data; and after the primary security detection module detects that the network data is not the security data and the primary risk data, the network data is transmitted to the intermediate security detection module.
3. The device for defending network boundary security according to claim 2, wherein the intermediate security detection module transfers the security data to the server side after detecting the network data as the security data; and when the intermediate security detection module detects that the network data is not intermediate risk data and security data, the network data is transmitted to the intermediate detection module.
4. The apparatus of claim 3, wherein the advanced security detection module detects the network data as the security data and then transmits the security data to the server.
5. The cyber boundary defense apparatus according to claim 4, wherein the cyber boundary defense apparatus transmits the primary risk data to the intermediate risk processor as the intermediate risk data when the processed data is still the primary risk data.
6. The network boundary security defense apparatus of claim 5, wherein the intermediate risk data is transferred to the high-level risk processor and processed as the high-level risk data by the high-level risk processor when the intermediate risk data is still processed by the intermediate-level risk processor.
7. The apparatus of claim 6, wherein the high-risk processor returns the network data to the client and issues a dangerous data alarm when the network data is still high-risk data after being processed by the high-risk processor.
8. The apparatus of claim 7, wherein the primary security detection module is configured to detect a primary virus of the network data; the primary risk processor is used for clearing primary viruses.
9. The apparatus of claim 8, wherein the intermediate security detection module is configured to detect an intermediate virus in the network data; the primary risk processor is used for removing the intermediate-level virus.
10. The apparatus of claim 9, wherein the advanced security detection module is configured to detect advanced viruses in the network data; the high-level risk processor is used for clearing high-level viruses.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110834338.7A CN113596006A (en) | 2021-07-22 | 2021-07-22 | Network boundary safety defense equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110834338.7A CN113596006A (en) | 2021-07-22 | 2021-07-22 | Network boundary safety defense equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113596006A true CN113596006A (en) | 2021-11-02 |
Family
ID=78249485
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110834338.7A Pending CN113596006A (en) | 2021-07-22 | 2021-07-22 | Network boundary safety defense equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113596006A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050144480A1 (en) * | 2003-12-29 | 2005-06-30 | Young Tae Kim | Method of risk analysis in an automatic intrusion response system |
CN107330579A (en) * | 2017-05-26 | 2017-11-07 | 陈曦 | A kind of HSE risk stratifications managing and control system |
CN107733849A (en) * | 2017-08-21 | 2018-02-23 | 广州金山安全管理系统技术有限公司 | Data Detection treating method and apparatus |
CN110730175A (en) * | 2019-10-16 | 2020-01-24 | 杭州安恒信息技术股份有限公司 | Botnet detection method and detection system based on threat information |
CN111160696A (en) * | 2019-11-21 | 2020-05-15 | 国政通科技有限公司 | Big data based detected person grading method |
CN111445167A (en) * | 2020-04-21 | 2020-07-24 | 河南楠嘉科技有限公司 | Enterprise dual prevention mechanism management system based on Internet + mode |
CN111581636A (en) * | 2020-03-26 | 2020-08-25 | 大连交通大学 | Network security monitoring equipment |
-
2021
- 2021-07-22 CN CN202110834338.7A patent/CN113596006A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050144480A1 (en) * | 2003-12-29 | 2005-06-30 | Young Tae Kim | Method of risk analysis in an automatic intrusion response system |
CN107330579A (en) * | 2017-05-26 | 2017-11-07 | 陈曦 | A kind of HSE risk stratifications managing and control system |
CN107733849A (en) * | 2017-08-21 | 2018-02-23 | 广州金山安全管理系统技术有限公司 | Data Detection treating method and apparatus |
CN110730175A (en) * | 2019-10-16 | 2020-01-24 | 杭州安恒信息技术股份有限公司 | Botnet detection method and detection system based on threat information |
CN111160696A (en) * | 2019-11-21 | 2020-05-15 | 国政通科技有限公司 | Big data based detected person grading method |
CN111581636A (en) * | 2020-03-26 | 2020-08-25 | 大连交通大学 | Network security monitoring equipment |
CN111445167A (en) * | 2020-04-21 | 2020-07-24 | 河南楠嘉科技有限公司 | Enterprise dual prevention mechanism management system based on Internet + mode |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109962891B (en) | Method, device and equipment for monitoring cloud security and computer storage medium | |
KR101388090B1 (en) | Apparatus for detecting cyber attack based on analysis of event and method thereof | |
US10721245B2 (en) | Method and device for automatically verifying security event | |
US10666680B2 (en) | Service overload attack protection based on selective packet transmission | |
Wang et al. | An exhaustive research on the application of intrusion detection technology in computer network security in sensor networks | |
Anuar et al. | An investigation and survey of response options for Intrusion Response Systems (IRSs) | |
CN110598404A (en) | Security risk monitoring method, monitoring device, server and storage medium | |
CN106850647B (en) | Malicious domain name detection algorithm based on DNS request period | |
CN109376537B (en) | Asset scoring method and system based on multi-factor fusion | |
CN104135474A (en) | Network anomaly behavior detection method based on out-degree and in-degree of host | |
CN112839017A (en) | Network attack detection method and device, equipment and storage medium thereof | |
JP2015222471A (en) | Malicious communication pattern detecting device, malicious communication pattern detecting method, and malicious communication pattern detecting program | |
CN111556473A (en) | Abnormal access behavior detection method and device | |
CN112600828B (en) | Attack detection and protection method and device for power control system based on data message | |
Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
CN110213301B (en) | Method, server and system for transferring network attack plane | |
CN113596006A (en) | Network boundary safety defense equipment | |
CN109729084B (en) | Network security event detection method based on block chain technology | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
CN111083704A (en) | 5G network security defense system | |
EP3484122A1 (en) | Malicious relay and jump-system detection using behavioral indicators of actors | |
Denysiuk et al. | Blockchain-based Deep Learning Algorithm for Detecting Malware. | |
US10931707B2 (en) | System and method for automatic forensic investigation | |
CN112887288B (en) | Internet-based E-commerce platform intrusion detection front-end computer scanning system | |
CN117648689B (en) | Automatic response method for industrial control host safety event based on artificial intelligence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211102 |