CN113783875A - Fire protection system for network information security and use method thereof - Google Patents

Fire protection system for network information security and use method thereof Download PDF

Info

Publication number
CN113783875A
CN113783875A CN202111065277.9A CN202111065277A CN113783875A CN 113783875 A CN113783875 A CN 113783875A CN 202111065277 A CN202111065277 A CN 202111065277A CN 113783875 A CN113783875 A CN 113783875A
Authority
CN
China
Prior art keywords
module
data
network
network information
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202111065277.9A
Other languages
Chinese (zh)
Inventor
韩瑞雪
王辉
赵秋含
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heilongjiang Xianghui Communication Engineering Co ltd
Original Assignee
Heilongjiang Xianghui Communication Engineering Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heilongjiang Xianghui Communication Engineering Co ltd filed Critical Heilongjiang Xianghui Communication Engineering Co ltd
Priority to CN202111065277.9A priority Critical patent/CN113783875A/en
Publication of CN113783875A publication Critical patent/CN113783875A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a fire prevention system for network information security and a method for using the same, wherein the fire prevention system comprises a central processor module, a server module, an address authentication module, a cloud, a malicious attack detection module, a load balancing module and a control module, wherein the central processor module is connected with the server module, the central processor module is interactively connected with the address authentication module, and the address authentication module is connected with the cloud; when the invention is used, the IP address of the network information data is screened by the address authentication module, when the malicious attack detection module detects that the central processor module is attacked by malicious attacks, the load balancing module controls the plurality of router modules to be opened and closed, so that the pressure of the network data is shared by the central processor module, the control module closes the external network data module and simultaneously starts the internal network data module, thereby avoiding the application layer of the network information system from being maliciously invaded and ensuring the safety of the network information system.

Description

Fire protection system for network information security and use method thereof
Technical Field
The invention relates to the technical field of network information security, in particular to a fire protection system for network information security and a method for using the fire protection system.
Background
The network information security is a comprehensive discipline relating to various disciplines such as computer science, network technology, communication technology, cryptographic technology, information security technology, application mathematics, number theory, information theory and the like, and mainly means that hardware, software and data in a network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and network service is not interrupted;
the traditional fire protection system for network information security usually utilizes a fire protection wall to perform fire protection work, the fire protection wall usually utilizes a packet filtering mode to perform fire protection work, and as the packet filtering technology is a security technology completely based on a network layer, malicious invasion based on an application layer cannot be identified, so that the security of the network information system is influenced.
Disclosure of Invention
The present invention is directed to a fire protection system for network information security and a method for using the same, which solve the above problems.
In order to achieve the purpose, the invention provides the following technical scheme: a fire protection system for network information security comprises a central processor module, a server module, an address authentication module, a cloud, a malicious attack detection module, a load balancing module and a control module, wherein the central processor module is connected with the server module, the central processor module is interactively connected with the address authentication module, the address authentication module is connected with the cloud, the central processor module is connected with the malicious attack detection module, the malicious attack detection module is connected with the load balancing module, and the load balancing module is mutually connected with the control module;
the cloud disk comprises a data processing module, a database module, a data retrieval module and a virtual machine module;
the data processing module is connected with the database module, the database module is in interactive connection with the data retrieval module, and the data retrieval module is connected with the virtual machine module;
the server module is used for storing network information data;
the address authentication module is used for authenticating and comparing the IP address of the information data;
the malicious attack detection module is used for detecting whether the central processor module is attacked by network malicious attacks;
and the load balancing module is used for fully utilizing the network equipment to protect the network information data stored in the server module.
As further preferable in the present technical solution: the address authentication module is interactively connected with a data packaging and dividing module, the data packaging and dividing module is interactively connected with a data receiving and sending module, and the data packaging and dividing module is interactively connected with an external network data module and an internal network data module;
the data packing and dividing module is used for packing the transmitted information data and then dividing the packed data;
the data transceiver module is used for receiving and transmitting network information data;
the external network data module is used for transmitting external network data;
and the intranet data module is used for transmitting intranet data.
As further preferable in the present technical solution: the server module is connected with a data scanning module, and the data scanning module is connected with a storage monitoring module;
the data scanning module is used for carrying out periodic scanning work on the data in the server module;
and the storage monitoring module is used for monitoring the data stored in the server module.
As further preferable in the present technical solution: the storage monitoring module is connected with the control module, and the control module is connected with the alarm module;
and the alarm module is used for giving an alarm and reminding a worker to check.
As further preferable in the present technical solution: the control module is respectively connected with the external network data module and the internal network data module;
and the control module is used for controlling the opening and closing of the outer network data module and the inner network data.
As further preferable in the present technical solution: the load balancing module is connected with the router module, the router module is interactively connected with the intranet data module, the addresser center module is connected with the data receiving module, the data receiving module is connected with a cloud, the cloud is interactively connected with the threat analysis module, the threat analysis module is connected with the virus searching and killing module, the virus searching and killing module is connected with the data transmission module, and the data transmission module is connected with the central processing unit module;
the router module is used for sharing network data pressure and carrying out intranet communication work through the intranet data module;
the threat analysis module is used for analyzing the structure of the virtual machine module after the simulation operation and transmitting the analyzed result to the database module;
and the virus searching and killing module is used for performing virus killing work on the data with threat in the analysis result of the threat analysis module.
A fire prevention method for network information security, comprising the steps of:
s1, the data transceiver module receives and transmits the extranet information data through the extranet data module, receives and transmits the intranet information data through the intranet data module, and packages and divides the data received by the data transceiver module through the data packaging and dividing module;
s2, performing address authentication on the data processed by the data packaging and dividing module through the address authentication module, transmitting the data to the central processor module when the IP address authentication is successful, and transmitting the data to the cloud end through the data receiving module after the IP address authentication is failed;
s3, the cloud end processes the packed and segmented data through the data processing module, compares the processed data through the database module, searches the data in the database module through the data searching module, and simulates the operation of the data through the virtual machine module;
s4, analyzing the running structure of the virtual machine module through the threat analysis module, transmitting the analyzed structure to the database module for storage, performing virus killing on threatening data through the virus searching and killing module, and transmitting the non-threatening data to the central processor module through the data transmission module;
s5, processing the data through the CPU module, and transmitting the data to be stored to the server module for storage;
s6, when the malicious attack detection module detects that the central processor module is maliciously attacked by the network, the load balancing module controls the opening and closing of the router modules, so that the central processor module shares network data pressure, and the control module starts the alarm module to work to remind workers to check;
s7, when the central processing unit module can not block network malicious attack, the control module closes the outer network data module, and simultaneously the control module starts the inner network data module to work, thereby avoiding the data stored in the server module being stolen.
As further preferable in the present technical solution: in S5, the data scanning module scans the data stored in the server module periodically, the storage monitoring module monitors the data stored in the server module, and the control module starts the alarm module to operate when the data detected by the storage monitoring module is abnormal.
Compared with the prior art, the invention has the beneficial effects that: when the invention is used, the IP address of the network information data is screened by the address authentication module, when the malicious attack detection module detects that the central processor module is attacked by malicious attacks, the load balancing module controls the plurality of router modules to be opened and closed, so that the pressure of the network data is shared by the central processor module, the control module closes the external network data module and simultaneously starts the internal network data module, thereby avoiding the application layer of the network information system from being maliciously invaded and ensuring the safety of the network information system.
Drawings
FIG. 1 is a flow chart of the steps of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: a fire protection system for network information security comprises a central processor module, a server module, an address authentication module, a cloud, a malicious attack detection module, a load balancing module and a control module, wherein the central processor module is connected with the server module and is in interactive connection with the address authentication module;
the cloud disk comprises a data processing module, a database module, a data retrieval module and a virtual machine module;
the data processing module is connected with the database module, the database module is in interactive connection with the data retrieval module, and the data retrieval module is connected with the virtual machine module;
the server module is used for storing network information data;
the address authentication module is used for authenticating and comparing the IP address of the information data;
the malicious attack detection module is used for detecting whether the central processing unit module is attacked by network malicious attacks;
and the load balancing module is used for fully utilizing the network equipment to protect the network information data stored in the server module.
In this embodiment, specifically: the address authentication module is interactively connected with a data packaging and dividing module, the data packaging and dividing module is interactively connected with a data receiving and sending module, and the data packaging and dividing module is interactively connected with an outer network data module and an inner network data module;
the data packing and dividing module is used for packing the transmitted information data and then dividing the packed data;
the data transceiver module is used for receiving and transmitting network information data;
the external network data module is used for transmitting external network data;
the intranet data module is used for transmitting intranet data; the network information system can transmit data of the outer network and the inner network through the outer network data module and the inner network data module.
In this embodiment, specifically: the server module is connected with a data scanning module, and the data scanning module is connected with a storage monitoring module;
the data scanning module is used for carrying out periodic scanning work on the data in the server module;
the storage monitoring module is used for monitoring the data stored in the server module; the data scanning module and the storage monitoring module are used for carrying out regular detection work on the data stored in the server module, so that the safety of the data stored in the server module is ensured.
In this embodiment, specifically: the storage monitoring module is connected with the control module, and the control module is connected with the alarm module;
the alarm module is used for giving an alarm and reminding a worker to check; the control module starts the alarm module to work, and the alarm module in work sends out an alarm to remind a worker to check.
In this embodiment, specifically: the control module is respectively connected with the external network data module and the internal network data module;
the control module is used for controlling the opening and closing of the outer network data module and the inner network data; the outer network data module is closed through the control module, and the inner network data module is opened, so that the data stored in the server module is prevented from being stolen.
In this embodiment, specifically: the load balancing module is connected with the router module, the router module is in interactive connection with the intranet data module, the addresser center module is connected with the data receiving module, the data receiving module is connected with the cloud, the cloud is in interactive connection with the threat analysis module, the threat analysis module is connected with the virus searching and killing module, the virus searching and killing module is connected with the data transmission module, and the data transmission module is connected with the central processing unit module;
the router module is used for sharing network data pressure and carrying out intranet communication work through the intranet data module;
the threat analysis module is used for analyzing the structure after the virtual machine module simulates operation and transmitting the analyzed result to the database module;
and the virus searching and killing module is used for performing virus killing work on the data with threat in the analysis result of the threat analysis module.
A fire prevention method for network information security, comprising the steps of:
s1, the data transceiver module receives and transmits the extranet information data through the extranet data module, receives and transmits the intranet information data through the intranet data module, and packages and divides the data received by the data transceiver module through the data packaging and dividing module;
s2, performing address authentication on the data processed by the data packaging and dividing module through the address authentication module, transmitting the data to the central processor module when the IP address authentication is successful, and transmitting the data to the cloud end through the data receiving module after the IP address authentication is failed;
s3, the cloud end processes the packed and segmented data through the data processing module, compares the processed data through the database module, searches the data in the database module through the data searching module, and simulates the operation of the data through the virtual machine module;
s4, analyzing the running structure of the virtual machine module through the threat analysis module, transmitting the analyzed structure to the database module for storage, performing virus killing on threatening data through the virus searching and killing module, and transmitting the non-threatening data to the central processor module through the data transmission module;
s5, processing the data through the CPU module, and transmitting the data to be stored to the server module for storage;
s6, when the malicious attack detection module detects that the central processing unit module is maliciously attacked by the network, the load balancing module controls the router modules to be opened and closed, so that the central processing unit module shares network data pressure, and the control module starts the alarm module to work to remind workers to check
S7, when the central processing unit module can not block network malicious attack, the control module closes the outer network data module, and simultaneously the control module starts the inner network data module to work, thereby avoiding the data stored in the server module being stolen.
In this embodiment, specifically: in S5, the data scanning module scans the data stored in the server module periodically, the storage monitoring module monitors the data stored in the server module, and the control module starts the alarm module to operate when the data detected by the storage monitoring module is abnormal.
Working principle or structural principle: in the using process of the system, a data receiving and sending module receives and sends the external network information data through an external network data module, the internal network information data is received and sent through an internal network data module, the data received by the data receiving and sending module is packaged and segmented through a data packaging and segmenting module, the address authentication work is carried out on the data processed by the data packaging and segmenting module through an address authentication module, when the IP address authentication is successful, the data is transmitted to a central processor module, when the IP address authentication is failed, the data is transmitted to the cloud end through a data receiving module, the cloud end carries out the processing work on the packaged and segmented data through a data processing module, the processed data is compared through a database module, the data in the database module is retrieved through a data retrieval module, and the data is simulated to run through a virtual machine module, analyzing the running structure of the virtual machine module through a threat analysis module, transmitting the analyzed structure to a database module for storage, performing virus killing on threatened data through a virus checking and killing module, transmitting the data without threat to a central processing unit module through a data transmission module, processing the data through a central processing unit module, transmitting the data to be stored to a server module for storage, controlling to open and close a router module through a load balancing module when the malicious attack detection module detects that the central processing unit module is maliciously attacked by a network, thereby sharing network data pressure for the central processing unit module, starting an alarm module through a control module to remind a worker to check, and closing an external network data module through the control module when the central processing unit module cannot block the network maliciously attack, meanwhile, the intranet data module is started to work through the control module, so that data stored in the server module are prevented from being stolen, and the safety of the network information system is improved.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. The utility model provides a fire protection system for network information security, includes central processing unit module, server module, address authentication module, high in the clouds, malicious attack detection module, load balancing module and control module, its characterized in that: the central processor module is connected with the server module, the central processor module is interactively connected with the address authentication module, the address authentication module is connected with the cloud end, the central processor module is connected with the malicious attack detection module, the malicious attack detection module is connected with the load balancing module, and the load balancing module is interactively connected with the control module;
the cloud disk comprises a data processing module, a database module, a data retrieval module and a virtual machine module;
the data processing module is connected with the database module, the database module is in interactive connection with the data retrieval module, and the data retrieval module is connected with the virtual machine module;
the server module is used for storing network information data;
the address authentication module is used for authenticating and comparing the IP address of the information data;
the malicious attack detection module is used for detecting whether the central processor module is attacked by network malicious attacks;
and the load balancing module is used for fully utilizing the network equipment to protect the network information data stored in the server module.
2. The fire protection system for network information security according to claim 1, wherein: the address authentication module is interactively connected with a data packaging and dividing module, the data packaging and dividing module is interactively connected with a data receiving and sending module, and the data packaging and dividing module is interactively connected with an external network data module and an internal network data module;
the data packing and dividing module is used for packing the transmitted information data and then dividing the packed data;
the data transceiver module is used for receiving and transmitting network information data;
the external network data module is used for transmitting external network data;
and the intranet data module is used for transmitting intranet data.
3. The fire protection system for network information security according to claim 1, wherein: the server module is connected with a data scanning module, and the data scanning module is connected with a storage monitoring module;
the data scanning module is used for carrying out periodic scanning work on the data in the server module;
and the storage monitoring module is used for monitoring the data stored in the server module.
4. The fire protection system for network information security according to claim 1, wherein: the storage monitoring module is connected with the control module, and the control module is connected with the alarm module;
and the alarm module is used for giving an alarm and reminding a worker to check.
5. The fire protection system for network information security according to claim 1, wherein: the control module is respectively connected with the external network data module and the internal network data module;
and the control module is used for controlling the opening and closing of the outer network data module and the inner network data.
6. The fire protection system for network information security according to claim 1, wherein: the load balancing module is connected with the router module, the router module is interactively connected with the intranet data module, the addresser center module is connected with the data receiving module, the data receiving module is connected with a cloud, the cloud is interactively connected with the threat analysis module, the threat analysis module is connected with the virus searching and killing module, the virus searching and killing module is connected with the data transmission module, and the data transmission module is connected with the central processing unit module;
the router module is used for sharing network data pressure and carrying out intranet communication work through the intranet data module;
the threat analysis module is used for analyzing the structure of the virtual machine module after the simulation operation and transmitting the analyzed result to the database module;
and the virus searching and killing module is used for performing virus killing work on the data with threat in the analysis result of the threat analysis module.
7. A fire prevention method for network information security is characterized by comprising the following steps:
s1, the data transceiver module receives and transmits the extranet information data through the extranet data module, receives and transmits the intranet information data through the intranet data module, and packages and divides the data received by the data transceiver module through the data packaging and dividing module;
s2, performing address authentication on the data processed by the data packaging and dividing module through the address authentication module, transmitting the data to the central processor module when the IP address authentication is successful, and transmitting the data to the cloud end through the data receiving module after the IP address authentication is failed;
s3, the cloud end processes the packed and segmented data through the data processing module, compares the processed data through the database module, searches the data in the database module through the data searching module, and simulates the operation of the data through the virtual machine module;
s4, analyzing the running structure of the virtual machine module through the threat analysis module, transmitting the analyzed structure to the database module for storage, performing virus killing on threatening data through the virus searching and killing module, and transmitting the non-threatening data to the central processor module through the data transmission module;
s5, processing the data through the CPU module, and transmitting the data to be stored to the server module for storage;
s6, when the malicious attack detection module detects that the central processor module is maliciously attacked by the network, the load balancing module controls the opening and closing of the router modules, so that the central processor module shares network data pressure, and the control module starts the alarm module to work to remind workers to check;
s7, when the central processing unit module can not block network malicious attack, the control module closes the outer network data module, and simultaneously the control module starts the inner network data module to work, thereby avoiding the data stored in the server module being stolen.
8. The fire protection system for network information security according to claim 7, wherein: in S5, the data scanning module scans the data stored in the server module periodically, the storage monitoring module monitors the data stored in the server module, and the control module starts the alarm module to operate when the data detected by the storage monitoring module is abnormal.
CN202111065277.9A 2021-09-12 2021-09-12 Fire protection system for network information security and use method thereof Withdrawn CN113783875A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111065277.9A CN113783875A (en) 2021-09-12 2021-09-12 Fire protection system for network information security and use method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111065277.9A CN113783875A (en) 2021-09-12 2021-09-12 Fire protection system for network information security and use method thereof

Publications (1)

Publication Number Publication Date
CN113783875A true CN113783875A (en) 2021-12-10

Family

ID=78842741

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111065277.9A Withdrawn CN113783875A (en) 2021-09-12 2021-09-12 Fire protection system for network information security and use method thereof

Country Status (1)

Country Link
CN (1) CN113783875A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114945008A (en) * 2022-05-13 2022-08-26 恒启电子(苏州)有限公司 Switching system and method for rail transit multilayer management type switch

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114945008A (en) * 2022-05-13 2022-08-26 恒启电子(苏州)有限公司 Switching system and method for rail transit multilayer management type switch

Similar Documents

Publication Publication Date Title
US11212299B2 (en) System and method for monitoring security attack chains
EP2106085B1 (en) System and method for securing a network from zero-day vulnerability exploits
CN106796639B (en) Data mining algorithms for trusted execution environments
Sandhu et al. A survey of intrusion detection & prevention techniques
WO2016133662A1 (en) Systems and methods for determining trustworthiness of the signaling and data exchange between network systems
CN108494672A (en) A kind of industrial communication gateway, industrial data security isolation system and method
Igbe et al. Deterministic dendritic cell algorithm application to smart grid cyber-attack detection
CN113596028B (en) Method and device for handling network abnormal behaviors
CN105227559A (en) The information security management framework that a kind of automatic detection HTTP actively attacks
CN111786986B (en) Numerical control system network intrusion prevention system and method
Suma Automatic spotting of sceptical activity with visualization using elastic cluster for network traffic in educational campus
CN113395694A (en) Intelligent security defense system and defense method based on 5G and local area base station
CN114826880A (en) Method and system for online monitoring of data safe operation
CN113783875A (en) Fire protection system for network information security and use method thereof
CN117478433B (en) Network and information security dynamic early warning system
US20200213355A1 (en) Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory
Leghris et al. Improved security intrusion detection using intelligent techniques
CN115694928A (en) Cloud honeypot of whole-ship computing environment, attack event perception and behavior analysis method
CN106878338B (en) Telecontrol equipment gateway firewall integrated machine system
CN113055362B (en) Method, device, equipment and storage medium for preventing abnormal behaviors
Chatterjee An Efficient Intrusion Detection System on Various Datasets Using Machine Learning Techniques
CN113542186A (en) Monitoring system based on network security and early warning method thereof
CN114006713A (en) Trust architecture for node diversity
WO2019118425A1 (en) Secure transmission module
CN117609990B (en) Self-adaptive safety protection method and device based on scene association analysis engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20211210

WW01 Invention patent application withdrawn after publication