CN114024769A - Network flow safety control system - Google Patents
Network flow safety control system Download PDFInfo
- Publication number
- CN114024769A CN114024769A CN202111485829.1A CN202111485829A CN114024769A CN 114024769 A CN114024769 A CN 114024769A CN 202111485829 A CN202111485829 A CN 202111485829A CN 114024769 A CN114024769 A CN 114024769A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- module
- flow
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 claims abstract description 89
- 230000005540 biological transmission Effects 0.000 claims abstract description 56
- 230000002159 abnormal effect Effects 0.000 claims abstract description 43
- 238000013523 data management Methods 0.000 claims abstract description 24
- 238000013528 artificial neural network Methods 0.000 claims description 11
- 238000013499 data model Methods 0.000 claims description 10
- 239000000284 extract Substances 0.000 claims description 8
- 241000700605 Viruses Species 0.000 claims description 6
- 238000005206 flow analysis Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000006698 induction Effects 0.000 claims description 3
- 238000013480 data collection Methods 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 11
- 238000011217 control strategy Methods 0.000 abstract description 3
- 238000012806 monitoring device Methods 0.000 description 6
- 210000002569 neuron Anatomy 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a network traffic safety control system, including: the network traffic monitoring system comprises a network data traffic capturing module, a router, a firewall, a cloud server, a network traffic monitoring module, a network traffic database and a network traffic data management module, wherein the network data traffic capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network traffic monitoring module, the network traffic database and the network traffic data management module. According to the method and the device, the network traffic data are monitored, the abnormal data section is identified, and the network security access control of the traffic transmission rate is reasonably limited, so that the access control strategy logic is optimized, and the resource utilization rate is improved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a network traffic security control system.
Background
Currently, because the actual network traffic is greatly different from the theoretical network traffic that can be borne by the designed network architecture, the access control logic is unreasonable, and resource utilization and network security access control are not facilitated.
Therefore, how to implement network security access control based on actual network traffic and optimize access control policy logic becomes a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of the above problems, the present disclosure provides a network traffic safety control system that overcomes or at least partially solves the above problems, and the technical solution is as follows:
a network traffic security control system, comprising: the system comprises a network data flow capturing module, a router, a firewall, a cloud server, a network flow monitoring module, a network flow database and a network flow data management module, wherein the network data flow capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network flow monitoring module, the network flow database and the network flow data management module;
the network data flow capturing module collects a network flow data packet of monitoring equipment and transmits the network flow data packet to the cloud server through the router and the firewall;
the network traffic monitoring module intercepts the network traffic data in the cloud server according to a preset data segment length and/or a preset time period to obtain a plurality of target data segments;
the network traffic monitoring module extracts preset standard data segments in the network traffic database through the cloud server, matches each target data segment with the preset standard data segment, determines whether each target data segment is an abnormal data segment, triggers the network traffic data management module to determine whether the traffic transmission rate of the monitoring equipment exceeds a preset rate limit range or not under the condition that any target data segment is an abnormal data segment, and controls the traffic transmission rate of the monitoring equipment to be limited within the preset rate limit range if the traffic transmission rate exceeds the preset rate limit range.
Optionally, the network data traffic capturing module includes a traffic data collecting module, a data traffic extracting module and a data traffic summarizing and sorting module,
the flow data acquisition module is used for acquiring a network flow data packet of the monitoring equipment by using a neural network;
the data traffic extraction module is used for extracting the data characteristics of the network traffic data packet by using the neural network;
and the data traffic induction and arrangement module is used for determining the comparison type of the network traffic data packet according to the data characteristics, and constructing a first transmission channel according to the comparison type through the router to transmit the network traffic data packet to the cloud server through the firewall.
Optionally, the network data traffic capturing module further includes: the data information is fed back to the transmission module,
and the data information feedback transmission module is used for transmitting the network traffic data packet with the determined comparison type to the network traffic database for backup.
Optionally, the network traffic monitoring module includes: a segmented flow data monitoring module and/or a time-sharing flow data monitoring module and a network flow data comparison module,
the segmented traffic data monitoring module is used for intercepting the network traffic data in the cloud server according to the length of a preset data segment to obtain a plurality of first target data segments;
the time-sharing traffic data monitoring module is used for intercepting the network traffic data in the cloud server according to a preset time period to obtain a plurality of second target data segments;
the network traffic data comparison module is used for extracting a preset standard data segment in the network traffic database through the cloud server, matching the first target data segment and/or the second target data segment with the preset standard data segment, and determining whether the first target data segment and/or the second target data segment is an abnormal data segment.
Optionally, the network traffic data management module includes: a network flow rate limiting control module,
and the network flow rate limit control module is used for determining whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range or not under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment is an abnormal data segment, and controlling the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range.
Optionally, the network traffic data management module further includes: the flow feedback tracking module, the network flow monitoring module still includes: a flow rate abnormity prompting module for prompting the abnormal flow rate,
the flow feedback tracking module is used for tracking the data source of the monitoring equipment under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment are/is an abnormal data segment, and feeding the tracked data source back to the flow abnormality prompting module;
and the flow abnormity prompting module is used for generating flow abnormity prompting information according to the tracked data source.
Optionally, the network traffic database includes: a network flow data backup module and a flow analysis module,
the segmented traffic data monitoring module is further configured to construct a one-to-one corresponding second transmission channel for each first target data segment, and transmit the first target data segment to the network traffic data backup module through the second transmission channel;
the time-sharing traffic data monitoring module is further configured to construct a one-to-one corresponding third transmission channel for each second target data segment, and transmit the second target data segment to the network traffic data backup module through the third transmission channel;
the network flow data backup module is used for constructing a network flow data model based on the historical data segment;
and the flow analysis module is used for inputting the abnormal data segment into the network flow data model for analysis to obtain abnormal flow data information output by the network flow data model.
Optionally, the network traffic database further includes: a network data encryption module for encrypting the network data,
and the network data encryption module is used for encrypting the network flow data packet transmitted by the monitoring equipment.
Optionally, the network traffic database further includes: a network data virus checking and killing module,
and the network data virus searching and killing module is used for searching and killing the network flow data packet.
Optionally, the preset limiting rate range is stored in the network traffic data backup module.
By means of the technical scheme, the network flow safety control system provided by the disclosure comprises: the network traffic monitoring system comprises a network data traffic capturing module, a router, a firewall, a cloud server, a network traffic monitoring module, a network traffic database and a network traffic data management module, wherein the network data traffic capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network traffic monitoring module, the network traffic database and the network traffic data management module. The network data flow capturing module collects network flow data packets of the monitoring equipment and transmits the network flow data packets to the cloud server through the router and the firewall. And the network traffic monitoring module intercepts network traffic data in the cloud server according to the preset data segment length and/or the preset time period to obtain a plurality of target data segments. The network flow monitoring module extracts preset standard data segments in a network flow database through the cloud server, matches each target data segment with the preset standard data segments, determines whether each target data segment is an abnormal data segment, triggers the network flow data management module to determine whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range under the condition that any target data segment is an abnormal data segment, and controls the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range. According to the method and the device, the network traffic data are monitored, the abnormal data section is identified, and the network security access control of the traffic transmission rate is reasonably limited, so that the access control strategy logic is optimized, and the resource utilization rate is improved.
The foregoing description is only an overview of the technical solutions of the present disclosure, and the embodiments of the present disclosure are described below in order to make the technical means of the present disclosure more clearly understood and to make the above and other objects, features, and advantages of the present disclosure more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the disclosure. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a schematic structural composition diagram of a network traffic safety control system provided in an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, a schematic structural composition diagram of a network traffic safety control system provided in the embodiment of the present disclosure may include: the system comprises a network data flow capturing module, a router, a firewall, a cloud server, a network flow monitoring module, a network flow database and a network flow data management module.
The network data flow capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network flow monitoring module, the network flow database and the network flow data management module.
The network data flow capturing module collects network flow data packets of the monitoring equipment and transmits the network flow data packets to the cloud server through the router and the firewall.
Specifically, the network data traffic capturing module can collect a network traffic data packet through a plurality of neurons of the neural network, filter the network traffic data packet, and extract data characteristics of the network traffic data packet, so that the network traffic data packet is classified according to comparison types, and the network traffic data packet can be transmitted to the cloud server through the router. The router constructs a data transmission channel for the network traffic data packet, so that the network traffic data packet can be accurately transmitted to the cloud server. The firewall is used for providing secure network protection for the cloud server.
And the network traffic monitoring module intercepts network traffic data in the cloud server according to the preset data segment length and/or the preset time period to obtain a plurality of target data segments.
The network flow monitoring module extracts preset standard data segments in a network flow database through the cloud server, matches each target data segment with the preset standard data segments, determines whether each target data segment is an abnormal data segment, triggers the network flow data management module to determine whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range under the condition that any target data segment is an abnormal data segment, and controls the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range.
The network traffic monitoring module can construct data transmission channels for each target data segment one by one, and transmit the target data segment to the network traffic database. The network traffic monitoring module can feed the abnormal data segment back to the cloud server under the condition that the abnormal data segment is determined, so that the network traffic data management module is triggered to control the transmission rate of the router through the cloud server, and the traffic transmission rate of the monitoring equipment is limited within a preset rate limit range.
Optionally, the network data traffic capturing module includes a traffic data collecting module, a data traffic extracting module, and a data traffic summarizing and sorting module.
And the flow data acquisition module is used for acquiring the network flow data packet of the monitoring equipment by utilizing the neural network.
Specifically, the traffic data acquisition module may acquire a network traffic data packet of the monitoring device by using a plurality of neurons of the neural network, and filter the network traffic data packet to remove interference.
And the data traffic extraction module is used for extracting the data characteristics of the network traffic data packet by using the neural network.
Specifically, the data traffic extraction module may extract data features of the network traffic data packet by using a plurality of neurons of the neural network, and classify the data features.
And the data flow induction and arrangement module is used for determining the comparison type of the network flow data packet according to the data characteristics, and constructing a first transmission channel according to the comparison type through the router to transmit the network flow data packet to the cloud server through the firewall.
Specifically, the data traffic summarization module may summarize the data traffic into different comparison types according to the time period, the fluctuation segment, and the interception segment in the data characteristics.
Optionally, the network data traffic capturing module further includes: and a data information feedback transmission module.
And the data information feedback transmission module is used for transmitting the network flow data packet with the determined comparison type to a network flow database for backup.
Optionally, the network traffic monitoring module includes: the system comprises a segmented flow data monitoring module and/or a time-sharing flow data monitoring module and a network flow data comparison module.
And the segmented traffic data monitoring module is used for intercepting the network traffic data in the cloud server according to the length of the preset data segment to obtain a plurality of first target data segments.
And the time-sharing flow data monitoring module is used for intercepting the network flow data in the cloud server according to a preset time period to obtain a plurality of second target data segments.
And the network flow data comparison module is used for extracting a preset standard data segment in the network flow database through the cloud server, matching the first target data segment and/or the second target data segment with the preset standard data segment, and determining whether the first target data segment and/or the second target data segment is an abnormal data segment.
Specifically, the present disclosure may preset a plurality of standard data segments carrying the identifier. And the network flow data comparison module matches the target data segment with each standard data segment and determines the target data segment which is not matched as an abnormal data segment. The network traffic data comparison module can feed back the abnormal data segment to the cloud server. The cloud server adds a specific abnormal identifier to the collected abnormal data segment, and when the current abnormal data segment is matched with the specific abnormal identifier, the specific abnormal identifier can be provided for operation and maintenance personnel to refer and make corresponding treatment.
Optionally, the network traffic data management module includes: and a network flow rate limit control module.
And the network flow rate limit control module is used for determining whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range or not under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment is an abnormal data segment, and controlling the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range.
Specifically, the network traffic speed limit control module may determine an upper limit and a lower limit of a traffic transmission rate of the monitoring device through the router, compare the upper limit and the lower limit of the traffic transmission rate of the monitoring device with an upper limit and a lower limit of a preset rate limit range, and control the transmission rate of the router through the cloud server if the upper limit and the lower limit of the preset rate limit range are exceeded, so as to limit the traffic transmission rate of the monitoring device within the preset rate limit range.
Optionally, the preset limiting rate range is stored in the network traffic data backup module.
The network flow rate limit control module can extract a preset rate limit range from the network flow data backup module through the cloud server.
Optionally, the network traffic data management module further includes: the flow feedback tracking module and the network flow monitoring module further comprise: and a flow abnormity prompting module.
And the flow feedback tracking module is used for tracking the data source of the monitoring equipment under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment are/is an abnormal data segment, and feeding back the tracked data source to the flow abnormality prompting module.
In particular, the traffic feedback tracking module may track the data source of the monitoring device using a plurality of neurons of the neural network.
And the flow abnormity prompting module is used for generating flow abnormity prompting information according to the tracked data source.
Optionally, the network traffic database includes: the system comprises a network flow data backup module and a flow analysis module.
The segmented traffic data monitoring module is further configured to construct a one-to-one correspondence second transmission channel for each first target data segment, and transmit the first target data segment to the network traffic data backup module through the second transmission channel.
The time-sharing flow data monitoring module is also used for constructing a one-to-one corresponding third transmission channel for each second target data segment, and transmitting the second target data segment to the network flow data backup module through the third transmission channel.
The time-sharing flow data monitoring module can be sequentially arranged according to the time sequence of the second target data segments in different time periods.
And the network flow data backup module is used for constructing a network flow data model based on the historical data segment.
Specifically, the network traffic data backup module can receive historical data segments collected by different neurons in a historical period, and construct a network traffic data model by utilizing autonomous learning of an artificial neural network.
And the flow analysis module is used for inputting the abnormal data segment into the network flow data model for analysis to obtain abnormal flow data information output by the network flow data model.
The abnormal data information may include information such as an abnormal type and abnormal location. The operation and maintenance personnel can refer to the abnormal data information to perform corresponding treatment.
Optionally, the network traffic database further includes: and a network data encryption module.
And the network data encryption module is used for encrypting the network flow data packet transmitted by the monitoring equipment.
The network data encryption module may back up a portion of the password in the network traffic database and transmit another portion of the password to the monitoring device.
Optionally, the network traffic database further includes: and a network data virus searching and killing module.
And the network data virus searching and killing module is used for searching and killing the network flow data packet.
The present disclosure provides a network traffic safety control system, including: the network traffic monitoring system comprises a network data traffic capturing module, a router, a firewall, a cloud server, a network traffic monitoring module, a network traffic database and a network traffic data management module, wherein the network data traffic capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network traffic monitoring module, the network traffic database and the network traffic data management module. The network data flow capturing module collects network flow data packets of the monitoring equipment and transmits the network flow data packets to the cloud server through the router and the firewall. And the network traffic monitoring module intercepts network traffic data in the cloud server according to the preset data segment length and/or the preset time period to obtain a plurality of target data segments. The network flow monitoring module extracts preset standard data segments in a network flow database through the cloud server, matches each target data segment with the preset standard data segments, determines whether each target data segment is an abnormal data segment, triggers the network flow data management module to determine whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range under the condition that any target data segment is an abnormal data segment, and controls the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range. According to the method and the device, the network traffic data are monitored, the abnormal data section is identified, and the network security access control of the traffic transmission rate is reasonably limited, so that the access control strategy logic is optimized, and the resource utilization rate is improved.
In the present disclosure, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The above description is only for the preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure are included in the scope of protection of the present disclosure.
Claims (10)
1. A network traffic security control system, comprising: the system comprises a network data flow capturing module, a router, a firewall, a cloud server, a network flow monitoring module, a network flow database and a network flow data management module, wherein the network data flow capturing module is sequentially connected with the cloud server through the router and the firewall, and the cloud server is respectively connected with the network flow monitoring module, the network flow database and the network flow data management module;
the network data flow capturing module collects a network flow data packet of monitoring equipment and transmits the network flow data packet to the cloud server through the router and the firewall;
the network traffic monitoring module intercepts the network traffic data in the cloud server according to a preset data segment length and/or a preset time period to obtain a plurality of target data segments;
the network traffic monitoring module extracts preset standard data segments in the network traffic database through the cloud server, matches each target data segment with the preset standard data segment, determines whether each target data segment is an abnormal data segment, triggers the network traffic data management module to determine whether the traffic transmission rate of the monitoring equipment exceeds a preset rate limit range or not under the condition that any target data segment is an abnormal data segment, and controls the traffic transmission rate of the monitoring equipment to be limited within the preset rate limit range if the traffic transmission rate exceeds the preset rate limit range.
2. The system of claim 1, wherein the network data traffic capture module comprises a traffic data collection module, a data traffic extraction module, and a data traffic summarization module,
the flow data acquisition module is used for acquiring a network flow data packet of the monitoring equipment by using a neural network;
the data traffic extraction module is used for extracting the data characteristics of the network traffic data packet by using the neural network;
and the data traffic induction and arrangement module is used for determining the comparison type of the network traffic data packet according to the data characteristics, and constructing a first transmission channel according to the comparison type through the router to transmit the network traffic data packet to the cloud server through the firewall.
3. The system of claim 2, wherein the network data traffic capture module further comprises: the data information is fed back to the transmission module,
and the data information feedback transmission module is used for transmitting the network traffic data packet with the determined comparison type to the network traffic database for backup.
4. The system of claim 1, wherein the network traffic monitoring module comprises: a segmented flow data monitoring module and/or a time-sharing flow data monitoring module and a network flow data comparison module,
the segmented traffic data monitoring module is used for intercepting the network traffic data in the cloud server according to the length of a preset data segment to obtain a plurality of first target data segments;
the time-sharing traffic data monitoring module is used for intercepting the network traffic data in the cloud server according to a preset time period to obtain a plurality of second target data segments;
the network traffic data comparison module is used for extracting a preset standard data segment in the network traffic database through the cloud server, matching the first target data segment and/or the second target data segment with the preset standard data segment, and determining whether the first target data segment and/or the second target data segment is an abnormal data segment.
5. The system of claim 4, wherein the network traffic data management module comprises: a network flow rate limiting control module,
and the network flow rate limit control module is used for determining whether the flow transmission rate of the monitoring equipment exceeds a preset limit rate range or not under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment is an abnormal data segment, and controlling the flow transmission rate of the monitoring equipment to be limited within the preset limit rate range if the flow transmission rate of the monitoring equipment exceeds the preset limit rate range.
6. The system of claim 5, wherein the network traffic data management module further comprises: the flow feedback tracking module, the network flow monitoring module still includes: a flow rate abnormity prompting module for prompting the abnormal flow rate,
the flow feedback tracking module is used for tracking the data source of the monitoring equipment under the condition that the network flow data comparison module determines that the first target data segment and/or the second target data segment are/is an abnormal data segment, and feeding the tracked data source back to the flow abnormality prompting module;
and the flow abnormity prompting module is used for generating flow abnormity prompting information according to the tracked data source.
7. The system of claim 4, wherein the network traffic database comprises: a network flow data backup module and a flow analysis module,
the segmented traffic data monitoring module is further configured to construct a one-to-one corresponding second transmission channel for each first target data segment, and transmit the first target data segment to the network traffic data backup module through the second transmission channel;
the time-sharing traffic data monitoring module is further configured to construct a one-to-one corresponding third transmission channel for each second target data segment, and transmit the second target data segment to the network traffic data backup module through the third transmission channel;
the network flow data backup module is used for constructing a network flow data model based on the historical data segment;
and the flow analysis module is used for inputting the abnormal data segment into the network flow data model for analysis to obtain abnormal flow data information output by the network flow data model.
8. The system of claim 7, wherein the network traffic database further comprises: a network data encryption module for encrypting the network data,
and the network data encryption module is used for encrypting the network flow data packet transmitted by the monitoring equipment.
9. The system of claim 7, wherein the network traffic database further comprises: a network data virus checking and killing module,
and the network data virus searching and killing module is used for searching and killing the network flow data packet.
10. The system of claim 7, wherein the preset limiting rate range is stored in the network traffic data backup module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111485829.1A CN114024769A (en) | 2021-12-07 | 2021-12-07 | Network flow safety control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111485829.1A CN114024769A (en) | 2021-12-07 | 2021-12-07 | Network flow safety control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114024769A true CN114024769A (en) | 2022-02-08 |
Family
ID=80068320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111485829.1A Pending CN114024769A (en) | 2021-12-07 | 2021-12-07 | Network flow safety control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114024769A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785565A (en) * | 2022-04-01 | 2022-07-22 | 北京国信网联科技有限公司 | Data security exchange system based on network boundary |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105049276A (en) * | 2015-05-29 | 2015-11-11 | 北京东方棱镜科技有限公司 | Monitoring management method and device for WAN (Wide Area Network) traffic behavior |
| CN106330964A (en) * | 2016-10-14 | 2017-01-11 | 成都信息工程大学 | Network intrusion detection and active defense linkage control device |
| CN108040074A (en) * | 2018-01-26 | 2018-05-15 | 华南理工大学 | A kind of real-time network unusual checking system and method based on big data |
| CN109558729A (en) * | 2018-11-28 | 2019-04-02 | 河北省科学院应用数学研究所 | A kind of intelligent system of defense of network attack |
| CN111683097A (en) * | 2020-06-10 | 2020-09-18 | 广州市品高软件股份有限公司 | Cloud network flow monitoring system based on two-stage architecture |
| CN111865951A (en) * | 2020-07-09 | 2020-10-30 | 福建奇点时空数字科技有限公司 | Network data flow abnormity detection method based on data packet feature extraction |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
-
2021
- 2021-12-07 CN CN202111485829.1A patent/CN114024769A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105049276A (en) * | 2015-05-29 | 2015-11-11 | 北京东方棱镜科技有限公司 | Monitoring management method and device for WAN (Wide Area Network) traffic behavior |
| CN106330964A (en) * | 2016-10-14 | 2017-01-11 | 成都信息工程大学 | Network intrusion detection and active defense linkage control device |
| CN108040074A (en) * | 2018-01-26 | 2018-05-15 | 华南理工大学 | A kind of real-time network unusual checking system and method based on big data |
| CN109558729A (en) * | 2018-11-28 | 2019-04-02 | 河北省科学院应用数学研究所 | A kind of intelligent system of defense of network attack |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN111683097A (en) * | 2020-06-10 | 2020-09-18 | 广州市品高软件股份有限公司 | Cloud network flow monitoring system based on two-stage architecture |
| CN111865951A (en) * | 2020-07-09 | 2020-10-30 | 福建奇点时空数字科技有限公司 | Network data flow abnormity detection method based on data packet feature extraction |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785565A (en) * | 2022-04-01 | 2022-07-22 | 北京国信网联科技有限公司 | Data security exchange system based on network boundary |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105515180B (en) | A kind of intelligent substation communication network dynamic monitoring system and its monitoring method | |
| CN104506507B (en) | A kind of sweet net safety protective system and method for SDN | |
| CN102315974B (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| EP3097506B1 (en) | Method and system for obtaining and analysing forensic data in a distributed computer infrastructure | |
| CN107526349B (en) | Method for analyzing abnormal events and industrial automation and control system | |
| EP2299650A1 (en) | Method for recognising anomalies in a control network | |
| KR20190046018A (en) | Method of detecting abnormal behavior on the network and apparatus using the same | |
| CN106789964A (en) | Cloud resource pool data safety detection method and system | |
| CN101854275A (en) | Method and device for detecting Trojans by analyzing network behaviors | |
| CN114024769A (en) | Network flow safety control system | |
| CN110209723A (en) | A kind of equipment information collection system based on Internet of Things big data | |
| CN106157407A (en) | Intelligent entrance guard control method and device | |
| CN104700477A (en) | Method and device for safety control of nuclear power plants | |
| CN106961428A (en) | A kind of centralized intruding detection system based on privately owned cloud platform | |
| EP3195552A1 (en) | Device and method for administering a network | |
| Möllers et al. | Short paper: Extrapolation and prediction of user behaviour from wireless home automation communication | |
| CN113506096B (en) | Inter-system interface method based on industrial internet identification analysis system | |
| CN100366002C (en) | Shared access testing system of internet | |
| CN110460575A (en) | One kind can be realized security audit functional network Security Situation Awareness Systems | |
| CN110365717A (en) | Industrial intrusion detection method and system based on HART-IP agreement | |
| CN207624035U (en) | A kind of construction site supervisory systems based on recognition of face | |
| CN113568968A (en) | Grid-based intelligent community big data service system | |
| CN108259240A (en) | A kind of log collection and transmission method of dispatching of power netwoks control system physical examination information | |
| EP3576365B1 (en) | Data processing device and method | |
| Sapozhnikova et al. | Intrusion detection system based on data mining technics for industrial networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |