CN114124585B - Security defense method, device, electronic equipment and medium - Google Patents
Security defense method, device, electronic equipment and medium Download PDFInfo
- Publication number
- CN114124585B CN114124585B CN202210104664.7A CN202210104664A CN114124585B CN 114124585 B CN114124585 B CN 114124585B CN 202210104664 A CN202210104664 A CN 202210104664A CN 114124585 B CN114124585 B CN 114124585B
- Authority
- CN
- China
- Prior art keywords
- information
- safety protection
- level
- security
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
The invention provides a security defense method, a security defense device, electronic equipment and a security defense medium, wherein the method comprises the following steps: receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information; and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information. The security defense method provided by the invention can realize linkage protection of a plurality of network devices, and realizes self-adaptive dynamic protection by adjusting the security protection level, thereby improving the reliability of security protection and ensuring the security of the network devices.
Description
Technical Field
The present invention relates to the field of security protection technologies, and in particular, to a security defense method, apparatus, electronic device, and medium.
Background
With the rapid development of the network attack mode, the requirements of people on safety protection are higher and higher, and especially the safety protection in a government and an enterprise is more important.
At present, different security protection capabilities need to be deployed in a plurality of ecotopes for network security deployment inside a government enterprise, for example, capability deployment is performed in a plurality of positions such as gateway equipment, user terminals, flow honeypots and the like, high-level, medium-level and low-level security defense levels are respectively set, and corresponding configuration is performed on performance and defense strength. However, in most cases, the protection of the government and the enterprise is a configuration principle with a priority in performance, for example, the interception mode is set to not intercept but only alarm, the gateway device operates in the bypass mode, the user terminal intrusion detection system/intrusion prevention system generally operates in the intrusion detection mode, and the operation mode of each capability product is hardly changed once deployed, so that the security protection has certain limitation.
Disclosure of Invention
The invention provides a security defense method, a security defense device, electronic equipment and a security defense medium, which are used for solving the technical problem that once the protection level is determined to be incapable of being adjusted in the prior art, the security protection has certain limitation, so that the purposes of dynamically adjusting the security protection level and improving the reliability of the security protection are achieved.
In a first aspect, the present invention provides a security defense method, comprising:
receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information;
and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
Further, according to the security defense method provided by the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
under the condition of receiving alarm information about external abnormal flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the IP and the effective time of the external abnormal flow;
or the like, or, alternatively,
and under the condition of receiving alarm information about suspicious files and suspicious external connection flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the hash value of the suspicious files and the IP, the domain name or the uniform resource locator of the suspicious external connection flow.
Further, according to the security defense method provided by the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
and under the condition of receiving alarm information about malicious flow, an intrusion detection system or an intrusion prevention system and an anti-virus module, which is sent by the user terminal, adjusting the safety protection level to be high level, and notifying the hash value of a malicious file, the IP, the domain name or the uniform resource locator of the malicious flow and the effective time of the malicious flow.
Further, according to the security defense method provided by the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
and under the condition of receiving alarm information about the internal malicious traffic sent by the gateway equipment, adjusting the security protection level to be high level, and notifying a lost host IP corresponding to the internal malicious traffic.
Further, according to the security defense method provided by the present invention, after the receiving the alarm information sent by the target network device and adjusting the security protection level of the platform according to the alarm information, the method further includes:
when the convergence time of the alarm information of the target network equipment is greater than or equal to a preset threshold value, the safety protection level is adjusted down by one level;
or the like, or, alternatively,
and under the condition that the convergence time of the alarm information of the target network equipment is less than a preset threshold value, the safety protection level is not adjusted, and an administrator is informed.
Further, according to the security defense method provided by the present invention, the pre-designated network device includes: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the user terminal to enter a corresponding safety protection working mode according to the safety protection grade information and the notification information, and sending the instruction information to the user terminal so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information.
Further, according to the security defense method provided by the present invention, the determining, by the user terminal, the corresponding security protection operating mode according to the security protection level information includes:
under the condition that the safety protection grade information is high-grade, the user terminal determines that the safety protection working mode of a full-rule blocking system, high real-time protection and an intrusion prevention system is adopted comprehensively;
or the like, or, alternatively,
under the condition that the safety protection grade information is in a middle grade, the user terminal determines the safety protection working modes of small rule blocking, real-time protection middle, intrusion prevention system adopted by the small rule, full rule alarming and intrusion detection system adopted by the full rule;
or the like, or a combination thereof,
and under the condition that the safety protection grade information is low, the user terminal determines that the small rule is blocked, the real-time protection is low, and the small rule adopts a safety protection working mode of an intrusion prevention system.
Further, according to the security defense method provided by the present invention, the pre-designated network device includes: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the gateway equipment to enter a corresponding safety protection working mode according to the safety protection level information and the notification information, and sending the instruction information to the gateway equipment so that the gateway equipment determines the corresponding safety protection working mode according to the safety protection level information.
Further, according to the security defense method provided by the present invention, the determining, by the gateway device, the corresponding security protection operating mode according to the security protection level information includes:
under the condition that the safety protection level information is high-level, the gateway equipment determines the safety protection working modes of a large-rule non-bypass and a full-rule bypass;
or the like, or a combination thereof,
under the condition that the safety protection level information is of a middle level, the gateway equipment determines the safety protection working modes of a small rule non-bypass and a full rule bypass;
or the like, or a combination thereof,
and under the condition that the safety protection grade information is low, the gateway equipment determines a safety protection working mode of a pure bypass.
In a second aspect, the present invention also provides a security defense apparatus, comprising:
the receiving and determining module is used for receiving alarm information sent by target network equipment, adjusting the safety protection level of the platform according to the alarm information, and determining safety protection level information and notification information;
and the sending module is used for generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to the pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
In a third aspect, the present invention also provides an electronic device, including:
a processor, a memory, and a bus, wherein,
the processor and the memory are communicated with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to enable performance of the steps of the security defense method as in any one of the above.
In a fourth aspect, the present invention also provides a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the steps of the security defense method as described above.
In a fifth aspect, the invention also provides a computer program product comprising a computer program which, when executed by a processor, carries out the steps of the security defense method as defined in any one of the above.
The invention provides a security defense method, a security defense device, electronic equipment and a security defense medium, wherein the security defense method comprises the steps of receiving alarm information sent by target network equipment, adjusting the security protection level of a platform according to the alarm information, determining security protection level information and notification information, generating corresponding instruction information according to the security protection level information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding security protection working mode according to the security protection level information. The security defense method provided by the invention can realize linkage protection of a plurality of network devices, and realizes self-adaptive dynamic protection by adjusting the security protection level, thereby improving the reliability of security protection and ensuring the security of the network devices.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a security defense method provided by the present invention;
FIG. 2 is a schematic structural diagram of a security device provided by the present invention;
fig. 3 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow diagram of a security defense method provided by the present invention, and as shown in fig. 1, the security defense method provided by the present invention includes the following steps:
step 101: and receiving alarm information sent by target network equipment, adjusting the safety protection level of the platform according to the alarm information, and determining safety protection level information and notification information.
In this embodiment, the execution main body is a master control management platform, the master control management platform is connected to the target network device, and is respectively connected to the plurality of network devices when the plurality of network devices exist, and the master control management platform is configured to receive, store, and process various alarm information. When the alarm information of the target network equipment is received, correspondingly adjusting the safety protection level of the platform according to the type of the alarm information, and determining safety protection level information and notification information, wherein the safety protection level information is the safety protection level corresponding to the adjusted platform.
If the security protection level of the platform is low initially, when the alarm information sent by the target network equipment is received, the security protection level is automatically adjusted to be medium or high according to the content of the alarm information, and the security protection level information corresponds to the medium or high.
The notification information is a notification message for notifying the network device of the information of the related device which is in network security attack, and the master control management platform determines the corresponding notification information according to the received alarm information. The type of the notification information may be set according to actual needs, and is not particularly limited herein.
It should be noted that, the total control management platform provided by the present invention needs to be deployed in a customer environment, and if there is no system log (SYSLOG) processing server in the customer environment, the total control management platform is configured to directly accept SYSLOG; and if the SYSLOG processing server exists in the client environment, configuring a bypass working mode to the total control management platform. And when the master control management platform is configured in a client environment, the master control management platform needs to form interface butt joint with each safety capability console possessed by a client.
Step 102: and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
In this embodiment, corresponding instruction information is generated according to the safety protection level information and the notification information determined in step 101, and then the instruction information is sent to a pre-designated network device, so that the designated network device determines a corresponding safety protection working mode according to the obtained safety protection level information, thereby implementing safety protection.
If alarm information which is sent by the user terminal and is about to intrude the user terminal by external 1M malicious traffic is received, the platform adjusts the security protection level, determines the security protection level as a middle level, generates corresponding instruction information and sends the instruction information to the user terminal, and the user terminal determines a security protection working mode of middle level configuration according to the received security protection level information and is used for protecting the malicious traffic.
The invention provides a security defense method, which comprises the steps of receiving alarm information sent by target network equipment, then adjusting the security protection level of a platform according to the alarm information, determining security protection level information and notification information, generating corresponding instruction information according to the security protection level information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding security protection working mode according to the security protection level information. The security defense method provided by the invention can realize linkage protection of a plurality of network devices, and realizes self-adaptive dynamic protection by adjusting the security protection level, thereby improving the reliability of security protection and ensuring the security of the network devices.
In another embodiment of the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
under the condition of receiving alarm information about external abnormal flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the IP and the effective time of the external abnormal flow;
or the like, or, alternatively,
and under the condition of receiving alarm information about suspicious files and suspicious external connection flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the hash value of the suspicious files and the IP, domain name or uniform resource locator of the suspicious external connection flow.
Specifically, the flow honeypot refers to a target host which is intentionally attacked by a person and is used as a bait; the user terminal refers to a mobile phone terminal, a PC terminal, and other devices that are often used by a user. Gateway devices (gateways), also known as internetworking connectors, protocol converters, are computer systems or devices that provide data conversion services across multiple networks.
In this embodiment, when receiving the warning information about the external abnormal traffic sent by the traffic honeypot, the total control management platform adjusts the security level of the platform from low level to medium level, and notifies the IP and the effective time for generating the external abnormal traffic, for example, notifies each network device that there is an abnormal traffic outside the XXXX device currently, and the effective time is 30s, please notice that there is an abnormal traffic and a corresponding effective time in the XXXX device included in the notification message, and then notifies each network device. In the present embodiment, it is necessary to perform deduplication within a predetermined time period so as not to perform repeated notification processing, and when the same alarm information occurs within a predetermined time period, the duplicate notification processing is directly ignored and is not performed again.
In this embodiment, when receiving a suspicious file sent by a flow honeypot and alarm information of suspicious external traffic, the total control management platform adjusts the security level of the platform from low level to medium level, and notifies the hash value of the suspicious file and an IP, domain name, or Uniform Resource Locator (URL) that generates the suspicious external traffic to each network device. Where each information resource has a uniform and web-unique address, called a URL, on the WWW. It should be noted that, in this embodiment, the suspicious file refers to a file that is to be further confirmed and whose behavior is suspicious, and the suspicious external connection traffic refers to traffic whose external connection behavior is suspicious, and duplicate removal is required within a specified time without performing repeated notification processing.
Note that the hash value of the suspicious file refers to a piece of data having a corresponding relationship with the suspicious file, and exists in the hash table, such as a character string corresponding to file 1.
According to the security defense method provided by the invention, by setting the collection mode of the flow honeypot, after the platform receives various types of alarm information sent by the flow honeypot, the security protection level is automatically adjusted to the middle level, and the report information corresponding to various alarm information is reported. Different notification messages can be determined according to different alarm information, the safety protection level can be automatically adjusted, and the reliability of safety protection is improved.
In another embodiment of the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
and under the condition of receiving alarm information about malicious flow, an intrusion detection system or an intrusion prevention system and an anti-virus module, which is sent by the user terminal, adjusting the safety protection level to be high level, and notifying the hash value of a malicious file, the IP, the domain name or the uniform resource locator of the malicious flow and the effective time of the malicious flow.
In this embodiment, when receiving the warning information about the malicious traffic sent by the user terminal, the warning information of the intrusion detection system (IDS for short) or the intrusion prevention system (IPS for short), and the warning information sent by the anti-virus module, the master control management platform adjusts the security level of the platform to a high level, and notifies the hash value of the malicious file, thereby generating the IP, domain name, uniform resource locator of the malicious traffic, and the effective time of the malicious traffic. It should be noted that, when receiving the alarm information sent by the user terminal, it indicates that a malicious attack enters the client system, the security level of the platform needs to be rapidly upgraded, and corresponding notification information is determined to the specified network device, so that the corresponding security policy can be rapidly started, and the client system enters the security working mode, thereby playing a role in security protection of the client system and avoiding unnecessary loss.
According to the security defense method provided by the invention, after the platform receives the alarm information sent by the user terminal, the security protection level is automatically adjusted to be high, and corresponding notification information is determined according to the alarm information. The invention can automatically adjust the safety protection level of the platform according to different alarm information, determine the corresponding report information, improve the reliability of safety protection and ensure the safety of network equipment.
In another embodiment of the present invention, the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
and under the condition of receiving alarm information about the internal malicious traffic sent by the gateway equipment, adjusting the security protection level to be high level, and notifying a lost host IP corresponding to the internal malicious traffic.
In this embodiment, when receiving the warning information about the internal malicious traffic sent by the gateway device, the master control management platform automatically adjusts the security protection level to a high level, and notifies the IP of the failed host corresponding to the internal malicious traffic. It should be noted that, when sending out an internal malicious flow, the gateway device indicates that a malicious attack has entered the client system or is performing horizontal propagation, and needs to adjust the security protection level to a high level, and notify the IP of the failed host to adopt a relevant security protection working mode for the pre-specified network device, thereby ensuring the security of the client system.
According to the security defense method provided by the invention, after the platform receives the alarm information sent by the gateway equipment, the security protection level is automatically adjusted to be high, and corresponding notification information is determined according to the alarm information. The invention can automatically adjust the safety protection level of the platform according to the alarm information sent by the gateway equipment, and determine the corresponding report information, thereby improving the reliability of safety protection and ensuring the safety of network equipment.
In another embodiment of the present invention, after receiving the alarm information sent by the target network device and adjusting the security protection level of the platform according to the alarm information, the method further includes:
when the convergence time of the alarm information of the target network equipment is greater than or equal to a preset threshold value, the safety protection level is adjusted down by one level;
or the like, or, alternatively,
and under the condition that the convergence time of the alarm information of the target network equipment is less than a preset threshold value, the safety protection level is not adjusted, and an administrator is informed.
In this embodiment, after the master control management platform adjusts the security protection level of the platform to a medium level or a high level according to the alarm information of the target network device, the platform further determines whether to adjust the security protection level again according to the convergence time of the alarm information of the target network device and a preset threshold, where the convergence time refers to a time when malicious attacks gradually decrease with time and do not increase any more, and if after a period of time, the number of devices subjected to external malicious traffic attacks is less and does not increase any more, and in order to check that the devices are always in a state of decreasing number, a time when the number is always decreasing is specified and determined as the convergence time.
In this embodiment, when the convergence time of the alarm information of the target network device is greater than or equal to the preset threshold, the security protection level of the platform is adjusted downward by one level; when the convergence time of the alarm information of the target network device is less than the preset threshold value, that is, the alarm information may not be continuously converged, and no convergence is performed when the convergence time reaches a certain time, and malicious attacks are increased, in this case, the security protection level is not adjusted, and a manager needs to be notified in a manner of configuring a short message or a mail, and related information of the lost host is attached to the notification content, so that the manager can view the information.
For example, assuming that the preset threshold is 40s, and the security level is adjusted to the middle level after the alarm information 1 is received, when the continuous convergence time of acquiring the alarm information 1 is 45s, the security level is automatically adjusted from the middle level to the low level; if the safety protection level is adjusted to be high after the alarm information 1 is received, and the continuous convergence time of the alarm information 1 reaches a preset threshold value, the safety protection level is automatically adjusted from high to medium, the continuous convergence time of the alarm information 1 is continuously increased, and the safety protection level is adjusted from medium to low when a certain condition is met. It should be noted that the certain condition may be that the time for continuous convergence reaches twice a preset threshold, and in other embodiments, the certain condition may also be other conditions, which are not limited herein.
According to the security defense method provided by the invention, after the platform determines the security protection level information, the security protection level is adjusted again according to the relation between the continuous convergence time of the alarm information of the target device and the preset threshold value. The security defense method provided by the invention has self-adaptability, can automatically adjust the security protection level of the platform again according to the convergence time of the alarm information, improves the reliability of security protection, and ensures the security of network equipment.
In another embodiment of the present invention, the pre-designated network device comprises: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the user terminal to enter a corresponding safety protection working mode according to the safety protection grade information and the notification information, and sending the instruction information to the user terminal so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information.
In this embodiment, the platform generates instruction information for the user terminal to enter the corresponding safety protection working mode according to the determined safety protection level information and the notification information, and sends the instruction information to the user terminal, so that the user terminal determines the corresponding safety protection working mode according to the received safety protection level information. It should be noted that the user terminal configures different security protection operating modes according to different security protection levels of the platform, for example, a high-level security protection operating mode is configured for a high-level security protection level, a medium-level security protection operating mode is configured for a medium-level security protection level, and a low-level security protection operating mode is configured for a low-level security protection level.
In this embodiment, the security protection operating mode performs security protection by combining the size of the rule base, blocking or warning, real-time protection measures, and an intrusion detection system or an intrusion prevention system, and the protection measures adopted for different security protection operating modes are different.
According to the safety defense method provided by the invention, the instruction information generated according to the safety protection grade information and the report information is sent to the user terminal, so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information, the user terminal can realize the corresponding safety protection, the reliability of the safety protection is improved, and the safety of a user system is ensured.
In another embodiment of the present invention, the determining, by the user terminal, a corresponding security working mode according to the security level information includes:
under the condition that the safety protection grade information is high-grade, the user terminal determines that the safety protection working mode of a full-rule blocking system, high real-time protection and an intrusion prevention system is adopted comprehensively;
or the like, or, alternatively,
under the condition that the safety protection grade information is in the middle grade, the user terminal determines that the small rule blocking, the real-time protection middle, the small rule adopt an intrusion prevention system, the full rule alarm and the full rule adopt the safety protection working mode of an intrusion detection system;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the user terminal determines that the small rule is blocked, the real-time protection is low, and the small rule adopts a safety protection working mode of an intrusion prevention system.
In this embodiment, when the security level information is high-level, the user terminal determines a high-level security working mode according to the security level information, where the high-level security working mode is specifically full-rule blocking, real-time protection is high-level, and an intrusion prevention system is adopted comprehensively. Wherein, the full rule refers to all existing rules, and any known network attack is not allowed to pass through.
When the safety protection level information is in the middle level, the user terminal determines a middle level safety protection working mode according to the safety protection level information, the middle level safety protection working mode of the user terminal is a small rule blocking system, a real-time protection middle level intrusion prevention system, a small rule alarm system, a full rule intrusion detection system, wherein the small rule is a part of key rules, is a subset of all rules and is not a comprehensive processing principle.
And when the safety protection level information is low, the user terminal determines a low-level safety protection working mode according to the safety protection level information in the received instruction information, and the low-level safety protection working mode of the user terminal is a small rule blocking, real-time protection low-level and small rule intrusion prevention system.
According to the security defense method provided by the invention, the user terminal determines the corresponding security protection working mode according to the received security protection grade information, and different security protection working modes are provided for the high-grade, medium-grade and low-grade different security protection grade information, so that the user terminal can realize the corresponding security protection processing, the reliability of the security protection is improved, and the security of a user system is ensured.
In another embodiment of the present invention, the pre-designated network device includes: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the gateway equipment to enter a corresponding safety protection working mode according to the safety protection level information and the notification information, and sending the instruction information to the gateway equipment so that the gateway equipment determines the corresponding safety protection working mode according to the safety protection level information.
In this embodiment, the platform generates instruction information for the gateway device to enter a corresponding safety protection working mode according to the determined safety protection level information and the notification information, and sends the instruction information to the gateway device, so that the gateway device determines a corresponding safety protection working mode according to the received safety protection level information.
In this embodiment, the safety protection operating mode performs safety protection by combining the bypass mode or the non-bypass mode, and the rule set that the non-bypass mode takes effect, and the protection measures taken for different safety protection operating modes are different. It should be noted that the bypass mode (ByPassMode) is an operation mode in which there are a group of detection mechanisms in a normal flow of a system, and when an abnormality occurs in a detection mechanism and the detection mechanism cannot be eliminated in a short time, the system operation bypasses the detection mechanisms, thereby ensuring that the system can operate normally. The non-bypass mode refers to a work mode which does not bypass the detection mechanisms and enables the system to stop running to detect the work.
According to the security defense method provided by the invention, the instruction information generated according to the security protection level information and the report information is sent to the gateway equipment, so that the gateway equipment determines the corresponding security protection working mode according to the security protection level information, the gateway equipment can realize the corresponding security protection, the reliability of the security protection is improved, and the security of a user system is ensured.
In another embodiment of the present invention, the determining, by the gateway device, a corresponding security protection operating mode according to the security protection level information includes:
under the condition that the safety protection level information is high-level, the gateway equipment determines the safety protection working modes of a large-rule non-bypass and a full-rule bypass;
or the like, or, alternatively,
under the condition that the safety protection grade information is in a middle grade, the gateway equipment determines the safety protection working modes of a small rule non-bypass and a full rule bypass;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the gateway equipment determines a safety protection working mode of a pure bypass.
In this embodiment, when the security level information is high, the gateway device determines a high-level security working mode according to the security level information, and the high-level security working mode of the gateway device is a large-rule non-bypass and a full-rule bypass, where a large rule refers to all accurate rules, most of which are processed and are more than half of the rules; when the safety protection level information is a middle level, the gateway equipment determines a middle level safety protection working mode according to the safety protection level information, and the middle level safety protection working mode of the gateway equipment is a small rule non-bypass and a full rule bypass; and when the safety protection level information is low, the gateway equipment determines a low-level safety protection working mode according to the safety protection level information, and the low-level safety protection working mode of the gateway equipment is a pure bypass working mode.
According to the security defense method provided by the invention, the gateway equipment determines the corresponding security protection working mode according to the received security protection level information, and has different security protection working modes for the high-level, middle-level and low-level different security protection level information, so that the gateway equipment can realize the corresponding security protection processing, the reliability of the security protection is improved, and the security of a user system is ensured.
In an embodiment of the present invention, when receiving an external malicious traffic IP, a domain name, or a Uniform Resource Locator (URL) notified by a platform, a firewall, a traffic honeypot, a user terminal, a gateway device, or the like adds information to a synchronization blocking list, and performs corresponding invalidation processing on a rule after the expiration time of the notification is finished.
Meanwhile, when the hash value of the malicious file reported by the platform is received, the user terminal and the gateway device add the hash value of the malicious file into the blacklist, and automatically perform invalidation processing on the blacklist after the effective time of the report is over.
Fig. 2 is a safety defense apparatus according to an embodiment of the present invention, and as shown in fig. 2, the safety defense apparatus according to the embodiment of the present invention includes:
a receiving and determining module 201, configured to receive alarm information sent by a target network device, adjust a security level of a platform according to the alarm information, and determine security level information and notification information;
a sending module 202, configured to generate corresponding instruction information according to the security level information and the notification information, and send the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding security working mode according to the security level information.
The invention provides a safety defense device, which receives alarm information sent by target network equipment, then adjusts the safety protection level of a platform according to the alarm information, determines safety protection level information and notification information, generates corresponding instruction information according to the safety protection level information and the notification information, and sends the instruction information to preassigned network equipment so that the preassigned network equipment determines a corresponding safety protection working mode according to the safety protection level information. The security defense method provided by the invention can realize linkage protection of a plurality of network devices, and realizes self-adaptive dynamic protection by adjusting the security protection level, thereby improving the reliability of security protection and ensuring the security of the network devices.
Further, the receiving and determining module 201 is further configured to:
under the condition of receiving alarm information about external abnormal flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the IP and the effective time of the external abnormal flow;
or the like, or, alternatively,
and under the condition of receiving alarm information about suspicious files and suspicious external connection flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the hash value of the suspicious files and the IP, domain name or uniform resource locator of the suspicious external connection flow.
According to the safety defense device provided by the invention, by setting the collection mode of the flow honeypot, after the platform receives various types of alarm information sent by the flow honeypot, the safety protection level is automatically adjusted from a low level to a middle level, and the report information corresponding to various alarm information is reported. Different notification messages can be determined according to different alarm information, the safety protection level can be automatically adjusted, and the reliability of safety protection is improved.
Further, the receiving and determining module 201 is further configured to:
and under the condition of receiving alarm information about malicious flow, an intrusion detection system or an intrusion prevention system and an anti-virus module, which is sent by the user terminal, adjusting the safety protection level to be high level, and notifying the hash value of a malicious file, the IP, the domain name or the uniform resource locator of the malicious flow and the effective time of the malicious flow.
According to the safety defense device provided by the invention, after the platform receives the alarm information sent by the user terminal, the safety protection level is automatically adjusted to be high, and corresponding notification information is determined according to the alarm information. The invention can automatically adjust the safety protection level of the platform according to different alarm information, determine the corresponding report information, improve the reliability of safety protection and ensure the safety of network equipment.
Further, the receiving and determining module 201 is further configured to:
and under the condition of receiving alarm information about the internal malicious traffic sent by the gateway equipment, adjusting the security protection level to be high level, and notifying a lost host IP corresponding to the internal malicious traffic.
According to the safety defense device provided by the invention, after the platform receives the alarm information sent by the gateway equipment, the safety protection level is automatically adjusted to be high level, and corresponding notification information is determined according to the alarm information. The invention can automatically adjust the safety protection level of the platform according to the alarm information sent by the gateway equipment, and determine the corresponding report information, thereby improving the reliability of safety protection and ensuring the safety of network equipment.
Further, the apparatus further comprises an adjustment module, the adjustment module is configured to:
when the convergence time of the alarm information of the target network equipment is greater than or equal to a preset threshold value, the safety protection level is adjusted down by one level;
or the like, or, alternatively,
and under the condition that the convergence time of the alarm information of the target network equipment is less than a preset threshold value, the safety protection level is not adjusted, and an administrator is informed.
According to the security defense device provided by the invention, after the platform determines the security protection level information, the security protection level is adjusted again according to the relation between the continuous convergence time of the alarm information of the target device and the preset threshold value. The security defense method provided by the invention has self-adaptability, can automatically adjust the security protection level of the platform again according to the convergence time of the alarm information, improves the reliability of security protection, and ensures the security of network equipment.
Further, the sending module 202 is further configured to:
and generating instruction information for the user terminal to enter a corresponding safety protection working mode according to the safety protection grade information and the notification information, and sending the instruction information to the user terminal so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information.
According to the safety defense device provided by the invention, the instruction information generated according to the safety protection grade information and the report information is sent to the user terminal, so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information, the user terminal can realize the corresponding safety protection, the reliability of the safety protection is improved, and the safety of a user system is ensured.
Further, the sending module 202 is further configured to:
under the condition that the safety protection grade information is high-grade, the user terminal determines that the safety protection working mode of a full-rule blocking system, high real-time protection and an intrusion prevention system is adopted comprehensively;
or the like, or, alternatively,
under the condition that the safety protection grade information is in the middle grade, the user terminal determines that the small rule blocking, the real-time protection middle, the small rule adopt an intrusion prevention system, the full rule alarm and the full rule adopt the safety protection working mode of an intrusion detection system;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the user terminal determines that the small rule is blocked, the real-time protection is low, and the small rule adopts a safety protection working mode of an intrusion prevention system.
According to the safety defense device provided by the invention, the user terminal determines the corresponding safety protection working mode according to the received safety protection grade information, and different safety protection working modes are provided for the high-grade, medium-grade and low-grade different safety protection grade information, so that the user terminal can realize the corresponding safety protection processing, the reliability of safety protection is improved, and the safety of a user system is ensured.
Further, the sending module 202 is further configured to:
and generating instruction information for the gateway equipment to enter a corresponding safety protection working mode according to the safety protection level information and the notification information, and sending the instruction information to the gateway equipment so that the gateway equipment determines the corresponding safety protection working mode according to the safety protection level information.
According to the safety defense device provided by the invention, the instruction information generated according to the safety protection grade information and the report information is sent to the gateway equipment, so that the gateway equipment determines the corresponding safety protection working mode according to the safety protection grade information, the gateway equipment can realize the corresponding safety protection, the reliability of the safety protection is improved, and the safety of a user system is ensured.
Further, the sending module 202 is further configured to:
under the condition that the safety protection grade information is high-grade, the gateway equipment determines the safety protection working modes of a large-rule non-bypass and a full-rule bypass;
or the like, or, alternatively,
under the condition that the safety protection level information is of a middle level, the gateway equipment determines the safety protection working modes of a small rule non-bypass and a full rule bypass;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the gateway equipment determines a safety protection working mode of a pure bypass.
According to the security defense device provided by the invention, the gateway equipment determines the corresponding security protection working mode according to the received security protection level information, and has different security protection working modes for the high-level, middle-level and low-level different security protection level information, so that the gateway equipment can realize corresponding security protection processing, the reliability of security protection is improved, and the security of a user system is ensured.
Since the principle of the apparatus according to the embodiment of the present invention is the same as that of the method according to the above embodiment, further details are not described herein for further explanation.
Fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present invention, and as shown in fig. 3, the present invention provides an electronic device, including: a processor (processor)301, a memory (memory)302, and a bus 303;
wherein, the processor 301 and the memory 302 complete the communication with each other through the bus 303;
the processor 301 is configured to call program instructions in the memory 302 to perform the methods provided in the above-described embodiments of the methods, including, for example: receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information; and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
Embodiments of the present invention provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the methods provided in the above-described method embodiments, for example, including: receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information; and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
The present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the embodiments described above, the method comprising: receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information; and generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information.
Those of ordinary skill in the art will understand that: all or part of the steps of implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer-readable storage medium, and when executed, executes the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method of security defense, comprising:
receiving alarm information sent by target network equipment, adjusting the safety protection level of a platform according to the alarm information, and determining safety protection level information and notification information;
generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment determines a corresponding safety protection working mode according to the safety protection grade information;
wherein the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
under the condition of receiving alarm information about external abnormal flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the IP and the effective time of the external abnormal flow;
or the like, or, alternatively,
under the condition that alarm information about suspicious files and suspicious external connection flow sent by the flow honeypot is received, the safety protection level is adjusted to be a middle level, and the hash value of the suspicious files and the IP, domain name or uniform resource locator of the suspicious external connection flow are notified;
or the like, or, alternatively,
and under the condition of receiving alarm information about malicious flow, an intrusion detection system or an intrusion prevention system and an anti-virus module, which is sent by the user terminal, adjusting the safety protection level to be high level, and notifying the hash value of a malicious file, the IP, the domain name or the uniform resource locator of the malicious flow and the effective time of the malicious flow.
2. The method of claim 1, wherein the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device;
correspondingly, the receiving the alarm information sent by the target network device, adjusting the security level of the platform according to the alarm information, and determining the security level information and the notification information includes:
and under the condition of receiving alarm information about the internal malicious traffic sent by the gateway equipment, adjusting the security protection level to be high level, and notifying a lost host IP corresponding to the internal malicious traffic.
3. The security defense method of claim 1, wherein after receiving the alarm information issued by the target network device and adjusting the security protection level of the platform according to the alarm information, the method further comprises:
when the convergence time of the alarm information of the target network equipment is greater than or equal to a preset threshold value, the safety protection level is adjusted down by one level;
or the like, or, alternatively,
and under the condition that the convergence time of the alarm information of the target network equipment is less than a preset threshold value, the safety protection level is not adjusted, and an administrator is informed.
4. The security defense method of claim 1, wherein the pre-designated network device comprises: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the user terminal to enter a corresponding safety protection working mode according to the safety protection grade information and the notification information, and sending the instruction information to the user terminal so that the user terminal determines the corresponding safety protection working mode according to the safety protection grade information.
5. The security defense method of claim 4, wherein the determining, by the user terminal, the corresponding security protection operating mode according to the security protection level information comprises:
under the condition that the safety protection grade information is high-grade, the user terminal determines that the safety protection working mode of a full-rule blocking system, high real-time protection and an intrusion prevention system is adopted comprehensively;
or the like, or, alternatively,
under the condition that the safety protection grade information is in a middle grade, the user terminal determines the safety protection working modes of small rule blocking, real-time protection middle, intrusion prevention system adopted by the small rule, full rule alarming and intrusion detection system adopted by the full rule;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the user terminal determines that the small rule is blocked, the real-time protection is low, and the small rule adopts a safety protection working mode of an intrusion prevention system.
6. The security defense method of claim 1, wherein the pre-designated network device comprises: a user terminal and a gateway device, wherein,
correspondingly, the generating corresponding instruction information according to the safety protection level information and the notification information, and sending the instruction information to a pre-designated network device, so that the pre-designated network device determines a corresponding safety protection working mode according to the safety protection level information, includes:
and generating instruction information for the gateway equipment to enter a corresponding safety protection working mode according to the safety protection level information and the notification information, and sending the instruction information to the gateway equipment so that the gateway equipment determines the corresponding safety protection working mode according to the safety protection level information.
7. The security defense method of claim 6, wherein the enabling the gateway device to determine the corresponding security protection operating mode according to the security protection level information comprises:
under the condition that the safety protection level information is high-level, the gateway equipment determines the safety protection working modes of a large-rule non-bypass and a full-rule bypass;
or the like, or a combination thereof,
under the condition that the safety protection level information is of a middle level, the gateway equipment determines the safety protection working modes of a small rule non-bypass and a full rule bypass;
or the like, or, alternatively,
and under the condition that the safety protection grade information is low, the gateway equipment determines a safety protection working mode of a pure bypass.
8. A security defense apparatus, comprising:
the receiving and determining module is used for receiving alarm information sent by target network equipment, adjusting the safety protection level of the platform according to the alarm information, and determining safety protection level information and notification information;
the sending module is used for generating corresponding instruction information according to the safety protection grade information and the notification information, and sending the instruction information to pre-designated network equipment so that the pre-designated network equipment can determine a corresponding safety protection working mode according to the safety protection grade information;
wherein the target network device is any one of the following devices: a flow honeypot, a user terminal and a gateway device; the receiving and determining module is further configured to:
under the condition of receiving alarm information about external abnormal flow sent by the flow honeypot, adjusting the safety protection level to a middle level, and notifying the IP and the effective time of the external abnormal flow;
or the like, or a combination thereof,
under the condition that alarm information about suspicious files and suspicious external connection flow sent by the flow honeypot is received, the safety protection level is adjusted to be a middle level, and the hash value of the suspicious files and the IP, domain name or uniform resource locator of the suspicious external connection flow are notified;
or the like, or, alternatively,
and under the condition of receiving alarm information about malicious flow, an intrusion detection system or an intrusion prevention system and an anti-virus module, which is sent by the user terminal, adjusting the safety protection level to be high level, and notifying the hash value of a malicious file, the IP, the domain name or the uniform resource locator of the malicious flow and the effective time of the malicious flow.
9. An electronic device, comprising:
a processor, a memory, and a bus, wherein,
the processor and the memory are communicated with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to enable performance of the steps of the security defense method of any of claims 1 to 7.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the steps of the security defense method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210104664.7A CN114124585B (en) | 2022-01-28 | 2022-01-28 | Security defense method, device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210104664.7A CN114124585B (en) | 2022-01-28 | 2022-01-28 | Security defense method, device, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124585A CN114124585A (en) | 2022-03-01 |
| CN114124585B true CN114124585B (en) | 2022-06-21 |
Family
ID=80361800
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210104664.7A Active CN114124585B (en) | 2022-01-28 | 2022-01-28 | Security defense method, device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124585B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710331A (en) * | 2022-03-23 | 2022-07-05 | 新华三信息安全技术有限公司 | Security defense method and network security equipment |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4911736B2 (en) * | 2006-04-13 | 2012-04-04 | サーティコム コーポレーション | Method and apparatus for providing adaptive security levels in electronic communications |
| CN101808078B (en) * | 2009-02-13 | 2013-01-23 | 北京启明星辰信息技术股份有限公司 | Intrusion defence system having active defence capability and method thereof |
| CN102201928A (en) * | 2010-03-24 | 2011-09-28 | 中兴通讯股份有限公司 | Alarm level processing method and alarm server |
| US9462010B1 (en) * | 2015-07-07 | 2016-10-04 | Accenture Global Services Limited | Threat assessment level determination and remediation for a cloud-based multi-layer security architecture |
| CN105491063A (en) * | 2015-12-30 | 2016-04-13 | 深圳市深信服电子科技有限公司 | Network intrusion prevention method and device |
| IL243426A0 (en) * | 2015-12-31 | 2016-04-21 | Asaf Shabtai | Platform for protecting small and medium enterprises from cyber security threats |
| CN106572120A (en) * | 2016-11-11 | 2017-04-19 | 中国南方电网有限责任公司 | Access control method and system based on mixed cloud |
| CN112101691A (en) * | 2019-06-18 | 2020-12-18 | 创新先进技术有限公司 | Method and device for dynamically adjusting risk level and server |
| CN111953664B (en) * | 2020-07-27 | 2022-07-08 | 新浪网技术(中国)有限公司 | User request verification method and system based on variable security level |
| CN113965409A (en) * | 2021-11-15 | 2022-01-21 | 北京天融信网络安全技术有限公司 | Network trapping method and device, electronic equipment and storage medium |
-
2022
- 2022-01-28 CN CN202210104664.7A patent/CN114124585B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124585A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7457965B2 (en) | Unauthorized access blocking apparatus, method, program and system | |
| US20220239687A1 (en) | Security Vulnerability Defense Method and Device | |
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| US9432389B1 (en) | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object | |
| US7904573B1 (en) | Temporal access control for computer virus prevention | |
| US8356350B2 (en) | Method and system for managing denial of service situations | |
| CN111193719A (en) | Network intrusion protection system | |
| CN109922062B (en) | Source code leakage monitoring method and related equipment | |
| US20100251370A1 (en) | Network intrusion detection system | |
| US20160232349A1 (en) | Mobile malware detection and user notification | |
| US20060236390A1 (en) | Method and system for detecting malicious wireless applications | |
| CN114124585B (en) | Security defense method, device, electronic equipment and medium | |
| CN112039887A (en) | CC attack defense method and device, computer equipment and storage medium | |
| US9385993B1 (en) | Media for detecting common suspicious activity occurring on a computer network using firewall data and reports from a network filter device | |
| CN114301700B (en) | Method, device, system and storage medium for adjusting network security defense scheme | |
| US20190109824A1 (en) | Rule enforcement in a network | |
| EP2747345B1 (en) | Ips detection processing method, network security device and system | |
| CN111786940A (en) | Data processing method and device | |
| CN111756707A (en) | Back door safety protection device and method applied to global wide area network | |
| CN114003904B (en) | Information sharing method, device, computer equipment and storage medium | |
| CN116015776A (en) | Sealing method and device of collapse host, electronic equipment and storage medium | |
| CN113328976B (en) | Security threat event identification method, device and equipment | |
| CN109255243B (en) | Method, system, device and storage medium for repairing potential threats in terminal | |
| CN107819787B (en) | System and method for preventing illegal external connection of local area network computer | |
| CA2544036C (en) | Method and system for detecting and handling malicious wireless applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |