CN114500020A - Network security management method based on big data - Google Patents
Network security management method based on big data Download PDFInfo
- Publication number
- CN114500020A CN114500020A CN202210052338.6A CN202210052338A CN114500020A CN 114500020 A CN114500020 A CN 114500020A CN 202210052338 A CN202210052338 A CN 202210052338A CN 114500020 A CN114500020 A CN 114500020A
- Authority
- CN
- China
- Prior art keywords
- big data
- communication terminal
- service communication
- data service
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 54
- 238000004891 communication Methods 0.000 claims abstract description 123
- 238000000034 method Methods 0.000 claims abstract description 13
- 241000700605 Viruses Species 0.000 claims description 23
- 238000001514 detection method Methods 0.000 claims description 22
- 238000012795 verification Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000010586 diagram Methods 0.000 claims description 10
- 230000007123 defense Effects 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses a network security management method based on big data, which is applied to a big data platform, wherein the big data platform is in communication connection with a plurality of big data service communication terminals, and the method comprises the following steps: acquiring first network protection information of a big data service communication terminal; updating second network protection information of the big data platform according to the first network protection information: and executing network security management operation by adopting the updated second network protection information to complete the network security management process. According to the invention, the second network protection information corresponding to the big data platform is dynamically configured, so that the network security can be further ensured, and the occurrence of data leakage when big data resources are acquired through the big data platform is reduced.
Description
Technical Field
The invention belongs to the field of network security management, and particularly relates to a network security management method based on big data.
Background
With the development of network technology, the application of big data is more and more popular, and in the application of big data, it is often necessary to protect against network attacks and encrypt the big data to prevent the big data from being leaked in the transmission process. However, in the prior art, a fixed network configuration is often adopted for protection, which results in a poor protection effect, and when large data is encrypted, a resource provider is required to obtain a real public key certificate of a user, otherwise, encryption cannot be performed.
Disclosure of Invention
Aiming at the defects in the prior art, the network security management method based on big data provided by the invention solves the problems in the prior art.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a network security management method based on big data is applied to a big data platform, the big data platform is in communication connection with a plurality of big data service communication terminals, and the method comprises the following steps:
s1, acquiring first network protection information of the big data service communication terminal;
s2, updating second network protection information of the big data platform according to the first network protection information:
and S3, executing network security management operation by adopting the updated second network protection information, and completing the network security management process.
Further, the first network protection information includes a first network configuration of the big data service communication terminal, a first virus detection library, attack times and protection success times.
Further, the updating the second network protection information of the big data platform according to the first network protection information includes:
setting a protection success threshold value M;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the attacked times and the protection success times, if so, extracting the first network configuration and the first virus detection library of the big data service communication terminal, updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library, and otherwise, not updating the second network protection information of the big data platform.
Further, the determining whether the protection rate of the big data service communication terminal is greater than the protection success threshold M according to the attacked times and the protection success times includes:
dividing the successful protection times by the attacked times to obtain the protection rate corresponding to each big data service communication terminal;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the acquired protection rate.
Further, the second network defense information includes a second network configuration and a second virus detection library;
the updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library comprises the following steps:
fusing the extracted first network configuration with a second network configuration in second network protection information to obtain a fused network configuration, and updating the second network configuration in the second network protection information by the fused network configuration;
and merging the data of the first virus detection library into a second virus detection library, cleaning the data, removing repeated data and finishing updating the second network protection information.
Further, the executing, by using the updated second network protection information, a network security management operation includes:
configuring the big data platform by the updated second network protection information;
receiving a data request sent by a big data service communication terminal through a configured big data platform, wherein the data request comprises identity information of the big data service communication terminal and a network data request;
verifying the big data service communication terminal according to the identity information of the big data service communication terminal;
downloading big data resources from the network according to the network data request corresponding to the big data service communication terminal passing the verification;
transmitting the big data resources to a big data service communication terminal by adopting an encryption strategy, and carrying out rating operation on the big data resources to obtain a rating result;
and executing security management operation on the big data service communication terminal passing the verification according to the rating result.
Further, the identity information comprises a unique identification code of the big data service communication terminal;
the verifying the big data service communication terminal according to the identity information of the big data service communication terminal comprises the following steps:
and judging whether the unique identification code of the big data service communication terminal is in an authorization list of the big data platform, if so, judging that the big data service communication terminal passes the verification, and otherwise, judging that the big data service communication terminal does not pass the verification.
Further, the transmitting the big data resource to the big data service communication terminal by using the encryption policy includes:
generating an encryption parameter and an encryption component, and encrypting the big data resource by adopting the encryption parameter and the encryption component to obtain the encrypted big data resource;
and transmitting the encrypted big data resource to a big data service communication terminal.
Further, the generation step of the encryption component is as follows:
representing a first attribute of a big data platform as a node of a multi-valued decision graph, and representing a first attribute value corresponding to the first attribute of the big data platform as an edge in the multi-valued decision graph, wherein each edge is connected with two different nodes to obtain the multi-valued decision graph containing a plurality of paths;
aiming at each path in a multi-value decision diagram, judging whether a first attribute value corresponding to each node in the path accords with a preset access authority, if so, judging the path to be an effective path, otherwise, judging the path to be an invalid path, wherein the access authority specifies the value range of the first attribute value corresponding to each first attribute;
an encryption component is generated for each active path in the multi-valued decision graph.
Further, the rating results include safe, general, and unsafe;
the executing safety management operation on the big data service communication terminal passing the verification according to the rating result comprises the following steps:
if the rating result is safe, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission;
if the rating result is general, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission, and sending warning information to the big data service communication terminal;
if the rating result is unsafe, a decryption key is not generated, and decryption refusing information and warning information are sent to the big data service communication terminal;
the receiving a decryption request sent by a big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal to decrypt the encrypted big data resource transmission, includes:
receiving a decryption request sent by a big data service communication terminal, wherein the decryption request comprises a second attribute of the big data service communication terminal and a second attribute value corresponding to the second attribute;
generating a decryption key according to the second attribute and a second attribute value corresponding to the second attribute;
sending a decryption key to the big data service communication terminal;
and judging whether the decryption key is matched with an effective path in the multi-valued decision diagram or not through the big data service communication terminal, if so, decrypting the encrypted big data resource, and otherwise, refusing to decrypt.
The invention has the beneficial effects that:
(1) the invention provides a network security management method based on big data, which can further ensure the network security by dynamically configuring second network protection information corresponding to a big data platform and reduce the occurrence of data leakage when big data resources are acquired through the big data platform.
(2) After the big data resources are obtained, the big data resources are graded, unsafe big data resources are filtered out, and therefore the big data service communication terminal is guaranteed to obtain data safely.
(3) The invention encrypts the big data resource, and only the big data service communication terminal which accords with the encryption rule can obtain the correct decryption key, thereby filtering the big data service communication terminal, realizing one-to-one or one-to-many directional data transmission and further ensuring the safety of data.
Drawings
Fig. 1 is a flowchart of a network security management method based on big data according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a network security management apparatus based on big data according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a network security management device based on big data according to an embodiment of the present invention.
21-obtaining module, 22-updating module, 23-safety management module, 30-network safety management equipment, 31-memory, 32-processor and 33-bus.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Example 1
As shown in fig. 1, a network security management method based on big data is applied to a big data platform, where the big data platform is in communication connection with a plurality of big data service communication terminals, and includes:
s1, acquiring first network protection information of the big data service communication terminal;
s2, updating second network protection information of the big data platform according to the first network protection information:
and S3, executing network security management operation by adopting the updated second network protection information, and completing the network security management process.
When the big data platform and the plurality of big data service communication terminals form a distributed network, the network security can be better ensured through the big data-based network security management method provided by the application.
In a possible implementation manner, the first network defense information includes a first network configuration of the big data service communication terminal, a first virus detection library, the attacked times and the defense success times.
In a possible implementation manner, the updating the second network defense information of the big data platform according to the first network defense information includes:
setting a protection success threshold value M;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the attacked times and the protection success times, if so, extracting the first network configuration and the first virus detection library of the big data service communication terminal, updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library, and otherwise, not updating the second network protection information of the big data platform.
In a possible implementation manner, the determining whether the protection rate of the big data service communication terminal is greater than the protection success threshold M according to the attacked times and the protection success times includes:
dividing the successful protection times by the attacked times to obtain the protection rate corresponding to each big data service communication terminal;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the obtained protection rate.
In one possible embodiment, the second network defense information includes a second network configuration and a second virus detection library;
the updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library comprises the following steps:
fusing the extracted first network configuration with a second network configuration in second network protection information to obtain a fused network configuration, and updating the second network configuration in the second network protection information by the fused network configuration;
and merging the data of the first virus detection library into a second virus detection library, cleaning the data, removing repeated data and finishing updating the second network protection information.
Optionally, the updating the second network configuration in the second network protection information with the converged network configuration may include: the converged network configuration is configured as a second network configuration.
In a possible implementation manner, the performing, with the updated second network protection information, a network security management operation includes:
configuring the big data platform by using the updated second network protection information, wherein the second network configuration refers to configuration information for protecting the network security of the big data platform;
receiving a data request sent by a big data service communication terminal through a configured big data platform, wherein the data request comprises identity information of the big data service communication terminal and a network data request;
verifying the big data service communication terminal according to the identity information of the big data service communication terminal;
downloading big data resources from the network according to the network data request corresponding to the big data service communication terminal passing the verification;
transmitting the big data resources to a big data service communication terminal by adopting an encryption strategy, and carrying out rating operation on the big data resources to obtain a rating result;
and executing security management operation on the big data service communication terminal passing the verification according to the rating result.
In this embodiment, when the configured big data platform receives a data request sent by the big data service communication terminal, the second network configuration is adopted to perform real-time protection on the big data platform, and virus monitoring is performed through the second virus detection library.
In one possible embodiment, the identity information comprises a unique identification code of the big data service communication terminal;
the verifying the big data service communication terminal according to the identity information of the big data service communication terminal comprises the following steps:
and judging whether the unique identification code of the big data service communication terminal is in an authorization list of the big data platform, if so, judging that the big data service communication terminal passes the verification, and otherwise, judging that the big data service communication terminal does not pass the verification.
In one possible implementation, the transmitting the big data resource to the big data service communication terminal by using the encryption policy includes:
generating an encryption parameter and an encryption component, and encrypting the big data resource by adopting the encryption parameter and the encryption component to obtain the encrypted big data resource;
and transmitting the encrypted big data resource to a big data service communication terminal.
In the present embodiment, the encryption parameter refers to a public key.
In one possible embodiment, the generating step of the encryption component is:
representing a first attribute of a big data platform as a node of a multi-valued decision graph, and representing a first attribute value corresponding to the first attribute of the big data platform as an edge in the multi-valued decision graph, wherein each edge is connected with two different nodes to obtain the multi-valued decision graph containing a plurality of paths;
aiming at each path in a multi-value decision diagram, judging whether a first attribute value corresponding to each node in the path accords with a preset access authority, if so, judging the path to be an effective path, otherwise, judging the path to be an invalid path, wherein the access authority specifies the value range of the first attribute value corresponding to each first attribute;
an encryption component is generated for each active path in the multi-valued decision graph.
In this embodiment, the big data resource is encrypted by the public key, and the plurality of encryption components are embedded in the big data resource to obtain the encrypted big data resource, and at this time, a multi-valued decision diagram is embedded in the encrypted big data resource for subsequent judgment on whether to decrypt.
In one possible implementation, the rating results include safe, general, and unsafe; in this embodiment, a method for performing a rating operation on a big data resource is provided, and the method includes:
dividing each file in the big data resource into a plurality of file blocks with fixed sizes, and enabling K to represent the number of the file blocks;
acquiring the information entropy of each file block;
acquiring the number K of file blocks with the information entropy lower than a set first threshold, and dividing K by K to obtain the score of the big data resource;
according to the method, the score of each file in the big data resource is obtained, and the average score S is obtained;
setting a second threshold value and a third threshold value, wherein the second threshold value is smaller than the third threshold value;
and judging the big data resources with the average score S smaller than the second threshold value as safe, judging the big data resources with the average score S between the second threshold value and a third threshold value (including the second threshold value and the third threshold value) as normal, and judging the big data resources with the average score S larger than the third threshold value as unsafe.
The executing safety management operation on the big data service communication terminal passing the verification according to the rating result comprises the following steps:
if the rating result is safe, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission;
if the rating result is general, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission, and sending warning information to the big data service communication terminal;
if the rating result is unsafe, a decryption key is not generated, and decryption refusing information and warning information are sent to the big data service communication terminal;
the receiving a decryption request sent by a big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal to decrypt the encrypted big data resource transmission, includes:
receiving a decryption request sent by a big data service communication terminal, wherein the decryption request comprises a second attribute of the big data service communication terminal and a second attribute value corresponding to the second attribute;
and generating a decryption key according to the second attribute and a second attribute value corresponding to the second attribute, wherein the decryption key comprises a multi-value decision diagram for decryption.
Sending a decryption key to the big data service communication terminal;
and judging whether the decryption key is matched with an effective path in the multi-value decision diagram or not through the big data service communication terminal, if so, using the public key and the decryption key in a matching way to decrypt the encrypted big data resource, and if not, refusing to decrypt.
In this embodiment, the decryption key is paired with the public key for use, and the security of the big data resource is ensured by encrypting the big data resource by using an attribute encryption mechanism.
Example 2
As shown in fig. 2, the present embodiment provides a big data based network security management apparatus, which includes an obtaining module 21, an updating module 22, and a security management module 23.
The obtaining module 21 is configured to obtain first network protection information of the big data service communication terminal;
the updating module 22 is configured to update the second network protection information of the big data platform according to the first network protection information:
the security management module 23 is configured to execute a network security management operation by using the updated second network protection information, and complete a network security management process.
The network security management device based on big data provided by the application can be used as an execution main body of the technical scheme of the embodiment.
The network security management device based on big data provided by the application can execute the technical scheme described in embodiment 1, the implementation principle and the beneficial effect are similar, and the description is omitted here.
Example 3
As shown in fig. 3, the present embodiment provides a big data based network security management device, and the network security management device 30 may include a memory 31 and a processor 32, where the memory 31 and the processor 32 are connected to each other through a bus 33.
The memory 31 stores computer-executable instructions;
the processor 32 executes the computer-executable instructions stored in the memory, so that the processor executes a big data-based network security management method described in embodiment 1.
The network security management device based on big data provided by the application can execute the technical scheme described in embodiment 1, the implementation principle and the beneficial effect are similar, and the detailed description is omitted here.
Example 4
The embodiment of the present application provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are executed by a processor, the computer-readable storage medium is configured to implement the big data based network security management method described in embodiment 1.
Example 5
Embodiments of the present application may further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the method for managing network security based on big data according to embodiment 1 is implemented.
The invention provides a network security management method based on big data, which can further ensure the network security by dynamically configuring second network protection information corresponding to a big data platform and reduce the occurrence of data leakage when big data resources are acquired through the big data platform.
After the big data resources are obtained, the big data resources are graded, unsafe big data resources are filtered out, and therefore the big data service communication terminal is guaranteed to obtain data safely.
The invention encrypts the big data resource, and only the big data service communication terminal which accords with the encryption rule can obtain the correct decryption key, thereby filtering the big data service communication terminal, realizing one-to-one or one-to-many directional data transmission, and further ensuring the safety of data.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A network security management method based on big data is applied to a big data platform, the big data platform is in communication connection with a plurality of big data service communication terminals, and the method is characterized by comprising the following steps:
s1, acquiring first network protection information of the big data service communication terminal;
s2, updating second network protection information of the big data platform according to the first network protection information:
and S3, executing network security management operation by adopting the updated second network protection information, and completing the network security management process.
2. The big data based network security management method according to claim 1, wherein the first network defense information includes a first network configuration of the big data service communication terminal, a first virus detection library, the number of attacked times, and the number of successful defending times.
3. The big data based network security management method according to claim 2, wherein the updating the second network protection information of the big data platform according to the first network protection information comprises:
setting a protection success threshold value M;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the attacked times and the protection success times, if so, extracting the first network configuration and the first virus detection library of the big data service communication terminal, updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library, and otherwise, not updating the second network protection information of the big data platform.
4. The method for managing network security based on big data according to claim 3, wherein the determining whether the protection rate of the big data service communication terminal is greater than the protection success threshold M according to the attacked number of times and the protection success number of times includes:
dividing the successful protection times by the attacked times to obtain the protection rate corresponding to each big data service communication terminal;
and judging whether the protection rate of the big data service communication terminal is greater than a protection success threshold value M or not according to the obtained protection rate.
5. The big data based network security management method according to claim 3, wherein the second network defense information comprises a second network configuration and a second virus detection library;
the updating the second network protection information of the big data platform according to the extracted first network configuration and the first virus detection library comprises the following steps:
fusing the extracted first network configuration with a second network configuration in second network protection information to obtain a fused network configuration, and updating the second network configuration in the second network protection information by the fused network configuration;
and merging the data of the first virus detection library into a second virus detection library, cleaning the data, removing repeated data and finishing updating the second network protection information.
6. The big data-based network security management method according to claim 3, wherein the performing a network security management operation using the updated second network protection information includes:
configuring the big data platform by the updated second network protection information;
receiving a data request sent by a big data service communication terminal through a configured big data platform, wherein the data request comprises identity information of the big data service communication terminal and a network data request;
verifying the big data service communication terminal according to the identity information of the big data service communication terminal;
downloading big data resources from the network according to the network data request corresponding to the big data service communication terminal passing the verification;
transmitting the big data resources to a big data service communication terminal by adopting an encryption strategy, and carrying out rating operation on the big data resources to obtain a rating result;
and executing security management operation on the big data service communication terminal passing the verification according to the rating result.
7. The big data based network security management method according to claim 6, wherein the identity information comprises a unique identification code of the big data service communication terminal;
the verifying the big data service communication terminal according to the identity information of the big data service communication terminal comprises the following steps:
and judging whether the unique identification code of the big data service communication terminal is in an authorization list of the big data platform, if so, judging that the big data service communication terminal passes the verification, and otherwise, judging that the big data service communication terminal does not pass the verification.
8. The big data based network security management method according to claim 6, wherein the transmitting the big data resource to the big data service communication terminal by using the encryption policy comprises:
generating an encryption parameter and an encryption component, and encrypting the big data resource by adopting the encryption parameter and the encryption component to obtain the encrypted big data resource;
and transmitting the encrypted big data resource to a big data service communication terminal.
9. The big data based network security management method according to claim 8, wherein the generating step of the encryption component is:
representing a first attribute of a big data platform as a node of a multi-valued decision graph, and representing a first attribute value corresponding to the first attribute of the big data platform as an edge in the multi-valued decision graph, wherein each edge is connected with two different nodes to obtain the multi-valued decision graph containing a plurality of paths;
aiming at each path in a multi-value decision diagram, judging whether a first attribute value corresponding to each node in the path accords with a preset access authority, if so, judging the path to be an effective path, otherwise, judging the path to be an invalid path, wherein the access authority specifies the value range of the first attribute value corresponding to each first attribute;
an encryption component is generated for each active path in the multi-valued decision graph.
10. The big data based network security management method according to claim 9, wherein the rating results comprise secure, general and insecure;
the executing safety management operation on the big data service communication terminal passing the verification according to the rating result comprises the following steps:
if the rating result is safe, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission;
if the rating result is general, receiving a decryption request sent by the big data service communication terminal, generating a decryption key according to the decryption request, sending the decryption key to the big data service communication terminal so as to decrypt the encrypted big data resource transmission, and sending warning information to the big data service communication terminal;
if the rating result is unsafe, a decryption key is not generated, and decryption refusing information and warning information are sent to the big data service communication terminal;
the receiving a decryption request sent by a big data service communication terminal, generating a decryption key according to the decryption request, and sending the decryption key to the big data service communication terminal to decrypt the encrypted big data resource transmission, includes:
receiving a decryption request sent by a big data service communication terminal, wherein the decryption request comprises a second attribute of the big data service communication terminal and a second attribute value corresponding to the second attribute;
generating a decryption key according to the second attribute and a second attribute value corresponding to the second attribute;
sending a decryption key to the big data service communication terminal;
and judging whether the decryption key is matched with an effective path in the multi-valued decision diagram or not through the big data service communication terminal, if so, decrypting the encrypted big data resource, and otherwise, refusing to decrypt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210052338.6A CN114500020B (en) | 2022-01-18 | 2022-01-18 | Network security management method based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210052338.6A CN114500020B (en) | 2022-01-18 | 2022-01-18 | Network security management method based on big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500020A true CN114500020A (en) | 2022-05-13 |
| CN114500020B CN114500020B (en) | 2024-01-16 |
Family
ID=81512476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210052338.6A Active CN114500020B (en) | 2022-01-18 | 2022-01-18 | Network security management method based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500020B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117336097A (en) * | 2023-11-16 | 2024-01-02 | 国网江苏省电力有限公司信息通信分公司 | Network information security management method and system based on big data |
| CN117336097B (en) * | 2023-11-16 | 2024-04-26 | 国网江苏省电力有限公司信息通信分公司 | Network information security management method and system based on big data |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471842A (en) * | 2015-11-13 | 2016-04-06 | 四川九成信息技术有限公司 | Network safety analysis method under big data environment |
| CN107835177A (en) * | 2017-11-10 | 2018-03-23 | 上海携程商务有限公司 | Method, system, equipment and the storage medium of antivirus protection |
| KR20180041840A (en) * | 2016-10-17 | 2018-04-25 | 권오준 | System and Method for Secure Communication, Guard System and Client Terminal Therefor |
| CN109359475A (en) * | 2018-10-18 | 2019-02-19 | 桂林电子科技大学 | A kind of ciphertext policy ABE base encryption method for supporting multi-valued attribute |
| CN112073422A (en) * | 2020-09-15 | 2020-12-11 | 南方电网科学研究院有限责任公司 | Intelligent home protection system and protection method thereof |
| CN112270012A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Device, method and system for distributed data security protection |
| CN112953918A (en) * | 2021-01-29 | 2021-06-11 | 李阳 | Network attack protection method combined with big data server and big data protection equipment |
-
2022
- 2022-01-18 CN CN202210052338.6A patent/CN114500020B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471842A (en) * | 2015-11-13 | 2016-04-06 | 四川九成信息技术有限公司 | Network safety analysis method under big data environment |
| KR20180041840A (en) * | 2016-10-17 | 2018-04-25 | 권오준 | System and Method for Secure Communication, Guard System and Client Terminal Therefor |
| CN107835177A (en) * | 2017-11-10 | 2018-03-23 | 上海携程商务有限公司 | Method, system, equipment and the storage medium of antivirus protection |
| CN109359475A (en) * | 2018-10-18 | 2019-02-19 | 桂林电子科技大学 | A kind of ciphertext policy ABE base encryption method for supporting multi-valued attribute |
| CN112073422A (en) * | 2020-09-15 | 2020-12-11 | 南方电网科学研究院有限责任公司 | Intelligent home protection system and protection method thereof |
| CN112270012A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Device, method and system for distributed data security protection |
| CN112953918A (en) * | 2021-01-29 | 2021-06-11 | 李阳 | Network attack protection method combined with big data server and big data protection equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117336097A (en) * | 2023-11-16 | 2024-01-02 | 国网江苏省电力有限公司信息通信分公司 | Network information security management method and system based on big data |
| CN117336097B (en) * | 2023-11-16 | 2024-04-26 | 国网江苏省电力有限公司信息通信分公司 | Network information security management method and system based on big data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500020B (en) | 2024-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3457309B1 (en) | Processing method for presenting copy attack, and server and client | |
| CN109190384B (en) | Multi-center block chain fusing protection system and method | |
| CN107733636B (en) | Authentication method and authentication system | |
| KR20210015264A (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF USING WHITE-BOX CRYPTOGRAPHY | |
| CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
| CN110557246A (en) | Anti-quantum-computation access control method and system based on disposable asymmetric key pair and movable identity recognition device | |
| CN111148094A (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| KR102364649B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| CN114915504A (en) | Security chip initial authentication method and system | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN112769789B (en) | Encryption communication method and system | |
| CN111291398B (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
| CN114500020B (en) | Network security management method based on big data | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN105100030B (en) | Access control method, system and device | |
| CN112995140B (en) | Safety management system and method | |
| KR102539418B1 (en) | Apparatus and method for mutual authentication based on physical unclonable function | |
| CN115001865A (en) | Communication processing method and system, client, communication server and supervision server | |
| CN110933028B (en) | Message transmission method, device, network equipment and storage medium | |
| CN112422292B (en) | Network security protection method, system, equipment and storage medium | |
| CN109743167A (en) | The safe identification authentication method of big data based on block chain | |
| CN111523128A (en) | Information protection method, system, electronic device and medium | |
| Vailoces et al. | Securing the Electric Vehicle Charging Infrastructure: An In-Depth Analysis of Vulnerabilities and Countermeasures | |
| Kim et al. | Secure IoT Device Authentication Scheme using Key Hiding Technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |