CN114598740B - Micro-isolation data grabbing method and system - Google Patents
Micro-isolation data grabbing method and system Download PDFInfo
- Publication number
- CN114598740B CN114598740B CN202210211636.5A CN202210211636A CN114598740B CN 114598740 B CN114598740 B CN 114598740B CN 202210211636 A CN202210211636 A CN 202210211636A CN 114598740 B CN114598740 B CN 114598740B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- function
- micro
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000002955 isolation Methods 0.000 title description 5
- 230000005540 biological transmission Effects 0.000 claims abstract description 46
- 238000004891 communication Methods 0.000 claims abstract description 28
- 230000006870 function Effects 0.000 claims description 51
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000009193 crawling Effects 0.000 claims 3
- 238000013481 data capture Methods 0.000 claims 1
- 230000011218 segmentation Effects 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 17
- 238000013461 design Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 208000024780 Urticaria Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The invention provides a micro-isolated data grabbing method and a micro-isolated data grabbing system, wherein the micro-isolated data grabbing system comprises: parameter setting module: the method comprises the steps of setting parameter information for capturing data, wherein the parameter information comprises a pushing period, an intranet network segment and a communication port; the flow acquisition module is used for: the method comprises the steps of acquiring uplink and downlink flow between host service ports, accumulating the acquired quantity packets, and converting the accumulated quantity packets into flow; connection number acquisition module: the method is used for acquiring the connection condition between the host computer services and realizing the acquisition of the connection times between the service ports; and a data transmission module: the method is used for establishing a transmission channel to realize effective transmission of the captured data. The micro-isolated data grabbing system is more beneficial to centralized management and maintenance, can update strategies in real time, is low in cost, does not need to build a firewall for each staggered node, can realize unified centralized management, and is convenient to operate.
Description
Technical Field
The invention relates to the field of data processing, in particular to a micro-isolated data grabbing method and a micro-isolated data grabbing system.
Background
With the rapid development of cloud computing and virtualization technologies, more and more enterprises migrate data and services to cloud computing environments. Cloud computing workloads containing sensitive data and services, network boundaries become blurred in cloud environments, and traditional firewall, WAF, IPS and other endpoint security and network security means appear to catch the forepart in cloud environments.
The data in the north-south direction in the cloud environment can be isolated from the network through the policy rules of the firewall, and the data in the east-west direction can bypass the firewall. In the past, network isolation was mainly done by firewalls, virtual local networks and access control lists. Conventional firewalls typically have corresponding policies configured at the time of deployment of the firewall on-line, firewall isolation, policy management and isolation actions all take place on the firewall device. No substantial adjustments are made throughout the firewall lifecycle. Thus this approach does not allow for updating policies in real time based on changing network environments. And the cost is relatively high, and a firewall needs to be built at each staggered node, so that the cost is increased, and the agility is reduced.
In view of this, the present invention has been made.
Disclosure of Invention
In view of the above, the invention discloses a micro-isolated data capturing method and a system, which can realize that the micro-isolated data capturing method and the system can be taken out from each scattered control point and then placed in a unified and concentrated place for design, management and maintenance, are more beneficial to centralized management and maintenance, can realize real-time updating strategy, have low cost, do not need to build a firewall at each staggered node, can realize unified and centralized management, and are convenient to operate.
Specifically, the invention is realized by the following technical scheme:
in a first aspect, the invention discloses a micro-isolated data grabbing system, comprising:
parameter setting module: the method comprises the steps of setting parameter information for capturing data, wherein the parameter information comprises a pushing period, an intranet network segment and a communication port;
the flow acquisition module is used for: the method comprises the steps of acquiring uplink and downlink flow between host service ports, accumulating the acquired quantity packets, and converting the accumulated quantity packets into flow;
connection number acquisition module: the method is used for acquiring the connection condition between the host computer services and realizing the acquisition of the connection times between the service ports;
and a data transmission module: the method is used for establishing a transmission channel to realize effective transmission of the captured data.
In a second aspect, the invention discloses a micro-isolated data grabbing method, which comprises the following steps:
s11, after starting an issuing instruction, extracting parameter information of issuing setting according to information in the issuing instruction analysis instruction;
s12, starting a flow acquisition function and a connection number acquisition function to acquire connection times among the service ports of the host, and then calculating connection frequency of the service ports to set an intranet section so as to judge connection conditions of the ports of the host and an extranet;
s13, starting a transmission function, and establishing a transmission channel according to the set communication port to realize the transmission of the captured data.
In a third aspect, the present invention discloses a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the micro-isolated data grabbing method as described in the second aspect.
In a fourth aspect, the present invention discloses a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the micro-isolated data grabbing method according to the second aspect when executing the program.
The micro-isolated data grabbing method and the micro-isolated data grabbing system can realize the design, the management and the maintenance of the micro-isolated data grabbing system which are taken out from each scattered control point and then placed in a unified and concentrated place, are more beneficial to the centralized management and the maintenance, can realize the real-time updating of strategies, are low in cost, do not need to build a firewall at each staggered node, can realize the unified and concentrated management, and are convenient to operate.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a schematic diagram of a micro-isolated data grabbing system according to an embodiment of the present invention;
fig. 2 is a flow chart of a micro-isolated data grabbing method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a policy configuration method according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of a computer device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
Referring to fig. 1, the invention discloses a micro-isolated data capturing system, which comprises:
parameter setting module: the method comprises the steps of setting parameter information for capturing data, wherein the parameter information comprises a pushing period, an intranet network segment and a communication port;
the flow acquisition module is used for: the method comprises the steps of acquiring uplink and downlink flow between host service ports, accumulating the acquired quantity packets, and converting the accumulated quantity packets into flow;
connection number acquisition module: the method is used for acquiring the connection condition between the host computer services and realizing the acquisition of the connection times between the service ports;
and a data transmission module: the method is used for establishing a transmission channel to realize effective transmission of the captured data.
The system mainly comprises the modules, unified and centralized management and maintenance of control points are well achieved through construction of the system, centralized management and maintenance are facilitated, a real-time updating strategy can be achieved, the cost is low, a firewall is not required to be constructed for each staggered node, unified and centralized management can be achieved, and operation is convenient.
In the implementation, each module may be implemented as an independent entity, or may be combined arbitrarily, and implemented as the same entity or several entities, and the implementation of each unit may be referred to the foregoing method embodiment, which is not described herein again.
The invention designs a grabbing scheme aiming at data of traffic and connection frequency among host services, supports detection of long and short connection, and realizes the grabbing function of data among service ports.
The invention provides a control scheme for inbound and outbound flow between host networks, which supports ip, tcp, udp and icmp protocols of IPv4 and IPv6 versions; and judging whether the ip address of the host is a source or a destination ip address in the strategy by issuing a strategy to the host, generating two rules by the strategy, respectively loading the two rules into a rule control module in the kernel, blocking and passing the rules through the rule control module, and further realizing the control of the host entering and exiting.
Preferably, the micro-isolated data capturing system further comprises the following modules:
kernel communication module: the rule control module is used for sending the generated rule to the rule control module and reporting the rule log matched with the rule control module;
and a strategy setting module: the inbound and outbound rules are generated according to the strategy and issued to the kernel communication module;
rule control module: the function used for hijacking the network in and out through the filter is used for carrying out matching searching on the network which flows in and out;
and a log module: the log information is used for recording the inbound and outbound information to which the log information is matched and feeding the inbound and outbound information back to the user.
In addition, the micro-isolated data grabbing module of the invention also relates to the following modules:
preferably, the system also comprises a function starting control module; the function opening control module is used for controlling the grabbing function of opening or closing data.
Preferably, the system also comprises a monitoring function module; the monitoring function module is used for monitoring the running state of data transmission and has the function of restarting the data transmission.
Preferably, the system also comprises a configuration storage module; the configuration storage module is used for storing the set data pushing period, the intranet network segment and the communication port information in the configuration file.
The micro-isolated data grabbing system of the present invention as shown in fig. 1 comprises: the system comprises a function starting control module, a parameter setting module, a flow acquisition module, a connection number acquisition module, a data transmission module, a monitoring module (not shown in the figure), a configuration storage function module, a kernel communication module, a strategy setting module, a rule control module and a log module. After the function is started, the configuration storage module stores the setting parameters, the flow acquisition and connection number acquisition module acquires corresponding data, and the transmission module transmits the acquired data. The monitoring module monitors the connection state of the transmission channel established by the data transmission module in real time and has the function of discovering the abnormal restarting data transmission channel. The parameter setting module supports parameter setting and invokes the configuration saving module to complete parameter saving. The policy setting module generates corresponding outbound rules which can be identified by the rule control module according to the corresponding policies and calls the kernel communication module to issue the inbound rules to the rule control module so as to take effect. The log module records log information in the whole course.
Hereinafter, the operation steps of the above modules and functional units will be described in detail:
and (one) a function starting control module:
and controlling to start or close a data grabbing function and controlling a main switch of the function.
And (II) a parameter setting module:
(1) Setting a data pushing period parameter, which is used for setting a grabbing data pushing period after the function is started;
(2) The method comprises the steps of setting parameters of an intranet segment, configuring the intranet segment after a function is started, and judging whether a certain service port is connected with an extranet or not;
(3) And the communication port parameter setting is used for setting a communication port for grabbing data transmission after the function is started.
And (III) a flow acquisition module:
(1) Acquiring information of a host physical network card;
(2) And monitoring the physical network card, capturing the data packet passing through the network card, accumulating the lengths of the data packets, and converting the accumulated lengths of the data packets into flow.
And (IV) a connection number acquisition module:
the function of obtaining the connection times between the service ports is realized by obtaining the connection conditions between the host services.
And (V) a data transmission module:
(1) Establishing a stable transmission link;
(2) Real-time effective transmission of a large amount of grabbing data is realized by designating a transmission port;
and (six) a monitoring functional module:
the running state of the data transmission module is monitored in real time, the function of restarting the data transmission module is achieved, and the stability of a transmission data link is guaranteed.
And (seventh) a configuration storage module:
and storing the set data pushing period, the intranet network segment and the communication port information in a configuration file.
And (eight) a kernel communication module:
and sending the inbound/outbound rule generated by the user mode to a kernel rule control module, and reporting the log matched with the rule generated in the kernel rule control module to the user mode.
And (nine) a strategy setting module:
and generating inbound and outbound rules identified by the kernel-mode rule control module by using the strategy issued by the management end, and issuing the inbound and outbound rules to the kernel module.
And (ten) a rule control module:
and storing the inbound and outbound rules generated by the user mode into the module. And then respectively carrying out matching search on the data packet passing through the host computer at the network layer and the transmission layer. Realizing the control of the flow of the in-out station.
(eleventh) log module:
(1) Log information is recorded.
(2) And feeding back the inbound and outbound related information matched with the rules to the user.
In addition, the invention also provides a micro-isolated data capturing method, as shown in fig. 2, which specifically comprises the following steps:
s11, after starting an issuing instruction, extracting parameter information of issuing setting according to information in the issuing instruction analysis instruction;
s12, starting a flow acquisition function and a connection number acquisition function to acquire connection times among the service ports of the host, and then calculating connection frequency of the service ports to set an intranet section so as to judge connection conditions of the ports of the host and an extranet;
s13, starting a transmission function, and establishing a transmission channel according to the set communication port to realize the transmission of the captured data.
Preferably, as a further implementation manner, the step S13 further includes the following steps:
s14, extracting the primary flow data A and the connection number data B at intervals according to the pushing period parameters in the parameter information, combining and packaging the data A and the data B, encrypting the data A and the data B to form data C, and transmitting the processed data C.
The invention also includes a method for configuring the strategy, particularly as shown in fig. 3, the method for configuring the strategy includes the following steps:
s21, generating a proper entering and exiting rule for whether the received strategy is a source address or a destination address of the strategy;
s22, issuing the generated rule and storing the rule in a red-black tree;
s23, matching the network which flows in and flows out through a function in the network ingress and egress hijack by a filter, and generating log information at a place where the rule is matched and feeding back the log information to the user.
In actual operation, when the data grabbing and policy configuration process is performed, the specific process is as follows:
the specific operation procedure of the data grabbing function is shown in fig. 2:
(1) After the management end (the control switch instruction is issued by the control end and is called as the management end herein), the proxy end (the function arrangement end of the invention is called as the proxy end herein) receives the opening and issuing instruction.
(2) Analyzing information in the opening instruction, extracting parameter data which are set by issuing, including a data pushing period, an intranet network segment and a communication port, and storing the parameter information into a configuration file
(3) Starting a flow acquisition function to acquire uplink and downlink flows among the host service ports; starting a connection number acquisition function, acquiring connection times among the host service ports, calculating the connection frequency of the service ports according to the detected long and short connection, and judging the connection condition of the host ports and the external network according to the set internal network segment; and starting a transmission function, and establishing a transmission channel according to the set communication port and the management end, wherein the transmission channel is used for realizing the transmission of the captured data.
(4) And extracting the flow data A and the connection number data B once at intervals of the pushing period time according to the set pushing data period parameters, combining and packaging the data A and the data B, and then encrypting the data A and the data B to form data C.
(5) And sending the processed data C to a management end through a transmission channel.
(6) Repeating the steps (4) and (5).
The closing operation of the data grabbing function comprises the following steps:
(1) After the management end issues the closing instruction, the proxy end receives the closing issuing instruction.
(2) And saving the closing state information into a configuration file.
(3) Exit the flow collection function, exit the connection number collection function, exit the data transmission function.
The specific operation procedure of the policy configuration is shown in fig. 3:
(1) The management end issues the strategy, and the proxy end generates the ingress and egress rules suitable for the rule control module according to whether the local address is the source address or the destination address of the strategy.
(2) And issuing the generated rule to a rule control module through a kernel communication module and storing the rule in the red-black tree.
(3) The kernel rule control module hives the functions in the network in-out station through a filter (Linux kernel firewall framework) to match the network flowing into and out of the host computer, and generates log information at the place where the rule is matched and feeds the log information back to the user.
The operation flow of the shutdown strategy function is as follows:
(1) Rules and policies stored in the user state are purged.
(2) And unloading the kernel rule control module.
Fig. 4 is a schematic structural diagram of a computer device according to the present disclosure. Referring to FIG. 4, the computer device 400 includes at least a memory 402 and a processor 401; the memory 402 is connected to the processor through a communication bus 403, and is configured to store computer instructions executable by the processor 401, where the processor 401 is configured to read the computer instructions from the memory 402 to implement the steps of the micro-isolated data grabbing method described in any of the above embodiments.
For the above-described device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the objectives of the disclosed solution. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices including, for example, semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., internal magnetic disks or removable disks), magneto-optical disks, and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
Finally, it should be noted that: while this specification contains many specific implementation details, these should not be construed as limitations on the scope of any invention or of what may be claimed, but rather as descriptions of features of specific embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. On the other hand, the various features described in the individual embodiments may also be implemented separately in the various embodiments or in any suitable subcombination. Furthermore, although features may be acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Similarly, although operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. Furthermore, the processes depicted in the accompanying drawings are not necessarily required to be in the particular order shown, or sequential order, to achieve desirable results. In some implementations, multitasking and parallel processing may be advantageous.
The foregoing description of the preferred embodiments of the present disclosure is not intended to limit the disclosure, but rather to cover all modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present disclosure.
Claims (5)
1. A micro-isolated data capture system, comprising:
function opening control module: the control opens or closes the grabbing function of the data, the master switch of the function of control, issue and open the order or close the order through the administrative end;
parameter setting module: the method comprises the steps of setting parameter information for capturing data, wherein the parameter information comprises a data pushing period, an intranet network segment and a communication port;
setting a data pushing period parameter, which is used for setting a grabbing data pushing period after the function is started;
the method comprises the steps of setting parameters of an intranet segment, configuring the intranet segment after a function is started, and judging whether a certain service port is connected with an extranet or not;
setting communication port parameters, which are used for setting communication ports for grabbing data transmission after the function is started;
configuration saving module: the method comprises the steps of storing set data pushing period, intranet network segment and communication port information in a configuration file;
the flow acquisition module is used for: the method comprises the steps of acquiring uplink and downlink flows between host service ports, accumulating the acquired data packets, and converting the accumulated data packets into flows;
connection number acquisition module: the method is used for acquiring the connection condition between the service ports of the host computer and realizing the acquisition of the connection times between the service ports;
and a data transmission module: the system is used for establishing a transmission channel according to the set communication port and the management end to realize real-time effective transmission of the captured data;
and the monitoring function module: the system is used for monitoring the running state of data transmission and has the function of restarting the data transmission;
and a strategy setting module: the system comprises a core communication module, a management terminal, a control terminal and a control terminal, wherein the core communication module is used for receiving a policy issued by the management terminal;
kernel communication module: the system comprises a rule control module, a log generation module, a rule generation module and a log generation module, wherein the rule control module is used for generating an inbound and outbound rule;
rule control module: storing inbound and outbound rules received by the kernel communication module, and carrying out matching search on the network which flows in and flows out through a function in network inbound and outbound hijack;
and a log module: the log information is used for recording log information, and the inbound and outbound information matched with the rules is fed back to the user.
2. A micro-isolated data crawling method according to claim 1, comprising the steps of:
s11, after the management end issues an opening instruction, the micro-isolated data grabbing system receives the opening instruction issued by the management end;
s12, analyzing information in the opening instruction, extracting parameter information set by issuing, and storing the parameter information in a configuration file;
s13, starting a flow acquisition function to acquire uplink and downlink flows between the host service ports; starting a connection number acquisition function to acquire connection times among the host service ports, and then calculating connection frequency of the service ports to set an intranet network segment so as to judge connection conditions of the host service ports and an extranet;
s14, starting a transmission function, and establishing a transmission channel according to the set communication port and the management end so as to realize the transmission of the captured data;
s15, extracting flow data A and connection data B once according to push period parameters in the set parameter information at intervals of push period time, combining and packaging the data A and the data B, encrypting the data A and the data B to form data C, and transmitting the processed data C.
3. The micro-isolated data grabbing method according to claim 2, further comprising a policy configuration method, wherein the policy configuration method comprises the following steps:
s21, the management end issues a strategy, and the proxy end generates an outbound rule suitable for the rule control module according to whether the received strategy is a source address or a destination address of the strategy;
s22, issuing the generated rule and storing the rule in a red-black tree;
s23, matching the network which flows in and flows out through a function in the network ingress and egress hijack by a filter, and generating log information at a place where the rule is matched and feeding back the log information to the user.
4. A computer readable storage medium having stored thereon a computer program, characterized in that the program when executed implements the steps of the micro-isolated data crawling method of any of claims 2-3.
5. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the micro-isolated data crawling method of any of claims 2-3 when said program is executed by said processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210211636.5A CN114598740B (en) | 2022-03-04 | 2022-03-04 | Micro-isolation data grabbing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210211636.5A CN114598740B (en) | 2022-03-04 | 2022-03-04 | Micro-isolation data grabbing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114598740A CN114598740A (en) | 2022-06-07 |
| CN114598740B true CN114598740B (en) | 2024-02-02 |
Family
ID=81814870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210211636.5A Active CN114598740B (en) | 2022-03-04 | 2022-03-04 | Micro-isolation data grabbing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598740B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514583B (en) * | 2022-11-21 | 2023-03-24 | 北京长亭未来科技有限公司 | Flow acquisition and blocking method, system, equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
| CN107645542A (en) * | 2017-09-03 | 2018-01-30 | 中国南方电网有限责任公司 | A kind of data acquisition device applied to cloud auditing system |
| CN108898012A (en) * | 2018-05-23 | 2018-11-27 | 华为技术有限公司 | The method and apparatus for detecting illegal program |
| KR101951208B1 (en) * | 2018-09-28 | 2019-02-25 | 주식회사 루터스시스템 | A firewall system for monitoring network traffic by using firewall agent |
| CN110378103A (en) * | 2019-07-22 | 2019-10-25 | 电子科技大学 | A kind of micro- isolating and protecting method and system based on OpenFlow agreement |
| CN111813752A (en) * | 2020-07-01 | 2020-10-23 | 四川长虹电器股份有限公司 | Method and system for acquiring rdp blasting attack source |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN113783871A (en) * | 2021-09-09 | 2021-12-10 | 云南电网有限责任公司信息中心 | Micro-isolation protection system adopting zero trust architecture and protection method thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7937756B2 (en) * | 2005-08-19 | 2011-05-03 | Cpacket Networks, Inc. | Apparatus and method for facilitating network security |
| US10484332B2 (en) * | 2016-12-02 | 2019-11-19 | Vmware, Inc. | Application based network traffic management |
-
2022
- 2022-03-04 CN CN202210211636.5A patent/CN114598740B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
| CN107645542A (en) * | 2017-09-03 | 2018-01-30 | 中国南方电网有限责任公司 | A kind of data acquisition device applied to cloud auditing system |
| CN108898012A (en) * | 2018-05-23 | 2018-11-27 | 华为技术有限公司 | The method and apparatus for detecting illegal program |
| KR101951208B1 (en) * | 2018-09-28 | 2019-02-25 | 주식회사 루터스시스템 | A firewall system for monitoring network traffic by using firewall agent |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN110378103A (en) * | 2019-07-22 | 2019-10-25 | 电子科技大学 | A kind of micro- isolating and protecting method and system based on OpenFlow agreement |
| CN111813752A (en) * | 2020-07-01 | 2020-10-23 | 四川长虹电器股份有限公司 | Method and system for acquiring rdp blasting attack source |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN113783871A (en) * | 2021-09-09 | 2021-12-10 | 云南电网有限责任公司信息中心 | Micro-isolation protection system adopting zero trust architecture and protection method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114598740A (en) | 2022-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10397260B2 (en) | Network system | |
| CN1875585B (en) | Dynamic unknown L2 flooding control with MAC limits | |
| CN105493450B (en) | The method and system of service exception in dynamic detection network | |
| US11677719B2 (en) | Firewall in a virtualized computing environment using physical network interface controller (PNIC) level firewall rules | |
| EP2845350B1 (en) | Method and apparatus for providing tenant information for network flows | |
| US9565120B2 (en) | Method and system for performing distributed deep-packet inspection | |
| US8804747B2 (en) | Network interface controller for virtual and distributed services | |
| US8326961B2 (en) | Intelligent integrated network security device for high-availability applications | |
| US9917783B2 (en) | Method, system and non-transitory computer readable medium for profiling network traffic of a network | |
| US10735282B1 (en) | Apparatus, system, and method for debugging network devices based on the contents of dropped packets | |
| CN105103496A (en) | System and method for extracting and preserving metadata for analyzing network communications | |
| CN114598740B (en) | Micro-isolation data grabbing method and system | |
| CN105827629B (en) | Software definition safe flow guide device and its implementation under cloud computing environment | |
| CN108737217B (en) | Packet capturing method and device | |
| CN111092840B (en) | Processing strategy generation method, system and storage medium | |
| CN109309591B (en) | Traffic data statistical method, electronic device and storage medium | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| CN108174400A (en) | Data processing method and system, the equipment of a kind of terminal device | |
| Coppens et al. | Scampi-a scaleable monitoring platform for the internet | |
| EP3101843B1 (en) | Capturing network data to provide to a data analyser | |
| CN117040788A (en) | Data pipeline filtering method and device implemented in DCS domain separator | |
| KR102024530B1 (en) | Apparatus and method for integrated collecting of network data | |
| CN114553546B (en) | Message grabbing method and device based on network application | |
| Liu et al. | Next generation internet traffic monitoring system based on netflow | |
| US20220006712A1 (en) | System and method for monitoring ingress/egress packets at a network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |