CN115065546A - Active anti-attack network security protection system and method - Google Patents

Active anti-attack network security protection system and method Download PDF

Info

Publication number
CN115065546A
CN115065546A CN202210795601.0A CN202210795601A CN115065546A CN 115065546 A CN115065546 A CN 115065546A CN 202210795601 A CN202210795601 A CN 202210795601A CN 115065546 A CN115065546 A CN 115065546A
Authority
CN
China
Prior art keywords
data
application server
single application
running
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210795601.0A
Other languages
Chinese (zh)
Inventor
左瑞山
王男
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Aurora Intelligent Technology Co ltd
Original Assignee
Shandong Aurora Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Aurora Intelligent Technology Co ltd filed Critical Shandong Aurora Intelligent Technology Co ltd
Priority to CN202210795601.0A priority Critical patent/CN115065546A/en
Publication of CN115065546A publication Critical patent/CN115065546A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a system and a method for actively preventing network security from being attacked. The invention relates to the technical field of network security. The active anti-attack network security protection method comprises the following steps: the method comprises the steps of obtaining dynamic safety data and operation data of a server, wherein the server comprises a single application server and a micro-service framework, if the dynamic safety data are abnormal, backing up the operation data to obtain operation backup data of the single application server, switching the operation data to the micro-service framework for operation, switching the system operation to a micro-service framework system when the abnormal problem is found, carrying out diagnosis analysis and detection on the single application server, and switching the system operation back to the single application server after the single application server operates normally to solve the problem that the whole normal operation is influenced once a network is attacked.

Description

Active anti-attack network security protection system and method
Technical Field
The invention relates to the technical field of network security, in particular to an active anti-attack network security protection system and method.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. The computer communication network is a system which interconnects a plurality of computers with independent functions through communication equipment and transmission media and realizes information transmission and exchange among the computers under the support of communication software. The computer network is a system that connects a plurality of independent computer systems, terminals, and data devices, which are relatively dispersed geographically, by a communication means for the purpose of sharing resources, and performs data exchange under the control of a protocol. The fundamental purpose of computer networks is resource sharing, and communication networks are the way to implement network resource sharing, so that computer networks are secure, and corresponding computer communication networks must also be secure, and information exchange and resource sharing should be implemented for network users. Network security can be defined as: a network system is not threatened or infringed and can normally realize the function of resource sharing. In order to enable the network to normally realize the resource sharing function, firstly, the hardware and the software of the network are ensured to normally operate, and then, the safety of data information exchange is ensured. Once the current network is attacked, the overall normal operation is affected. In order to improve the security of the network, it is necessary to develop an active network security protection system and method.
Disclosure of Invention
The invention aims to provide a system and a method for actively preventing network from being attacked so as to solve the problem that once a network is attacked, the whole normal operation is affected.
The invention provides a method for actively preventing network security from being attacked, which comprises the following steps:
acquiring dynamic security data and operation data of a server, wherein the server comprises a single application server and a micro-service framework;
if the dynamic security data are abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to a micro-service framework for running;
calculating the micro-service framework operation data through a privacy calculation model to obtain encrypted operation data;
calling single application server running backup data, wherein the single application server running backup data comprises log data;
and constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
Further, if the dynamic security data is abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to the micro-service framework for running, including:
carrying out user behavior detection on the dynamic security abnormal data to obtain a user behavior detection analysis result;
according to the user behavior detection analysis result, if the user behavior detection analysis result is negative, starting an early warning strategy analysis model, wherein the early warning strategy analysis model comprises a pre-stored virus knowledge database;
and substituting the dynamic security abnormal data into the early warning strategy analysis model to obtain an early warning analysis result, matching the early warning analysis result with a pre-stored virus knowledge database, and backing up the operation data if the matching fails.
Further, calculating the micro service framework operation data through a privacy calculation model to obtain encrypted operation data, wherein the encrypted operation data comprises the encryption operation data;
storing the operation data to a block chain, generating a corresponding hash value and marking the hash value on the operation data of the micro service frame, and generating an operation data resource package;
and calculating the running data resource package through a preset privacy calculation model to obtain encrypted running data.
Furthermore, the calling unit application server and the single application server run the backup data, and the single application server run the backup data including the log data, including:
storing the running backup data of the single application server to a block chain, generating a data backup hash value, and backing up the data backup hash value;
constructing a data query database according to the data backup hash value;
and inquiring corresponding data in the data inquiry database and feeding back to the application terminal.
Further, a virus analysis detection model is established according to the log data, and if the single application server is qualified in detection, the operation data is adjusted to the operation of the single application server, including:
the virus analysis and detection model comprises a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model;
sequentially bringing the log data into a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model to obtain a data detection analysis result;
and carrying out a data qualification classification rule according to the data detection and analysis result, classifying the data detection and analysis result to obtain a data detection and analysis result, and adjusting the operation data to the operation of the single application server if the single application server is qualified.
Further, the method further comprises:
the dynamic security data and the operation data are encrypted at a sending end of the dynamic security data and the operation data through an encryption algorithm, and decrypted at a receiving end of the dynamic security data and the operation data, so that a server port is hidden on the Internet, and attacks on the server and the network by cracking transmission contents are avoided.
The invention provides a network safety protection system for active anti-attack, comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring dynamic security data and operation data of a server, and the server comprises a single application server and a micro-service framework;
the backup unit is used for backing up the running data to obtain running backup data of a single application server and switching the running data to the micro-service framework to run if the dynamic security data are abnormal;
the computing unit is used for computing the micro-service framework operation data through a privacy computing model to obtain encrypted privacy computing data and encrypted operation data;
the system comprises a calling unit, a storage unit and a processing unit, wherein the calling unit is used for calling the running backup data of a single application server, and the running backup data of the single application server comprises log data;
and the detection unit is used for constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
The invention has the following beneficial effects: the invention provides a system and a method for actively preventing network security from being attacked, which are used for obtaining dynamic security data and running data of a server, wherein the server comprises a single application server and a micro-service framework; if the dynamic security data are abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to a micro-service framework for running; calculating the micro-service framework operation data through a privacy calculation model to obtain encrypted privacy calculation data and encrypted operation data; calling single application server running backup data, wherein the single application server running backup data comprises log data; establishing a virus analysis detection model according to the log data, and if the single application server is qualified in detection, adjusting the operation data to the operation of the single application server; the method has the effect of ensuring the network security, and solves the problem that once the network is attacked, the whole normal operation is affected.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without any inventive exercise.
Fig. 1 is a flowchart of a method for actively preventing network security protection from attack according to an embodiment of the present invention;
fig. 2 is a flowchart of step S102 of the active anti-attack network security protection method according to the embodiment of the present invention;
fig. 3 is a flowchart of an active anti-attack network security protection method S103 according to an embodiment of the present invention;
fig. 4 is a flowchart of the active anti-attack network security protection method S104 according to the embodiment of the present invention;
fig. 5 is a flowchart of the active anti-attack network security protection method S105 according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The technical solutions provided by the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Referring to fig. 1, the present invention provides an active network security protection method, including:
s101, acquiring dynamic security data and operation data of a server, wherein the server comprises a single application server and a micro-service framework;
the microservice architecture is a new technology for deploying applications and services in the cloud. Microservices may communicate with HTTP-type APIs through "lightweight devices". The key is that the service can run in its own program. In the micro-service architecture, only the required functions need to be added in a specific certain service, and the architecture of the whole process is not influenced.
A single application server means that all programs are in one project; like in the period of project architecture with SSM and SSH, the project is made into a war packet to run on the server. This war package contains all the system functions of the application, and such a project shelf is called a single application server.
The application of a single application server is relatively easy to deploy and test, and the single application server can well run at the early stage of a project. But with the development of projects and the addition of developers. The amount of code increases sharply; the single body application also becomes more and more bloated, the maintainability and the flexibility are gradually reduced, the maintenance cost is higher and higher, and the single body application is difficult to be quickly and successfully maintained once encountering network attack.
S102, if the dynamic security data are abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to a micro-service framework to run;
when the running data of the single application server is found to be abnormal, carrying out user behavior detection on the dynamic security abnormal data to obtain a user behavior detection analysis result; according to the user behavior detection analysis result, if the user behavior detection analysis result is negative, starting an early warning strategy analysis model, wherein the early warning strategy analysis model comprises a pre-stored virus knowledge database; and substituting the dynamic security abnormal data into the early warning strategy analysis model to obtain an early warning analysis result, matching the early warning analysis result with a pre-stored virus knowledge database, and backing up the operation data if the matching fails.
S103, calculating the micro-service framework operation data through a privacy calculation model to obtain encrypted operation data;
in order to prevent system data from being stolen and leaked after network attack, the operation data is stored in a block chain to avoid data tampering, and a corresponding hash value is generated and marked on the operation data of the micro-service framework to generate an operation data resource package; and calculating the running data resource package through a preset privacy calculation model to obtain encrypted running data.
S104, calling single application server running backup data, wherein the single application server running backup data comprises log data;
storing the running backup data of the single application server to the block chain to generate a data backup hash value, avoiding the running data from being maliciously modified, if the running data is modified, the running data does not correspond to the data stored on the block chain, backing up the data backup hash value, constructing a data query database according to the data backup hash value, querying the corresponding data in the data query database, feeding back an application end, and maintaining personnel maintain the system according to the data fed back by the application end.
And S105, constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
When the system is abnormal, the single application server is detected, when the abnormal problem is found, the system operation is switched to the micro-service architecture system, the single application server is diagnosed, analyzed and detected, and after the single application server operates normally, the system operation is switched back to the single application server, so that the effect of ensuring the network safety is achieved, and the problem that once the network is attacked, the whole normal operation of an enterprise is influenced is solved.
Further, referring to fig. 2, if the dynamic security data is abnormal, backing up the running data to obtain the running backup data of the single application server, and switching the running data to the micro service framework for running includes:
s201, carrying out user behavior detection on the dynamic security abnormal data to obtain a user behavior detection analysis result;
s202, according to the user behavior detection analysis result, if the user behavior detection analysis result is negative, starting an early warning strategy analysis model, wherein the early warning strategy analysis model comprises a pre-stored virus knowledge database;
and S203, substituting the dynamic security abnormal data into the early warning strategy analysis model to obtain an early warning analysis result, matching the early warning analysis result with a pre-stored virus knowledge database, and backing up the operation data if the matching fails.
When the running data of the single application server is found to be abnormal, carrying out user behavior detection on the dynamic security abnormal data to obtain a user behavior detection analysis result; according to the user behavior detection analysis result, if the user behavior detection analysis result is negative, starting an early warning strategy analysis model, wherein the early warning strategy analysis model comprises a pre-stored virus knowledge database; and substituting the dynamic security abnormal data into the early warning strategy analysis model to obtain an early warning analysis result, matching the early warning analysis result with a pre-stored virus knowledge database, and backing up the operation data if the matching fails.
Further, referring to fig. 3, the micro service framework operation data is calculated through a privacy calculation model to obtain encrypted privacy calculation data, and the encrypted operation data is obtained, including;
s301, storing the operation data to a block chain, generating a corresponding hash value, marking the hash value on the operation data of the micro service framework, and generating an operation data resource package;
and S302, calculating the running data asset pack through a preset privacy calculation model to obtain encrypted running data.
Storing the running data into a block chain, generating a corresponding hash value, marking the hash value on the running data of the micro-service framework, generating a running data asset package, and calculating the running data asset package through a preset privacy calculation model to obtain encrypted running data. In order to prevent system data from being stolen and leaked after network attack, the operation data is stored in a block chain to avoid data tampering, and a corresponding hash value is generated and marked on the operation data of the micro-service framework to generate an operation data resource package; and calculating the running data resource package through a preset privacy calculation model to obtain encrypted running data.
Further, referring to fig. 4, invoking unit application server single application server running backup data, where the single application server running backup data includes log data, includes:
s401, storing backup data operated by a single application server to a block chain, generating a data backup hash value, and backing up the data backup hash value;
s402, constructing a data query database according to the data backup hash value;
and S403, inquiring corresponding data in the data inquiry database and feeding back the data to the application terminal.
The method comprises the steps of storing running backup data of a single application server to a block chain to generate a data backup hash value, storing the data backup hash value to a block chain, constructing a data query database according to the data backup hash value, querying corresponding data in the data query database, feeding back an application end, storing the running backup data of the single application server to the block chain to generate the data backup hash value, avoiding the running data from being maliciously modified, if the running data is modified, the running data will not correspond to the data stored on the block chain, constructing the data query database according to the data backup hash value, querying the corresponding data in the data query database, feeding back the application end, and maintaining a system by a maintenance worker according to the data fed back by the application end.
Further, referring to fig. 5, constructing a virus analysis and detection model according to log data, and if a single application server is qualified, adjusting the running data to the running of the single application server, including:
s501, the virus analysis and detection model comprises a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model;
s502, the log data are sequentially brought into a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model to obtain a data detection analysis result;
and S503, carrying out a data qualification classification rule according to the data detection and analysis result, classifying the data detection and analysis result to obtain a data detection and analysis result, and if the single application server is qualified, adjusting the operation data to the operation of the single application server.
And establishing a virus analysis detection model according to the log data, if the single application server is qualified, adjusting the operation data to the operation of the single application server, detecting the single application server when the system is abnormal, switching the system operation to the micro-service architecture system when an abnormal problem is found, then performing diagnosis analysis detection on the single application server, and switching the system operation back to the single application server when the single application server is normal.
Further, the method further comprises: the dynamic security data and the operation data are encrypted at a sending end of the dynamic security data and the operation data through an encryption algorithm, and decrypted at a receiving end of the dynamic security data and the operation data, so that a server port is hidden on the Internet, and attacks on the server and the network by cracking transmission contents are avoided. Even if a lawbreaker acquires the transmission content, the transmission content cannot be cracked, the content cannot be lost, and the network addresses and ports of the transmitting side and the receiving side cannot be exposed.
Specifically, the active anti-attack network security protection method of the invention can realize active anti-attack network security protection based on an IPK (identity key) key platform, an active protection client, an active protection switch and a single application server of a data center. The active protection switch has the authentication, access and security access control capabilities, and the single application server performs authentication message interaction with the active protection switch through an active protection client installed on the terminal to complete and maintain the authentication state of the access device. The single application server and the active protection switch perform information interaction such as authentication messages and security policies, perform asset management, security policy management and security control management, and fully integrate and fuse the security capability of other security applications (such as antivirus and flow analysis). The IPK key platform provides key support for an ASN (active security-work) architecture, generates a unique combination identifier CID (combination-ID) of the equipment by taking the equipment MAC as a physical characteristic identifier, calculates and generates a public key and a private key of the equipment through a key seed and the CID, and supports the whole architecture to run safely through the key.
The invention also provides an active anti-attack network security protection system, which comprises:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring dynamic security data and operation data of a server, and the server comprises a single application server and a micro-service framework;
the backup unit is used for backing up the running data to obtain running backup data of a single application server and switching the running data to the micro-service framework to run if the dynamic security data are abnormal;
the computing unit is used for computing the micro-service framework operation data through a privacy computing model to obtain encrypted privacy computing data and encrypted operation data;
the system comprises a calling unit, a storage unit and a processing unit, wherein the calling unit is used for calling the running backup data of a single application server, and the running backup data of the single application server comprises log data;
and the detection unit is used for constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
According to the embodiment, the active anti-attack network security protection system and the method thereof provided by the invention have the advantages that the dynamic security data and the operation data of the server are obtained, and the server comprises a single application server and a micro-service framework; if the dynamic security data are abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to a micro-service framework for running; calculating the micro-service framework operation data through a privacy calculation model to obtain encrypted privacy calculation data and encrypted operation data; calling single application server running backup data, wherein the single application server running backup data comprises log data; the method comprises the steps of establishing a virus analysis detection model according to log data, adjusting operation data to the operation of a single application server if the single application server is qualified, detecting the single application server when the system is abnormal, switching the system operation to a micro-service architecture system when an abnormal problem is found, then carrying out diagnosis analysis detection on the single application server, switching the system operation back to the single application server after the single application server operates normally, achieving the effect of ensuring network safety, and solving the problem that the whole normal operation of an enterprise is influenced once a network is attacked.
The embodiment of the present invention further provides a storage medium, where a computer program is stored in the storage medium, and when the computer program is executed by a processor, the computer program implements part or all of the steps in each embodiment of the active anti-attack network security protection method provided by the present invention. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), or the like.
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be essentially or partially implemented in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method in the embodiments or some parts of the embodiments of the present invention.
The above embodiments of the present invention do not limit the scope of the present invention.

Claims (7)

1. A network security protection method for active anti-attack is characterized by comprising the following steps;
acquiring dynamic security data and operation data of a server, wherein the server comprises a single application server and a micro-service framework;
if the dynamic security data are abnormal, backing up the running data to obtain running backup data of a single application server, and switching the running data to a micro-service framework for running;
calculating the micro-service framework operation data through a privacy calculation model to obtain encrypted operation data;
calling single application server running backup data, wherein the single application server running backup data comprises log data;
and constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
2. The method of claim 1, wherein backing up the operational data to obtain operational backup data for a single application server and switching the operational data to micro service framework operation if the dynamic security data is abnormal, comprises:
carrying out user behavior detection on the dynamic security abnormal data to obtain a user behavior detection analysis result;
according to the user behavior detection analysis result, if the user behavior detection analysis result is negative, starting an early warning strategy analysis model, wherein the early warning strategy analysis model comprises a pre-stored virus knowledge database;
and substituting the dynamic security abnormal data into the early warning strategy analysis model to obtain an early warning analysis result, matching the early warning analysis result with a pre-stored virus knowledge database, and backing up the operation data if the matching fails.
3. The method of claim 1, wherein the microservice framework operating data is computed by a privacy computation model to obtain encrypted privacy computation data, obtaining encrypted operating data, comprising;
storing the running data to a block chain, generating a corresponding hash value and marking the hash value on the running data of the micro-service framework, and generating a running data resource package;
and calculating the running data resource package through a preset privacy calculation model to obtain encrypted running data.
4. The method of claim 1, wherein invoking a single application server to run backup data, the single application server to run backup data including log data, comprises:
storing the running backup data of the single application server to a block chain, generating a data backup hash value, and backing up the data backup hash value;
constructing a data query database according to the data backup hash value;
and inquiring corresponding data in the data inquiry database and feeding back to the application terminal.
5. The method of claim 1, wherein constructing a virus analysis detection model from the log data, and if a single application server is qualified for detection, adjusting the operational data to the single application server operation comprises:
the virus analysis and detection model comprises a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model;
the log data are sequentially brought into a data anomaly analysis model, an alarm analysis model, an unknown anomaly notification model and a data mining model to obtain a data detection analysis result;
and carrying out a data qualification classification rule according to the data detection and analysis result, classifying the data detection and analysis result to obtain a data detection and analysis result, and adjusting the operation data to the operation of the single application server if the single application server is qualified.
6. The method of claim 1, wherein the method further comprises:
the dynamic security data and the operation data are encrypted at a sending end of the dynamic security data and the operation data through an encryption algorithm, and decrypted at a receiving end of the dynamic security data and the operation data, so that a server port is hidden on the Internet, and attacks on the server and the network by cracking transmission contents are avoided.
7. An active anti-attack network security protection system, comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring dynamic security data and operation data of a server, and the server comprises a single application server and a micro-service framework;
the backup unit is used for backing up the running data to obtain running backup data of a single application server and switching the running data to the micro-service framework to run if the dynamic security data are abnormal;
the computing unit is used for computing the micro-service framework operation data through a privacy computing model to obtain encrypted privacy computing data and encrypted operation data;
the system comprises a calling unit, a storage unit and a processing unit, wherein the calling unit is used for calling the running backup data of a single application server, and the running backup data of the single application server comprises log data;
and the detection unit is used for constructing a virus analysis detection model according to the log data, and adjusting the operation data to the operation of the single application server if the single application server is qualified in detection.
CN202210795601.0A 2022-07-07 2022-07-07 Active anti-attack network security protection system and method Pending CN115065546A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210795601.0A CN115065546A (en) 2022-07-07 2022-07-07 Active anti-attack network security protection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210795601.0A CN115065546A (en) 2022-07-07 2022-07-07 Active anti-attack network security protection system and method

Publications (1)

Publication Number Publication Date
CN115065546A true CN115065546A (en) 2022-09-16

Family

ID=83205103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210795601.0A Pending CN115065546A (en) 2022-07-07 2022-07-07 Active anti-attack network security protection system and method

Country Status (1)

Country Link
CN (1) CN115065546A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582249A (en) * 2023-07-14 2023-08-11 山东极光智能科技有限公司 Network security analysis method and system based on big data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582249A (en) * 2023-07-14 2023-08-11 山东极光智能科技有限公司 Network security analysis method and system based on big data
CN116582249B (en) * 2023-07-14 2023-09-29 山东极光智能科技有限公司 Network security analysis method and system based on big data

Similar Documents

Publication Publication Date Title
US10360062B2 (en) System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment
US10341383B2 (en) Cloud protection techniques
US20210029156A1 (en) Security monitoring system for internet of things (iot) device environments
US10050997B2 (en) Method and system for secure delivery of information to computing environments
Modi et al. A survey of intrusion detection techniques in cloud
US9413785B2 (en) System and method for interlocking a host and a gateway
US7506056B2 (en) System analyzing configuration fingerprints of network nodes for granting network access and detecting security threat
US11637856B2 (en) Implementation comparison-based security system
WO2013185483A1 (en) Method for processing a signature rule, server and intrusion prevention system
Man et al. A collaborative intrusion detection system framework for cloud computing
US11411984B2 (en) Replacing a potentially threatening virtual asset
KR102189361B1 (en) Managed detection and response system and method based on endpoint
US7496956B1 (en) Forward application compatible firewall
CN115065546A (en) Active anti-attack network security protection system and method
US20210329459A1 (en) System and method for rogue device detection
CN112751866B (en) Network data transmission method and system
KR20130085473A (en) Encryption system for intrusion detection system of cloud computing service
Liang et al. Collaborative intrusion detection as a service in cloud computing environment
CN114884647A (en) Network access management method and related equipment
CN113206852B (en) Safety protection method, device, equipment and storage medium
CN113328976B (en) Security threat event identification method, device and equipment
SAADI et al. Proposed security by IDS-AM in Android system
Lamaazi Cyber Security for Edge/Fog Computing Applications
US20230319012A1 (en) Hybrid web application firewall
Kamboj et al. A Review: Analysis and Comparison of Different Detection Techniques of IDPS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination