CN115277256A - Early warning method and system for data intranet and extranet gateway transmission - Google Patents
Early warning method and system for data intranet and extranet gateway transmission Download PDFInfo
- Publication number
- CN115277256A CN115277256A CN202211178243.5A CN202211178243A CN115277256A CN 115277256 A CN115277256 A CN 115277256A CN 202211178243 A CN202211178243 A CN 202211178243A CN 115277256 A CN115277256 A CN 115277256A
- Authority
- CN
- China
- Prior art keywords
- early warning
- preset
- data transmission
- transmission information
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of data processing, and discloses an early warning method and system for data intranet and extranet gateway transmission. The safety of intranet data can be guaranteed through generating early warning signals of different levels, and the connectivity of the intranet and the extranet environment data can be guaranteed.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to an early warning method and system for data intranet and extranet gatekeeper transmission.
Background
The network brake is an information safety device which uses a solid-state switch read-write medium with multiple control functions to connect two independent host systems, and because the two independent host systems are isolated through the network brake, physical connection, logical connection and information transmission protocols for communication do not exist between the systems, information exchange according to the protocols does not exist, and only protocol-free ferry is carried out in a data file form. Therefore, the network gate physically isolates and blocks all network connections with potential attack possibility to the internal network, so that an external attacker cannot directly invade, attack or destroy the internal network, and the safety of the internal host is guaranteed.
In the prior art, in order to prevent external attackers from invading, attacking or destroying the intranet, safety protection devices such as a gatekeeper are generally added between the intranet and the extranet and used for isolating different networks, but after the networks are isolated, network connection cannot be established between the intranet and the extranet, simple file transmission can only be realized based on the gatekeeper, flow transmission under a big data scene cannot be met, user experience is seriously influenced, the protection capability of the prior art is single, the system management efficiency is low, potential safety hazards exist in the using process, early warning cannot be timely sent to a terminal, therefore, when data interaction is carried out between the extranet server and the intranet server, the safety of intranet data cannot be guaranteed, and further, huge threats are brought to an internal host.
Therefore, how to provide a method capable of ensuring both the security of intranet data and the connectivity of intranet and extranet environment data is a technical problem to be solved at present.
Disclosure of Invention
The embodiment of the invention provides an early warning method and system for data intranet and intranet gateway transmission, which are used for solving the technical problems that early warning signals of different grades cannot be sent to a network terminal in time, normal transmission of intranet and intranet data cannot be guaranteed, and the safety of intranet data cannot be guaranteed in the prior art.
In order to achieve the above object, the present invention provides an early warning method for data intranet and extranet gatekeeper transmission, wherein the method comprises:
step S1: acquiring data transmission information in an external network server in real time, wherein the data transmission information comprises downloading frequency, downloading time, downloading data volume and downloading speed;
step S2: judging and comparing the data transmission information acquired in the step S1 with preset data transmission information, and if the data transmission information conforms to the preset data transmission information, judging that no network attack action exists, so that the external network server side performs normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
and step S3: when judging that a network attack behavior possibly exists, generating early warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and a preset early warning value;
and step S4: and sending the early warning signal generated in the step S3 to a network terminal.
Preferably, in the step S2, when the data transmission information obtained in the step S1 is compared with preset data transmission information, the method includes:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is download frequency information, C1 is download time information, D1 is download data volume information, and E1 is download speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, judging that the network attack behavior is possible.
Preferably, in the step S3, when generating the warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and the preset warning value, the method includes:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is larger than B1 and smaller than or equal to An2, ax1 is larger than C1 and smaller than or equal to Ax2, ay1 is larger than D1 and smaller than or equal to Ay2, and Ag1 is larger than E1 and smaller than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
Preferably, in the step S4, when the warning signal generated in the step S3 is sent to a network terminal, the method includes:
carrying real-time acquired data transmission information, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
Preferably, in step S4, the method further includes:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
In order to achieve the above object, the present invention provides an early warning system for data intranet and extranet gatekeeper transmission, the system comprising:
the system comprises an acquisition module, a download module and a download module, wherein the acquisition module is used for acquiring data transmission information in an external network server in real time, and the data transmission information comprises download frequency, download time, download data volume and download speed;
the judging module is used for judging and comparing the data transmission information acquired in the acquiring module with preset data transmission information, and if the data transmission information accords with the preset data transmission information, judging that no network attack behavior exists, so that the extranet server side can perform normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
a generation module for generating a network attack behavior when judging that the network attack behavior may exist, generating early warning signals of different grades according to the relation between the data transmission information acquired in the acquisition module and a preset early warning value;
and the sending module is used for sending the early warning signal generated in the generating module to a network terminal.
Preferably, in the determining module, when the data transmission information acquired by the acquiring module is compared with the preset data transmission information, the determining module includes:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is download frequency information, C1 is download time information, D1 is download data volume information, and E1 is download speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, judging that the network attack behavior is possible.
Preferably, in the generating module, when generating the warning signals of different levels according to the relationship between the data transmission information acquired in the acquiring module and the preset warning value, the generating module includes:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is more than B1 and less than or equal to An2, ax1 is more than C1 and less than or equal to Ax2, ay1 is more than D1 and less than or equal to Ay2, and Ag1 is more than E1 and less than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
Preferably, in the sending module, when sending the warning signal generated in the generating module to a network terminal, the sending module includes:
carrying data transmission information acquired in real time, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
Preferably, the sending module further includes:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
The invention provides an early warning method and system for data intranet and extranet gateway transmission, which have the following beneficial effects compared with the prior art:
the application discloses an early warning method and system for data intranet and extranet gateway transmission, comprising the steps of obtaining download frequency, download time, download data volume and download speed of an extranet server in real time, judging and comparing the obtained data transmission information with preset data transmission information, judging that no network attack behavior exists if the data transmission information accords with the preset data transmission information, enabling the extranet server to carry out normal data transmission, judging that the network attack behavior possibly exists if the data transmission information does not accord with the preset data transmission information, generating early warning signals of different grades according to the relation between the obtained data transmission information and a preset early warning value, and sending the generated early warning signals to a network terminal. According to the method and the device, the safety of intranet data can be guaranteed by generating early warning signals of different levels, the connectivity of the intranet and the extranet environment data can be guaranteed, and the phenomenon that an external attacker invades, attacks or destroys an intranet host is effectively avoided.
Drawings
Fig. 1 is a schematic flow chart illustrating an early warning method for data intranet and extranet gatekeeper transmission according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram illustrating an early warning system for data intranet and extranet gatekeeper transmission according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In the description of the present application, it is to be understood that the terms "center", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on those shown in the drawings, merely for convenience of description and simplicity of description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present application.
The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, the meaning of "a plurality" is two or more unless otherwise specified.
In the description of the present application, it should be noted that unless otherwise explicitly stated or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
The following is a description of preferred embodiments of the present invention with reference to the accompanying drawings.
As shown in fig. 1, an embodiment of the present invention discloses an early warning method for data intranet and extranet gatekeeper transmission, where the method includes:
step S1: acquiring data transmission information in an external network server in real time, wherein the data transmission information comprises downloading frequency, downloading time, downloading data volume and downloading speed;
step S2: judging and comparing the data transmission information acquired in the step S1 with preset data transmission information, and if the data transmission information conforms to the preset data transmission information, judging that no network attack behavior exists, so that the external network server side performs normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
and step S3: when judging that a network attack behavior possibly exists, generating early warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and a preset early warning value;
and step S4: and sending the early warning signal generated in the step S3 to a network terminal.
It should be noted that, in the present application, the download frequency, the download time, the download data amount, and the download speed of the extranet server are obtained in real time, the obtained data transmission information is compared with the preset data transmission information, if the data transmission information conforms to the preset data transmission information, it is determined that there is no network attack behavior, so that the extranet server performs normal data transmission, if the data transmission information does not conform to the preset data transmission information, it is determined that there is a network attack behavior, according to the relationship between the obtained data transmission information and the preset early warning value, early warning signals of different levels are generated, and the generated early warning signals are sent to the network terminal. According to the method and the device, the safety of intranet data can be guaranteed by generating early warning signals of different levels, the connectivity of the intranet and the extranet environment data can be guaranteed, and the phenomenon that an external attacker invades, attacks or destroys an intranet host is effectively avoided.
It should be further noted that, the download frequency, the download time, the download data amount and the download speed in the external network server are detected in real time, when the download frequency, the download time, the download data amount and the download speed exceed the early warning values, a certain degree of threat can be caused to the internal network host, and the internal network host can be seriously paralyzed, so that when the external network server obtains the data in the internal network host through the network gate, the download frequency, the download time, the download data amount and the download speed in the external network server need to be detected in real time, and the external network server is prevented from attacking and damaging the internal network host.
In some embodiments of the present application, in the step S2, when the data transmission information obtained in the step S1 is compared with preset data transmission information, the method includes:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is downloading frequency information, C1 is downloading time information, D1 is downloading data volume information and E1 is downloading speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, judging that the network attack behavior is possible.
In some embodiments of the present application, in the step S3, when generating the warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and the preset warning value, the generating includes:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is larger than B1 and smaller than or equal to An2, ax1 is larger than C1 and smaller than or equal to Ax2, ay1 is larger than D1 and smaller than or equal to Ay2, and Ag1 is larger than E1 and smaller than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
It should be noted that, the present application detects and obtains a download frequency B1, a download time C1, a download data amount D1, and a download speed E1 in real time, a data transmission information matrix A0 is preset in the present application, and related early warning values are preset, the download frequency early warning values are An1, an2, and An3, the preset download time early warning values are Ax1, ax2, and Ax3, the preset download data amount early warning values are Ay1, ay2, and Ay3, the preset download speed early warning values are Ag1, ag2, and Ag3, wherein B0 may be An1, C0 may be Ax1, D0 may be Ay1, E0 may be Ag1, when B1, C1, D1, and E1 are located in B0, C0, D0, and E0, that is to say when the values of B1, C1, D1, and E1 are all less than B0, C0, D0, and E0 are not present, it may be determined that a data transmission behavior between An intranet and An intranet is a data transmission signal D1, an intranet attack may be detected, and An intranet attack, when B1 and E0, the intranet attack may be present, and An intranet attack, when B1, the intranet attack may be determined that a data transmission is not present intranet, the intranet, and An intranet attack, the intranet attack may be present intranet, and An intranet attack may be a host may be determined that a network attack, the intranet, and An intranet.
It should be further noted that the early warning signals of different levels can be generated according to the relationship between the data transmission information acquired in real time and the preset early warning value, and different protection measures can be implemented according to the early warning signals of different levels by generating the early warning signals of different levels, so that the safety of the internal host is further improved.
In some embodiments of the present application, in the step S4, when the warning signal generated in the step S3 is sent to a network terminal, the method includes:
carrying real-time acquired data transmission information, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
It should be noted that, when the early warning signal is encapsulated in the data report, the data report may be a user data packet protocol, and may also be encapsulated by other methods, which are not specifically limited herein.
In some embodiments of the present application, in step S4, the method further includes:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
It should be noted that, a corresponding early warning policy is pre-stored in the database, when the network terminal receives the early warning signal, the pre-stored early warning policy in the database is called according to the early warning signal, and the network attack behavior is processed according to the corresponding early warning policy, so that the processing efficiency is effectively improved.
As shown in fig. 2, an embodiment of the present invention discloses an early warning system for data intranet and extranet gatekeeper transmission, where the system includes:
the system comprises an acquisition module, a download module and a download module, wherein the acquisition module is used for acquiring data transmission information in an external network server in real time, and the data transmission information comprises download frequency, download time, download data volume and download speed;
the judging module is used for judging and comparing the data transmission information acquired by the acquiring module with preset data transmission information, and if the data transmission information accords with the preset data transmission information, judging that no network attack action exists, so that the extranet server side can perform normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
the generating module is used for generating early warning signals of different levels according to the relationship between the data transmission information acquired in the acquiring module and a preset early warning value when judging that network attack behaviors possibly exist;
and the sending module is used for sending the early warning signal generated in the generating module to a network terminal.
It should be noted that, in the present application, the download frequency, the download time, the download data amount, and the download speed of the extranet server are obtained in real time, the obtained data transmission information is compared with the preset data transmission information, if the data transmission information conforms to the preset data transmission information, it is determined that there is no network attack behavior, so that the extranet server performs normal data transmission, if the data transmission information does not conform to the preset data transmission information, it is determined that there is a network attack behavior, according to the relationship between the obtained data transmission information and the preset early warning value, early warning signals of different levels are generated, and the generated early warning signals are sent to the network terminal. According to the method and the device, the safety of intranet data can be guaranteed through generation of early warning signals of different levels, the connectivity of the intranet and the extranet environment data can be guaranteed, and the phenomenon that an external attacker invades, attacks or destroys an intranet host is effectively avoided.
It should be noted that, when the download frequency, the download time, the download data amount, and the download speed in the external network server are detected in real time, and when the download frequency, the download time, the download data amount, and the download speed exceed the early warning values, a certain degree of threat may be caused to the internal network host, and seriously, the internal network host may also be paralyzed.
In some embodiments of the present application, in the determining module, when determining and comparing the data transmission information acquired by the acquiring module with preset data transmission information, the determining module includes:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is download frequency information, C1 is download time information, D1 is download data volume information, and E1 is download speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, judging that the network attack behavior is possible.
In some embodiments of the present application, in the generating module, when generating the warning signals of different levels according to a relationship between the data transmission information acquired in the acquiring module and a preset warning value, the generating module includes:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is more than B1 and less than or equal to An2, ax1 is more than C1 and less than or equal to Ax2, ay1 is more than D1 and less than or equal to Ay2, and Ag1 is more than E1 and less than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
It should be noted that, the present application detects and obtains a download frequency B1, a download time C1, a download data amount D1, and a download speed E1 in real time, a data transmission information matrix A0 is preset in the present application, and related early warning values are preset, the download frequency early warning values are An1, an2, and An3, the preset download time early warning values are Ax1, ax2, and Ax3, the preset download data amount early warning values are Ay1, ay2, and Ay3, the preset download speed early warning values are Ag1, ag2, and Ag3, wherein B0 may be An1, C0 may be Ax1, D0 may be Ay1, E0 may be Ag1, when B1, C1, D1, and E1 are located in B0, C0, D0, and E0, that is to say when the values of B1, C1, D1, and E1 are all less than B0, C0, D0, and E0 are not present, it may be determined that a data transmission behavior between An intranet and An intranet is a data transmission signal D1, an intranet attack may be detected, and An intranet attack, when B1 and E0, the intranet attack may be present, and An intranet attack, when B1, the intranet attack may be determined that a data transmission is not present intranet, the intranet, and An intranet attack, the intranet attack may be present intranet, and An intranet attack may be a host may be determined that a network attack, the intranet, and An intranet.
It should be further noted that the early warning signals of different levels can be generated according to the relationship between the data transmission information acquired in real time and the preset early warning value, and different protection measures can be implemented according to the early warning signals of different levels by generating the early warning signals of different levels, so that the safety of the internal host is further improved.
In some embodiments of the present application, in the sending module, when sending the warning signal generated in the generating module to a network terminal, the sending module includes:
carrying data transmission information acquired in real time, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
It should be noted that, when the early warning signal is encapsulated in the data report, the data report may be a user data packet protocol, and may also be encapsulated by other methods, which are not specifically limited herein.
In some embodiments of the present application, in the sending module, the method further includes:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
It should be noted that, a corresponding early warning policy is pre-stored in the database, when the network terminal receives the early warning signal, the pre-stored early warning policy in the database is called according to the early warning signal, and the network attack behavior is processed according to the corresponding early warning policy, so that the processing efficiency is effectively improved.
To sum up, the embodiment of the present invention obtains the download frequency, download time, download data amount, and download speed of the extranet server in real time, compares the obtained data transmission information with the preset data transmission information, determines that there is no network attack behavior if the data transmission information conforms to the preset data transmission information, so that the extranet server performs normal data transmission, determines that there is a network attack behavior if the data transmission information does not conform to the preset data transmission information, generates early warning signals of different levels according to the relationship between the obtained data transmission information and the preset early warning value, and sends the generated early warning signals to the network terminal. According to the method and the device, the safety of intranet data can be guaranteed by generating early warning signals of different levels, the connectivity of the intranet and the extranet environment data can be guaranteed, and the phenomenon that an external attacker invades, attacks or destroys an intranet host is effectively avoided.
In the foregoing description of embodiments, the particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
While the invention has been described above with reference to an embodiment, various modifications may be made and equivalents may be substituted for elements thereof without departing from the scope of the invention. In particular, the various features of the disclosed embodiments of the invention can be used in any combination with one another as long as there is no structural conflict, and nothing in this specification should be taken as a complete description of such combinations for the sake of brevity and resource savings. Therefore, it is intended that the invention not be limited to the particular embodiments disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Those of ordinary skill in the art will understand that: although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that various changes, modifications and substitutions can be made without departing from the spirit and scope of the invention as defined by the appended claims. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An early warning method for data intranet and extranet gatekeeper transmission is characterized by comprising the following steps:
step S1: acquiring data transmission information in an external network server in real time, wherein the data transmission information comprises downloading frequency, downloading time, downloading data volume and downloading speed;
step S2: judging and comparing the data transmission information acquired in the step S1 with preset data transmission information, and if the data transmission information conforms to the preset data transmission information, judging that no network attack behavior exists, so that the external network server side performs normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
and step S3: when it is judged that a network attack behavior may exist, generating early warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and a preset early warning value;
and step S4: and sending the early warning signal generated in the step S3 to a network terminal.
2. The early warning method for data intranet and extranet gatekeeper transmission according to claim 1, wherein in the step S2, when the data transmission information acquired in the step S1 is compared with preset data transmission information, the method comprises:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is download frequency information, C1 is download time information, D1 is download data volume information, and E1 is download speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, judging that the network attack behavior is possible.
3. The early warning method for data intranet and extranet gatekeeper transmission according to claim 2, wherein in the step S3, when generating early warning signals of different levels according to the relationship between the data transmission information acquired in the step S1 and a preset early warning value, the method comprises:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is larger than B1 and smaller than or equal to An2, ax1 is larger than C1 and smaller than or equal to Ax2, ay1 is larger than D1 and smaller than or equal to Ay2, and Ag1 is larger than E1 and smaller than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
4. The warning method for data intranet and extranet gatekeeper transmission according to claim 1, wherein in the step S4, when the warning signal generated in the step S3 is sent to a network terminal, the warning method comprises:
carrying data transmission information acquired in real time, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
5. The warning method for data intranet and extranet gatekeeper transmission according to claim 4, wherein in the step S4, the method further comprises:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
6. An early warning system for data intranet and extranet gatekeeper transmission, the system comprising:
the system comprises an acquisition module, a download module and a download module, wherein the acquisition module is used for acquiring data transmission information in an external network server in real time, and the data transmission information comprises download frequency, download time, download data volume and download speed;
the judging module is used for judging and comparing the data transmission information acquired by the acquiring module with preset data transmission information, and if the data transmission information accords with the preset data transmission information, judging that no network attack action exists, so that the extranet server side can perform normal data transmission; if the data transmission information does not conform to the preset data transmission information, judging that network attack behaviors possibly exist;
the generating module is used for generating early warning signals of different levels according to the relationship between the data transmission information acquired in the acquiring module and a preset early warning value when judging that network attack behaviors possibly exist;
and the sending module is used for sending the early warning signal generated in the generating module to a network terminal.
7. The warning system for data intranet and extranet gatekeeper transmission according to claim 6, wherein in the judging module, when the data transmission information acquired in the acquiring module is judged and compared with preset data transmission information, the judging module comprises:
establishing a data transmission information matrix A1, and setting A1 (B1, C1, D1 and E1), wherein B1 is download frequency information, C1 is download time information, D1 is download data volume information, and E1 is download speed information;
establishing a preset data transmission information matrix A0, and setting A0 (B0, C0, D0, E0), wherein B0 is preset downloading frequency information, C0 is preset downloading time information, D0 is preset downloading data volume information, and E0 is preset downloading speed information;
when B1, C1, D1 and E1 are positioned in B0, C0, D0 and E0, judging that no network attack behavior exists;
when B1, C1, D1 and E1 are not located in B0, C0, D0 and E0, then judging that the network attack behavior is possible.
8. The early warning system for data intranet and extranet gatekeeper transmission according to claim 7, wherein in the generation module, when generating early warning signals of different levels according to the relationship between the data transmission information acquired in the acquisition module and a preset early warning value, the generation comprises:
the preset download frequency early warning values are An1, an2 and An3, the preset download time early warning values are Ax1, ax2 and Ax3, the preset download data volume early warning values are Ay1, ay2 and Ay3, and the preset download speed early warning values are Ag1, ag2 and Ag3;
when An1 is larger than B1 and smaller than or equal to An2, ax1 is larger than C1 and smaller than or equal to Ax2, ay1 is larger than D1 and smaller than or equal to Ay2, and Ag1 is larger than E1 and smaller than or equal to Ag2, generating a three-level early warning signal;
when An2 is more than B1 and less than or equal to An3, ax2 is more than C1 and less than or equal to Ax3, ay2 is more than D1 and less than or equal to Ay3, and Ag2 is more than E1 and less than or equal to Ag3, generating a secondary early warning signal;
and when An3 is less than B1, ax3 is less than C1, ay3 is less than D1 and Ag3 is less than E1, generating a primary early warning signal.
9. The warning system for data intranet and extranet gatekeeper transmission according to claim 6, wherein the sending module, when sending the warning signal generated in the generating module to a network terminal, comprises:
carrying real-time acquired data transmission information, preset data transmission information and a preset early warning value in the early warning signal;
and encapsulating the early warning signal in a data report, and sending the data report to the network terminal.
10. The warning system for data intranet and extranet gatekeeper transmission according to claim 9, wherein in the sending module, further comprising:
and calling an early warning strategy prestored in a database according to the data report, and processing the network attack behavior according to the early warning strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211178243.5A CN115277256B (en) | 2022-09-27 | 2022-09-27 | Early warning method and system for data intranet and extranet gateway transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211178243.5A CN115277256B (en) | 2022-09-27 | 2022-09-27 | Early warning method and system for data intranet and extranet gateway transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277256A true CN115277256A (en) | 2022-11-01 |
| CN115277256B CN115277256B (en) | 2022-12-16 |
Family
ID=83757128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211178243.5A Active CN115277256B (en) | 2022-09-27 | 2022-09-27 | Early warning method and system for data intranet and extranet gateway transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277256B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850687A (en) * | 2017-03-29 | 2017-06-13 | 北京百度网讯科技有限公司 | Method and apparatus for detecting network attack |
| CN107465702A (en) * | 2017-09-30 | 2017-12-12 | 北京奇虎科技有限公司 | Method for early warning and device based on wireless network invasion |
| CN109005189A (en) * | 2018-08-27 | 2018-12-14 | 广东电网有限责任公司信息中心 | A kind of access transmission platform suitable for double net isolation |
| CN109474478A (en) * | 2018-12-14 | 2019-03-15 | 厦门市美亚柏科信息股份有限公司 | For monitoring the methods, devices and systems of transmission data exception |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
-
2022
- 2022-09-27 CN CN202211178243.5A patent/CN115277256B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850687A (en) * | 2017-03-29 | 2017-06-13 | 北京百度网讯科技有限公司 | Method and apparatus for detecting network attack |
| CN107465702A (en) * | 2017-09-30 | 2017-12-12 | 北京奇虎科技有限公司 | Method for early warning and device based on wireless network invasion |
| CN109005189A (en) * | 2018-08-27 | 2018-12-14 | 广东电网有限责任公司信息中心 | A kind of access transmission platform suitable for double net isolation |
| CN109474478A (en) * | 2018-12-14 | 2019-03-15 | 厦门市美亚柏科信息股份有限公司 | For monitoring the methods, devices and systems of transmission data exception |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277256B (en) | 2022-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116488939B (en) | Computer information security monitoring method, system and storage medium | |
| KR100908404B1 (en) | System and method for protecting from distributed denial of service | |
| CN107612890B (en) | Network monitoring method and system | |
| CN102026199B (en) | The apparatus and method of a kind of WiMAX system and defending DDoS (Distributed Denial of Service) attacks thereof | |
| CN108833430B (en) | Topology protection method of software defined network | |
| CN104994094A (en) | Virtualization platform safety protection method, device and system based on virtual switch | |
| CN115913665A (en) | Network security early warning method and device based on serial port firewall | |
| CN115150208A (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN115694980A (en) | Method for carrying out network security protection on Internet of things system | |
| Qassim et al. | Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system | |
| CN115277256B (en) | Early warning method and system for data intranet and extranet gateway transmission | |
| CN107707569A (en) | DNS request processing method and DNS systems | |
| EP2747345B1 (en) | Ips detection processing method, network security device and system | |
| US20170149821A1 (en) | Method And System For Protection From DDoS Attack For CDN Server Group | |
| CN112751801B (en) | Method, device and equipment for filtering denial of service attack based on IP white list | |
| CN114401103B (en) | SMB remote transmission file detection method and device, electronic equipment and storage medium | |
| Horak et al. | The vulnerability of securing IoT production lines and their network components in the Industry 4.0 concept | |
| CN103001958A (en) | Exception transmission control protocol (TCP) message processing method and device | |
| CN114124585B (en) | Security defense method, device, electronic equipment and medium | |
| CN111585972B (en) | Security protection method and device for gatekeeper and network system | |
| CN109547442B (en) | GTP protocol protection method and device | |
| CN210444303U (en) | Network protection test system | |
| US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof | |
| CN112448929A (en) | Dynamic side protection method and platform for communication network | |
| CN111314307A (en) | Security defense method of internet of things system, internet of things system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |