CN115277262A - Unidirectional data transmission method, system, equipment and storage medium - Google Patents

Unidirectional data transmission method, system, equipment and storage medium Download PDF

Info

Publication number
CN115277262A
CN115277262A CN202211186538.7A CN202211186538A CN115277262A CN 115277262 A CN115277262 A CN 115277262A CN 202211186538 A CN202211186538 A CN 202211186538A CN 115277262 A CN115277262 A CN 115277262A
Authority
CN
China
Prior art keywords
optimal
packet length
data
transmission channel
transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211186538.7A
Other languages
Chinese (zh)
Other versions
CN115277262B (en
Inventor
许浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Dajia Data Technology Co ltd
Original Assignee
Hunan Dajia Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Dajia Data Technology Co ltd filed Critical Hunan Dajia Data Technology Co ltd
Priority to CN202211186538.7A priority Critical patent/CN115277262B/en
Publication of CN115277262A publication Critical patent/CN115277262A/en
Application granted granted Critical
Publication of CN115277262B publication Critical patent/CN115277262B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/11Complex mathematical operations for solving equations, e.g. nonlinear equations, general mathematical optimization problems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/36Flow control; Congestion control by determining packet size, e.g. maximum transfer unit [MTU]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Abstract

The invention discloses a unidirectional data transmission method, a system, equipment and a storage medium, which comprises the steps of receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by dividing a transmission file according to the length of a first optimal data packet through a low-security-level network, virus killing is carried out on all the first data packets to obtain a data packet after virus killing, the data packet after virus killing is divided according to the length of a second optimal data packet to obtain a plurality of second data packets, the second data packet is obtained by dividing the data packet after virus killing according to the length of the second optimal data packet, and all the second data packets are transmitted to a high-security-level network through a second transmission channel, so that data transmission from the low-security-level network to the high-security-level network is realized, the transmission efficiency is improved, and the convenience and the safety of data interaction between an internal network and an external network are improved.

Description

Unidirectional data transmission method, system, equipment and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, a device, and a storage medium for unidirectional data transmission.
Background
Currently, more and more industries are paying attention to convenience and security of data interaction between an intranet and an extranet. For example, a bank system, a tax system, and a government military system are used in many scenarios, and in order to ensure security, when a high security level network exchanges data with a low security level network, in order to ensure that the data flow in the high security level network is safely controllable to the low security level network, and to solve the problem of information leakage of the high security level network, optical disc burning or a unidirectional gatekeeper/optical gate is generally used to isolate the high security level network from the low security level network, so as to implement unidirectional data transmission.
The optical disc recording is manually assisted to complete data transmission, which causes service system isolation and unsmooth work flow. Although the unidirectional gatekeeper/optical gate can realize real-time single data transmission, the problems that data may be lost, transmission efficiency of large files is low, viruses easily enter a high-security level network from a low-security level network and the like still face.
Disclosure of Invention
The present invention is directed to solving at least the problems of the prior art. Therefore, the invention provides a unidirectional data transmission method, a system, equipment and a storage medium, which realize the safe data transmission from a low-security-level network to a high-security-level network, improve the transmission efficiency and realize the convenience of data interaction between an internal network and an external network.
In a first aspect of the present invention, a method for unidirectional data transmission is provided, which includes the following steps:
receiving a plurality of first data packets transmitted from a low security level network through a first transmission channel; the first data packet is obtained by segmenting a transmission file according to a first optimal data packet length through the low-security-level network, wherein the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit;
virus searching and killing are carried out on all the first data packets to obtain data packets subjected to virus searching and killing;
dividing the data packet after virus killing according to a second optimal data packet length to obtain a plurality of second data packets, wherein the second data packets are obtained by dividing the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and a high-security-level network;
and transmitting all the second data packets to the high-security level network through a second transmission channel.
According to the embodiment of the invention, at least the following technical effects are achieved:
the method comprises the steps of receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by dividing a transmission file according to a first optimal data packet length through a low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit, the data packet after virus killing is divided according to a second optimal data packet length, a plurality of second data packets are obtained, the second data packet is obtained by dividing the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and a high-security-level network.
According to some embodiments of the invention, the first optimal packet length is calculated according to the first transmission channel information, and includes:
calculating to obtain the first optimal packet length according to the first transmission channel information, so that the first optimal packet length satisfies that the time for transmitting the first optimal packet length through the first transmission channel is less than a preset maximum time, the number of transmission times for transmitting the first optimal packet length is less than a preset maximum number of times, and the system utilization efficiency for transmitting the first optimal packet length is maximum, wherein a calculation formula for calculating to obtain the first optimal packet length according to the first transmission channel information is as follows:
Figure DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 149607DEST_PATH_IMAGE002
for the system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, T max Is the preset maximum time, N max Is the preset maximum number of times and is,
Figure DEST_PATH_IMAGE003
the system utilization efficiency for transmitting the first optimal packet length is maximized.
According to some embodiments of the invention, the second optimal packet length is calculated according to the second transmission channel information, and includes:
calculating to obtain a second optimal data packet length according to the second transmission channel information, so that the second optimal data packet length satisfies that the time for transmitting the second optimal data packet length through the second transmission channel is less than a preset maximum time, the number of times for transmitting the second optimal data packet length is less than a preset maximum number, and the system utilization efficiency for transmitting the second optimal data packet length is maximum, wherein a calculation formula for calculating to obtain the second optimal data packet length according to the second transmission channel information is as follows:
Figure 218932DEST_PATH_IMAGE004
wherein t (L2) is the time for transmitting the second optimal data packet length, and n (L2) is the time for transmitting the second optimal numberThe number of transmissions for the length of the packet,
Figure DEST_PATH_IMAGE005
the system for transmitting the second optimal packet length is most efficiently utilized.
According to some embodiments of the present invention, an optical gate or a network gate is disposed on the unidirectional data transmission unit, so that the transmission file can be transmitted between a low security level network and a high security level network in a unidirectional manner.
According to some embodiments of the invention, after transmitting all of the second data packets to the high security level network via a second transmission channel, comprises:
and receiving all the second data packets through the high-security-level network and carrying out data combination to obtain a combined file.
According to some embodiments of the invention, the transmission and reception of the data packets is based on the TCP protocol.
In a second aspect of the present invention, there is provided a unidirectional data transmission system, comprising:
the first data transmission module is used for receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by segmenting a transmission file according to a first optimal data packet length through the low-security-level network, wherein the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit;
the virus searching and killing module is used for searching and killing viruses of all the first data packets to obtain data packets subjected to virus searching and killing;
the second data partitioning module is configured to partition the data packet after virus searching and killing according to a second optimal data packet length to obtain a plurality of second data packets, where the second data packet is obtained by partitioning the data packet after virus searching and killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel usage information between the unidirectional data transmission unit and a high security level network;
and the second transmission segmentation module is used for transmitting all the second data packets to the high-security-level network through a second transmission channel.
The system receives a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by dividing a transmission file according to a first optimal data packet length through a low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit, the data packet after virus killing is divided according to a second optimal data packet length, a plurality of second data packets are obtained, the second data packet is obtained by dividing the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and a high-security-level network.
According to some embodiments of the invention, the first data transmission module further comprises:
a first optimal packet length calculation module, configured to calculate, according to the first transmission channel information, a first optimal packet length so that the first optimal packet length satisfies that a time for transmitting the first optimal packet length through the first transmission channel is less than a preset maximum time, a number of times for transmitting the first optimal packet length is less than a preset maximum number of times, and a system utilization efficiency for transmitting the first optimal packet length is the maximum, where a calculation formula for calculating the first optimal packet length according to the first transmission channel information is as follows:
Figure 8027DEST_PATH_IMAGE001
wherein, the first and the second end of the pipe are connected with each other,
Figure 751992DEST_PATH_IMAGE002
for the system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, T max Is the preset maximum time, N max Is the preset maximum number of times and is,
Figure 988939DEST_PATH_IMAGE003
the system for transmitting the first optimal packet length is most efficiently utilized.
In a third aspect of the invention, there is provided an electronic device for unidirectional data transmission, comprising at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the unidirectional data transfer method described above.
In a fourth aspect of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for causing a computer to perform the above-mentioned unidirectional data transmission method.
It should be noted that the advantageous effects between the second to fourth aspects of the present invention and the prior art are the same as the advantageous effects between the above-mentioned one-way data transmission system and the prior art, and will not be described in detail here.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart of a method of unidirectional data transmission according to an embodiment of the present invention;
fig. 2 is a flow chart of a unidirectional data transmission system according to an embodiment of the invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention and are not to be construed as limiting the present invention.
In the description of the present invention, if there are first, second, etc. described, it is only for the purpose of distinguishing technical features, and it is not understood that relative importance is indicated or implied or that the number of indicated technical features is implicitly indicated or that the precedence of the indicated technical features is implicitly indicated.
In the description of the present invention, it should be understood that the orientation descriptions, such as the orientation or positional relationship indicated by upper, lower, etc., are based on the orientation or positional relationship shown in the drawings, and are only for convenience of description and simplification of the description, but do not indicate or imply that the device or element referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus should not be construed as limiting the present invention.
In the description of the present invention, it should be noted that unless otherwise explicitly defined, terms such as arrangement, installation, connection and the like should be broadly understood, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
Currently, more and more industries are paying attention to convenience and security of data interaction between an internal network and an external network. For example, a bank system, a tax system, and a government military system are used in many scenarios, and in order to ensure security, when a high security level network exchanges data with a low security level network, in order to ensure that the data flow in the high security level network is safely controllable to the low security level network, and to solve the problem of information leakage of the high security level network, optical disc burning or a unidirectional gatekeeper/optical gate is generally used to isolate the high security level network from the low security level network, so as to implement unidirectional data transmission.
The optical disc recording is manually assisted to complete data transmission, which causes service system isolation and unsmooth work flow. Although the unidirectional gatekeeper/optical gate can realize real-time single data transmission, the problems that data may be lost, transmission efficiency of large files is low, viruses easily enter a high-security level network from a low-security level network and the like still face.
In order to solve the technical defect, referring to fig. 1, the present invention further provides a unidirectional data transmission method, including:
step S101, receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by segmenting the transmission file according to a first optimal data packet length through the low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and the unidirectional data transmission unit.
And S102, performing virus killing on all the first data packets to obtain virus killed data packets.
And step S103, segmenting the data packets subjected to virus killing according to a second optimal data packet length to obtain a plurality of second data packets, wherein the second data packets are obtained by segmenting the data packets subjected to virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and the high-security-level network.
And step S104, transmitting all the second data packets to the high-security-level network through the second transmission channel.
The method comprises the steps of receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by dividing a transmission file according to a first optimal data packet length through a low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit, the data packet after virus killing is divided according to a second optimal data packet length, a plurality of second data packets are obtained, the second data packet is obtained by dividing the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and a high-security-level network.
In some embodiments, the virus killing is existing mature antivirus software and firewall, and after all the first data packets are virus killed, the first data packets with risks are discarded.
In some embodiments, the first optimal packet length is calculated according to the first transmission channel information, and may include, but is not limited to, step S201:
step S201, calculating a first optimal packet length according to the first transmission channel information, so that the first optimal packet length satisfies that a time for transmitting the first optimal packet length through the first transmission channel is less than a preset maximum time, a number of times for transmitting the first optimal packet length is less than a preset maximum number of times, and a system utilization efficiency for transmitting the first optimal packet length is maximum, where a calculation formula for calculating the first optimal packet length according to the first transmission channel information is:
Figure 58526DEST_PATH_IMAGE001
wherein, the first and the second end of the pipe are connected with each other,
Figure 630190DEST_PATH_IMAGE002
for system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, and T max Is a preset maximum time, N max Is the preset maximum number of times,
Figure 177846DEST_PATH_IMAGE006
the system is most efficiently utilized for transmitting the first optimal packet length.
In some embodiments, the second optimal packet length is calculated according to the second transmission channel information, and may include, but is not limited to, step S301:
step S301, calculating a second optimal packet length according to the second transmission channel information, so that the second optimal packet length satisfies that the time for transmitting the second optimal packet length through the second transmission channel is less than a preset maximum time, the number of times for transmitting the second optimal packet length is less than a preset maximum number of times, and the system utilization efficiency for transmitting the second optimal packet length is maximum, wherein a calculation formula for calculating the second optimal packet length according to the second transmission channel information is as follows:
Figure 269299DEST_PATH_IMAGE004
wherein t (L2) is the time for transmitting the second optimal packet length, n (L2) is the number of transmissions for transmitting the second optimal packet length,
Figure DEST_PATH_IMAGE007
the system is most efficiently utilized for transmitting the second optimal packet length.
In some embodiments, an optical gate or a network gate is disposed on the unidirectional data transmission unit, so that the transmission file can be transmitted between the low security level network and the high security level network in a unidirectional manner.
In some embodiments, after transmitting all the second data packets to the high security level network through the second transmission channel, the method may include, but is not limited to, the step S401:
and S401, receiving all the second data packets through the high-security-level network and performing data combination to obtain a combined file.
In some embodiments, the transmission and reception of the data packets are based on the TCP protocol.
The data packet transmission is the data check and retransmission according to the TCP protocol, so that the reliability of data transmission can be effectively ensured, and the packet loss rate is reduced.
In addition, referring to fig. 2, an embodiment of the present invention provides a unidirectional data transmission system, which includes a first data transmission module 1100, a virus checking and killing module 1200, a second data partitioning module 1300, and a second transmission partitioning module 1400, wherein:
the first data transmission module 1100 is configured to receive a plurality of first data packets sent from the low security level network through a first transmission channel; the first data packet is obtained by segmenting the transmission file according to a first optimal data packet length through the low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and the unidirectional data transmission unit.
The virus searching and killing module 1200 is configured to perform virus searching and killing on all the first data packets to obtain virus-searched and killed data packets.
The second data partitioning module 1300 is configured to partition the data packet after virus killing according to a second optimal data packet length to obtain a plurality of second data packets, where the second data packet is obtained by partitioning the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel usage information between the unidirectional data transmission unit and the high security level network.
The second transmission segmentation module 1400 is configured to transmit all the second data packets to the high security class network via the second transmission channel.
The system receives a plurality of first data packets sent by a low-security level network through a first transmission channel; the method comprises the steps that a first data packet is obtained by segmenting a transmission file according to a first optimal data packet length through a low-security-level network, the first optimal data packet length is obtained by calculation according to first transmission channel information, the first transmission channel information is first transmission channel use information between the low-security-level network and a one-way data transmission unit, the data packet after virus checking and killing is segmented according to a second optimal data packet length, a plurality of second data packets are obtained, the second data packet is obtained by segmenting the data packet after virus checking and killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the one-way data transmission unit and a high-security-level network, optimal segmentation transmission of large transmission files is achieved, transmission efficiency is improved, virus checking and killing are conducted on all the first data packets at the same time, the data packet after virus checking and killing is obtained, safety of data transmission from the low-security-level network to the high-security-level network is improved, and convenience of data interaction between an internal network and an external network is achieved.
In some embodiments, the first data transmission module further comprises:
the first optimal data packet length calculation module is used for calculating to obtain a first optimal data packet length according to the first transmission channel information so that the first optimal data packet length meets the condition that the time for transmitting the first optimal data packet length through the first transmission channel is less than the preset maximum time, the transmission times for transmitting the first optimal data packet length are less than the preset maximum times, and the system utilization efficiency for transmitting the first optimal data packet length is maximum, wherein a calculation formula for calculating to obtain the first optimal data packet length according to the first transmission channel information is as follows:
Figure 244208DEST_PATH_IMAGE001
wherein, the first and the second end of the pipe are connected with each other,
Figure 804634DEST_PATH_IMAGE002
for system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, and T max Is a preset maximum time, N max Is the preset maximum number of times,
Figure 155981DEST_PATH_IMAGE006
the system is most efficiently utilized for transmitting the first optimal packet length.
It should be noted that the embodiment of the present system and the embodiment of the system described above are based on the same inventive concept, and therefore, the related contents of the embodiment of the method described above are also applicable to the embodiment of the present system, and are not described herein again.
The present application further provides a unidirectional data transmission electronic device, comprising: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor when executing the computer program implementing: such as the one-way data transmission method described above.
The processor and memory may be connected by a bus or other means.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software programs and instructions required to implement the unidirectional data transmission method of the above-described embodiment are stored in a memory, and when executed by a processor, perform the unidirectional data transmission method of the above-described embodiment, for example, perform the method steps S101 to S104 in fig. 1 described above.
The present application further provides a computer-readable storage medium having stored thereon computer-executable instructions for performing: such as the one-way data transmission method described above.
The computer-readable storage medium stores computer-executable instructions, which are executed by a processor or controller, for example, by a processor in the above-mentioned electronic device embodiment, and can make the above-mentioned processor execute the unidirectional data transmission method in the above-mentioned embodiment, for example, execute the above-mentioned method steps S101 to S104 in fig. 1.
It will be understood by those of ordinary skill in the art that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, or suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program elements or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program elements, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as is well known to those of ordinary skill in the art.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (10)

1. A unidirectional data transmission method for a unidirectional data transmission unit, the unidirectional data transmission method comprising:
receiving a plurality of first data packets transmitted from a low security level network through a first transmission channel; the first data packet is obtained by segmenting a transmission file according to a first optimal data packet length through the low-security-level network, wherein the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit;
virus searching and killing are carried out on all the first data packets to obtain data packets subjected to virus searching and killing;
dividing the data packet after virus killing according to a second optimal data packet length to obtain a plurality of second data packets, wherein the second data packets are obtained by dividing the data packet after virus killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel use information between the unidirectional data transmission unit and a high-security-level network;
and transmitting all the second data packets to the high-security level network through a second transmission channel.
2. A method for unidirectional data transmission according to claim 1, wherein the first optimal packet length is calculated according to the first transmission channel information, and comprises:
calculating to obtain the first optimal packet length according to the first transmission channel information, so that the first optimal packet length satisfies that the time for transmitting the first optimal packet length through the first transmission channel is less than a preset maximum time, the number of transmission times for transmitting the first optimal packet length is less than a preset maximum number of times, and the system utilization efficiency for transmitting the first optimal packet length is maximum, wherein a calculation formula for calculating to obtain the first optimal packet length according to the first transmission channel information is as follows:
Figure 573696DEST_PATH_IMAGE002
wherein the content of the first and second substances,
Figure 615471DEST_PATH_IMAGE004
for the system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, T max Is the preset maximum time, N max Is the preset maximum number of times,
Figure 785421DEST_PATH_IMAGE006
the system for transmitting the first optimal packet length is most efficiently utilized.
3. A method as claimed in claim 2, wherein the second optimal packet length is calculated according to the second transmission channel information, and comprises:
calculating to obtain a second optimal data packet length according to the second transmission channel information, so that the second optimal data packet length satisfies that the time for transmitting the second optimal data packet length through the second transmission channel is less than a preset maximum time, the number of times for transmitting the second optimal data packet length is less than a preset maximum number, and the system utilization efficiency for transmitting the second optimal data packet length is maximum, wherein a calculation formula for calculating to obtain the second optimal data packet length according to the second transmission channel information is as follows:
Figure DEST_PATH_IMAGE008
wherein t (L2) is the time for transmitting the second optimal packet length, n (L2) is the number of transmissions for transmitting the second optimal packet length,
Figure DEST_PATH_IMAGE010
the system for transmitting the second optimal packet length is most efficiently utilized.
4. A method for unidirectional data transmission according to claim 3, wherein the unidirectional data transmission unit is provided with an optical gate or a network gate, so that the transmission document can be transmitted between the network with low security level and the network with high security level in one direction.
5. A method for unidirectional data transmission according to claim 4, wherein after transmitting all the second data packets to the high security level network via a second transmission channel, the method comprises:
and receiving all the second data packets through the high-security-level network and performing data combination to obtain a combined file.
6. A method as claimed in claim 5, wherein the transmission and reception of the data packets are based on TCP.
7. A unidirectional data transmission system, characterized in that the unidirectional data transmission system comprises:
the first data transmission module is used for receiving a plurality of first data packets sent by a low-security level network through a first transmission channel; the first data packet is obtained by segmenting a transmission file according to a first optimal data packet length through the low-security-level network, wherein the first optimal data packet length is obtained by calculation according to first transmission channel information, and the first transmission channel information is first transmission channel use information between the low-security-level network and a unidirectional data transmission unit;
the virus searching and killing module is used for searching and killing viruses of all the first data packets to obtain data packets after virus searching and killing;
the second data partitioning module is configured to partition the data packet after virus searching and killing according to a second optimal data packet length to obtain a plurality of second data packets, where the second data packet is obtained by partitioning the data packet after virus searching and killing according to the second optimal data packet length, the second optimal data packet length is obtained by calculation according to second transmission channel information, and the second transmission channel information is second transmission channel usage information between the unidirectional data transmission unit and a high security level network;
and the second transmission segmentation module is used for transmitting all the second data packets to the high-security-level network through a second transmission channel.
8. A unidirectional data transmission system as claimed in claim 7, wherein the first data transmission module further comprises:
a first optimal packet length calculation module, configured to calculate, according to the first transmission channel information, a first optimal packet length so that the first optimal packet length satisfies that a time for transmitting the first optimal packet length through the first transmission channel is less than a preset maximum time, a number of times for transmitting the first optimal packet length is less than a preset maximum number of times, and a system utilization efficiency for transmitting the first optimal packet length is the maximum, where a calculation formula for calculating the first optimal packet length according to the first transmission channel information is as follows:
Figure 779965DEST_PATH_IMAGE002
wherein, the first and the second end of the pipe are connected with each other,
Figure 46867DEST_PATH_IMAGE004
for the system utilization efficiency, T (L1) is the time for transmitting the first optimal packet length, n (L1) is the number of transmissions for transmitting the first optimal packet length, T max Is the preset maximum time, N max Is the preset maximum number of times and is,
Figure 10275DEST_PATH_IMAGE006
the system for transmitting the first optimal packet length is most efficiently utilized.
9. A unidirectional data transmission device comprising at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform a method of unidirectional data transfer according to any of claims 1 to 6.
10. A computer-readable storage medium characterized by: the computer-readable storage medium stores computer-executable instructions for causing a computer to perform the unidirectional data transmission method of any one of claims 1 to 6.
CN202211186538.7A 2022-09-28 2022-09-28 Unidirectional data transmission method, system, equipment and storage medium Active CN115277262B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211186538.7A CN115277262B (en) 2022-09-28 2022-09-28 Unidirectional data transmission method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211186538.7A CN115277262B (en) 2022-09-28 2022-09-28 Unidirectional data transmission method, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115277262A true CN115277262A (en) 2022-11-01
CN115277262B CN115277262B (en) 2023-04-07

Family

ID=83756440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211186538.7A Active CN115277262B (en) 2022-09-28 2022-09-28 Unidirectional data transmission method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115277262B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117784699A (en) * 2024-02-28 2024-03-29 深圳市瑞天激光有限公司 Communication method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008167385A (en) * 2006-12-27 2008-07-17 Ind Technol Res Inst Network packet transmission method and device
CN107070907A (en) * 2017-03-31 2017-08-18 杭州通悟科技有限公司 Intranet and extranet data unidirectional transmission method and system
CN107749840A (en) * 2017-09-27 2018-03-02 北京机电工程研究所 The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway
CN109120647A (en) * 2018-10-31 2019-01-01 武汉光谷联众大数据技术有限责任公司 A kind of security exchange system
CN111586041A (en) * 2020-05-07 2020-08-25 英赛克科技(北京)有限公司 Industrial unidirectional isolation network gate system and data transmission method
CN112788030A (en) * 2021-01-11 2021-05-11 北京鼎轩科技有限责任公司 Data exchange method and system between high-density network and low-density network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008167385A (en) * 2006-12-27 2008-07-17 Ind Technol Res Inst Network packet transmission method and device
CN107070907A (en) * 2017-03-31 2017-08-18 杭州通悟科技有限公司 Intranet and extranet data unidirectional transmission method and system
CN107749840A (en) * 2017-09-27 2018-03-02 北京机电工程研究所 The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway
CN109120647A (en) * 2018-10-31 2019-01-01 武汉光谷联众大数据技术有限责任公司 A kind of security exchange system
CN111586041A (en) * 2020-05-07 2020-08-25 英赛克科技(北京)有限公司 Industrial unidirectional isolation network gate system and data transmission method
CN112788030A (en) * 2021-01-11 2021-05-11 北京鼎轩科技有限责任公司 Data exchange method and system between high-density network and low-density network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄爱苹,张文平: "IEEE802.11n系统最优包长和聚合个数调节算法", 《东南大学学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117784699A (en) * 2024-02-28 2024-03-29 深圳市瑞天激光有限公司 Communication method, device and system

Also Published As

Publication number Publication date
CN115277262B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN105827646B (en) The method and device of ssyn attack protection
EP2739002B1 (en) Systems and methods for transparently monitoring network traffic for denial of service attacks
US10791192B2 (en) Hybrid approach for performance enhancing proxies
CN102763384A (en) Automatic adjusting of reputation thresholds
US10110557B2 (en) FTP application layer packet filtering method, device and computer storage medium
US20080301799A1 (en) Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment
CN108737447B (en) User datagram protocol flow filtering method, device, server and storage medium
CN115277262B (en) Unidirectional data transmission method, system, equipment and storage medium
EP3768020B1 (en) System and method for performing transmission cancellation indication monitoring
CN100420197C (en) Method for guarding against attack realized for networked devices
CN110798451A (en) Security authentication method and device
CN110995586B (en) BGP message processing method and device, electronic equipment and storage medium
KR101476748B1 (en) Apparatus and method for transmitting and receiving messages
EP1838038B1 (en) Method for transfering network event protocol messages
KR102027438B1 (en) Apparatus and method for blocking ddos attack
KR102027434B1 (en) Security apparatus and method for operating the same
CN111294330B (en) Method for managing memory
JP2009284433A (en) System and method for detecting and controlling p2p terminal
US20180213573A1 (en) Preemptive Maintenance for a Client-Server Masquerading Network
CN114567484B (en) Message processing method and device, electronic equipment and storage medium
CN115022069B (en) IP fragment message recombination method and device for network attack detection
CN115499216B (en) Attack defending method and device, storage medium and electronic equipment
CN113630388B (en) Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium
CN104348785A (en) Method for preventing host PMTU attack in IPv6 network and device and system thereof
CN114124489B (en) Method, cleaning device, equipment and medium for preventing flow attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant