CN115314303A - Network security defense method and system based on whole network linkage - Google Patents

Network security defense method and system based on whole network linkage Download PDF

Info

Publication number
CN115314303A
CN115314303A CN202210955235.0A CN202210955235A CN115314303A CN 115314303 A CN115314303 A CN 115314303A CN 202210955235 A CN202210955235 A CN 202210955235A CN 115314303 A CN115314303 A CN 115314303A
Authority
CN
China
Prior art keywords
network
terminal
cloud server
threat data
network threat
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210955235.0A
Other languages
Chinese (zh)
Inventor
武春岭
叶坤
黄将诚
何倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing College of Electronic Engineering
Original Assignee
Chongqing College of Electronic Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing College of Electronic Engineering filed Critical Chongqing College of Electronic Engineering
Priority to CN202210955235.0A priority Critical patent/CN115314303A/en
Publication of CN115314303A publication Critical patent/CN115314303A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a network security defense method and a system based on whole network linkage, belongs to the technical field of network security, and aims to solve the problems of low efficiency and low accuracy of the conventional terminal for dealing with network threats. After the terminal is registered and verified in the cloud server, connection and communication between the terminal and the cloud server are achieved. The network threat data sample is input into the cloud server, the network threat data identification library is constructed, the emergency processing file corresponding to the network threat data sample is added into the cloud server, the network threat data is sent to the cloud server after the terminal is attacked by the network threat data, the cloud server sends the corresponding emergency processing file or the blocking isolation file to the terminal, and therefore the terminal can rapidly clear or block isolation of the network threat data, and the network safety of the terminal is protected. The invention is suitable for a network security screening and judging system and a method.

Description

Network security defense method and system based on whole network linkage
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security defense method and system based on whole network linkage.
Background
The network threat refers to the improper behavior affecting the security of the computer system and the network, and usually causes great loss. Therefore, the handling of cyber threats needs to be rapid and accurate. When a terminal user is threatened by a network, the capability of handling the network threat is not comprehensive enough, and the defense means is relatively limited, so that the self network safety omnibearing protection is difficult to ensure. If a plurality of safety protection modules are added to the terminal independently, the operation smoothness of the terminal is reduced, high economic cost can be generated, and the use requirements of terminal users cannot be met. Therefore, how to improve the efficiency and accuracy of the terminal for dealing with the network threat is important for protecting the data security and property security of the terminal user.
Disclosure of Invention
The invention aims to: the network security defense method and system based on the whole network linkage are provided, and the problems of low efficiency and low accuracy of the existing terminal for dealing with network threats are solved.
The technical scheme adopted by the invention is as follows:
a network security defense method based on whole network linkage comprises the following steps:
(1) Establishing a cloud server, inputting a network threat data sample into the cloud server, and establishing a network threat data identification library;
(2) Adding an emergency processing file corresponding to the network threat data sample in a cloud server based on the network threat data sample;
(3) The plurality of terminals send respective corresponding registration feature codes to the cloud server, the cloud server receives the registration feature codes sent by the terminals, the registration feature codes are verified, and the terminals are registered after the verification is passed;
(4) After the terminal is attacked by the network threat data, the network threat data is sent to a cloud server, the cloud server verifies whether the terminal is registered or not, after the verification is passed, the cloud server receives the network threat data and searches in a network threat data identification database, if the network threat data exists in the network threat data identification database, an emergency processing file corresponding to the network threat data is transmitted to the corresponding terminal, and the step (5) is carried out; if the network threat data exists in the network threat data identification library, the network threat data is recorded in the network threat data identification library, and a blacklist directory is added, and the step (6) is carried out;
(5) The terminal receives and runs the emergency processing file transmitted by the cloud server, and clears the network threat data to complete network security defense;
(6) The cloud server sends early warning information to all registered terminals and sends blocking isolation files at the same time, and the terminals receive the blocking isolation files and operate to block and isolate the network threat data to complete network security defense.
Further, in the step (3), after the terminal completes registration, an encrypted communication channel is established between the terminal and the cloud server to perform data transmission and data reception.
Further, in the step (3), the registration feature code includes a terminal device hardware identification ID and a registration code.
A network security defense system based on whole network linkage comprises a cloud server and a plurality of terminals;
the cloud server comprises a cloud data receiving module, a cloud data transmission module, a cloud registration verification module, a database module and a retrieval module;
the cloud data receiving module is used for receiving data and files transmitted by the terminal;
the cloud data transmission module is used for transmitting data and files to the terminal;
the cloud registration verification module is used for completing registration verification of the terminal;
the database module is used for inputting and storing network threat data samples and constructing a network threat data identification database;
the retrieval module is used for retrieving the network threat data identification database;
the terminal comprises a terminal data receiving module, a terminal data transmission module and an operation module;
the terminal data receiving module is used for receiving data and files transmitted by the cloud server;
the terminal data transmission module is used for transmitting data and files to the cloud server;
and the operation module is used for operating the file transmitted by the cloud server.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. in the invention, the terminal realizes the connection and communication between the terminal and the cloud server after the terminal is registered and verified in the cloud server. The network threat data sample is input into the cloud server, the network threat data identification library is constructed, the emergency processing file corresponding to the network threat data sample is added into the cloud server, the network threat data is sent to the cloud server after the terminal is attacked by the network threat data, the cloud server retrieves the corresponding emergency processing file and sends the emergency processing file to the terminal, and therefore the terminal can rapidly clear the network threat data through the emergency processing file, and the network safety of the terminal is protected. When the network threat data received by the cloud server is not recorded in the network threat data identification library, the cloud server sends early warning information to all registered terminals and sends blocking isolation files at the same time, and the terminals receive the blocking isolation files and operate to block and isolate the network threat data to protect the network security of the terminals. Network security defense is carried out on the terminals based on a full-network linkage mode, so that the efficiency and the accuracy of the terminals for dealing with network threats are greatly improved, and the data security and the property security of terminal users are protected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and that for those skilled in the art, other relevant drawings can be obtained according to the drawings without inventive effort, wherein:
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a structural component diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: reference numerals and letters designate similar items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships that the present product conventionally places when used, and are only intended to simplify the description of the present invention, and do not indicate or imply that the device or element referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Furthermore, the terms "horizontal", "vertical" and the like do not imply that the components are absolutely horizontal or hanging, but may be slightly inclined. For example, "horizontal" merely means that the direction is more horizontal than "vertical" and does not mean that the structure must be perfectly horizontal, but may be slightly inclined.
In the description of the present invention, it should also be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally connected; mechanical connection or electrical connection can be realized; the two original pieces can be directly connected or indirectly connected through an intermediate medium, or the two original pieces can be communicated with each other. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
A network security defense method based on whole network linkage comprises the following steps:
(1) Establishing a cloud server, inputting a network threat data sample into the cloud server, and establishing a network threat data identification library;
(2) Adding an emergency processing file corresponding to the network threat data sample in a cloud server based on the network threat data sample;
(3) The plurality of terminals send respective corresponding registration feature codes to the cloud server, the cloud server receives the registration feature codes sent by the terminals, the registration feature codes are verified, and the terminals are registered after the verification is passed;
(4) After the terminal is attacked by the network threat data, the network threat data is sent to a cloud server, the cloud server verifies whether the terminal is registered or not, after the verification is passed, the cloud server receives the network threat data and searches in a network threat data identification database, if the network threat data exists in the network threat data identification database, an emergency processing file corresponding to the network threat data is transmitted to the corresponding terminal, and the step (5) is carried out; if the network threat data exists in the network threat data identification library, the network threat data is recorded in the network threat data identification library, and a blacklist directory is added, and the step (6) is carried out;
(5) The terminal receives and runs the emergency processing file transmitted by the cloud server, and clears the network threat data to complete network security defense;
(6) The cloud server sends early warning information to all registered terminals and sends blocking isolation files at the same time, and the terminals receive the blocking isolation files and operate to block and isolate the network threat data to complete network security defense.
Further, in the step (3), after the terminal completes registration, an encrypted communication channel is established between the terminal and the cloud server for data transmission and data reception.
Further, in the step (3), the registration feature code includes a terminal device hardware identification ID and a registration code.
A network security defense system based on whole network linkage comprises a cloud server and a plurality of terminals;
the cloud server comprises a cloud data receiving module, a cloud data transmission module, a cloud registration verification module, a database module and a retrieval module;
the cloud data receiving module is used for receiving data and files transmitted by the terminal;
the cloud data transmission module is used for transmitting data and files to the terminal;
the cloud registration verification module is used for completing registration verification of the terminal;
the database module is used for inputting and storing network threat data samples and constructing a network threat data identification database;
the retrieval module is used for retrieving the network threat data identification database;
the terminal comprises a terminal data receiving module, a terminal data transmission module and an operation module;
the terminal data receiving module is used for receiving data and files transmitted by the cloud server;
the terminal data transmission module is used for transmitting data and files to the cloud server;
and the operation module is used for operating the file transmitted by the cloud server.
In the implementation process of the invention, after the terminal is registered and verified in the cloud server, the connection communication between the terminal and the cloud server is realized. The network threat data sample is input into the cloud server, the network threat data identification library is constructed, the emergency processing file corresponding to the network threat data sample is added into the cloud server, the network threat data is sent to the cloud server after the terminal is attacked by the network threat data, the cloud server retrieves the corresponding emergency processing file and sends the emergency processing file to the terminal, and therefore the terminal can rapidly clear the network threat data through the emergency processing file, and the network safety of the terminal is protected. When the network threat data received by the cloud server is not recorded in the network threat data identification library, the cloud server sends early warning information to all registered terminals and sends blocking isolation files at the same time, and the terminals receive the blocking isolation files and operate to block and isolate the network threat data to protect the network security of the terminals. Network security defense is carried out on the terminals based on a full-network linkage mode, so that the efficiency and the accuracy of the terminals for dealing with network threats are greatly improved, and the data security and the property security of terminal users are protected.
The above description is an embodiment of the present invention. The foregoing are preferred embodiments of the present invention, which may be used in any combination without departing from the scope of the invention, and the detailed description and specific parameters of the embodiments are provided only for the purpose of illustrating the verification process of the invention and not for the purpose of limiting the scope of the invention, which is defined by the appended claims.

Claims (4)

1. A network security defense method based on whole network linkage is characterized by comprising the following steps:
(1) Establishing a cloud server, inputting a network threat data sample into the cloud server, and establishing a network threat data identification library;
(2) Adding an emergency processing file corresponding to the network threat data sample in a cloud server based on the network threat data sample;
(3) The plurality of terminals send respective corresponding registration feature codes to the cloud server, the cloud server receives the registration feature codes sent by the terminals, the registration feature codes are verified, and the terminals are registered after the verification is passed;
(4) After the terminal is attacked by the network threat data, the network threat data is sent to a cloud server, the cloud server verifies whether the terminal is registered or not, after the verification is passed, the cloud server receives the network threat data and searches in a network threat data identification database, if the network threat data exists in the network threat data identification database, an emergency processing file corresponding to the network threat data is transmitted to the corresponding terminal, and the step (5) is carried out; if the network threat data exists in the network threat data identification library, the network threat data is recorded in the network threat data identification library, and a blacklist directory is added, and the step (6) is carried out;
(5) The terminal receives and runs the emergency processing file transmitted by the cloud server, and clears the network threat data to complete network security defense;
(6) The cloud server sends early warning information to all registered terminals and sends blocking isolation files at the same time, and the terminals receive the blocking isolation files and operate to block and isolate the network threat data to complete network security defense.
2. The network security defense method based on the whole network linkage as claimed in claim 1, wherein in the step (3), after the terminal completes registration, an encrypted communication channel is established between the terminal and the cloud server for data transmission and data reception.
3. The network security defense method based on the whole network linkage as claimed in claim 1, wherein in the step (3), the registered feature code comprises a terminal device hardware Identification (ID) and a registration code.
4. A network security defense system based on whole network linkage is characterized by comprising a cloud server and a plurality of terminals;
the cloud server comprises a cloud data receiving module, a cloud data transmission module, a cloud registration verification module, a database module and a retrieval module;
the cloud data receiving module is used for receiving data and files transmitted by the terminal;
the cloud data transmission module is used for transmitting data and files to the terminal;
the cloud registration verification module is used for completing registration verification of the terminal;
the database module is used for inputting and storing network threat data samples and constructing a network threat data identification database;
the retrieval module is used for retrieving the network threat data identification database;
the terminal comprises a terminal data receiving module, a terminal data transmission module and an operation module;
the terminal data receiving module is used for receiving data and files transmitted by the cloud server;
the terminal data transmission module is used for transmitting data and files to the cloud server;
and the operation module is used for operating the file transmitted by the cloud server.
CN202210955235.0A 2022-08-10 2022-08-10 Network security defense method and system based on whole network linkage Pending CN115314303A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210955235.0A CN115314303A (en) 2022-08-10 2022-08-10 Network security defense method and system based on whole network linkage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210955235.0A CN115314303A (en) 2022-08-10 2022-08-10 Network security defense method and system based on whole network linkage

Publications (1)

Publication Number Publication Date
CN115314303A true CN115314303A (en) 2022-11-08

Family

ID=83861422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210955235.0A Pending CN115314303A (en) 2022-08-10 2022-08-10 Network security defense method and system based on whole network linkage

Country Status (1)

Country Link
CN (1) CN115314303A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195991A (en) * 2011-06-28 2011-09-21 辽宁国兴科技有限公司 Terminal security management and authentication method and system
CN104753898A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Verification method, terminal and server
CN104917718A (en) * 2014-03-11 2015-09-16 杭州雾隐美地传媒有限公司 Method and terminal for fast authentication of mobile terminal user and application server
CN111431939A (en) * 2020-04-24 2020-07-17 郑州大学体育学院 CTI-based SDN malicious traffic defense method and system
CN113709132A (en) * 2021-08-23 2021-11-26 深圳市托奇科技有限公司 Security detection method and system for reducing cloud computing requirements

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195991A (en) * 2011-06-28 2011-09-21 辽宁国兴科技有限公司 Terminal security management and authentication method and system
CN104753898A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Verification method, terminal and server
CN104917718A (en) * 2014-03-11 2015-09-16 杭州雾隐美地传媒有限公司 Method and terminal for fast authentication of mobile terminal user and application server
CN111431939A (en) * 2020-04-24 2020-07-17 郑州大学体育学院 CTI-based SDN malicious traffic defense method and system
CN113709132A (en) * 2021-08-23 2021-11-26 深圳市托奇科技有限公司 Security detection method and system for reducing cloud computing requirements

Similar Documents

Publication Publication Date Title
CN1085030C (en) Checking the access right of a subscriber equipment
US6353385B1 (en) Method and system for interfacing an intrusion detection system to a central alarm system
US20030084321A1 (en) Node and mobile device for a mobile telecommunications network providing intrusion detection
US10474613B1 (en) One-way data transfer device with onboard system detection
CN101176082B (en) Communication terminal, security device, and integrated circuit
CN113360475B (en) Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN104009870A (en) WLAN wireless intrusion alarm aggregation method
CN113329017A (en) Network security risk detection system and method
CN114339767B (en) Signaling detection method and device, electronic equipment and storage medium
CN115086064A (en) Large-scale network security defense system based on cooperative intrusion detection
US20190356759A1 (en) Systems and Methods for Securely Transferring Selective Datasets Between Terminals With Multi-Applications Support
US20200213355A1 (en) Security Network Interface Controller (SNIC) Preprocessor with Cyber Data Threat Detection and Response Capability that Provides Security Protection for a Network Device with Memory or Client Device with Memory or Telecommunication Device with Memory
CN115314303A (en) Network security defense method and system based on whole network linkage
KR101666614B1 (en) Detection system and method for Advanced Persistent Threat using record
CN104917757A (en) Event-triggered MTD protection system and method
CN112367315A (en) Endogenous safe WAF honeypot deployment method
CN109104429B (en) Detection method for phishing information
CN104753774A (en) Distributed enterprise integrated access gateway
CN115883169A (en) Industrial control network attack message response method and response system based on honeypot system
CN116668259A (en) Method and apparatus for detecting anomalies in infrastructure in a network
CN112953975B (en) Network security situation awareness system and method
CN101997786B (en) Efficient and safe heterogeneous media gateway
Xiang et al. Network Intrusion Detection Method for Secondary System of Intelligent Substation based on Semantic Enhancement
CN116018781A (en) System and method for preventing computer network from hacking
CN115314302A (en) Communication method and device based on network security grid

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination