CN115396167A - Network information security protection method based on big data - Google Patents
Network information security protection method based on big data Download PDFInfo
- Publication number
- CN115396167A CN115396167A CN202210988915.2A CN202210988915A CN115396167A CN 115396167 A CN115396167 A CN 115396167A CN 202210988915 A CN202210988915 A CN 202210988915A CN 115396167 A CN115396167 A CN 115396167A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- offensive
- cloud server
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network information security protection method based on big data, which belongs to the field of network information security and solves the problem of how to monitor network aggressive data so as to ensure the network information security; the abnormal data detection unit detects abnormal data in the cloud server and sends the abnormal data to the network shooting range module; an attacker in the network shooting range module sends network aggressive data in the abnormal data to a cloud server virtual machine through a network route, a defense unit intercepts the network aggressive data, an attack and defense detection unit carries out real-time monitoring, recording and analysis on attack behavior characteristics of the attacker and defense behavior characteristics of the defense unit, the attack and defense detection unit is cracked by professional technicians, and the cloud server is reinforced; the local server or the local computer filters network data, sets a pseudo system bug, and professional technicians analyze network aggressive data, reinforce the real local server or the local computer, and the security manager module comprehensively monitors the local computer.
Description
Technical Field
The invention belongs to the field of network information security, and particularly relates to a network information security protection method based on big data.
Background
With the scientific progress and the social development, various aspects of daily life of people are closely related to network information, when mass data exists, the receiving ports of various servers or computers are attacked by means of network offensive data, once the receiving ports are broken through by the network offensive data, various information stored in the server or the computer system is leaked, the server or the computer system is negatively affected to different degrees, even the system is paralyzed, and the network security problem is increasingly highlighted.
At present, protection for network information security has various countermeasures, but network offensive data are mainly intercepted, and if the network offensive data cannot be intercepted, the system is secretly submerged and damaged.
Therefore, the invention provides a network information security protection method based on big data.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a network information security protection method based on big data, which solves the problem of how to monitor network aggressive data so as to guarantee the network information security.
In order to achieve the above object, an embodiment according to the present invention provides a method for protecting network information based on big data, including:
acquiring abnormal data of an external network port of a cloud server;
detecting and cracking the network offensive data through a network shooting range module;
the local server or the local computer receives the network data sent by the cloud server and carries out security filtering on the network data;
trapping residual network offensive data by using a pseudo system honeypot technology;
and comprehensively monitoring the operating environment of the operating system.
Furthermore, the cloud server is provided with a data acquisition unit, a data storage unit and an abnormal data detection unit, the data acquisition unit acquires and acquires network data of the external network port through an IP address of the identification data packet and transmits the acquired network data to the data storage unit for storage, the abnormal data detection unit is used for detecting the network data in the data storage unit and judging all data which do not conform to the established rule of computer network activities as illegal invasion abnormal data, and the abnormal data detection unit sends the abnormal data to the network target range module.
Furthermore, the network shooting range module is provided with a plurality of attack machines, network routes and cloud server virtual machines, the attack machines judge network offensive data by comparing the received abnormal data with the normal operation behavior data in terms of characteristics, and the network offensive data are sent to the cloud server virtual machines through the network routes.
Further, the cloud service virtual machine is provided with a defense unit for intercepting the network offensive data transmitted by the attacker.
Further, the cloud server virtual machine is provided with an attack and defense detection unit for monitoring the attack behavior of the attack machine and the interception behavior of the defense unit, and the specific process is as follows:
step S1: the attack and defense detection unit marks network offensive data;
step S2: tracking and positioning the marked path of the network offensive data;
and step S3: the attack and defense detection unit records and analyzes the behavior characteristics and the tracking path of the network offensive data, and the behavior characteristics and the tracking path are cracked by professional technicians;
and step S4: and thoroughly clearing the network offensive data invaded into the virtual machine of the cloud server to generate a network offensive data attack cracking log.
Furthermore, the monitoring content includes behavior characteristics of intercepting the marked network offensive data by the defense unit, behavior characteristics of avoiding the interception by the defense unit when the attacker transmits the network offensive data, behavior characteristics of infecting or destroying internal data and programs after the interception by the network offensive data avoiding the defense unit, behavior characteristics of stopping the network offensive data violation again and scanning and clearing the network offensive data after the interception fails by the defense unit, and subsequent behavior characteristics of the network offensive data missed or cleared by the defense unit.
Furthermore, the local server or the local computer is provided with a security firewall for performing security filtering on the network data of the port and filtering the network data with suspicious characteristics.
Furthermore, a pseudo system bug is set in the local server or the local computer, all network data attacking the pseudo system bug are marked as network offensive data, and the real local server or the real local computer is reinforced through the analysis of network offensive data by professional technicians.
Furthermore, the local computer also comprises a safety housekeeper module which is used for comprehensively monitoring suspicious data in the local computer, outputting prompt information if a suspicious object is monitored, and removing the suspicious object by a user according to actual conditions.
Compared with the prior art, the invention has the beneficial effects that:
1. the method comprises the steps that a data acquisition unit and a data storage unit are arranged in a cloud server of an external network to acquire and store network data from a cloud server port, and an abnormal data detection unit is arranged to detect abnormal data in the network data and send the abnormal data to a network shooting range module for detection and cracking; the network shooting range module is provided with a plurality of attackers which send the network aggressive data detected from the abnormal data to the cloud server virtual machine through a network route, and the defending unit intercepts the received network aggressive data, wherein the attacking and defending detection unit carries out real-time monitoring, recording and analysis on the attacking behavior characteristics of the attackers and the defending behavior characteristics of the defending unit, and professional technicians crack the attacking and defending behavior characteristics to strengthen the information security of the cloud server; by monitoring and analyzing the network offensive data and the attack behavior characteristics thereof at the cloud server side, the network information security of the cloud server is guaranteed, meanwhile, the network offensive data is prevented from entering a local server or a local computer of a receiver, and the protection degree and the protection barrier of the network information security are increased.
2. The method comprises the steps that a local server or a local computer receives network data transmitted by a cloud server, the network data are safely filtered through a safety firewall, a pseudo-system bug is set, network offensive data are induced to attack the network offensive data, professional technicians collect the network offensive data to analyze the network offensive data, so that the real local server or the real local computer is reinforced, a safety manager module scans and comprehensively monitors all data in the local computer, if suspicious targets appear, prompt information is output, and a user clears the suspicious targets according to actual conditions; further ensuring the network information security of the local computer of the receiving party.
Drawings
Fig. 1 is a flowchart of a big data-based network information security protection method according to the present invention.
Detailed Description
The technical solutions of the present invention will be described below clearly and completely in conjunction with the embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
As shown in fig. 1, the method for protecting network information based on big data includes:
the method comprises the following steps: acquiring abnormal data of an external network port of a cloud server;
the method comprises the steps that a cloud server is arranged in an external network and used for temporarily storing big data transmitted in a network and detecting network offensive data contained in the big data;
the cloud server comprises a data acquisition unit, a data storage unit and an abnormal data detection unit, wherein the data acquisition unit acquires and acquires network data of an external network port by identifying an IP (Internet protocol) address of a data packet and transmits the acquired network data to the data storage unit, the data storage unit is used for storing the acquired network data, the abnormal data detection unit is used for detecting the network data in the data storage unit and judging all data which do not accord with a set rule of computer network activity as illegal invasion abnormal data, and the abnormal data detection unit sends the abnormal data to the network target range module;
step two: detecting and cracking the network offensive data through a network shooting range module;
the network shooting range module is provided with a plurality of attack machines, a network route and a cloud server virtual machine; the method comprises the steps that a plurality of attack machines acquire abnormal data from a cloud server, monitor the abnormal data, compare the abnormal data with normal operation behavior data in characteristics to judge whether the abnormal data are network offensive data, and if the compared result is the network offensive data, the attack machines send the network offensive data to a cloud server virtual machine through a network route;
the cloud server virtual machine is provided with an operating system, application software and storage content which are the same as those of the cloud server host, and is provided with a defense unit for defending network offensive data transmitted by an attacker; however, the cloud server virtual machine is an independent individual relative to the cloud server, and the cloud server virtual machine and the cloud server do not influence each other;
the defending unit is arranged at a port of the cloud server virtual machine and intercepts network offensive data transmitted by the attacker;
the cloud server virtual machine is also provided with an attack and defense detection unit, and the attack and defense detection unit is used for monitoring and detecting the attack behavior of the attack machine and the interception behavior of the defense unit;
specifically, the attack and defense detection unit marks network offensive data, tracks and positions a path of the marked network offensive data, and monitors a background of a cloud server virtual machine in real time; the monitoring content comprises behavior characteristics of the defending unit for intercepting the marked network offensive data, behavior characteristics of how the attacker avoids the defending unit to intercept the network offensive data when the attacker transmits the network offensive data, behavior characteristics of how the network offensive data infects or destroys internal data and programs after the network offensive data avoids the defending unit to intercept, behavior characteristics of how the defending unit prevents the network offensive data from violating and scans and clears the network offensive data after interception fails, and subsequent behavior characteristics of the network offensive data which is prevented or cleared by the defending unit;
the attack and defense detection unit records and analyzes the behavior characteristics and the tracking path of the network offensive data, breaks the behavior characteristics and the tracking path through professional technicians, and thoroughly clears the network offensive data which invades into the virtual machine of the cloud server, so that a network offensive data attack breaking log is generated and stored, and the cloud server is subsequently subjected to security reinforcement according to the breaking mode of the attack behavior of the network offensive data and the comprehensive clearing mode of the network offensive data, so that the network offensive data can be quickly positioned when the cloud server receives abnormal data, the intractable invasion behavior of the network offensive data is prevented, and the network offensive data are thoroughly cleared;
step three: the local server or the local computer receives the network data sent by the cloud server and carries out security filtering on the network data;
the network data transferred from the cloud server is transmitted to a local server or a local computer, and the local server or the local computer is provided with a security firewall for carrying out security filtration on the network data of the port and filtering out the network data with suspicious characteristics;
step four: trapping residual network offensive data by using a pseudo system honeypot technology;
after the security filtering of the security firewall, setting a pseudo system vulnerability in a local server or a local computer, wherein the pseudo system vulnerability is used for simulating a vulnerable host vulnerability and providing an easy-to-attack target for an attacker, the pseudo system does not provide a truly valuable service to the outside, and all network data attacking the pseudo system vulnerability is marked as network offensive data; wherein, professional technical personnel collect the network offensive data attacking the pseudo system loophole, reinforce a real local server or a local computer and clear the network offensive data attacking the pseudo system loophole;
step five: comprehensively monitoring the operating environment of an operating system;
the local computer also comprises a safety housekeeper module which is used for comprehensively monitoring suspicious data in the local computer, outputting prompt information if a suspicious object is monitored, and removing the suspicious object by a user according to actual conditions; wherein the security housekeeping module may be antivirus software for a computer virus.
The working principle of the invention is as follows: the method comprises the steps that a data acquisition unit and a data storage unit are arranged in a cloud server of an external network to acquire and store network data from a cloud server port, and an abnormal data detection unit is arranged to detect abnormal data in the network data and send the abnormal data to a network shooting range module for detection and cracking; the network shooting range module is provided with a plurality of attackers which send the network aggressive data detected from the abnormal data to the cloud server virtual machine through a network route, and the defending unit intercepts the received network aggressive data, wherein the attacking and defending detection unit carries out real-time monitoring, recording and analysis on the attacking behavior characteristics of the attackers and the defending behavior characteristics of the defending unit, and professional technicians crack the attacking and defending behavior characteristics to strengthen the information security of the cloud server; the method comprises the steps that a local server or a local computer receives network data transmitted by a cloud server, the network data are safely filtered through a safety firewall, a pseudo-system bug is set, network offensive data are induced to attack the network offensive data, professional technicians collect the network offensive data to analyze the network offensive data, the real local server or the real local computer is reinforced, a safety manager module scans and comprehensively monitors all data in the local computer, if suspicious targets appear, prompt information is output, and a user clears the suspicious targets according to actual conditions.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and there may be other divisions when the actual implementation is performed; the modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the method of this embodiment.
Although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the present invention.
Claims (9)
1. The network information safety protection method based on big data is characterized by comprising the following steps:
acquiring abnormal data of an external network port of a cloud server;
detecting and cracking the network offensive data through a network shooting range module;
the local server or the local computer receives the network data sent by the cloud server and carries out security filtering on the network data;
trapping residual network offensive data by using a pseudo system honeypot technology;
and comprehensively monitoring the operating environment of the operating system.
2. The big data-based network information security protection method according to claim 1, wherein the cloud server is provided with a data acquisition unit, a data storage unit and an abnormal data detection unit, the data acquisition unit acquires and acquires network data of the external network port by identifying an IP address of a data packet and transmits the acquired network data to the data storage unit for storage, the abnormal data detection unit is used for detecting the network data in the data storage unit and determining all data which do not conform to a predetermined rule of computer network activities as illegal intrusion abnormal data, and the abnormal data detection unit transmits the abnormal data to the network target range module.
3. The big data-based network information security protection method according to claim 1, wherein the network shooting range module is provided with a plurality of attackers, network routes and cloud server virtual machines, the attackers judge network offensive data by performing feature comparison on the received abnormal data and normal operation behavior data, and send the network offensive data to the cloud server virtual machines through the network routes.
4. The big data based network information security protection method according to claim 3, wherein the cloud service virtual machine is provided with a defense unit for intercepting the network offensive data transmitted by the attacker.
5. The big data-based network information security protection method according to claim 3, wherein the cloud server virtual machine is provided with an attack and defense detection unit for monitoring an attack behavior of the attack machine and an interception behavior of the defense unit, and the specific process is as follows:
step S1: the attack and defense detection unit marks network offensive data;
step S2: tracking and positioning the marked path of the network offensive data;
and step S3: the attack and defense detection unit records and analyzes the behavior characteristics and the tracking path of the network offensive data, and the behavior characteristics and the tracking path are cracked by professional technicians;
and step S4: and thoroughly clearing the network offensive data invaded into the virtual machine of the cloud server to generate a network offensive data attack cracking log.
6. The method for network information security protection based on big data according to claim 1, wherein the monitoring content includes a behavior feature of blocking the marked network offensive data by the defending unit, a behavior feature of how the attacker avoids the blocking by the defending unit when transmitting the network offensive data, a behavior feature of how the network offensive data infects or destroys internal data and programs after the blocking by the defending unit, a behavior feature of how the defending unit prevents the network offensive data from violating again and scans and removes the network offensive data after the blocking fails, and a subsequent behavior feature of the network offensive data that the defending unit misses to prevent or remove.
7. The big data-based network information security protection method according to claim 1, wherein the local server or the local computer is provided with a security firewall for performing security filtering on the network data of the port and filtering out the network data with suspicious characteristics.
8. The method for protecting network information security based on big data according to claim 1, wherein a pseudo system vulnerability is set in a local server or a local computer, all network data attacking the pseudo system vulnerability is marked as network offensive data, and a real local server or local computer is reinforced by analyzing the network offensive data by a professional technician.
9. The method for protecting network information safety based on big data according to claim 1, wherein the local computer further comprises a safety housekeeping module for monitoring the suspicious data in the local computer comprehensively, and if the suspicious object is monitored, a prompt message is output and is cleared by the user according to actual conditions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210988915.2A CN115396167A (en) | 2022-08-17 | 2022-08-17 | Network information security protection method based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210988915.2A CN115396167A (en) | 2022-08-17 | 2022-08-17 | Network information security protection method based on big data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115396167A true CN115396167A (en) | 2022-11-25 |
Family
ID=84121219
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210988915.2A Pending CN115396167A (en) | 2022-08-17 | 2022-08-17 | Network information security protection method based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396167A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115865519A (en) * | 2023-02-07 | 2023-03-28 | 苏州市卫生计生统计信息中心 | Data processing method and system suitable for network attack and defense virtual simulation |
-
2022
- 2022-08-17 CN CN202210988915.2A patent/CN115396167A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115865519A (en) * | 2023-02-07 | 2023-03-28 | 苏州市卫生计生统计信息中心 | Data processing method and system suitable for network attack and defense virtual simulation |
CN115865519B (en) * | 2023-02-07 | 2023-05-16 | 苏州市卫生计生统计信息中心 | Data processing method and system suitable for network attack and defense virtual simulation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10230761B1 (en) | Method and system for detecting network compromise | |
CN107659583B (en) | Method and system for detecting attack in fact | |
US20150047032A1 (en) | System and method for computer security | |
US20030084319A1 (en) | Node, method and computer readable medium for inserting an intrusion prevention system into a network stack | |
KR102222377B1 (en) | Method for Automatically Responding to Threat | |
US10839703B2 (en) | Proactive network security assessment based on benign variants of known threats | |
CN116827675A (en) | Network information security analysis system | |
CN113079185B (en) | Industrial firewall control method and equipment for realizing deep data packet detection control | |
Innab et al. | Hybrid system between anomaly based detection system and honeypot to detect zero day attack | |
CN113364799A (en) | Method and system for processing network threat behaviors | |
CN115694928A (en) | Cloud honeypot of whole-ship computing environment, attack event perception and behavior analysis method | |
Basholli et al. | Possibility of protection against unauthorized interference in telecommunication systems | |
CN115396167A (en) | Network information security protection method based on big data | |
KR20170046001A (en) | System and method for improvement invasion detection | |
CN114363080A (en) | Monitoring analysis method, device, equipment and storage medium of network terminal | |
Singh | Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) For Network Security: A Critical Analysis | |
KR101022167B1 (en) | Apparatus for optimizing log of intrusion detection system with consideration of the vulnerability of the network devices | |
US11108800B1 (en) | Penetration test monitoring server and system | |
Shivaprasad et al. | Enhancing Network Security through a Multi-layered Honeypot Architecture with Integrated Network Monitoring Tools | |
KR100651749B1 (en) | Method for detection of unknown malicious traffic and apparatus thereof | |
Maciel et al. | Impact assessment of multi-threats in computer systems using attack tree modeling | |
CN113079182A (en) | Network security control system | |
KR100959264B1 (en) | A system for monitoring network process's and preventing proliferation of zombi pc and the method thereof | |
Karie et al. | Cybersecurity Incident Response in the Enterprise | |
JP6987406B2 (en) | Penetration test monitoring server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |