CN115776397A - Method and system for opening computer network firewall - Google Patents
Method and system for opening computer network firewall Download PDFInfo
- Publication number
- CN115776397A CN115776397A CN202211449396.9A CN202211449396A CN115776397A CN 115776397 A CN115776397 A CN 115776397A CN 202211449396 A CN202211449396 A CN 202211449396A CN 115776397 A CN115776397 A CN 115776397A
- Authority
- CN
- China
- Prior art keywords
- data
- character string
- verified
- network firewall
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000013075 data extraction Methods 0.000 claims abstract description 102
- 238000000605 extraction Methods 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000007781 pre-processing Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 12
- 238000012545 processing Methods 0.000 abstract description 12
- 238000012550 audit Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 89
- 230000001419 dependent effect Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Abstract
The invention is suitable for the technical field of data transmission, and particularly relates to a method and a system for opening a computer network firewall, wherein the method comprises the following steps: acquiring data to be verified and prior data; analyzing the first-check data to obtain a character string, and inquiring a function library according to the character string to obtain an inquiry result; performing data extraction on data to be verified according to a data extraction function in the query result to obtain characteristic data; and calculating the contact ratio between the characteristic data and the prior data, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall. According to the invention, the data to be transmitted is extracted in advance, so that the advanced audit of the data to be transmitted is realized, whether the computer network firewall is completely opened or not is judged according to the advanced audit condition, the data processing capacity is reduced, and the problem of high time delay caused by large data processing capacity is avoided.
Description
Technical Field
The invention belongs to the technical field of data transmission, and particularly relates to a method and a system for opening a computer network firewall.
Background
A network firewall is a special network interconnection device used to strengthen access control between networks, through which all network traffic flowing into and out of a computer passes, and scans the network traffic flowing through it, so as to filter out attacks that are executed on a target computer.
The firewall may also close unused ports and it may also disable outgoing communications from specific ports, blocking trojans, and finally it may disable access from specific sites, thereby preventing all communications from unknown intruders.
In the current computer network, all data needs to be identified and processed through a network firewall, so that the data processing amount is large, and the data transmission delay is increased.
Disclosure of Invention
The embodiment of the invention aims to provide a method for opening a computer network firewall, aiming at solving the problem that the data processing capacity is large, which causes the increase of data transmission delay.
The embodiment of the invention is realized in such a way that a method for opening a computer network firewall comprises the following steps:
acquiring data to be verified and prior data, wherein the prior data is extracted from the data to be verified and comprises a verification character string;
analyzing the first-check data to obtain a character string, and inquiring a function library according to the character string to obtain an inquiry result, wherein the inquiry result comprises a data extraction function;
performing data extraction on data to be verified according to a data extraction function in the query result to obtain characteristic data;
and calculating the contact ratio between the characteristic data and the prior data, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall.
Preferably, the step of obtaining the query result by analyzing the character string from the prior data and querying the function library according to the character string includes:
acquiring a character string from a screenshot of a preset position of the prior check data according to a preset extracted data length;
inquiring a character string checking table according to the character string, if no matching item exists, regarding the data identity as abnormal, and setting the protection grade of the network firewall to be highest;
and when the matching item exists, calling a corresponding data extraction function from the function library to generate a query result.
Preferably, the step of performing data extraction on the data to be verified according to the data extraction function in the query result to obtain the feature data specifically includes:
preprocessing the character string to obtain a function independent variable;
inputting the function independent variables into the data extraction function one by one to obtain a data extraction position string code;
and extracting the data to be verified according to the data extraction position serial codes, and obtaining the characteristic data after extraction is finished.
Preferably, the step of calculating the contact ratio between the feature data and the prior data, determining the protection level of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall includes:
comparing the characteristic data with the prior data bit by bit, and calculating the contact ratio according to the comparison condition;
inquiring a protection grade table according to the contact ratio, and determining a protection grade corresponding to the current contact ratio;
and executing according to the protection grade, and scanning the data to be verified.
Preferably, a corresponding protection level is determined for each data to be verified.
Preferably, the character string is generated by a source device of the data to be verified.
Another object of an embodiment of the present invention is to provide a computer network firewall opening system, including:
the data acquisition module is used for acquiring data to be verified and prior data, wherein the prior data is extracted from the data to be verified and comprises a verification character string;
the data query module is used for analyzing the prior check data to obtain a character string and querying the function library according to the character string to obtain a query result, wherein the query result comprises a data extraction function;
the data extraction module is used for extracting data to be verified according to a data extraction function in the query result to obtain characteristic data;
and the protection grade calculation module is used for calculating the contact ratio between the characteristic data and the prior data by the firewall, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall.
Preferably, the data query module includes:
the data interception unit is used for acquiring a character string from a screenshot of a preset position of the prior check data according to a preset extracted data length;
the character string checking unit is used for inquiring the character string checking table according to the character string, if no matching item exists, the data identity is considered to be abnormal, and the protection level of the network firewall is set to be the highest;
and the function query unit is used for calling a corresponding data extraction function from the function library to generate a query result when the matching item exists.
Preferably, the data extraction module includes:
the character string preprocessing unit is used for preprocessing the character string to obtain a function independent variable;
the string code generating unit is used for inputting the function independent variables into the data extraction function one by one to obtain a string code of a data extraction position;
and the characteristic extraction unit is used for extracting data of the data to be verified according to the data extraction position string codes, and obtaining characteristic data after extraction is finished.
Preferably, the protection level calculation module includes:
the contact ratio calculation unit is used for comparing the characteristic data with the prior data bit by bit and calculating the contact ratio according to the comparison condition;
the level query unit is used for querying the protection level table according to the contact ratio and determining the protection level corresponding to the current contact ratio;
and the data scanning unit is used for executing according to the protection grade and scanning the data to be verified.
According to the method for opening the computer network firewall, provided by the embodiment of the invention, the data to be transmitted is extracted in advance, so that the advanced audit of the data to be transmitted is realized, whether the computer network firewall is completely opened or not is judged according to the advanced audit condition, the data processing capacity is reduced, and the problem of high time delay caused by large data processing capacity is avoided.
Drawings
Fig. 1 is a flowchart of a method for opening a computer network firewall according to an embodiment of the present invention;
fig. 2 is a flowchart of steps of parsing a test data to obtain a character string, and querying a function library according to the character string to obtain a query result according to the embodiment of the present invention;
fig. 3 is a flowchart of a step of performing data extraction on data to be verified according to a data extraction function in a query result to obtain feature data according to an embodiment of the present invention;
fig. 4 is a flowchart of a step of calculating a contact ratio between feature data and prior data, determining a protection level of a network firewall according to the contact ratio, and scanning data to be verified by using the network firewall according to the embodiment of the present invention;
fig. 5 is an architecture diagram of a computer network firewall opening system according to an embodiment of the present invention;
FIG. 6 is an architecture diagram of a data query module according to an embodiment of the present invention;
FIG. 7 is an architecture diagram of a data extraction module according to an embodiment of the present invention;
fig. 8 is an architecture diagram of a protection level calculation module according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms unless otherwise specified. These terms are only used to distinguish one element from another. For example, a first xx script may be referred to as a second xx script, and similarly, a second xx script may be referred to as a first xx script, without departing from the scope of the present application.
As shown in fig. 1, a flowchart of a method for opening a computer network firewall according to an embodiment of the present invention is provided, where the method includes:
s100, obtaining data to be verified and prior data, wherein the prior data is extracted from the data to be verified and comprises a verification character string.
In this step, to-be-verified data and prior data are obtained, where the to-be-verified data and the prior data are both from a data source device, such as an internal computer device (data generated by the internal computer device is regarded as secure data), when the computer device forms to-be-verified data, a preset character string is called, a corresponding data extraction function is determined according to the character string, the to-be-verified data is extracted according to the data extraction function, so as to obtain the prior data, where the character string is from a character string database, the character string database contains the character string and the data extraction function, and the character string and the data extraction function have a correspondence relationship, that is, one character string corresponds to one data extraction function.
S200, analyzing the prior data to obtain a character string, and inquiring a function library according to the character string to obtain an inquiry result, wherein the inquiry result comprises a data extraction function.
In this step, a character string is parsed from the prior data, when data is sent from the data source device, the character string is directly attached to a fixed position in the prior data, if the character string is set at the head of the prior data, when the data passes through transmission and arrives at the network firewall, the character string at the head of the prior data is extracted, after the character string is obtained, the function library is queried, and a corresponding character string and a corresponding data extraction function are also stored in the function library, then the corresponding data extraction function can be determined according to the character string, the query result includes the data extraction function obtained by the query, when the corresponding data extraction function cannot be obtained by query, the character string is tampered, then the current data is considered to be tampered, and the network firewall directly scans the data to be verified at the highest protection level to ensure the security.
And S300, performing data extraction on the data to be verified according to the data extraction function in the query result to obtain characteristic data.
In the step, data extraction is performed on data to be verified according to a data extraction function in the query result, in the data transmission process, if the data to be verified is not tampered, the security of the data can be guaranteed, in order to determine whether the data to be verified is tampered, the data to be verified needs to be verified, but if the data to be verified is comprehensively verified, the data processing capacity is large, therefore, in the step, only data extraction is performed, so that characteristic data is obtained, and whether the data is tampered is determined according to the characteristic data.
And S400, calculating the contact ratio between the characteristic data and the prior data, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall.
In the step, the contact ratio between the feature data and the prior data is calculated, the feature data and the prior data are both directly from the data to be verified, and the difference is that the prior data are from the data to be verified which are not transmitted, and the feature data are from the data to be verified after transmission, so if the data to be verified is tampered in the transmission process, the finally extracted feature data can be different from the prior data, the data coincidence condition between the feature data and the prior data is represented by the contact ratio through calculating the contact ratio, the lower the contact ratio is, the more serious the data is tampered is, the lower the safety is, different protection levels can be set according to the contact ratio, the data to be verified is scanned according to the protection levels, and when the contact ratio is 100%, the lowest protection level is directly used for scanning the data and the data can also be directly released.
As shown in fig. 2, as a preferred embodiment of the present invention, the step of obtaining a query result by parsing a character string from prior data and querying a function library according to the character string specifically includes:
s201, obtaining a character string from a screenshot at a preset position of the prior data according to a preset extracted data length.
In this step, the extracted data length is determined, if the preset extracted data length is ten bytes, then when the interception is performed, ten bytes are intercepted and taken as a character string, and the interception position is also preset, for example, data interception is performed from the head of the prior data.
S202, inquiring the character string checking table according to the character string, if no matching item exists, determining that the data identity is abnormal, and setting the protection level of the network firewall to be the highest.
In this step, the string check table is queried according to the strings, all the strings are recorded in the string check table, and the data extraction function corresponding to each string is recorded therein, so that the corresponding data extraction function can be queried according to the strings, if the query is not successful, the current prior data is changed, and the tampering is caused, so that the protection level of the network firewall needs to be set to be the highest, and the data to be verified is directly scanned.
And S203, when the matching item exists, calling a corresponding data extraction function from the function library to generate a query result.
In this step, when a matching item exists, the corresponding data extraction function is called from the function library, and if the matching item exists, the current prior data is safe and is not tampered, and the corresponding data extraction function is queried.
As shown in fig. 3, as a preferred embodiment of the present invention, the step of performing data extraction on the data to be verified according to the data extraction function in the query result to obtain the feature data specifically includes:
s301, preprocessing the character string to obtain a function independent variable.
In this step, the character string is preprocessed, and the character string is mapped into a corresponding function argument according to a preset mapping rule, for example, two characters 01 are intercepted from the character string each time, and the mapping rule is queried to obtain a function argument a, which may be specifically a number 1, thereby determining all the function arguments.
S302, inputting the function independent variables into the data extraction function one by one to obtain the data extraction position string code.
In this step, function independent variables are input into the data extraction function one by one, a dependent variable is obtained by inputting one function independent variable, and a series of dependent variables are obtained after all the function independent variables are input, wherein the series of dependent variables are used for determining a data extraction position, namely, a data extraction position string code.
And S303, extracting the data to be verified according to the data extraction position serial codes, and obtaining the characteristic data after extraction is finished.
In this step, data extraction is performed on data to be verified according to a data extraction position string code, for example, the data extraction position string code contains contents of 2, 6 and 8, the third digit 8 is used for determining the number of equally divided segments of the data to be verified, the second digit 6 is used for determining the number of bytes extracted, the first digit 2 is used for determining the position of an extraction digit, wherein an even number represents extraction from the head of the segmented data, and an odd number represents extraction from the tail of the segmented data, so as to extract characteristic data.
As shown in fig. 4, as a preferred embodiment of the present invention, the step of calculating a contact ratio between the feature data and the prior data, determining a protection level of a network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall specifically includes:
s401, comparing the characteristic data with the prior data bit by bit, and calculating the contact ratio according to the comparison condition.
In this step, the feature data and the prior data are compared bit by bit, the feature data and the prior data are aligned, specifically, the head data and the tail data of the feature data and the prior data are identified, when the head data and the tail data are the same, the head data and the tail data are aligned in an inverse regular manner, if neither the head data nor the tail data is aligned, the contact ratio is considered to be zero, after the alignment, the bit by bit comparison is performed, statistics is performed, and if 100 bits of data exist, and 80 data correspond to each other, the contact ratio is 0.8.
S402, inquiring a protection grade table according to the contact ratio, and determining the protection grade corresponding to the current contact ratio.
And S403, executing according to the protection level, and scanning the data to be verified.
In the step, a protection grade table is inquired according to the contact ratio, the contact ratio is partitioned in the protection grade table, for example, 0-0.5 corresponds to the highest protection grade, 0.5-0.8 corresponds to the medium protection grade, and 0.8-1 corresponds to the lowest protection grade, and the network firewall is used for executing according to the protection grade obtained by inquiry, and the scanning processing of the corresponding grade is carried out on the data to be verified; and determining a corresponding protection grade for each data to be verified, namely obtaining a group of data to be verified and executing the method disclosed by the invention once.
As shown in fig. 5, a computer network firewall opening system provided in an embodiment of the present invention includes:
the data obtaining module 100 is configured to obtain data to be verified and prior data, where the prior data is extracted from the data to be verified and includes a verification string.
In the system, a data obtaining module 100 obtains data to be verified and prior data, where the data to be verified and the prior data are both from a data source device, such as an internal computer device (data generated by the internal computer device is regarded as secure data), when the computer device forms data to be verified, a preset character string is called, a corresponding data extraction function is determined according to the character string, the data to be verified is extracted according to the data extraction function, and the prior data is obtained, where the character string is from a character string database, the character string database contains character strings and data extraction functions, and there is a corresponding relationship between the character strings and the data extraction functions, that is, one character string corresponds to one data extraction function.
And the data query module 200 is configured to parse the prior data to obtain a character string, and query the function library according to the character string to obtain a query result, where the query result includes a data extraction function.
In the system, the data query module 200 parses the data from the prior data to obtain a character string, when the data source device sends out data, the character string is directly attached to a fixed position in the prior data, if the character string is set at the head of the prior data, when the data passes through transmission and arrives at a network firewall, the character string at the head of the prior data is extracted, after the character string is obtained, the function library is queried, and the corresponding character string and the corresponding data extraction function are also stored in the function library, then the corresponding data extraction function can be determined according to the character string, the query result includes the data extraction function obtained by querying, when the corresponding data extraction function cannot be queried, the character string is tampered, and then the current data is considered to be tampered, and the network firewall directly scans the data to be verified at the highest protection level to ensure the security.
The data extraction module 300 is configured to perform data extraction on the data to be verified according to the data extraction function in the query result, so as to obtain feature data.
In the system, a data extraction module 300 extracts data of data to be verified according to a data extraction function in a query result, and during data transmission, if the data to be verified is not tampered, the security of the data can be ensured, and in order to determine whether the data to be verified is tampered, the data needs to be verified, but if the data to be verified is comprehensively verified, the data processing capacity is large, so in this step, only data extraction is performed, so that feature data is obtained, and whether the data is tampered is determined according to the feature data.
And the protection grade calculation module 400 is used for calculating the contact ratio between the characteristic data and the prior data by the firewall, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall.
In the system, a protection level calculation module 400 calculates the contact ratio between feature data and prior data, wherein the feature data and the prior data are both directly from data to be verified, and the difference is that the prior data are from the data to be verified which are not transmitted, and the feature data are from the data to be verified after transmission, so that if the data to be verified is tampered in the transmission process, the finally extracted feature data can be different from the prior data, the contact ratio is calculated to represent the data coincidence condition between the feature data and the prior data, the lower the contact ratio is, the more serious the data tampering is, the lower the safety is, different protection levels can be set according to the contact ratio, the data to be verified is scanned according to the protection levels, and when the contact ratio is 100%, the lowest protection level is directly used for scanning the data and the data can also be directly released.
As shown in fig. 6, as a preferred embodiment of the present invention, the data query module 200 includes:
and the data interception unit 201 is configured to obtain a character from a screenshot at a preset position of the priori data according to a preset extracted data length.
In this module, the data interception unit 201 determines the extracted data length, and if the preset extracted data length is ten bytes, then when the data is intercepted, the ten bytes are intercepted and used as a character string, and the interception position is also preset, for example, data interception is performed from the head of the data to be checked.
And the character string checking unit 202 is used for inquiring the character string checking table according to the character string, and if no matching item exists, the data identity is considered to be abnormal, and the protection level of the network firewall is set to be the highest.
In this module, the string verification unit 202 queries the string verification table according to the strings, all the strings are recorded in the string verification table, and the data extraction function corresponding to each string is recorded therein, so that the corresponding data extraction function can be obtained by querying according to the strings, and if the query is not successful, it indicates that the prior data has changed, and it indicates that tampering exists, so that it is necessary to set the protection level of the network firewall to be the highest, and scan the data to be verified directly.
And the function query unit 203 is configured to, when there is a matching item, invoke a corresponding data extraction function from the function library, and generate a query result.
In this module, when there is a matching item, the function querying unit 203 invokes a corresponding data extraction function from the function library, and if there is a matching item, it indicates that the current a priori data is safe and has not been tampered with, and queries the corresponding data extraction function.
As shown in fig. 7, as a preferred embodiment of the present invention, the data extraction module 300 includes:
the character string preprocessing unit 301 is configured to preprocess the character string to obtain the function argument.
In this module, the character string preprocessing unit 301 preprocesses the character string, maps the character string into a corresponding function argument according to a preset mapping rule, for example, two characters 01 are intercepted from the character string each time, and the mapping rule is queried to obtain a function argument a, which may be specifically a number 1, thereby determining all function arguments.
A string code generating unit 302, configured to input the function arguments into the data extraction function one by one, to obtain a string code of the data extraction position.
In this module, the string code generating unit 302 inputs the function arguments into the data extraction function one by one, obtains a dependent variable when one function argument is input, and obtains a series of dependent variables when all function arguments are input, where the series of dependent variables are used to determine the data extraction position, i.e., the data extraction position string code.
And the feature extraction unit 303 is configured to perform data extraction on the data to be verified according to the data extraction position string code, and obtain feature data after the extraction is completed.
In this module, the feature extraction unit 303 performs data extraction on data to be verified according to a data extraction location string code, for example, the data extraction location string code includes contents of 2, 6, and 8, the third digit 8 is used to determine the number of segments in which the data to be verified is equally divided, the second digit 6 is used to determine the number of bytes extracted, the first digit 2 is used to determine the position of an extraction digit, where an even number represents extraction from the head of the segment data, and an odd number represents extraction from the tail of the segment data, thereby extracting feature data.
As shown in fig. 8, as a preferred embodiment of the present invention, the protection level calculation module 400 includes:
and the contact ratio calculation unit 401 is configured to perform bit-by-bit comparison on the feature data and the prior data, and calculate a contact ratio according to a comparison condition.
In this module, the coincidence degree calculation unit 401 performs bit-by-bit comparison on the feature data and the prior data, and first performs alignment processing on the feature data and the prior data, specifically, identifies head data and tail data of the feature data and the prior data, when the head data and the tail data are the same, the head data and the tail data are aligned in an irregular manner, if neither the head data nor the tail data is aligned, the coincidence degree is considered to be zero, after the alignment, the bit-by-bit comparison is performed, and statistics is performed, if there is 100 bit data and 80 bit data correspond to each other, the coincidence degree is 0.8.
A level query unit 402, configured to query the protection level table according to the contact ratio, and determine a protection level corresponding to the current contact ratio.
And the data scanning unit 403 is configured to execute according to the protection level and perform scanning processing on the data to be verified.
In the module, a protection grade table is inquired according to the contact ratio, the contact ratio is partitioned in the protection grade table, for example, 0-0.5 corresponds to the highest protection grade, 0.5-0.8 corresponds to the medium protection grade, and 0.8-1 corresponds to the lowest protection grade, and the network firewall is used for executing according to the protection grade obtained by inquiry, and the corresponding grade scanning processing is carried out on the data to be verified; and determining a corresponding protection grade for each data to be verified, namely obtaining a group of data to be verified to execute the method disclosed by the invention once.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
All possible combinations of the technical features of the above embodiments may not be described for the sake of brevity, but should be considered as within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A method for opening a computer network firewall, the method comprising:
acquiring data to be verified and prior data, wherein the prior data is extracted from the data to be verified and comprises a verification character string;
analyzing the prior check data to obtain a character string, and inquiring a function library according to the character string to obtain an inquiry result, wherein the inquiry result comprises a data extraction function;
performing data extraction on data to be verified according to a data extraction function in the query result to obtain characteristic data;
and calculating the contact ratio between the characteristic data and the prior data, determining the protection grade of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall.
2. The method for opening a computer network firewall according to claim 1, wherein the step of obtaining the query result by parsing the character string from the prior data and querying the function library according to the character string specifically comprises:
acquiring a character string from a screenshot of a preset position of the prior check data according to a preset extracted data length;
inquiring a character string checking table according to the character string, if no matching item exists, regarding the data identity as abnormal, and setting the protection grade of the network firewall to be highest;
and when the matching item exists, calling a corresponding data extraction function from the function library to generate a query result.
3. The method for opening a computer network firewall according to claim 1, wherein the step of extracting data to be verified according to a data extraction function in the query result to obtain the feature data specifically comprises:
preprocessing the character string to obtain a function independent variable;
inputting the function independent variables into the data extraction function one by one to obtain a data extraction position string code;
and performing data extraction on the data to be verified according to the data extraction position string code, and obtaining characteristic data after extraction is completed.
4. The method for opening a computer network firewall according to claim 1, wherein the step of calculating the contact ratio between the feature data and the prior data, determining the protection level of the network firewall according to the contact ratio, and scanning the data to be verified by using the network firewall specifically comprises:
comparing the characteristic data with the prior data bit by bit, and calculating the contact ratio according to the comparison condition;
inquiring a protection grade table according to the contact ratio, and determining a protection grade corresponding to the current contact ratio;
and executing according to the protection grade, and scanning the data to be verified.
5. The method of claim 1, wherein a corresponding level of protection is determined for each data to be authenticated.
6. The method of claim 1, wherein the string is generated by a source device of the data to be authenticated.
7. A computer network firewall opening system, the system comprising:
the data acquisition module is used for acquiring data to be verified and prior data, wherein the prior data is extracted from the data to be verified and comprises a verification character string;
the data query module is used for analyzing the prior check data to obtain a character string and querying the function library according to the character string to obtain a query result, wherein the query result comprises a data extraction function;
the data extraction module is used for extracting data of the data to be verified according to the data extraction function in the query result to obtain characteristic data;
and the protection grade calculation module is used for calculating the contact ratio between the characteristic data and the prior data by the firewall, determining the protection grade of the network firewall according to the contact ratio and scanning the data to be verified by using the network firewall.
8. The computer network firewall opening system of claim 7, wherein the data query module comprises:
the data interception unit is used for acquiring a character string from a screenshot in a preset position of the test data according to a preset extracted data length;
the character string checking unit is used for inquiring the character string checking table according to the character string, if no matching item exists, the data identity is considered to be abnormal, and the protection level of the network firewall is set to be highest;
and the function query unit is used for calling a corresponding data extraction function from the function library to generate a query result when the matching item exists.
9. The computer network firewall opening system according to claim 7, wherein the data extraction module comprises:
the character string preprocessing unit is used for preprocessing the character string to obtain a function independent variable;
the string code generating unit is used for inputting the function independent variables into the data extraction function one by one to obtain a string code of a data extraction position;
and the characteristic extraction unit is used for extracting data of the data to be verified according to the data extraction position string codes, and obtaining characteristic data after extraction is completed.
10. The computer network firewall opening system according to claim 7, wherein the protection level calculation module comprises:
the contact ratio calculation unit is used for comparing the characteristic data with the prior data bit by bit and calculating the contact ratio according to the comparison condition;
the level query unit is used for querying the protection level table according to the contact ratio and determining the protection level corresponding to the current contact ratio;
and the data scanning unit is used for executing according to the protection grade and scanning the data to be verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211449396.9A CN115776397A (en) | 2022-11-18 | 2022-11-18 | Method and system for opening computer network firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211449396.9A CN115776397A (en) | 2022-11-18 | 2022-11-18 | Method and system for opening computer network firewall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115776397A true CN115776397A (en) | 2023-03-10 |
Family
ID=85389506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211449396.9A Withdrawn CN115776397A (en) | 2022-11-18 | 2022-11-18 | Method and system for opening computer network firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115776397A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116126998A (en) * | 2023-04-17 | 2023-05-16 | 山东省国土测绘院 | File homology checking method and system |
-
2022
- 2022-11-18 CN CN202211449396.9A patent/CN115776397A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116126998A (en) * | 2023-04-17 | 2023-05-16 | 山东省国土测绘院 | File homology checking method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110460571B (en) | Business system vulnerability processing method and device, computer equipment and storage medium | |
| CN110881044B (en) | Computer firewall dynamic defense security platform | |
| CN110034926B (en) | Internet of things dynamic password generation and verification method and system and computer equipment | |
| US20230025695A1 (en) | Cross-site scripting (xss) risk analysis method and apparatus based on bayesian network and stride model | |
| CN110493181B (en) | User behavior detection method and device, computer equipment and storage medium | |
| CN110071917B (en) | User password detection method, device, apparatus and storage medium | |
| CN115776397A (en) | Method and system for opening computer network firewall | |
| CN111612476A (en) | Secondary check anti-counterfeiting method, device, equipment and storage medium | |
| CN111125748A (en) | Judgment method and device for unauthorized query, computer equipment and storage medium | |
| Alsahafi | SQL injection attacks: Detection and prevention techniques | |
| CN112541102A (en) | Abnormal data filtering method, device, equipment and storage medium | |
| CN110569240B (en) | Data storage method and device, computer equipment and storage medium | |
| CN112966194A (en) | Method and system for checking two-dimensional code | |
| CN116614251A (en) | Data security monitoring system | |
| CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
| CN110601854A (en) | Authorization client, power distribution terminal equipment and authorization method thereof | |
| CN114374531B (en) | Access behavior control method, device, computer equipment and storage medium | |
| CN106411816B (en) | Industrial control system, safety interconnection system and processing method thereof | |
| CN114928452A (en) | Access request verification method, device, storage medium and server | |
| CN113496024A (en) | Web page login method and device, storage medium and electronic equipment | |
| CN113193978B (en) | XSS attack risk analysis method and device based on Bayesian network model | |
| CN111913876A (en) | Industrial control DPI engine AFL fuzzy test method and device and electronic equipment | |
| CN116319083B (en) | Data transmission security detection method and system | |
| CN116126998B (en) | File homology checking method and system | |
| CN117896186A (en) | Vulnerability scanning method, system and storage medium based on log analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230310 |
|
| WW01 | Invention patent application withdrawn after publication |