CN116545702A - Network security protection method and related equipment - Google Patents
Network security protection method and related equipment Download PDFInfo
- Publication number
- CN116545702A CN116545702A CN202310526363.8A CN202310526363A CN116545702A CN 116545702 A CN116545702 A CN 116545702A CN 202310526363 A CN202310526363 A CN 202310526363A CN 116545702 A CN116545702 A CN 116545702A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- address
- network security
- source
- network data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000000903 blocking effect Effects 0.000 claims abstract description 15
- 238000005516 engineering process Methods 0.000 claims description 12
- 238000012015 optical character recognition Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 7
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000006399 behavior Effects 0.000 claims description 4
- 230000007123 defense Effects 0.000 claims description 4
- 230000008439 repair process Effects 0.000 claims description 4
- 238000004378 air conditioning Methods 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 5
- 230000036632 reaction speed Effects 0.000 abstract 1
- 239000011159 matrix material Substances 0.000 description 16
- 238000004590 computer program Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application relates to the field of information security, and provides a network security protection method and related equipment. The method comprises the following steps: collecting network data and generating a network data work order; detecting a source Internet Protocol (IP) address of a vulnerability from the network data work order, and obtaining an IP list according to the source IP address; and performing timing blocking on the IP list, and storing the IP address in the IP list into a ledger. By utilizing the method and the device, the automation of the work of the enterprise safety protection key process can be realized, so that the reaction speed to the safety problem event is accelerated, and the reliability of safety protection is improved.
Description
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a network security protection method and related devices.
Background
In general, enterprises can effectively realize shared resources and information, communication technology and organization production in the enterprises by establishing an internal network and developing professional software integrated with applications. By connecting the external network, the two-way sharing of the internal information and the external information of the enterprise can be realized. However, the connection to the external network also presents security threats to the enterprise and security attacks from the external network. To solve the problem, enterprises typically purchase security management devices such as border firewalls, intrusion detection systems (Intrusion Detection Systems, IDS), situation awareness systems, anti-virus gateways, etc., and arrange for manual security by skilled technicians using these devices or systems.
However, safety protection by manual work has the following problems: the security task is too hard, the security management cost is high, and the security system and the equipment are difficult to manage uniformly.
Disclosure of Invention
In view of the above, it is necessary to provide a network security protection method and related devices, so as to solve the technical problems of difficult security protection task, high security management cost, and difficulty in unified management of security protection systems and devices in the current network security management.
A first aspect of the present application provides a network security protection method, the method comprising: collecting network data and generating a network data work order; detecting a source Internet Protocol (IP) address of a vulnerability from the network data work order, and obtaining an IP list according to the source IP address; and performing timing blocking on the IP list, and storing the IP address in the IP list into a ledger.
According to an optional embodiment of the present application, the network data worksheet includes an external network data worksheet and an internal network data worksheet, and the collecting network data and generating the network data worksheet include: an API request is sent to an external network security platform, external network security data is grabbed from the external network security platform, and the external network data work order is generated; and sending a Web-driver request to an internal network security platform, capturing internal network security data from the internal network security platform, and generating the internal network data work order.
According to an optional embodiment of the application, the capturing data includes: acquiring website pictures from a preset website, and preprocessing the website pictures to obtain preprocessed website pictures; and performing character recognition on the preprocessed website picture by utilizing an optical character recognition technology to obtain characters of the website.
According to an optional embodiment of the application, the detecting the source IP address of the vulnerability from the network data worksheet includes: judging whether the source IP address exists in the ledger, and taking the source IP address as a normalized vulnerability IP if the source IP address exists in the ledger; and if the source IP address does not exist in the ledger, taking the source IP address as a sudden vulnerability IP.
According to an optional embodiment of the present application, the performing the timing blocking on the IP list includes: if the source IP address is the normalized vulnerability IP, inquiring normalized vulnerability information in the network data worksheet, wherein the normalized vulnerability information comprises vulnerability names, levels, affected services and repair suggestions; correlating the influence range of the vulnerability with the ledger by using a vulnerability characteristic value matching technology, and matching to obtain a business system influenced by the vulnerability; plugging the source IP address and sending a vulnerability alarm to the service system.
According to an optional embodiment of the present application, the performing the timing blocking on the IP list includes: if the source IP address is the sudden vulnerability IP, inquiring sudden vulnerability information in the network data work order, wherein the sudden vulnerability information comprises a source IP address, attack behavior actions, attack purposes, attack time and access records; and executing a corresponding defense treatment scheduling strategy according to the sudden vulnerability information.
According to an optional embodiment of the application, the defensive handling scheduling policy comprises: based on the sudden vulnerability information, determining attack characteristic information from a vulnerability knowledge base; comparing the vulnerability characteristics in the sudden vulnerability information with the attack characteristic information to determine a vulnerability; reporting the loopholes to a service system, and plugging the sudden loopholes IP.
A second aspect of the present application provides a network security guard, the apparatus comprising: the collecting module is used for collecting network data and generating a network data work order; the detection module is used for detecting the source Internet Protocol (IP) address of the vulnerability from the network data work order, and storing the IP address into a database to obtain an IP list; and the processing module is used for blocking the IP list at fixed time and storing the IP address in the IP list into a ledger.
A third aspect of the present application provides an electronic device, comprising: a memory storing at least one instruction; and the processor executes the instructions stored in the memory to realize the network security protection method.
A fourth aspect of the present application provides a computer-readable storage medium having stored therein at least one instruction for execution by a processor in an electronic device to implement the network security protection method.
Based on the technical scheme, network data is collected, a network data work order is generated, a source Internet Protocol (IP) address of a vulnerability is detected from the network data work order, an IP list is obtained according to the source IP address, information can be automatically monitored, and the source IP address of the vulnerability is extracted from the information. And performing timing blocking on the IP list, and storing the IP addresses in the IP list into a standing account so as to distinguish whether the vulnerability is a normalized vulnerability or a sudden vulnerability when the vulnerability appears again, thereby improving the management efficiency and realizing unified management of the safety protection system and the equipment.
Drawings
Fig. 1 is a schematic diagram of an electronic device according to an embodiment of the present application.
Fig. 2 is a flowchart of a network security protection method provided in an embodiment of the present application.
Fig. 3 is a schematic diagram of a network security protection apparatus according to an embodiment of the present application.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will be more clearly understood, a more particular description of the application will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, and the described embodiments are merely some, rather than all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
The terms first, second, third and the like in the description and in the claims of the present application and in the above-described figures, are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be noted that the description herein of "first," "second," etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implying an indication of the number of technical features being indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be regarded as not exist and not within the protection scope of the present application.
Aiming at the problems of overweight safety protection tasks, high management cost and difficulty in unified management of safety protection systems and equipment in the network safety protection method in the prior art, the embodiment of the application provides the network safety protection method, which can greatly reduce the management cost and strengthen the unified management of the safety protection systems and the equipment.
Fig. 1 is a schematic diagram of an electronic device according to an embodiment of the present application. The network security protection method provided in the embodiments of the present application is applied to the electronic device 10, where the electronic device 10 includes, but is not limited to, a memory 101 and at least one processor 102 connected to each other through a communication bus 100. The memory 101 may be used to store a network security guard (network security guard 30 shown in fig. 3) installed in the electronic device 10, and the program code of each program segment in the network security guard 30 may be stored in the memory 101 of the electronic device 10 and executed by the at least one processor 102 to implement the network security guard function.
For electronic devices requiring network security protection, the functions of network security protection provided by the methods of the embodiments of the present application may be integrated directly on the electronic device, or run on the electronic device in the form of a software development kit (Software Development Kit, SDK).
The electronic device 10 in the embodiments of the present application may be a mobile phone, a tablet computer, a desktop computer, a laptop computer, a handheld computer, a notebook computer, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, a cellular phone, a personal digital assistant (personal digital assistant, PDA), an artificial intelligence (artificial intelligence, AI) device, or the like. The embodiment of the application does not particularly limit the specific form of the electronic device. The network on which the electronic device is located includes, but is not limited to: the internet, wide area networks, metropolitan area networks, local area networks, virtual private networks (Virtual Private Network, VPN), etc. The specific form of the electronic device 10 and the network in which the electronic device 10 is located is not limited in the present application.
The memory 101 may include random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid state storage device.
In one embodiment, the processor 102 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any other conventional processor or the like.
The program code and various data in the memory 101 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a separate product. Based on such understanding, the present application implements all or part of the flow of the method of the above embodiments, for example, the network security protection method, or may be implemented by instructing relevant hardware through a computer program, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of each method embodiment described above when executed by a processor. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), or the like.
As shown in fig. 2, a flowchart of a network security protection method according to an embodiment of the present application is provided, where the network security protection method is applied to the electronic device 10.
The sequence of steps in the flow chart of the network security protection method may be changed, and some steps may be omitted according to different requirements.
S200, collecting network data and generating a network data work order.
The network data comprises text, pictures and other data of the external network security platform and the internal network security platform. For convenience of the following description by way of example, the network data will be hereinafter referred to as "informative data", and the network data work order will be hereinafter referred to as "informative work order".
In one embodiment of the present application, the network data worksheet includes an external network data worksheet and an internal network data worksheet, and the collecting network data and generating the network data worksheet include: sending an Application program interface (Application ProgrammingInterface, API) request to an external network security platform, capturing external network security data from the external network security platform, and generating the external network data work order; and sending a Web-driver request to an internal network security platform, capturing internal network security data from the internal network security platform, and generating the internal network data work order.
In one embodiment of the present application, the sending an API request to an external network security platform, capturing external network security data from the external network security platform, and generating the external network data worksheet includes: and sending an application program interface request to the external network security platform by using the information robot, and collecting information data of each platform. The information robot may be a preset application program for running an information collecting program, or may be a program segment built in the electronic device, which is not limited herein. The speed of collecting information through API requests is fast, and the speed of running once can reach millisecond level.
In one embodiment of the present application, the external network security platform includes, but is not limited to, a secure brain sharing platform, a secure command scheduling platform.
In one embodiment of the present application, the sending a Web-driver request to an internal network security platform, capturing internal network security data from the internal network security platform, and generating the internal network data worksheet includes: and collecting the information data of the internal network security platform through the WebDriver by utilizing the information robot. The WebDriver automatically operates the browser through a preset program to simulate the operation of a person to a page, so that the purpose of information collection is achieved.
In one embodiment of the present application, the intranet security platform includes, but is not limited to, a situation awareness platform, a full-flow system, an intrusion detection system, and an intrusion prevention system.
In one embodiment of the present application, the capturing external network security data from the external network security platform includes: acquiring website pictures from a preset website, and preprocessing the website pictures to obtain preprocessed website pictures; and performing character recognition on the preprocessed website picture by utilizing an optical character recognition technology to obtain characters of the website.
In one embodiment of the present application, the capturing the internal network security data from the internal network security platform includes: acquiring a website picture of the internal network security platform through a Webdriver, and preprocessing the website picture to obtain a preprocessed website picture; and performing character recognition on the preprocessed website picture by utilizing an optical character recognition technology to obtain characters of the website.
In an embodiment of the present application, the preprocessing the website picture, to obtain the preprocessed website picture includes: carrying out graying treatment on the picture to obtain a gray-scale picture; performing binarization processing on the gray-scale picture to obtain a binarization matrix; denoising the binarization matrix to obtain a denoised binarization matrix; sharpening the binarization matrix after denoising treatment to obtain a sharpened binarization matrix; and converting the sharpened binary matrix into a picture to serve as a preprocessed website picture.
In one embodiment of the present application, the electronic device may implement graying using an imread method in a matplotlib. Pyplot library in python, and change a color website picture into a gray-scale picture with a gray-scale value between 0 and 255.
In an embodiment of the present application, the size of the binarization matrix obtained by the electronic device is identical to the size of the website picture, and if the size of the website picture is 256×256, the obtained size of the binarization matrix is also 256×256. The element with 1 in the binary matrix represents a value selected between 0 and 255 and the gray scale value of the corresponding pixel point in the gray scale picture is larger than the selected value, and the element with 0 in the binary matrix represents a value selected between 0 and 255 and the gray scale value of the corresponding pixel point in the gray scale picture is smaller than or equal to the selected value.
In one embodiment of the present application, the binarization matrix is traversed from top to bottom in order from left to right, all elements of the element adjacent in eight directions (i.e., upper, lower, left, right, obliquely left upper, obliquely right upper, obliquely left lower, obliquely right lower) are acquired starting from the acquired first element of 1, and it is determined whether the number of elements of 1 in all the acquired elements is less than or equal to 2, if so, the value of the element is set to 0, otherwise, the value is kept unchanged, then the next element is entered, and the above procedure is repeated until the binarization matrix is traversed.
In one embodiment of the present application, sharpening the binarized matrix after the denoising process includes: a weighted summation method or an integral operation method of the image neighborhood based on Python language.
In one embodiment of the present application, the converting the binarized matrix after the sharpening process into a picture includes: the converted picture can be a png-format picture, and the binarization matrix subjected to sharpening is converted into the picture by using a method of converting the binarization matrix based on Python into the png-format picture, so that the png-format picture is obtained.
In one embodiment of the present application, the performing text recognition on the preprocessed website picture using an optical character recognition technology includes: inputting the preprocessed picture into an optical character recognition (Optical Characterrecognition, abbreviated as OCR) application program interface to obtain characters in the preprocessed website picture.
S202, detecting the source Internet protocol IP address with the loopholes from the network data worksheet, and obtaining an IP list according to the source Internet protocol IP address.
In one embodiment of the present application, the detecting the source IP address of the vulnerability from the network data worksheet includes: judging whether the source IP address exists in the ledger, and taking the source IP address as a normalized vulnerability IP if the source IP address exists in the ledger; and if the source IP address does not exist in the ledger, taking the source IP address as a sudden vulnerability IP.
In one embodiment of the present application, the ledger is pre-established for storing threat source IP addresses and their related information captured from the web for automated analysis of the judgment. The relevant information includes, but is not limited to, the business system affected by the threatening source IP address. Detecting a source IP address of a vulnerability from the information work order, comparing the detected source IP address with a source IP address recorded in the ledger, and if the detected source IP address exists in the ledger, marking the detected source IP address as a normalized vulnerability IP. If the detected source IP address does not exist in the ledger, the detected source IP address is used as a sudden leak IP, the sudden leak IP address is stored in the ledger, and when the source IP address is detected again, the source IP address can be used as a normalized leak IP.
S204, the IP list is blocked at fixed time, and the IP addresses in the IP list are stored in a ledger.
In one embodiment of the present application, the performing the timing blocking on the IP list includes: if the source IP address is the normalized vulnerability IP, inquiring normalized vulnerability information in the network data worksheet, wherein the normalized vulnerability information comprises vulnerability names, levels, affected services and repair suggestions; correlating the influence range of the vulnerability with the ledger by using a vulnerability characteristic value matching technology, and matching to obtain a business system influenced by the vulnerability; plugging the source IP address and sending a vulnerability alarm to the service system.
In one embodiment of the present application, the performing the timing blocking on the IP list includes: if the source IP address is the sudden vulnerability IP, inquiring sudden vulnerability information in the network data work order, wherein the sudden vulnerability information comprises a source IP address, attack behavior actions, attack purposes, attack time and access records; and executing a corresponding defense treatment scheduling strategy according to the sudden vulnerability information.
In one embodiment of the present application, the defensive handling scheduling policy includes: based on the sudden vulnerability information, determining attack characteristic information from a vulnerability knowledge base; comparing the vulnerability characteristics in the sudden vulnerability information with the attack characteristic information to determine a vulnerability; reporting the loopholes to a service system, and plugging the sudden loopholes IP.
Fig. 3 is a functional block diagram of a preferred embodiment of the network security device of the present application. The network security guard 30 includes a collection module 301, a detection module 302, and a processing module 303. In the present embodiment, the functions of the respective modules/units will be described in detail in the following embodiments.
The collecting module 301 is configured to collect network data and generate a network data worksheet.
The detection module 302 is configured to detect a source IP address of a vulnerability from the network data worksheet, and store the IP address in a database to obtain an IP list.
The processing module 303 is configured to perform timing blocking on the IP list, and store an IP address in the IP list in a ledger.
In one embodiment of the present application, the network data worksheet includes an external network data worksheet and an internal network data worksheet, the collecting network data, generating a network data worksheet, sending an API request to an external network security platform, capturing external network security data from the external network security platform, and generating the external network data worksheet; and sending a Web-driver request to an internal network security platform, capturing internal network security data from the internal network security platform, and generating the internal network data work order.
In one embodiment of the present application, the collecting module 301 is further configured to obtain a website picture from a preset website, and perform preprocessing on the website picture to obtain a preprocessed website picture; and performing character recognition on the preprocessed website picture by utilizing an optical character recognition technology to obtain characters of the website.
In one embodiment of the present application, the detecting the source IP address of the vulnerability from the network data worksheet includes: judging whether the source IP address exists in the ledger, and taking the source IP address as a normalized vulnerability IP if the source IP address exists in the ledger; and if the source IP address does not exist in the ledger, taking the source IP address as a sudden vulnerability IP.
In one embodiment of the present application, the performing the timing blocking on the IP list includes:
if the source IP address is the normalized vulnerability IP, inquiring normalized vulnerability information in the network data worksheet, wherein the normalized vulnerability information comprises vulnerability names, levels, affected services and repair suggestions; correlating the influence range of the vulnerability with the ledger by using a vulnerability characteristic value matching technology, and matching to obtain a business system influenced by the vulnerability; plugging the source IP address and sending a vulnerability alarm to the service system.
In one embodiment of the present application, the performing the timing blocking on the IP list includes: if the source IP address is the sudden vulnerability IP, inquiring sudden vulnerability information in the network data work order, wherein the sudden vulnerability information comprises a source IP address, attack behavior actions, attack purposes, attack time and access records; and executing a corresponding defense treatment scheduling strategy according to the sudden vulnerability information.
In one embodiment of the present application, the defensive handling scheduling policy includes: based on the sudden vulnerability information, determining attack characteristic information from a vulnerability knowledge base; comparing the vulnerability characteristics in the sudden vulnerability information with the attack characteristic information to determine a vulnerability; reporting the loopholes to a service system, and plugging the sudden loopholes IP.
It will be appreciated that the above-described division of modules into a logical function division may be implemented in other ways. In addition, each functional module in each embodiment of the present application may be integrated in the same processing unit, or each module may exist alone physically, or two or more modules may be integrated in the same unit. The integrated modules may be implemented in hardware or in hardware plus software functional modules.
Finally, it should be noted that the above embodiments are merely for illustrating the technical solution of the present application and not for limiting, and although the present application has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present application may be modified or substituted without departing from the spirit and scope of the technical solution of the present application.
Claims (10)
1. A method of network security protection, the method comprising:
collecting network data and generating a network data work order;
detecting a source Internet Protocol (IP) address of a vulnerability from the network data work order, and obtaining an IP list according to the source IP address;
and performing timing blocking on the IP list, and storing the IP address in the IP list into a ledger.
2. The network security method of claim 1, wherein the network data worksheet comprises an external network data worksheet and an internal network data worksheet, and wherein the collecting network data and generating the network data worksheet comprise:
an API request is sent to an external network security platform, external network security data is grabbed from the external network security platform, and the external network data work order is generated;
and sending a Web-driver request to an internal network security platform, capturing internal network security data from the internal network security platform, and generating the internal network data work order.
3. The network security protection method of claim 2, wherein the grasping data comprises:
acquiring website pictures from a preset website, and preprocessing the website pictures to obtain preprocessed website pictures;
and performing character recognition on the preprocessed website picture by utilizing an optical character recognition technology to obtain characters of the website.
4. The network security protection method of claim 1, wherein detecting a source internet protocol IP address of a vulnerability from the network data worksheet comprises:
judging whether the source IP address exists in the ledger, and taking the source IP address as a normalized vulnerability IP if the source IP address exists in the ledger;
and if the source IP address does not exist in the ledger, taking the source IP address as a sudden vulnerability IP.
5. The network security protection method of claim 4, wherein the timing blocking the IP list comprises:
if the source IP address is the normalized vulnerability IP, inquiring normalized vulnerability information in the network data worksheet, wherein the normalized vulnerability information comprises vulnerability names, levels, affected services and repair suggestions;
correlating the influence range of the vulnerability with the ledger by using a vulnerability characteristic value matching technology, and matching to obtain a business system influenced by the vulnerability;
plugging the source IP address and sending a vulnerability alarm to the service system.
6. The network security protection method of claim 4, wherein the timing blocking the IP list comprises:
if the source IP address is the sudden vulnerability IP, inquiring sudden vulnerability information in the network data work order, wherein the sudden vulnerability information comprises a source IP address, attack behavior actions, attack purposes, attack time and access records;
and executing a corresponding defense treatment scheduling strategy according to the sudden vulnerability information.
7. The network security protection method of claim 6, wherein the defensive handling scheduling policy comprises:
based on the sudden vulnerability information, determining attack characteristic information from a vulnerability knowledge base;
comparing the vulnerability characteristics in the sudden vulnerability information with the attack characteristic information to determine a vulnerability;
reporting the loopholes to a service system, and plugging the sudden loopholes IP.
8. A network security appliance, the appliance comprising:
the collecting module is used for collecting network data and generating a network data work order;
the detection module is used for detecting the source Internet Protocol (IP) address of the vulnerability from the network data work order, and storing the IP address into a database to obtain an IP list;
and the processing module is used for blocking the IP list at fixed time and storing the IP address in the IP list into a ledger.
9. An electronic device, the electronic device comprising:
a memory storing at least one instruction; a kind of electronic device with high-pressure air-conditioning system
A processor executing instructions stored in the memory to implement the network security protection method of any of claims 1 to 7.
10. A computer-readable storage medium, characterized by: the computer-readable storage medium has stored therein at least one instruction that is executed by a processor in an electronic device to implement the network security protection method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310526363.8A CN116545702A (en) | 2023-05-10 | 2023-05-10 | Network security protection method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310526363.8A CN116545702A (en) | 2023-05-10 | 2023-05-10 | Network security protection method and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116545702A true CN116545702A (en) | 2023-08-04 |
Family
ID=87444903
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310526363.8A Pending CN116545702A (en) | 2023-05-10 | 2023-05-10 | Network security protection method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116545702A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150493A (en) * | 2023-09-26 | 2023-12-01 | 中电云计算技术有限公司 | Method and device for identifying API (application program interface) parameter value increment type traversal |
-
2023
- 2023-05-10 CN CN202310526363.8A patent/CN116545702A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150493A (en) * | 2023-09-26 | 2023-12-01 | 中电云计算技术有限公司 | Method and device for identifying API (application program interface) parameter value increment type traversal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10721245B2 (en) | Method and device for automatically verifying security event | |
| CN108471429B (en) | Network attack warning method and system | |
| CN108881263B (en) | Network attack result detection method and system | |
| Butt et al. | Cloud-based email phishing attack using machine and deep learning algorithm | |
| EP2701092A1 (en) | Method for identifying malicious executables | |
| US10216934B2 (en) | Inferential exploit attempt detection | |
| CN108446559B (en) | APT organization identification method and device | |
| Alkawaz et al. | Detecting phishing website using machine learning | |
| US20210256120A1 (en) | Utilization of deceptive decoy elements to identify data leakage processes invoked by suspicious entities | |
| CN111460445A (en) | Method and device for automatically identifying malicious degree of sample program | |
| US20170155683A1 (en) | Remedial action for release of threat data | |
| CN116545702A (en) | Network security protection method and related equipment | |
| JP2023550974A (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| US20220321550A1 (en) | Techniques for mitigating leakage of user credentials | |
| US20140215616A1 (en) | Attack notification | |
| Perera et al. | The next gen security operation center | |
| US11423099B2 (en) | Classification apparatus, classification method, and classification program | |
| Victory et al. | Impact of Cyber-Security on Fraud Prevention in Nigerian Commercial Banks | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN113590180B (en) | Detection strategy generation method and device | |
| CN112560033A (en) | Baseline scanning method and device based on user context | |
| CN114039744B (en) | Abnormal behavior prediction method and system based on user feature labels | |
| CN110943982A (en) | Document data encryption method and device, electronic equipment and storage medium | |
| CN116471131B (en) | Processing method and processing device for logical link information asset | |
| Abualkas et al. | Methodologies for Predicting Cybersecurity Incidents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |