CN116566682B - Distributed information network security protection method, system and readable storage medium thereof - Google Patents

Distributed information network security protection method, system and readable storage medium thereof Download PDF

Info

Publication number
CN116566682B
CN116566682B CN202310549089.6A CN202310549089A CN116566682B CN 116566682 B CN116566682 B CN 116566682B CN 202310549089 A CN202310549089 A CN 202310549089A CN 116566682 B CN116566682 B CN 116566682B
Authority
CN
China
Prior art keywords
data packet
information
network
firewall
free
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310549089.6A
Other languages
Chinese (zh)
Other versions
CN116566682A (en
Inventor
陈光明
邓越
杨辰钟
麦思文
邱峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sym Technology Guangdong Co ltd
Original Assignee
Sym Technology Guangdong Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sym Technology Guangdong Co ltd filed Critical Sym Technology Guangdong Co ltd
Priority to CN202310549089.6A priority Critical patent/CN116566682B/en
Publication of CN116566682A publication Critical patent/CN116566682A/en
Application granted granted Critical
Publication of CN116566682B publication Critical patent/CN116566682B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application discloses a distributed information network security protection method, a system and a readable storage medium thereof, wherein the method comprises the steps of deploying an IP-free hardware firewall: directly connecting the IP-free hardware firewall in series in front of the protected equipment, so that all data packets sent to the protected equipment pass through the IP-free firewall; the IP-free hardware firewall acquires all network data packets transmitted by the firewall, analyzes each acquired network data packet, and acquires a source IP address, a source port, a target IP address, a transmission protocol type and a data load of each network data packet; quick networking and safety rule configuration of IP-free hardware firewall are realized: the current IP-free hardware firewall matches the protocol header and the payload of each parsed network data packet according to a preset rule, and judges whether each network data packet is a malicious data packet or not; if the network data packet is judged to be a malicious data packet, executing the step six, otherwise executing the step seven, and judging the next processing action according to the matching result; the current IP-free hardware firewall blocks network data packets and prevents the network data packets from entering and exiting the network; allowing the network data packet to pass through, and releasing the data packet judged to be normal to enter and exit; continuously monitoring the network data packet, and repeatedly executing the fourth step to the seventh step. The method is particularly suitable for the scene of the Internet of things, and has the characteristics of quick deployment, safety authentication and good protection effect.

Description

Distributed information network security protection method, system and readable storage medium thereof
Technical Field
The application relates to the field of network security of the Internet of things, in particular to a distributed information network security protection method, a distributed information network security protection system and a readable storage medium thereof.
Background
With the wide application of new generation information technologies such as cloud computing, internet of things, artificial intelligence, big data and the like, informationized construction of each industry is continuous and deep, and key information infrastructures are in geometric situation growth. In networks with huge and complex scale, mass infrastructure equipment such as internet of things applications, intelligent self-service terminals and the like which are free from the field of view of mainstream information security technologies exist. The traditional safety solution is not careful about the distributed layout and numerous equipment terminals, so that the traditional safety solution becomes a weak link of network safety, is very easy to become a target or a springboard of network attack, and influences the normal operation of a service system.
At present, most of the security protection measures of the internet of things are realized through software, such as setting a software firewall, dedicated line encryption transmission and the like. However, these measures have a certain limitation, the difficulty of unified modification and upgrading of the key basic equipment and the non-cooperative equipment which are already operated is high, in addition, the traditional hardware firewall is adopted to have an IP address and is easy to sniff by a scanning tool, so that the firewall is attacked and disabled, therefore, in the prior art, in order to ensure the protection effect, the firewall is set to be in an IP-free mode, but centralized management and security configuration of the IP-free mode are difficult to complete by means of the traditional technology, for example, CN106899616B proposes a mode of realizing security rule configuration by intercepting data by the IP-free firewall, but in actual application, the firewall management system needs to wait for manual downloading of detection data packets to realize networking when the firewall management system is temporarily added, and when the firewall management system is not manually networked or is offline, the corresponding firewall is difficult to be rapidly deployed, and then security protection is realized.
In addition, in a specific internet of things scene, a witch attack is usually encountered, the method is that multiple identities are forged in a communication network, for example, the position information of legal nodes can be intercepted, so that the legal identities are forged, then false position reference information is continuously sent, the information interaction safety of the internet of things is seriously affected, in the prior art, an identity authentication method based on RSSI is usually adopted, the content of the identity authentication method is mainly that the physical position of corresponding information sending equipment is calculated through acquiring and receiving the RSSI information based on the RSSI information, and the physical position is compared with the RSSI information, so that whether the attack is position forging is determined. The above technology has some defects, namely, the problem that the authentication threshold of the RSSI is difficult to reasonably select in the scene of the Internet of things.
Therefore, how to provide quick and reliable configuration deployment, rule protection and authentication methods in the internet of things is still a problem to be solved.
Disclosure of Invention
In view of the above, the present application provides a distributed information network security protection method, system and readable storage medium thereof.
The application adopts the following technical scheme:
in a first aspect, the present application provides a distributed information network security protection system, which is characterized by comprising:
the system comprises a plurality of IP-free hardware firewalls, a safety control sensing platform, an access control module, a threat detection module and a position information-based authentication module, wherein the IP-free hardware firewalls are directly connected in series in front of protected equipment and have edge computing capability and are used for filtering, intercepting, analyzing and monitoring data packets in network communication, the safety control sensing cloud platform can realize centralized control of the IP-free hardware firewall equipment, is used for realizing remote management, configuration and safety policy updating of the hardware firewalls and real-time monitoring of network states and data traffic, the access control module is coupled with the IP-free hardware firewalls and is used for realizing access authority control of network internal equipment, the threat detection module is coupled with the IP-free hardware firewalls and is used for real-time monitoring malicious behavior, attack behavior and abnormal behavior in the network traffic, and the authentication module is coupled with the IP-free hardware firewalls and is used for carrying out identity authentication and authority verification on users;
the IP-free hardware firewall comprises a plurality of network interfaces for connecting a plurality of networks, and a plurality of processors for processing a plurality of network data streams in parallel; the security management and control perception cloud platform comprises a remote management interface, a remote control module and a remote control module, wherein the remote management interface is used for accessing configuration and state information of an IP-free hardware firewall and performing remote management, log recording and audit functions; the access control module comprises a plurality of access rules for limiting network access and controlling user rights; the threat detection module comprises a threat detection engine based on signature and behavior, and is used for detecting network attacks and abnormal traffic; the edge computing capability comprises local storage and computing resources for locally processing network data and sending the processing result back to the security management and control sensing platform.
In a second aspect, the present application further provides a distributed information network security protection method, which adopts the distributed information network security protection system, and is characterized in that the method includes:
step one, deploying an IP-free hardware firewall: directly connecting the firewall without IP hardware in series in front of the protected equipment, so that all data packets sent to the protected equipment pass through the firewall without IP hardware;
step two, the IP-free hardware firewall acquires all network data packets transmitted by the firewall, analyzes each acquired network data packet, and acquires a source IP address, a source port, a target IP address, a transmission protocol type and a data load of each network data packet;
third, realizing the rapid networking and the safety rule configuration of the IP-free hardware firewall:
step four, the current IP-free hardware firewall matches the protocol header and the effective load of each analyzed network data packet according to a preset rule, and judges whether each network data packet is a malicious data packet or not;
step five, if the network data packet is judged to be a malicious data packet, executing step six, otherwise executing step seven, and judging the next processing action according to the matching result;
step six, the firewall of the current IP-free hardware blocks the network data packet, prevents the network data packet from entering and exiting the network, and then jumps to execute the step eight;
allowing the network data packet to pass through, and releasing the data packet judged to be normal to enter and exit;
and step eight, continuously monitoring the network data packet, and repeatedly executing the logic processes from the step four to the step seven.
Further, the step three, the implementation of the rapid networking and security rule configuration of the firewall without the IP hardware further includes:
if the current IP-free hardware firewall can identify and process the detection data packet to normally networking, the networking information is fed back to the safety control sensing platform, the feedback is successful, and the networking is identified to be successful; if the current IP-free hardware firewall cannot receive the networking data packet, the current IP-free hardware firewall broadcasts the networking request data packet in the network, when other IP hardware firewalls intercept the networking request data packet, the current IP-free hardware firewall transmits a special networking data packet to equipment connected in series with the current IP-free hardware firewall, the current IP-free hardware firewall intercepts the special networking data packet for analysis and processing so as to normally networking, at the moment, the current IP-free hardware firewall transmits a temporary rule request data packet to other IP-free hardware firewalls, when other IP hardware firewalls intercept the temporary rule request data packet, the current IP-free hardware firewall intercepts the temporary security rule configuration data packet to equipment connected in series with the current IP-free hardware firewall for analysis and processing so as to acquire a temporary security rule, and when the security control perception platform is on line again, the current IP hardware firewall feeds back a detection data packet, and the identification networking is successful, and the security control perception platform issues the security rule configuration data again so as to realize the current IP hardware firewall configuration;
further, the current IP-free hardware firewall matches the protocol header and the payload of each parsed network data packet according to a preset rule, and determining whether each network data packet is a malicious data packet further includes: judging whether the protocol header and the payload of each analyzed network data packet accord with a preset rule, if so, judging that each network data packet is not a malicious data packet, and if not, blocking the network data packet.
Further, if the predetermined rule is not met, blocking the network data packet further includes: and simultaneously, the current IP-free hardware firewall starts a virtualized environment, identifies attack behavior characteristics according to a preset attack behavior characteristic library, uploads a data packet to the security management and control sensing platform for cloud threat analysis when the attack behavior is identified, and issues a security updating strategy according to an analysis result.
Further, step five, if the network data packet is judged to be a malicious data packet, executing step six, otherwise executing step seven, and judging that the following processing actions further include: and when the network data packet is not judged to be a malicious data packet, simultaneously executing authentication, executing a step seven when the authentication is successful, and executing a step six when the authentication is failed.
Further, the authentication at least comprises authentication based on location information, and the authentication responds to the first internet of things equipment to send service request information, so that a second IP-free hardware firewall connected in series with the second internet of things equipment intercepts first location feature information in the service request information;
the IP-free hardware firewall requests a reliable Internet of things device list from a security management and control sensing platform;
responding to the IP-free hardware firewall to send security request information to the Internet of things equipment in the reliable Internet of things equipment list, wherein the IP-free hardware firewall determines third Internet of things equipment and at least receives second position characteristic information sent by the third Internet of things equipment through a corresponding third IP-free firewall;
and comparing the first position characteristic information with the second position characteristic information, and if the first position characteristic information meets the judgment rule, carrying out safety authentication on the first Internet of things equipment.
Further, the location characteristic information at least comprises location parameter information, the location parameter information is obtained by the IP-free hardware firewall or a positioning chip carried on the internet of things equipment, and the location parameter information at least comprises code pseudo-range, carrier phase value, satellite number, doppler, signal strength, signal to noise ratio and observation time.
Further, the judging rule specifically includes:
step 1; acquiring positioning observation information in the first position characteristic information;
step 2; establishing an exclusivity condition, if the positioning observation information in the first position characteristic information comprises an exclusivity element, determining that the positioning observation information does not accord with a determination rule, and if the positioning observation information does not accord with the determination rule, executing the following steps;
step 3: respectively establishing a first multidimensional matrix and a second multidimensional matrix according to the positioning observation information in the first position characteristic information and the positioning observation information in the second position characteristic information, and determining cosine similarity between the first multidimensional matrix and the second multidimensional matrix, wherein when the cosine similarity is larger than a threshold value, the cosine similarity is considered to be in accordance with a judgment rule;
the establishment of the exclusivity condition specifically comprises: at least one of the constraint conditions formed by combining the positioning observation information in the second position characteristic information with the built-in digital earth surface model of the IP-free firewall is not met by the positioning observation information in the first position characteristic information, and the positioning observation information in the first position characteristic information is abnormal and conflicts with the positioning observation information in the second position characteristic information.
In a third aspect, the application also provides a computer readable storage medium comprising computer program instructions for execution by at least one processor to implement the method of any one of the preceding claims.
The specific objects and advantages of the application will be fully apparent from the following detailed description, drawings, and claims.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a distributed information network security protection system according to an embodiment of the present application.
Fig. 2 is a flowchart of a distributed information network security protection method according to an embodiment of the present application.
Fig. 3 is a flowchart illustrating authentication based on location information according to an embodiment of the application.
Fig. 4 is a schematic flow chart of a judgment rule according to an embodiment of the application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be clear and complete, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, the "plurality" generally includes at least two, but does not exclude the case of at least one.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a product or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such product or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a commodity or system comprising such elements.
Fig. 1 shows a schematic diagram of a distributed information network security protection system, referring to fig. 1, the system includes a current internet of things device 100, one or more other internet of things devices 104, and includes a plurality of IP-free hardware firewalls 101, a security management and control sensing platform 102, an access control module, a threat detection module and a location information-based authentication module, where the IP-free hardware firewalls are directly connected in series in front of the protected devices and have edge computing capability and are used for filtering, intercepting, analyzing and monitoring data packets in network communication, the security management and control sensing cloud platform 102 is capable of implementing centralized management and control of the IP-free hardware firewalls 101 devices, implementing remote management, configuration and security policy updating of the IP-free hardware firewalls 101, and real-time monitoring of network status and data traffic, the access control module is coupled with the IP-free hardware firewalls and implementing access authority control of network internal devices, the threat detection module is coupled with the IP-free hardware firewalls and is used for real-time monitoring malicious behavior, attack behavior and abnormal behavior in the network traffic, and the authentication module is coupled with the IP-free hardware firewalls and is used for verifying user authority;
and the IP-free hardware firewall comprises a plurality of network interfaces for connecting a plurality of networks and a plurality of processors for processing a plurality of network data streams in parallel; the security management and control aware cloud platform 102 includes a remote management interface, configured to access configuration and status information of the IP-free hardware firewall, and perform remote management, log recording and audit functions; the access control module comprises a plurality of access rules for limiting network access and controlling user rights; the threat detection module comprises a threat detection engine based on signature and behavior, and is used for detecting network attacks and abnormal traffic; the edge computing capability comprises local storage and computing resources for locally processing network data and sending the processing result back to the security management and control sensing platform.
The IP-free hardware firewall is directly connected in series in front of the protected equipment, so that IP is not required to be managed and allocated, a network is not changed, and the rapid deployment of the protection terminal can be realized.
The network communication method in the system can be DSRC (IEEE 802.11 p), FM, cellular network, wiMAX, wi-Fi, LTE, 4G, LTE-V-CELL, LTE-V-Direct and other methods.
Fig. 2 shows a flowchart of a distributed information network security protection method according to an embodiment of the present application, and as shown in fig. 2, the method is as follows:
s110, deploying an IP-free hardware firewall: directly connecting the firewall without IP hardware in series in front of the protected equipment, so that all data packets sent to the protected equipment pass through the firewall without IP hardware;
s120, the IP-free hardware firewall acquires all network data packets transmitted by the firewall, analyzes each acquired network data packet, and acquires a source IP address, a source port, a target IP address, a transmission protocol type and a data load of each network data packet;
s130, realizing rapid networking and safety rule configuration of the IP-free hardware firewall:
further, the step S130 further includes:
if the current IP-free hardware firewall can identify and process the detection data packet to normally networking, the networking information is fed back to the safety control sensing platform, the feedback is successful, and the networking is identified to be successful; if the current IP-free hardware firewall cannot receive the networking data packet, the current IP-free hardware firewall broadcasts the networking request data packet in the network, when other IP hardware firewalls intercept the networking request data packet, the current IP-free hardware firewall transmits a special networking data packet to equipment connected in series with the current IP-free hardware firewall, the current IP-free hardware firewall intercepts the special networking data packet for analysis and processing so as to normally networking, at the moment, the current IP-free hardware firewall transmits a temporary rule request data packet to other IP-free hardware firewalls, when the other IP-free hardware firewalls intercept the temporary rule request data packet, the current IP-free hardware firewall intercepts the temporary security rule configuration data packet for analysis and processing so as to acquire a temporary security rule, and when the security management and control perception platform is on line again, the current IP hardware firewall feeds back, the identification networking is successful, and the security management and control perception platform issues the security rule configuration data again so as to realize the current IP hardware firewall configuration;
it will be appreciated that the security management and control awareness platform may send probe packets.
It is worth to describe that in the prior art, the detection packet is sent through the platform and intercepted by the IP-free firewall to realize networking configuration, but in the product practice, each time the added equipment needs to manually control the corresponding platform to send the detection packet, so that the networking configuration efficiency is low, therefore, in order to overcome the defects, the application can realize temporary networking pre-configuration through other IP-free firewall equipment in a broadcast network section when the IP-free firewall is adopted, only the platform is required to send the detection data packet under any subsequent condition, the IP-free firewall can successfully carry out networking after interception, compared with the prior art configuration mode, the method is more effective, in the prior art, when the networking is unsuccessful, the IP-free hardware firewall serial network cannot be used, or the data packet directly passes through by bypass setting, and at the moment, no safety protection function exists, therefore, the application can transmit the safety rules of other IP-free hardware to the current IP-free firewall on the basis of networking pre-configuration, so that the firewall plays the role of temporary safety protection.
It will be appreciated that the rules in the temporary security rule configuration data packets sent by a plurality of other IP hardware firewalls may be used in superposition.
S140, the current IP-free hardware firewall matches the protocol header and the payload of each parsed network data packet according to preset rules, and judges whether each network data packet is a malicious data packet or not;
further, the current IP-free hardware firewall matches the protocol header and the payload of each parsed network data packet according to a preset rule, and determining whether each network data packet is a malicious data packet further includes: judging whether the protocol header and the payload of each analyzed network data packet accord with a preset rule, if so, judging that each network data packet is not a malicious data packet, and if not, blocking the network data packet.
And if the network data packet does not accord with the preset rule, the method further comprises the following steps: and simultaneously, the current IP-free hardware firewall starts a virtualized environment, identifies attack behavior characteristics according to a preset attack behavior characteristic library, uploads a data packet to the security management and control sensing platform for cloud threat analysis when the attack behavior is identified, and issues a security updating strategy according to an analysis result.
It can be understood that when the firewall without IP hardware detects an attack, the extracted attack behavior feature may also be updated by matching with a corresponding security policy in the local expert library, and in addition, when the corresponding security policy is absent or atypical attack behavior feature (for example, when the attack behavior is compounded), the attack behavior feature may be reported to the security management and control sensing platform for analysis and/or matching, and at this time, the updated security policy is issued to the firewall without IP hardware.
The updated security policy is not only suitable for the IP-free hardware firewall connected with the current equipment in series, but also can be issued to the cooperative protection terminal, in addition, because the attack behaviors are related in general space/link, the related information of the attack behavior characteristics can be broadcasted in the local reliable equipment group so as to realize the threat early warning effect.
S150, if the network data packet is judged to be a malicious data packet, executing S160, otherwise executing S170, and judging the next processing action according to the matching result;
further, the step S150 is executed if the network packet is judged to be a malicious packet, and the step S160 is executed if not, and the step S170 is executed, and the following processing actions are further included according to the matching result: when the network packet is not judged as a malicious packet, authentication is simultaneously performed, S170 is performed when authentication is successful, and S160 is performed when authentication is failed.
The authentication at least comprises authentication based on location information, and S210 responds to the first Internet of things equipment to send service request information so that a second IP-free hardware firewall connected in series with the second Internet of things equipment intercepts first location feature information in the service request information;
in the prior art, the method comprises a centralized authentication mode and a distributed authentication mode, wherein the number of terminal equipment in the internet of things is geometrically increased, the network topology is complex, information interaction among the equipment is frequent, so that the time delay of the centralized authentication mode is long, real-time communication requirements of the internet of things are difficult to meet, in addition, the distributed authentication mode only needs to interact with surrounding nodes in a communication mode, and the method has the characteristic of low delay.
S220, the IP-free hardware firewall requests a reliable Internet of things device list from a security management and control sensing platform;
it can be appreciated that when the security management and control aware platform cannot connect, the current IP-less hardware firewall may request a list of reliable internet of things devices from other IP-less hardware firewalls.
S230, responding to the IP-free hardware firewall to send security request information to the Internet of things equipment in the reliable Internet of things equipment list, wherein the IP-free hardware firewall determines third Internet of things equipment and at least receives second position characteristic information sent by the third Internet of things equipment through a corresponding third IP-free firewall;
in the prior art, the attack by the position forging is the attack generally faced by the internet of things, in the prior art, the content is mainly that the RSSI is measured by an identity authentication mode based on RSSI, then the physical position of corresponding information sending equipment is calculated based on the RSSI, and the physical position of the information sending equipment is compared with the physical position of the internet of things equipment, so that whether the attack by the position forging is determined. However, the above technology has a certain problem that, because the internet of things device may dynamically operate, there is a difference between the physical positions of the transmitting time and the receiving time, so that the authentication threshold of the RSSI is difficult to reasonably select in the presence.
It is worth to say that, in order to overcome the disadvantage of conventional position authentication, the application adopts the satellite navigation observation data of the equipment in real time to authenticate, because the satellite navigation observation information is closely related to the position on one hand, and has strong correlation with real-time topography environment, weather and the like on the other hand, the satellite navigation observation information is difficult to forge and crack through a simple model, the robustness is superior to the way of RSSI position authentication, on the other hand, in the usual dynamic environment, the correlation of the satellite navigation observation information still has certain correlation in a short time, and the problem that the security authentication is difficult to accurately distinguish due to the physical position difference of the forged position, the transmitting time and the receiving time can be overcome.
Because, in order to improve the efficiency of security authentication, the target device nearest to the first device can be rapidly determined by the proximity degree of the position information given by the first device and the position information of other reliable devices, and then the target device can be obtained, so that the communication delay is reduced.
Further, the determining, by the IP-less hardware firewall, the third internet of things device further includes: receiving first real-time position information sent by the first Internet of things equipment, and receiving second real-time position information of the Internet of things equipment in a reliable Internet of things equipment list; and comparing the first real-time position information with the second real-time position information, and determining the target equipment according to the distance.
S240, comparing the first position characteristic information with the second position characteristic information, and if the first position characteristic information and the second position characteristic information accord with a judgment rule, authenticating the safety of the first Internet of things equipment in S250.
The location characteristic information at least comprises location parameter information, the location parameter information is obtained by a location chip carried on the IP-free hardware firewall or the Internet of things equipment, and the location parameter information at least comprises code pseudo-range, carrier phase value, satellite number, doppler, signal intensity, signal to noise ratio and observation time.
It can be understood that when the judgment rule is not met, the first internet of things device is not subjected to security authentication.
The judging rule specifically includes:
s310, positioning observation information in the first position characteristic information is acquired;
s320, establishing exclusivity conditions, if the positioning observation information in the first position characteristic information comprises exclusivity elements, determining that the positioning observation information does not accord with a determination rule, and if the positioning observation information does not accord with the determination rule, executing the following steps;
s330, respectively establishing a first multi-dimensional matrix and a second multi-dimensional matrix according to the positioning observation information in the first position characteristic information and the positioning observation information in the second position characteristic information, determining cosine similarity between the first multi-dimensional matrix and the second multi-dimensional matrix, and considering that the first multi-dimensional matrix and the second multi-dimensional matrix accord with a judgment rule when the cosine similarity is larger than a threshold value;
further, the establishing exclusivity condition specifically includes: at least one of the constraint conditions formed by combining the positioning observation information in the second position characteristic information with the built-in digital earth surface model of the IP-free firewall is not met by the positioning observation information in the first position characteristic information, and the positioning observation information in the first position characteristic information is abnormal and conflicts with the positioning observation information in the second position characteristic information.
Specifically, the DSM (Digital Surface Model, DSM) is a digital earth model, which refers to an earth elevation model that contains earth surface information of earth surface buildings, bridges, trees, etc.
It can be understood that the first satellite observation information is abnormal, and can be set to judge in such a way that the appearance format, word length, field and numerical value of the satellite observation information transmitted by the equipment to be authenticated exceed a reasonable threshold value; the conflict between the first satellite observation information and the second satellite observation information can be set to judge the time, the time period and other modes of the satellite observation information transmitted by the equipment to be authenticated; the first satellite observation information does not conform to the constraint condition formed by combining the second navigation observation information with the built-in DSM of the protection terminal, and here, for example, under the theoretical observation condition formed by the satellite body and the DSM, the second navigation observation information confirms that the specific satellite cannot be observed (for example, the specific satellite cannot be blocked by the terrain and the ground object), and at the moment, whether the specific satellite is obviously deviated from the first satellite observation information can be judged, and other specific constraint conditions can be expanded according to the core thought of the technology, so that the specific satellite cannot be listed one by one.
In addition, in the research and development process, the situation that the safety authentication is not carried out according to the judgment rule occurs, namely, the situation that the safety authentication cannot be carried out due to short-term interference of the satellite positioning module is included in the self-safety equipment, so that the judgment can be further carried out by setting a virtualization environment later, and when the judgment is not threatened, the safety authentication is carried out again by the safety authentication-passing equipment.
Further, when reauthentication is performed, the authority may be controlled in a limited manner. It can be understood that when the re-authentication is needed, the credibility of the first device is reduced, so that even when the re-authentication is successful, the range of the authority obtained by the second security authentication of the first device can be adjusted, and the security of the current device is ensured.
Further, on the basis of the above-mentioned limited control, a permission release mechanism can be set, no IP hardware firewall continuously monitors the behavior, and when ensuring that no security threat exists continuously, the access permission is extended.
In the process of verifying the satellite observation information, the communication encryption process between communication objects is carried out, and the focus of the application is on the verification and authentication process of the satellite observation information, while the application is not limited to the communication encryption process, and the application can be implemented by adopting any prior art which does not conflict with the application.
S160, the current IP-free hardware firewall blocks network data packets and prevents the network data packets from entering and exiting the network; step S180 is executed in a jump mode;
s170, allowing the network data packet to pass through, and releasing the data packet judged to be normal to enter and exit;
and S180, continuously monitoring the network data packet, and repeatedly executing the logic processes from the fourth step to the seventh step.
Example III
A computer readable storage medium comprising computer program instructions which, when executed by a processor, implement the method of any of the previous embodiments.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (Synchlink), DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The foregoing has described in detail the embodiments of the present disclosure, so as to not obscure the technical idea of the present disclosure, and those skilled in the art will be able to implement the technical scheme of the disclosure based on the description of the embodiments.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the application.

Claims (10)

1. The distributed information network security protection system is characterized by comprising a plurality of IP-free hardware firewalls, a security management and control sensing cloud platform, an access control module, a threat detection module and a position information-based authentication module, wherein the IP-free hardware firewalls are directly connected in series in front of protected equipment and have edge computing capability and are used for filtering, intercepting, analyzing and monitoring data packets in network communication, the security management and control sensing cloud platform can realize centralized management and control of a plurality of IP-free hardware firewall devices, is used for realizing remote management, configuration and security policy updating of the hardware firewalls and real-time monitoring of network states and data traffic, the access control module is coupled with the IP-free hardware firewalls and is used for realizing access authority control of network internal equipment, the threat detection module is coupled with the IP-free hardware firewalls and is used for real-time monitoring of malicious behavior, attack behavior and abnormal behavior in the network traffic, and the authentication module is coupled with the IP-free hardware firewalls and is used for carrying out identity authentication and authorization verification on users;
the IP-free hardware firewall comprises a plurality of network interfaces for connecting a plurality of networks, and a plurality of processors for processing a plurality of network data streams in parallel; the security management and control perception cloud platform comprises a remote management interface, a remote control module and a remote control module, wherein the remote management interface is used for accessing configuration and state information of an IP-free hardware firewall and performing remote management, log recording and audit functions; the access control module comprises a plurality of access rules for limiting network access and controlling user rights; the threat detection module comprises a threat detection engine based on signature and behavior, and is used for detecting network attacks and abnormal traffic; the edge computing capability comprises local storage and computing resources, is used for processing network data locally and sending a processing result back to the security management and control perception cloud platform;
the authentication module based on the position information responds to the first Internet of things equipment to send service request information, and a second IP-free hardware firewall connected in series with the second Internet of things equipment intercepts first position characteristic information in the service request information; the IP-free hardware firewall requests a reliable Internet of things device list from a security management and control perception cloud platform; responding to the IP-free hardware firewall to send security request information to the Internet of things equipment in the reliable Internet of things equipment list, wherein the IP-free hardware firewall determines third Internet of things equipment and at least receives second position characteristic information sent by the third Internet of things equipment through a corresponding third IP-free firewall; comparing the first position characteristic information with the second position characteristic information, and if the first position characteristic information meets the judgment rule, carrying out safety authentication on the first Internet of things equipment; the location characteristic information at least comprises location parameter information, the location parameter information is obtained by a location chip carried on the IP-free hardware firewall or the Internet of things equipment, and the location parameter information at least comprises code pseudo-range, carrier phase value, satellite number, doppler, signal intensity, signal to noise ratio and observation time.
2. A distributed information network security protection method, which adopts the distributed information network security protection system as claimed in claim 1, comprising:
step one, deploying an IP-free hardware firewall: directly connecting the firewall without IP hardware in series in front of the protected equipment, so that all data packets sent to the protected equipment pass through the firewall without IP hardware;
step two, the IP-free hardware firewall acquires all network data packets transmitted by the firewall, analyzes each acquired network data packet, and acquires a source IP address, a source port, a target IP address, a transmission protocol type and a data load of each network data packet;
third, realizing the rapid networking and the safety rule configuration of the IP-free hardware firewall:
step four, the current IP-free hardware firewall matches the protocol header and the payload of each parsed network data packet according to preset rules, and judges whether each network data packet is a malicious data packet or not;
step five, if the network data packet is judged to be a malicious data packet, executing step six, otherwise executing step seven, and judging the next processing action according to the matching result;
step six, the firewall of the current IP-free hardware blocks the network data packet, prevents the network data packet from entering and exiting the network, and then jumps to execute the step eight;
allowing the network data packet to pass through, and releasing the data packet judged to be normal to enter and exit;
and step eight, continuously monitoring the network data packet, and repeatedly executing the logic processes from the step four to the step seven.
3. The method for protecting distributed information network security according to claim 2, wherein the implementing the fast networking and security rule configuration without the IP hardware firewall further comprises:
if the current IP-free hardware firewall can identify and process the detection data packet to normally networking, the networking information is fed back to the security control sensing cloud platform, the feedback is successful, and the networking is identified to be successful; if the current IP-free hardware firewall cannot receive the networking data packet, the current IP-free hardware firewall broadcasts the networking request data packet in the network, when other IP hardware firewalls intercept the networking request data packet, the current IP-free hardware firewall transmits a special networking data packet to equipment connected in series with the current IP-free hardware firewall, the current IP-free hardware firewall intercepts the special networking data packet for analysis and processing to normally networking, at the moment, the current IP-free hardware firewall transmits a temporary rule request data packet to the other IP-free hardware firewalls, when the other IP hardware firewalls intercept the temporary rule request data packet, the current IP-free hardware firewall intercepts the temporary security rule configuration data packet for analysis and processing to acquire a temporary security rule, and when the security management and control perception cloud platform is on line again, the current IP hardware firewall feeds back the detection data packet, the identification networking is successful, and the security management and control perception cloud platform issues the security rule configuration data again to realize the current IP hardware firewall configuration.
4. The method of claim 3, wherein the matching the protocol header and the payload of each parsed network data packet by the current IP-free hardware firewall according to a preset rule, and determining whether each network data packet is a malicious data packet further comprises: judging whether the protocol header and the payload of each analyzed network data packet accord with a preset rule, if so, judging that each network data packet is not a malicious data packet, and if not, blocking the network data packet.
5. The method of claim 4, wherein if the predetermined rule is not met, blocking the network packet further comprises: and simultaneously, the current IP-free hardware firewall starts a virtualized environment, identifies attack behavior characteristics according to a preset attack behavior characteristic library, uploads a data packet to the security management and control sensing cloud platform for cloud threat analysis when the attack behavior is identified, and issues a security update strategy according to an analysis result.
6. The method according to claim 5, wherein if the network packet is judged to be a malicious packet, step six is performed, otherwise step seven is performed, and the following processing actions are further determined according to the matching result: and when the network data packet is not judged to be a malicious data packet, simultaneously executing authentication, executing a step seven when the authentication is successful, and executing a step six when the authentication is failed.
7. The method of claim 6, wherein the authentication includes at least authentication based on location information, and the authentication is performed by responding to a first internet of things device to send service request information, so that a second IP-free hardware firewall connected in series with a second internet of things device intercepts first location feature information in the service request information;
the IP-free hardware firewall requests a reliable Internet of things device list from a security management and control perception cloud platform;
responding to the IP-free hardware firewall to send security request information to the Internet of things equipment in the reliable Internet of things equipment list, wherein the IP-free hardware firewall determines third Internet of things equipment and at least receives second position characteristic information sent by the third Internet of things equipment through a corresponding third IP-free firewall;
and comparing the first position characteristic information with the second position characteristic information, and if the first position characteristic information meets the judgment rule, carrying out safety authentication on the first Internet of things equipment.
8. The method according to claim 7, wherein the location characteristic information includes at least location parameter information, the location parameter information is obtained by a location chip mounted on the IP-free hardware firewall or the internet of things device, and the location parameter information includes at least a code pseudo-range, a carrier phase value, a satellite number, doppler, a signal strength, a signal to noise ratio, and an observation time.
9. The method for protecting distributed information network security according to claim 8, wherein the judging rule specifically comprises:
step 1; obtaining positioning observation information in the first position characteristic information;
step 2; establishing an exclusivity condition, if the positioning observation information in the first position characteristic information comprises an exclusivity element, determining that the positioning observation information does not accord with a determination rule, and if the positioning observation information does not accord with the determination rule, executing the following steps;
step 3: respectively establishing a first multidimensional matrix and a second multidimensional matrix according to the positioning observation information in the first position characteristic information and the positioning observation information in the second position characteristic information, and determining cosine similarity between the first multidimensional matrix and the second multidimensional matrix, wherein when the cosine similarity is larger than a threshold value, the cosine similarity is considered to be in accordance with a judgment rule;
the establishment of the exclusivity condition specifically comprises: at least one of the constraint conditions formed by combining the positioning observation information in the second position characteristic information with the built-in digital earth surface model of the IP-free firewall is not met by the positioning observation information in the first position characteristic information, and the positioning observation information in the first position characteristic information is abnormal and conflicts with the positioning observation information in the second position characteristic information.
10. A computer readable storage medium comprising computer program instructions for execution by at least one processor to implement the method of any one of claims 2-9.
CN202310549089.6A 2023-05-16 2023-05-16 Distributed information network security protection method, system and readable storage medium thereof Active CN116566682B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310549089.6A CN116566682B (en) 2023-05-16 2023-05-16 Distributed information network security protection method, system and readable storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310549089.6A CN116566682B (en) 2023-05-16 2023-05-16 Distributed information network security protection method, system and readable storage medium thereof

Publications (2)

Publication Number Publication Date
CN116566682A CN116566682A (en) 2023-08-08
CN116566682B true CN116566682B (en) 2023-12-08

Family

ID=87497831

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310549089.6A Active CN116566682B (en) 2023-05-16 2023-05-16 Distributed information network security protection method, system and readable storage medium thereof

Country Status (1)

Country Link
CN (1) CN116566682B (en)

Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6070243A (en) * 1997-06-13 2000-05-30 Xylan Corporation Deterministic user authentication service for communication network
CN101567888A (en) * 2008-12-29 2009-10-28 郭世泽 Safety protection method of network feedback host computer
CN102687480A (en) * 2009-12-12 2012-09-19 阿卡麦科技公司 Cloud-based firewall system and service
CN102685140A (en) * 2012-05-22 2012-09-19 汉柏科技有限公司 Method and system for supporting AAA authentication function through fire wall in transparent mode
CN102857472A (en) * 2011-06-28 2013-01-02 上海地面通信息网络有限公司 Firewall system for providing safety protection to customer on ISP (Internet Service Provider) platform
WO2013108121A2 (en) * 2012-01-17 2013-07-25 IPalive AB A device, software module, system or business method for global real-time telecommunication
CN103327025A (en) * 2013-06-28 2013-09-25 北京奇虎科技有限公司 Method and device for network access control
US8904511B1 (en) * 2010-08-23 2014-12-02 Amazon Technologies, Inc. Virtual firewalls for multi-tenant distributed services
CN106302518A (en) * 2016-09-13 2017-01-04 西安莫贝克半导体科技有限公司 A kind of network firewall of software and hardware combining
CN106899616A (en) * 2017-04-20 2017-06-27 四川电科智造科技有限公司 A kind of safety regulation collocation method without IP fire walls
CN107979615A (en) * 2018-01-05 2018-05-01 新华三信息安全技术有限公司 Message encryption transmission, authentication method, device, client and fire wall
RU2718650C1 (en) * 2019-12-26 2020-04-10 Федеральное государственное казенное военное образовательное учреждение высшего образования Академия Федеральной службы охраны Российской Федерации Method of protecting communication network service servers against computer attacks
WO2020084335A1 (en) * 2018-10-26 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Using location indentifier separation protocol to implement a distributed user plane function architecture for 5g mobility
CN112152893A (en) * 2020-08-18 2020-12-29 北京燃气能源发展有限公司 Edge computing platform based on security element and trusted transmission environment
WO2021233373A1 (en) * 2020-05-20 2021-11-25 北京北斗弘鹏科技有限公司 Network security protection method and apparatus, storage medium and electronic device
CN113810361A (en) * 2021-07-15 2021-12-17 赛姆科技(广东)有限公司 Rapid deployment management method of IP-free firewall
CN113992364A (en) * 2021-10-15 2022-01-28 湖南恒茂高科股份有限公司 Network data packet blocking optimization method and system
CN114095562A (en) * 2020-07-31 2022-02-25 中国电信股份有限公司 Edge application discovery method and system and enhanced firewall
CN114143090A (en) * 2021-11-30 2022-03-04 招商局金融科技有限公司 Firewall deployment method, device, equipment and medium based on network security architecture
CN115150106A (en) * 2021-03-16 2022-10-04 中国科学技术大学 Safety protection method of physical machine and network node equipment
WO2022213605A1 (en) * 2021-04-07 2022-10-13 中国电信股份有限公司 Method and apparatus for providing cloud service security access, and medium
CN115426139A (en) * 2021-11-19 2022-12-02 华为技术有限公司 Access control method based on SIM card information and communication device
WO2023040303A1 (en) * 2021-09-16 2023-03-23 华为云计算技术有限公司 Network traffic control method and related system
KR102521426B1 (en) * 2021-10-29 2023-04-13 에스케이텔레콤 주식회사 Virtual switch appattus and its traffic processing method
CN116015696A (en) * 2021-10-20 2023-04-25 中移系统集成有限公司 Firewall system, malicious software detection method and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8677505B2 (en) * 2000-11-13 2014-03-18 Digital Doors, Inc. Security system with extraction, reconstruction and secure recovery and storage of data
US8875276B2 (en) * 2011-09-02 2014-10-28 Iota Computing, Inc. Ultra-low power single-chip firewall security device, system and method
US9130901B2 (en) * 2013-02-26 2015-09-08 Zentera Systems, Inc. Peripheral firewall system for application protection in cloud computing environments
US10917384B2 (en) * 2017-09-12 2021-02-09 Synergex Group Methods, systems, and media for modifying firewalls based on dynamic IP addresses
US10833922B2 (en) * 2017-09-12 2020-11-10 Synergex Group Methods, systems, and media for adding IP addresses to firewalls
US20230007018A1 (en) * 2021-07-01 2023-01-05 At&T Intellectual Property I, L.P. Dynamic multi-network security controls
US20230060207A1 (en) * 2021-08-31 2023-03-02 Axiado Corporation Systems and methods using network artificial intelligence to manage control plane security in real-time

Patent Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6070243A (en) * 1997-06-13 2000-05-30 Xylan Corporation Deterministic user authentication service for communication network
CN101567888A (en) * 2008-12-29 2009-10-28 郭世泽 Safety protection method of network feedback host computer
CN102687480A (en) * 2009-12-12 2012-09-19 阿卡麦科技公司 Cloud-based firewall system and service
US8904511B1 (en) * 2010-08-23 2014-12-02 Amazon Technologies, Inc. Virtual firewalls for multi-tenant distributed services
CN102857472A (en) * 2011-06-28 2013-01-02 上海地面通信息网络有限公司 Firewall system for providing safety protection to customer on ISP (Internet Service Provider) platform
WO2013108121A2 (en) * 2012-01-17 2013-07-25 IPalive AB A device, software module, system or business method for global real-time telecommunication
CN102685140A (en) * 2012-05-22 2012-09-19 汉柏科技有限公司 Method and system for supporting AAA authentication function through fire wall in transparent mode
CN103327025A (en) * 2013-06-28 2013-09-25 北京奇虎科技有限公司 Method and device for network access control
CN106302518A (en) * 2016-09-13 2017-01-04 西安莫贝克半导体科技有限公司 A kind of network firewall of software and hardware combining
CN106899616A (en) * 2017-04-20 2017-06-27 四川电科智造科技有限公司 A kind of safety regulation collocation method without IP fire walls
CN107979615A (en) * 2018-01-05 2018-05-01 新华三信息安全技术有限公司 Message encryption transmission, authentication method, device, client and fire wall
WO2020084335A1 (en) * 2018-10-26 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Using location indentifier separation protocol to implement a distributed user plane function architecture for 5g mobility
RU2718650C1 (en) * 2019-12-26 2020-04-10 Федеральное государственное казенное военное образовательное учреждение высшего образования Академия Федеральной службы охраны Российской Федерации Method of protecting communication network service servers against computer attacks
WO2021233373A1 (en) * 2020-05-20 2021-11-25 北京北斗弘鹏科技有限公司 Network security protection method and apparatus, storage medium and electronic device
CN114095562A (en) * 2020-07-31 2022-02-25 中国电信股份有限公司 Edge application discovery method and system and enhanced firewall
CN112152893A (en) * 2020-08-18 2020-12-29 北京燃气能源发展有限公司 Edge computing platform based on security element and trusted transmission environment
CN115150106A (en) * 2021-03-16 2022-10-04 中国科学技术大学 Safety protection method of physical machine and network node equipment
WO2022213605A1 (en) * 2021-04-07 2022-10-13 中国电信股份有限公司 Method and apparatus for providing cloud service security access, and medium
CN113810361A (en) * 2021-07-15 2021-12-17 赛姆科技(广东)有限公司 Rapid deployment management method of IP-free firewall
WO2023040303A1 (en) * 2021-09-16 2023-03-23 华为云计算技术有限公司 Network traffic control method and related system
CN113992364A (en) * 2021-10-15 2022-01-28 湖南恒茂高科股份有限公司 Network data packet blocking optimization method and system
CN116015696A (en) * 2021-10-20 2023-04-25 中移系统集成有限公司 Firewall system, malicious software detection method and device
KR102521426B1 (en) * 2021-10-29 2023-04-13 에스케이텔레콤 주식회사 Virtual switch appattus and its traffic processing method
CN115426139A (en) * 2021-11-19 2022-12-02 华为技术有限公司 Access control method based on SIM card information and communication device
CN114143090A (en) * 2021-11-30 2022-03-04 招商局金融科技有限公司 Firewall deployment method, device, equipment and medium based on network security architecture

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
NetFPGA-Based Firewall Solution for 5G Multi-Tenant Architectures;R. Ricart-Sanchez, P. Malagon, J. M. Alcaraz-Calero and Q. Wang;《2019 IEEE International Conference on Edge Computing (EDGE)》;全文 *
Z. Aliannezhadi and M. A. Azgomi.Modeling and Analysis of a Web Service Firewall Using Coloured Petri Nets.《2008 IEEE Asia-Pacific Services Computing Conference,》.2009,全文. *
移动边缘计算安全加固技术研究;冯温迪;《中国博士学位论文全文数据库》;全文 *
网络安全技术研究及其在工程中的应用;丁大明;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》;全文 *

Also Published As

Publication number Publication date
CN116566682A (en) 2023-08-08

Similar Documents

Publication Publication Date Title
CN108306893B (en) Distributed intrusion detection method and system for ad hoc network
US9866542B2 (en) Responding to electronic in-vehicle intrusions
EP2843904A2 (en) Identifying malicious devices within a computer network
Agarwal et al. An efficient scheme to detect evil twin rogue access point attack in 802.11 Wi-Fi networks
KR102234402B1 (en) A system and method for detecting network anomalies of connected car
US9444830B2 (en) Web server/web application server security management apparatus and method
EP3803659A1 (en) Anomalous access point detection
CN109076011B (en) Relay device
CN111010384A (en) Self-security defense system and security defense method for terminal of Internet of things
US20090088132A1 (en) Detecting unauthorized wireless access points
CN112653655A (en) Automobile safety communication control method and device, computer equipment and storage medium
US20210029149A1 (en) Abnormal traffic analysis apparatus, abnormal traffic analysis method, and abnormal traffic analysis program
CN102595411A (en) Sensor-based method for detecting various attacks in cognitive radio network
CN112491888A (en) Method and system for preventing equipment from being falsely used
Vegesna Investigations on Cybersecurity Challenges and Mitigation Strategies in Intelligent transport systems
CN101299760B (en) Information safety processing method and system, communication equipment
CN116566682B (en) Distributed information network security protection method, system and readable storage medium thereof
Waraich et al. Prevention of denial of service attack over vehicle ad hoc networks using quick response table
CN105792216B (en) Wireless fishing based on certification accesses point detecting method
WO2020184001A1 (en) On-vehicle security measure device, on-vehicle security measure method, and security measure system
RU2703329C1 (en) Method of detecting unauthorized use of network devices of limited functionality from a local network and preventing distributed network attacks from them
JP2022024266A (en) Log analyzer
Satam et al. Autoinfotainment security development framework (ASDF) for smart cars
KR101186873B1 (en) Wireless intrusion protecting system based on signature
WO2010133634A1 (en) Wireless intrusion detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant