CN116827674A - Protection method based on network communication security - Google Patents
Protection method based on network communication security Download PDFInfo
- Publication number
- CN116827674A CN116827674A CN202311023658.XA CN202311023658A CN116827674A CN 116827674 A CN116827674 A CN 116827674A CN 202311023658 A CN202311023658 A CN 202311023658A CN 116827674 A CN116827674 A CN 116827674A
- Authority
- CN
- China
- Prior art keywords
- network communication
- network
- communication equipment
- port
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 222
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000001514 detection method Methods 0.000 claims abstract description 82
- 241000700605 Viruses Species 0.000 claims abstract description 72
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 10
- 238000011156 evaluation Methods 0.000 claims description 76
- 238000004458 analytical method Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 14
- 230000002159 abnormal effect Effects 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 9
- 230000008520 organization Effects 0.000 abstract description 10
- 230000008439 repair process Effects 0.000 abstract description 2
- 238000012544 monitoring process Methods 0.000 description 5
- 230000000903 blocking effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000009545 invasion Effects 0.000 description 4
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- XEEYBQQBJWHFJM-UHFFFAOYSA-N Iron Chemical compound [Fe] XEEYBQQBJWHFJM-UHFFFAOYSA-N 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001681 protective effect Effects 0.000 description 2
- LISFMEBWQUVKPJ-UHFFFAOYSA-N quinolin-2-ol Chemical compound C1=CC=C2NC(=O)C=CC2=C1 LISFMEBWQUVKPJ-UHFFFAOYSA-N 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 229910052742 iron Inorganic materials 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a protection method based on network communication safety, which relates to the technical field of network safety protection, and can help an organization to evaluate the safety of each port in network communication equipment by analyzing the safety of each port in the network communication equipment, judge whether each port in the network communication equipment has a loophole or not, improve the safety of the network communication equipment, block the data packet in the network communication equipment when judging that the data packet in the network communication equipment carries viruses, analyze the data packet carrying viruses, help the organization to timely discover and cope with various safety threats, and update anti-virus software and safety patches on the network communication equipment, thereby improving the safety and protection capability of the network communication equipment, and timely discover and repair faults and problems of the network detection equipment by analyzing the state of the network detection equipment, thereby improving the reliability of the network detection equipment.
Description
Technical Field
The invention relates to the technical field of network security protection, in particular to a protection method based on network communication security.
Background
Network communication security is a very important issue in today's society. With the popularization of the internet, data transmission and storage become easier and easier, but at the same time, security risks are brought. In order to protect personal privacy and enterprise confidentiality, a series of protective measures are required to be taken, in addition, network security holes and latest security threats are also required to be concerned, corresponding countermeasures are required to be taken in time, and only then, the security of network communication can be ensured, information leakage and loss are avoided, so that a protective method based on network communication security is required;
the existing network security technology and measures in the prior art have certain defects in coping with increasing network attacks and threats, at present, network attack means are continuously updated, hacking attack technology is continuously improved, so that the traditional security protection means are difficult to meet security requirements, and obviously, the protection means have at least the following problems:
1. the traditional network security protection can not find that viruses invade from a specific port of the network communication equipment, the traditional network security protection is mainly concentrated on the terminal equipment and the server, the security protection for each port in the network communication equipment is relatively less, the fact that the viruses invade from the specific port in the network communication equipment can not be found out and the threats can not be timely found out and handled by organizations when facing network attacks can be caused, so that the security problems such as data leakage and system paralysis can be possibly caused, in addition, the modern network attack technology is increasingly complex, and attackers can use various technologies and means to avoid traditional security protection measures;
2. meanwhile, if the invasion of the virus from the port in the network communication equipment cannot be found, the source and the transmission path of the virus cannot be determined, which causes that no targeted measures can be taken to prevent the further transmission and invasion of the virus, namely unknown security holes possibly exist in the network communication equipment, the holes can be utilized by hackers to continue unauthorized invasion activities, the system is continuously damaged, if the virus source cannot be found, measures cannot be timely taken to protect important data, the enterprises face risks of data leakage, commercial secret leakage and the like, and the continuous invasion of the virus can cause faults or service interruption of the network communication equipment, so that the normal operation and service continuity of the enterprises are influenced. The virus source cannot be found in time, the affected equipment and system cannot be recovered quickly, and the service interruption time is prolonged;
3. meanwhile, whether the network detection equipment operates normally cannot be accurately judged, network attack or abnormal behavior can not be found in time, the security risk of a system and data is increased, malicious activities can continue under the condition that the network attack or abnormal behavior is not detected, serious consequences such as data leakage and system paralysis are caused, and measures can not be taken in time to repair the equipment or replace the equipment. This may result in the device being in an abnormal state for a long time, further increasing the network security risk and the failure risk.
Disclosure of Invention
Aiming at the technical defects, the invention aims to provide a protection method based on network communication security.
In order to solve the technical problems, the invention adopts the following technical scheme: the invention provides a protection method based on network communication security, which comprises the following steps: step one, acquiring network parameters: acquiring network parameters corresponding to network communication equipment;
step two, analyzing the state of the network communication equipment: according to the network parameters corresponding to the network communication equipment, the state of the network communication equipment is analyzed to obtain a network state evaluation coefficient corresponding to the state of the network communication equipment, and whether the network communication equipment is abnormal or not is further judged;
step three, analyzing the data packet: when the network communication equipment is judged to be abnormal, the data packet in the network communication equipment is analyzed, whether the data packet in the network communication equipment carries viruses is judged, and when the data packet in the network communication equipment is judged to carry viruses, the data packet in the network communication equipment is blocked, and anti-virus software and security patches on the network communication equipment are updated;
step four, collecting port data: when the data packet in the network communication equipment is judged to carry viruses, a plurality of acquisition points are arranged at each port of the network communication equipment, and then port data corresponding to each port in the network communication equipment are acquired at each acquisition point, wherein the port data comprises port flow and port connection number;
fifth, analyzing port data: acquiring port data corresponding to each port in the network communication equipment according to each acquisition point, so as to analyze the safety of each port in the network communication equipment, obtain a safety evaluation coefficient corresponding to the safety of each port in the network communication equipment, and judge whether each port in the network communication equipment has a loophole or not;
step six, obtaining performance parameters: when the data packet in the network communication equipment is judged not to carry viruses, further acquiring performance parameters of the network detection equipment;
step seven, analyzing performance parameters: according to the performance parameters of the network detection equipment, the state of the network detection equipment is analyzed to obtain a state evaluation coefficient corresponding to the network detection equipment, and whether the network detection equipment operates normally is judged;
step eight, early warning prompting: and when the data packet in the network communication device carries viruses and the network detection device fails, an alarm is sent.
Preferably, the network parameters include network traffic size, network traffic frequency and network traffic speed.
Preferably, the analyzing the status of the network communication device specifically includes the following steps:
respectively recording the network traffic size, the network traffic frequency and the network traffic speed corresponding to the network communication equipment as、/>And->Substituting the calculation formula +.>Obtaining a network state evaluation coefficient corresponding to the state of the network communication equipment>Wherein->、/>、/>Respectively expressed as standard network flow size, standard network flow frequency, standard network communication equipment corresponding to the preset network communication equipment,Standard network traffic speed,/-, and>、/>、/>respectively expressed as the weight factors corresponding to the network traffic size, the network traffic frequency and the network traffic speed in the network communication equipment.
Preferably, the determining whether the network communication device is abnormal or not includes the following specific determining process:
and (3) corresponding the network state evaluation coefficient corresponding to the network communication equipment state and the preset standard network state evaluation coefficient, if the network state evaluation coefficient corresponding to the network communication equipment state is smaller than the preset standard network state evaluation coefficient, judging that the network communication equipment is abnormal, and if the network state evaluation coefficient corresponding to the network communication equipment state is larger than or equal to the preset standard network state evaluation coefficient, judging that the network communication equipment is normal.
Preferably, the analyzing the data packet in the network communication device specifically includes the following steps:
a1, comparing a source address, a target address and a protocol type corresponding to a data packet in network communication equipment with an initial source address, an initial target address and an initial protocol type corresponding to the data packet in the network communication equipment, if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are different from the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment carries viruses, and if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are the same as the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment does not carry viruses;
and A2, comparing the viruses in the data packet carrying the viruses in the network communication equipment with various viruses in the database, so as to obtain the virus types corresponding to the viruses in the data packet carrying the viruses in the network communication equipment, and updating the antivirus software corresponding to the virus types and the security patches corresponding to the virus types on the network communication equipment according to the corresponding virus types.
Preferably, the security of each port in the network communication device is analyzed, and the specific analysis process is as follows:
respectively recording port flow and port connection number corresponding to each port in each acquisition point acquisition network communication equipment asAnd->Wherein i represents the number corresponding to each acquisition point, < > and->Substituting the calculation formula +.>Obtaining security evaluation coefficients corresponding to the security of each port in the network communication equipment>Wherein->、/>Respectively expressed as standard port flow and standard port connection number corresponding to the ports in the preset network communication equipment,/->、/>And respectively representing the port flow and the weight factors corresponding to the port connection number.
Preferably, the analyzing the virus carried by the data packet in the network communication device specifically includes the following steps:
comparing the security evaluation coefficient corresponding to the security of each port in the network communication equipment with the security evaluation coefficient corresponding to the security of the preset standard port, if the security evaluation coefficient corresponding to the security of a certain port in the network communication equipment is smaller than the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is vulnerable, and if the security evaluation coefficient corresponding to the security of the certain port in the network communication equipment is greater than or equal to the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is not vulnerable.
Preferably, the performance parameters include packet loss rate, transmission speed and response time length.
Preferably, the analyzing the status of the network detection device specifically includes the following steps:
respectively marking the packet loss rate, the transmission speed and the response time length corresponding to the network detection equipment as、/>And->Substituting the calculation formula +.>Obtaining a state evaluation coefficient corresponding to the network detection device ∈ ->Wherein->、/>、/>Respectively expressed as a standard packet loss rate, a standard transmission speed and a standard response time length corresponding to preset network detection equipment, < >>、/>、/>Respectively expressed as weight factors corresponding to packet loss rate, transmission speed and response time length in the network detection equipment.
Preferably, the judging whether the network detection device operates normally or not includes the following specific judging process:
comparing the state evaluation coefficient corresponding to the network detection device with the state evaluation coefficient corresponding to the preset standard network detection device, if the state evaluation coefficient corresponding to the network detection device is smaller than the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device fails, and if the state evaluation coefficient corresponding to the network detection device is larger than or equal to the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device operates normally.
The invention has the beneficial effects that:
1. the security evaluation coefficients corresponding to the security of each port in the network communication equipment are obtained by analyzing the security of each port in the network communication equipment, so that the organization can be helped to evaluate the security of each port in the network communication equipment, judge whether holes exist or not, judge whether each port in the network communication equipment has holes or not, and improve the security of the network communication equipment: by evaluating the safety of each port in the network communication equipment, loopholes and safety problems in the network communication equipment can be found and repaired in time, so that the safety of the network communication equipment is improved, and various safety threats can be found and dealt with in time by analyzing the safety of each port in the network communication equipment, so that the safety risks faced by organizations are reduced;
2. when the data package in the network communication equipment is judged to carry viruses, the data package in the network communication equipment is blocked, and the data package carrying viruses is analyzed, so that an organization can be helped to find and cope with various security threats in time, and further, anti-virus software and security patches on the network communication equipment are updated, so that the security and protection capability of the network communication equipment are improved, various security threats can be found and cope with in time through the blocking and analysis of the data package carrying viruses, the security risks faced by the organization are reduced, and confidential information of the organization can be protected from being revealed or attacked through the blocking and analysis of the data package carrying viruses;
3. according to the performance parameters of the network detection equipment, the state of the network detection equipment can be analyzed to obtain a state evaluation coefficient corresponding to the network detection equipment, whether the network detection equipment is in normal operation or not is judged, the faults and problems of the network detection equipment can be found and repaired in time through the analysis of the state of the network detection equipment, so that the reliability of the network detection equipment is improved, the faults and the problems can be found and repaired in time through the analysis of the state of the network detection equipment, the operation and maintenance cost and the investment of manpower resources are reduced, the state of the network detection equipment is analyzed, and various faults and problems can be found and handled in time, so that the continuity and the stability of business are guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of the steps of the method of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the invention is shown in fig. 1, and a protection method based on network communication security comprises the following steps: step one, acquiring network parameters: and acquiring network parameters corresponding to the network communication equipment.
In a specific embodiment, the network parameters include network traffic size, network traffic frequency, and network traffic speed.
It should be noted that the network monitoring tool may monitor and record information of network traffic, and may provide real-time network traffic size, network traffic frequency, and network traffic speed.
Step two, analyzing the state of the network communication equipment: according to the network parameters corresponding to the network communication devices, the states of the network communication devices are analyzed to obtain network state evaluation coefficients corresponding to the states of the network communication devices, and whether the network communication devices are abnormal or not is further judged.
In a specific embodiment, the analyzing the status of the network communication device is as follows:
respectively recording the network traffic size, the network traffic frequency and the network traffic speed corresponding to the network communication equipment as、/>And->Substituting the calculation formula +.>Obtaining a network state evaluation coefficient corresponding to the state of the network communication equipment>Wherein->、/>、/>Respectively expressed as standard network traffic size, standard network traffic frequency and standard network traffic speed corresponding to preset network communication equipment, < >>、/>、/>Respectively expressed as the weight factors corresponding to the network traffic size, the network traffic frequency and the network traffic speed in the network communication equipment.
In another specific embodiment, the determining whether the network communication device is abnormal includes the following specific determining process:
and (3) corresponding the network state evaluation coefficient corresponding to the network communication equipment state and the preset standard network state evaluation coefficient, if the network state evaluation coefficient corresponding to the network communication equipment state is smaller than the preset standard network state evaluation coefficient, judging that the network communication equipment is abnormal, and if the network state evaluation coefficient corresponding to the network communication equipment state is larger than or equal to the preset standard network state evaluation coefficient, judging that the network communication equipment is normal.
Step three, analyzing the data packet: when the network communication equipment is judged to be abnormal, the data packet in the network communication equipment is analyzed, whether the data packet in the network communication equipment carries viruses or not is judged, and when the data packet in the network communication equipment is judged to carry viruses, the data packet in the network communication equipment is blocked, and anti-virus software and security patches on the network communication equipment are updated.
Viruses include Trojan virus, worm virus, lesu software, and the like.
It should also be noted that anti-virus software includes siamesed iron, carbostyril, norton, and the like.
In a specific embodiment, the analyzing the data packet in the network communication device specifically includes the following steps:
a1, comparing a source address, a target address and a protocol type corresponding to a data packet in network communication equipment with an initial source address, an initial target address and an initial protocol type corresponding to the data packet in the network communication equipment, if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are different from the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment carries viruses, and if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are the same as the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment does not carry viruses;
and A2, comparing the viruses in the data packet carrying the viruses in the network communication equipment with various viruses in the database, so as to obtain the virus types corresponding to the viruses in the data packet carrying the viruses in the network communication equipment, and updating the antivirus software corresponding to the virus types and the security patches corresponding to the virus types on the network communication equipment according to the corresponding virus types.
When the data package in the network communication equipment is judged to carry viruses, the data package in the network communication equipment is blocked, and the data package carrying viruses is analyzed, so that the organization can be helped to find and cope with various security threats in time, and further, the anti-virus software and the security patches on the network communication equipment are updated, so that the security and the protection capability of the network communication equipment are improved, various security threats can be found and cope with in time through the blocking and the analysis of the data package carrying viruses, the security risks faced by the organization are reduced, and confidential information of the organization can be protected from being revealed or attacked through the blocking and the analysis of the data package carrying viruses.
Step four, collecting port data: when the data packet in the network communication equipment is judged to carry viruses, a plurality of acquisition points are arranged on each port of the network communication equipment, and then port data corresponding to each port in the network communication equipment are acquired at each acquisition point, wherein the port data comprises port flow and port connection number.
It should be noted that, using the network monitoring tool: the network monitoring tool can monitor and record information of network traffic, and can provide real-time port traffic and connection numbers.
Fifth, analyzing port data: and acquiring port data corresponding to each port in the network communication equipment according to each acquisition point, so as to analyze the safety of each port in the network communication equipment, obtain a safety evaluation coefficient corresponding to the safety of each port in the network communication equipment, and judge whether each port in the network communication equipment has a loophole or not.
In a specific embodiment, the security of each port in the network communication device is analyzed, and the specific analysis process is as follows:
respectively recording port flow and port connection number corresponding to each port in each acquisition point acquisition network communication equipment asAnd->Wherein i represents the number corresponding to each acquisition point, < > and->Substituting the calculation formula +.>Obtaining security evaluation coefficients corresponding to the security of each port in the network communication equipment>Wherein->、/>Respectively expressed as standard port flow and standard port connection number corresponding to the ports in the preset network communication equipment,/->、/>And respectively representing the port flow and the weight factors corresponding to the port connection number.
In another specific embodiment, the analyzing the virus carried by the data packet in the network communication device specifically includes the following steps:
comparing the security evaluation coefficient corresponding to the security of each port in the network communication equipment with the security evaluation coefficient corresponding to the security of the preset standard port, if the security evaluation coefficient corresponding to the security of a certain port in the network communication equipment is smaller than the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is vulnerable, and if the security evaluation coefficient corresponding to the security of the certain port in the network communication equipment is greater than or equal to the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is not vulnerable.
The security evaluation coefficients corresponding to the security of each port in the network communication equipment are obtained by analyzing the security of each port in the network communication equipment, so that the organization can be helped to evaluate the security of each port in the network communication equipment, judge whether holes exist or not, judge whether each port in the network communication equipment has holes or not, and improve the security of the network communication equipment: by evaluating the safety of each port in the network communication equipment, loopholes and safety problems in the network communication equipment can be found and repaired in time, so that the safety of the network communication equipment is improved, and by analyzing the safety of each port in the network communication equipment, various safety threats can be found and dealt with in time, so that the safety risks faced by organizations are reduced.
Step six, obtaining performance parameters: and when the data packet in the network communication equipment is judged not to carry viruses, further acquiring the performance parameters of the network detection equipment.
In a specific embodiment, the performance parameters include a packet loss rate, a transmission speed, and a response time duration.
It should be noted that, using the network monitoring tool: the network monitoring tool can monitor and record the information of the network flow, and can provide indexes such as real-time packet loss rate, transmission speed, response time length and the like.
Step seven, analyzing performance parameters: according to the performance parameters of the network detection equipment, the state of the network detection equipment is analyzed, a state evaluation coefficient corresponding to the network detection equipment is obtained, and whether the network detection equipment operates normally is judged.
In a specific embodiment, the state of the network detection device is analyzed, and a specific analysis process is as follows:
respectively marking the packet loss rate, the transmission speed and the response time length corresponding to the network detection equipment as、/>And->Substituting the calculation formula +.>Obtaining a state evaluation coefficient corresponding to the network detection device ∈ ->Wherein->、/>、/>Respectively expressed as a standard packet loss rate, a standard transmission speed and a standard response time length corresponding to preset network detection equipment, < >>、/>、/>Respectively expressed as weight factors corresponding to packet loss rate, transmission speed and response time length in the network detection equipment.
In another specific embodiment, the specific judging process for judging whether the network detection device operates normally is as follows:
comparing the state evaluation coefficient corresponding to the network detection device with the state evaluation coefficient corresponding to the preset standard network detection device, if the state evaluation coefficient corresponding to the network detection device is smaller than the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device fails, and if the state evaluation coefficient corresponding to the network detection device is larger than or equal to the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device operates normally.
Step eight, early warning prompting: and when the data packet in the network communication device carries viruses and the network detection device fails, an alarm is sent.
According to the performance parameters of the network detection equipment, the state of the network detection equipment can be analyzed to obtain a state evaluation coefficient corresponding to the network detection equipment, whether the network detection equipment is in normal operation or not is judged, the faults and problems of the network detection equipment can be found and repaired in time through the analysis of the state of the network detection equipment, so that the reliability of the network detection equipment is improved, the faults and the problems can be found and repaired in time through the analysis of the state of the network detection equipment, the operation and maintenance cost and the investment of manpower resources are reduced, the state of the network detection equipment is analyzed, and various faults and problems can be found and handled in time, so that the continuity and the stability of business are guaranteed.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. The protection method based on network communication safety is characterized by comprising the following steps:
step one, acquiring network parameters: acquiring network parameters corresponding to network communication equipment;
step two, analyzing the state of the network communication equipment: according to the network parameters corresponding to the network communication equipment, the state of the network communication equipment is analyzed to obtain a network state evaluation coefficient corresponding to the state of the network communication equipment, and whether the network communication equipment is abnormal or not is further judged;
step three, analyzing the data packet: when the network communication equipment is judged to be abnormal, the data packet in the network communication equipment is analyzed, whether the data packet in the network communication equipment carries viruses is judged, and when the data packet in the network communication equipment is judged to carry viruses, the data packet in the network communication equipment is blocked, and anti-virus software and security patches on the network communication equipment are updated;
step four, collecting port data: when the data packet in the network communication equipment is judged to carry viruses, a plurality of acquisition points are arranged at each port of the network communication equipment, and then port data corresponding to each port in the network communication equipment are acquired at each acquisition point, wherein the port data comprises port flow and port connection number;
fifth, analyzing port data: acquiring port data corresponding to each port in the network communication equipment according to each acquisition point, so as to analyze the safety of each port in the network communication equipment, obtain a safety evaluation coefficient corresponding to the safety of each port in the network communication equipment, and judge whether each port in the network communication equipment has a loophole or not;
step six, obtaining performance parameters: when the data packet in the network communication equipment is judged not to carry viruses, further acquiring performance parameters of the network detection equipment;
step seven, analyzing performance parameters: according to the performance parameters of the network detection equipment, the state of the network detection equipment is analyzed to obtain a state evaluation coefficient corresponding to the network detection equipment, and whether the network detection equipment operates normally is judged;
step eight, early warning prompting: and when the data packet in the network communication device carries viruses and the network detection device fails, an alarm is sent.
2. The network communication security-based protection method of claim 1, wherein the network parameters include a network traffic size, a network traffic frequency, and a network traffic speed.
3. The protection method based on network communication security as claimed in claim 2, wherein the analyzing the status of the network communication device comprises the following specific analysis processes:
respectively recording the network traffic size, the network traffic frequency and the network traffic speed corresponding to the network communication equipment as、/>And->Substituting the calculation formula +.>Obtaining a network state evaluation coefficient corresponding to the state of the network communication equipment>Wherein->、/>、/>Respectively expressed as standard network traffic size, standard network traffic frequency and standard network traffic speed corresponding to preset network communication equipment, < >>、/>、/>Respectively expressed as the weight factors corresponding to the network traffic size, the network traffic frequency and the network traffic speed in the network communication equipment.
4. The protection method based on network communication security as claimed in claim 3, wherein the specific judgment process for judging whether the network communication device is abnormal is as follows:
and (3) corresponding the network state evaluation coefficient corresponding to the network communication equipment state and the preset standard network state evaluation coefficient, if the network state evaluation coefficient corresponding to the network communication equipment state is smaller than the preset standard network state evaluation coefficient, judging that the network communication equipment is abnormal, and if the network state evaluation coefficient corresponding to the network communication equipment state is larger than or equal to the preset standard network state evaluation coefficient, judging that the network communication equipment is normal.
5. The protection method based on network communication security as claimed in claim 4, wherein the analyzing the data packet in the network communication device comprises the following specific analysis processes:
a1, comparing a source address, a target address and a protocol type corresponding to a data packet in network communication equipment with an initial source address, an initial target address and an initial protocol type corresponding to the data packet in the network communication equipment, if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are different from the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment carries viruses, and if the source address, the target address and the protocol type corresponding to the data packet in the network communication equipment are the same as the initial source address, the initial target address and the initial protocol type corresponding to the data packet in the network communication equipment, judging that the data packet in the network communication equipment does not carry viruses;
and A2, comparing the viruses in the data packet carrying the viruses in the network communication equipment with various viruses in the database, so as to obtain the virus types corresponding to the viruses in the data packet carrying the viruses in the network communication equipment, and updating the antivirus software corresponding to the virus types and the security patches corresponding to the virus types on the network communication equipment according to the corresponding virus types.
6. The protection method based on network communication security as claimed in claim 1, wherein the security of each port in the network communication device is analyzed by the following specific analysis process:
respectively recording port flow and port connection number corresponding to each port in each acquisition point acquisition network communication equipment asAndwherein i represents the number corresponding to each acquisition point, < > and->Substituting the calculation formula +.>In (3) obtaining a network communication deviceSecurity evaluation coefficient +.>Wherein->、/>Respectively expressed as standard port flow and standard port connection number corresponding to the ports in the preset network communication equipment,/->、/>And respectively representing the port flow and the weight factors corresponding to the port connection number.
7. The protection method based on network communication security as claimed in claim 6, wherein the analyzing the virus carried by the data packet in the network communication device comprises the following specific analysis processes:
comparing the security evaluation coefficient corresponding to the security of each port in the network communication equipment with the security evaluation coefficient corresponding to the security of the preset standard port, if the security evaluation coefficient corresponding to the security of a certain port in the network communication equipment is smaller than the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is vulnerable, and if the security evaluation coefficient corresponding to the security of the certain port in the network communication equipment is greater than or equal to the security evaluation coefficient corresponding to the security of the preset standard port, judging that the port protection in the network communication equipment is not vulnerable.
8. The method of claim 1, wherein the performance parameters include a packet loss rate, a transmission speed, and a response time.
9. The protection method based on network communication security as claimed in claim 8, wherein the analyzing the status of the network detection device comprises the following specific analysis processes:
respectively marking the packet loss rate, the transmission speed and the response time length corresponding to the network detection equipment as、/>And->Substituting the calculation formula +.>Obtaining a state evaluation coefficient corresponding to the network detection device ∈ ->Wherein->、/>、/>Respectively expressed as a standard packet loss rate, a standard transmission speed and a standard response time length corresponding to preset network detection equipment, < >>、/>、/>Respectively expressed as weight factors corresponding to packet loss rate, transmission speed and response time length in the network detection equipment.
10. The protection method based on network communication security as claimed in claim 9, wherein the specific judgment process for judging whether the network detection device is operating normally is as follows:
comparing the state evaluation coefficient corresponding to the network detection device with the state evaluation coefficient corresponding to the preset standard network detection device, if the state evaluation coefficient corresponding to the network detection device is smaller than the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device fails, and if the state evaluation coefficient corresponding to the network detection device is larger than or equal to the state evaluation coefficient corresponding to the preset standard network detection device, judging that the network detection device operates normally.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311023658.XA CN116827674A (en) | 2023-08-15 | 2023-08-15 | Protection method based on network communication security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311023658.XA CN116827674A (en) | 2023-08-15 | 2023-08-15 | Protection method based on network communication security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116827674A true CN116827674A (en) | 2023-09-29 |
Family
ID=88139479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311023658.XA Pending CN116827674A (en) | 2023-08-15 | 2023-08-15 | Protection method based on network communication security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116827674A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117439866A (en) * | 2023-10-12 | 2024-01-23 | 南京麦杰软件有限公司 | Method and apparatus for ensuring network communication during maintenance work |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060067124A (en) * | 2004-12-14 | 2006-06-19 | 한국전자통신연구원 | Method for evaluation of network security level of customer network and apparatus thereof |
| CN110224894A (en) * | 2019-06-18 | 2019-09-10 | 国网四川省电力公司内江供电公司 | A kind of transformer station process layer network management system for monitoring |
| CN110768846A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司阿坝供电公司 | Intelligent substation network safety protection system |
| CN115242693A (en) * | 2021-04-22 | 2022-10-25 | 中兴通讯股份有限公司 | Network detection method, device, equipment and storage medium |
-
2023
- 2023-08-15 CN CN202311023658.XA patent/CN116827674A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060067124A (en) * | 2004-12-14 | 2006-06-19 | 한국전자통신연구원 | Method for evaluation of network security level of customer network and apparatus thereof |
| CN110224894A (en) * | 2019-06-18 | 2019-09-10 | 国网四川省电力公司内江供电公司 | A kind of transformer station process layer network management system for monitoring |
| CN110768846A (en) * | 2019-10-31 | 2020-02-07 | 国网四川省电力公司阿坝供电公司 | Intelligent substation network safety protection system |
| CN115242693A (en) * | 2021-04-22 | 2022-10-25 | 中兴通讯股份有限公司 | Network detection method, device, equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117439866A (en) * | 2023-10-12 | 2024-01-23 | 南京麦杰软件有限公司 | Method and apparatus for ensuring network communication during maintenance work |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4961153B2 (en) | Aggregating knowledge bases from computer systems and proactively protecting computers from malware | |
| US8931099B2 (en) | System, method and program for identifying and preventing malicious intrusions | |
| US20160232349A1 (en) | Mobile malware detection and user notification | |
| WO2017034072A1 (en) | Network security system and security method | |
| CN113839935B (en) | Network situation awareness method, device and system | |
| CN114978770A (en) | Internet of things security risk early warning management and control method and system based on big data | |
| CN109995727B (en) | Active protection method, device, equipment and medium for penetration attack behavior | |
| CN116827675A (en) | Network information security analysis system | |
| CN111277539A (en) | Server Lesox virus protection system and method | |
| CN113438249B (en) | Attack tracing method based on strategy | |
| KR102414334B1 (en) | Method and apparatus for detecting threats of cooperative-intelligent transport road infrastructure | |
| CN111835680A (en) | Safety protection system of industry automatic manufacturing | |
| CN116827674A (en) | Protection method based on network communication security | |
| CN114666088A (en) | Method, device, equipment and medium for detecting industrial network data behavior information | |
| CN111083172A (en) | Link communication monitoring view construction method based on data packet analysis | |
| KR20220081145A (en) | AI-based mysterious symptom intrusion detection and system | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| CN112671781A (en) | RASP-based firewall system | |
| Coulibaly | An overview of intrusion detection and prevention systems | |
| Ye et al. | Research on network security protection strategy | |
| KR100651749B1 (en) | Method for detection of unknown malicious traffic and apparatus thereof | |
| CN115396167A (en) | Network information security protection method based on big data | |
| KR102377784B1 (en) | Network security system that provides security optimization function of internal network | |
| CN111711626A (en) | Method and system for monitoring network intrusion | |
| Sitorus et al. | Nunukan State Court's Computer Network Security Improvement Using Centralized Next-Generation Firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |