CN116827917A - Network communication method, device, equipment and storage medium - Google Patents

Network communication method, device, equipment and storage medium Download PDF

Info

Publication number
CN116827917A
CN116827917A CN202210277796.XA CN202210277796A CN116827917A CN 116827917 A CN116827917 A CN 116827917A CN 202210277796 A CN202210277796 A CN 202210277796A CN 116827917 A CN116827917 A CN 116827917A
Authority
CN
China
Prior art keywords
penetration
data
servers
network
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210277796.XA
Other languages
Chinese (zh)
Inventor
毛飞
高晓伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN202210277796.XA priority Critical patent/CN116827917A/en
Publication of CN116827917A publication Critical patent/CN116827917A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network communication method, a device, equipment and a storage medium, belonging to the technical field of Internet, wherein the method comprises the following steps: acquiring network penetration data sent by a client; selecting a plurality of target penetration servers from the penetration server cluster; generating a data transmission line according to the plurality of target penetration servers; and sending the network penetration data to a target site through the data transmission line. According to the invention, the network penetration data is forwarded for a plurality of times by the data transmission lines generated by the plurality of target penetration servers and then is sent to the target site, so that the network penetration data can be prevented from being identified and found in the communication process, the risk of data leakage is reduced, and the confidentiality of the data in the network communication process is improved.

Description

Network communication method, device, equipment and storage medium
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a network communication method, device, equipment, and storage medium.
Background
Under the global integrated large background, the Internet industry of China is developing at a high speed, and the development of the Internet industry is steadily shrinking the gap between the Internet and the Internet. Some industry enterprises and organizations actively develop international activities such as international text interchange and trade, and reasonable safety requirements exist, especially in education, scientific research, media, foreign trade, finance, civil aviation and other industries.
However, currently privately-held secure communications are mainly implemented through virtual private network (Virtual Private Network, VPN) technology. The core of the VPN technology is a network penetration technology, but the existing network penetration technology is easy to detect, interfere and block in use, thus the network security of related institutions and organizations is seriously threatened, and the potential problems that the effective supervision of the content cannot be achieved, the national encryption algorithm is not supported and the like exist, so that the business work faces pain points such as unreliable various network channels, difficult discovery of attack and the like.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a network communication method, a device, equipment and a storage medium, which aim to solve the technical problem of how to improve the confidentiality of data in the network communication process.
To achieve the above object, the present invention provides a network communication method including:
acquiring network penetration data sent by a client;
selecting a plurality of target penetration servers from the penetration server cluster;
generating a data transmission line according to the plurality of target penetration servers;
And sending the network penetration data to a target site through the data transmission line.
Optionally, the selecting a plurality of target pass-through servers from the pass-through server cluster includes:
acquiring a plurality of to-be-selected penetration servers corresponding to the client;
selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data;
and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
Optionally, the obtaining a plurality of to-be-selected penetration servers corresponding to the client includes:
acquiring a client identifier corresponding to the client;
searching a node to be selected connected with the client according to the client identifier;
and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
Optionally, the selecting an initial penetration server from a plurality of candidate penetration servers according to the network penetration data includes:
acquiring parameter information corresponding to the network penetration data;
determining a current flow threshold and a current time threshold according to the parameter information;
and selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
Optionally, the selecting, according to the initial penetrating server, a plurality of target penetrating servers from the penetrating server cluster includes:
acquiring an associated penetration server corresponding to the initial penetration server in the penetration server cluster;
a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
Optionally, the generating a data transmission line according to the plurality of target penetration servers includes:
determining a starting node according to an initial penetration server in the target penetration servers;
determining an intermediate node and a termination node according to an associated pass-through server in the target pass-through servers;
and generating a data transmission line according to the starting node, the intermediate node and the termination node.
Optionally, the generating a data transmission line according to the starting node, the intermediate node and the terminating node includes:
determining the node sequence among the intermediate nodes according to the association relation among the association penetration servers;
the intermediate nodes are connected in series according to the node sequence to obtain an intermediate line;
and generating a data transmission line according to the starting node, the ending node and the intermediate line.
Optionally, before the network penetration data is sent to the target site through the data transmission line, the method further includes:
acquiring conventional flow access data;
mixing the network penetration data with the conventional flow access data to obtain mixed data;
accordingly, the transmitting the network penetration data to the target site through the data transmission line includes:
and sending the network penetration data to a target site through the data transmission line according to the mixed data.
Optionally, the sending the network penetration data to a target site according to the mixed data through the data transmission line includes:
and sending the mixed data to an initial penetration server in the data transmission line, so that the initial penetration server identifies network penetration data in the mixed data, and sends the network penetration data to a target site after forwarding the network penetration data for a plurality of times according to the data transmission line.
Optionally, the acquiring network penetration data sent by the client includes:
acquiring network data sent by a client through a preset secure channel;
determining network penetration data and domain name data according to the network data;
And determining the target site according to the domain name data.
Optionally, the determining the target site according to the domain name data includes:
decrypting the domain name data to obtain domain name address information;
and determining the target site according to the domain name address information.
Optionally, before the network data sent by the client is obtained through the preset secure channel, the method further includes:
when handshake information sent by a client is received, a preset safety channel between the client and the client is established according to the handshake information.
Optionally, before the network data sent by the client is obtained through the preset secure channel, the method further includes:
acquiring an algorithm list sent by a client through a preset safety channel;
selecting a target encryption algorithm from the algorithm list, and acquiring a server certificate;
and sending the target encryption algorithm and the server certificate to the client so that the client determines a target encryption mode according to the target encryption algorithm and the server certificate and encrypts data to be transmitted according to the target encryption mode to obtain network data.
In addition, in order to achieve the above object, the present invention also proposes a network communication device including:
The data acquisition module is used for acquiring network penetration data sent by the client;
the target selection module is used for selecting a plurality of target penetration servers from the penetration server cluster;
a line generation module for generating a data transmission line according to the plurality of target penetration servers;
and the data transmission module is used for transmitting the network penetration data to a target site through the data transmission line.
Optionally, the target selection module is further configured to obtain a plurality of to-be-selected penetration servers corresponding to the client; selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data; and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
Optionally, the target selection module is further configured to obtain a client identifier corresponding to the client; searching a node to be selected connected with the client according to the client identifier; and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
Optionally, the target selection module is further configured to obtain parameter information corresponding to the network penetration data; determining a current flow threshold and a current time threshold according to the parameter information; and selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
Optionally, the target selection module is further configured to obtain an associated penetration server corresponding to the initial penetration server in the penetration server cluster; a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
In addition, to achieve the above object, the present invention also proposes a network communication device including: the network communication device comprises a memory, a processor and a network communication program stored on the memory and capable of running on the processor, wherein the network communication program realizes the network communication method when being executed by the processor.
In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon a network communication program which, when executed by a processor, implements the network communication method as described above.
In the network communication method provided by the invention, network penetration data sent by a client is obtained; selecting a plurality of target penetration servers from the penetration server cluster; generating a data transmission line according to the plurality of target penetration servers; and sending the network penetration data to a target site through the data transmission line. According to the invention, the network penetration data is forwarded for a plurality of times by the data transmission lines generated by the plurality of target penetration servers and then is sent to the target site, so that the network penetration data can be prevented from being identified and found in the communication process, the risk of data leakage is reduced, and the confidentiality of the data in the network communication process is improved.
Drawings
FIG. 1 is a schematic diagram of a network communication device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart of a first embodiment of the network communication method of the present invention;
FIG. 3 is a schematic diagram of a system function structure of an embodiment of a network communication method according to the present invention;
FIG. 4 is a flow chart of a second embodiment of the network communication method of the present invention;
FIG. 5 is a flow chart of a third embodiment of a network communication method according to the present invention;
fig. 6 is a schematic functional block diagram of a first embodiment of the network communication device according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic diagram of a network communication device in a hardware running environment according to an embodiment of the present invention.
As shown in fig. 1, the network communication device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as keys, and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., wi-Fi interface). The memory 1005 may be a high-speed random access memory (Random Access Memory, RAM) or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the device structure shown in fig. 1 is not limiting of the network communication device and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a network communication program may be included in the memory 1005 as one type of storage medium.
In the network communication device shown in fig. 1, the network interface 1004 is mainly used for connecting to an external network and performing data communication with other network devices; the user interface 1003 is mainly used for connecting user equipment and communicating data with the user equipment; the apparatus of the present invention calls the network communication program stored in the memory 1005 through the processor 1001 and executes the network communication method provided by the embodiment of the present invention.
Based on the above hardware structure, the embodiment of the network communication method of the invention is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of a network communication method according to the present invention.
In a first embodiment, the network communication method includes:
step S10, network penetration data sent by a client are obtained.
It should be noted that, the execution body of the embodiment may be a network communication device, and the network communication device may be a server with a data processing function, or may be other devices that may implement the same or similar functions, which is not limited in this embodiment, and in this embodiment, the description is given taking the network communication device as an example.
It should be noted that, in order to solve the problem that the existing network penetration technology is easy to be detected, interfered and blocked in use, and forms a serious threat to the network security of related institutions and organizations, and has the potential problems that effective supervision of contents cannot be achieved, a state encryption algorithm is not supported, and the like, the confidentiality of data in the network communication process is improved, and further the reliability of various network channels facing to business work is improved.
It should be noted that, the clients in this embodiment may include, but are not limited to, a PC client and a mobile client, where the PC client may be a client installed on a PC device, and the mobile client may be a client installed on a mobile device, and the embodiment is not limited thereto.
It will be appreciated that as shown in fig. 3, fig. 3 is a schematic diagram of the functional structure of the system. The scheme constructs a novel network layer communication system with detection prevention capability and anti-interference capability, and relates to the technologies of HTTPS flow hiding, P2P server cluster point-to-point network penetration, doH, domestic encryption algorithm, CDN flow hiding, man-in-the-middle attack defense, replay attack defense and the like. In fig. 3, a plurality of types of servers are involved to implement different functions, and in this embodiment, the servers may be integrated into one total server to perform total control, or different functions may be implemented by different servers, which is not limited in this embodiment.
Note that DoH (DNS over HTTPS) refers to running DNS using a secure HTTPS protocol, and is mainly aimed at enhancing security and privacy of users. By using an encrypted HTTPS connection, the third party will no longer affect or monitor the parsing process, and thus the intruder will not be able to view the requested URL and make changes thereto. If the DNS based on HTTPS is used, when data is lost in the transmission process, a Transmission Control Protocol (TCP) in the DoH can make a faster response, and a better data confidentiality effect can be achieved.
It should be noted that HTTPS traffic hiding refers to transmitting network penetration data through an HTTPS secure channel. The network penetration data is transmitted in an encrypted manner as the payload data of HTTPS, and even if a corresponding data packet is obtained through routing, the data packet can only be finally identified as HTTPS data, and the data content thereof cannot be identified, so that the conventional service data cannot be blocked. In addition, the default port of the HTTPS service is 443, which is a conventional TCP standard port, and the router cannot be plugged according to the port logic strategy, so that the interception of data in the transmission process can be avoided.
It should be noted that, the flow hiding can be realized by the P2P server cluster penetrating the network, and when the network penetrating service in the traditional sense stores and forwards the remote data, a large amount of resources in the application server are required to be occupied, including bandwidth resources, storage resources, operation resources and the like, and domain names or IP addresses of the servers are generally relatively fixed, so that the servers are relatively easy to identify and find. The communication mode penetrated by the point-to-point protocol network does not need to process the data, and each time of linking and transmitting the data is relatively random, so that the conventional safety line server is well protected.
It should be noted that, the solution can also use a content delivery network (Content Delivery Network, CDN) server to implement traffic hiding, and the interference system has a relatively sensitive monitoring mechanism for abnormal and large-scale traffic monitoring, and once the interference system is found, the interference system is easily plugged from a protocol or even an IP address. The CDN can be used for integrating network penetration traffic into conventional large-traffic and large-station access to achieve hiding.
It should be noted that, general network security penetration technology uses international algorithms such as RSA/DH/ECDSA/ECDH, but the scheme uses sm2, sm3 and sm4 for encryption, so that penetration security is improved and encryption and decryption efficiency is enhanced. Moreover, the confidentiality of network communication data can be further improved through domestic commercial passwords, the cryptographic algorithm is a core technology for guaranteeing information security, and when the system adopts corresponding cryptography technology, the commercial cryptographic technology (namely SM2/3/4 algorithm) in China can be used for replacing international algorithm (RSA/AES/SHA 256 and the like), so that the usability, the integrity, the controllability, the confidentiality and the undeniability are improved, and the embodiment is not limited to the above.
It should be understood that, in addition to the technologies involved in the system communication flow described above, the present solution may further provide a plurality of functional modules on the client to support various communication technologies, where the functional modules provided on the client may include, but are not limited to, a trusted certificate management module, a pass-through software implementation module, a pass-through configuration management module, a commercial password support module, a DoH client implementation module, and an IPv6 support module.
It should be noted that, the trusted certificate management module may be used for a built-in RSA/ECC certificate and an SM2 certificate, the pass-through software implementation module may be used for pass-through link implementation and pass-through anti-interference implementation, the pass-through configuration management module may be used for dynamic management of line links and static configuration management of lines, the commercial password support module may be used for OpenSSL and cryptographic algorithm implementation, the DoH client implementation module may be used for DoH implementation and DoH server management, and the IPv6 support module may be used for DNS configuration and IP configuration.
It should be understood that the server may obtain network data sent by the client through a preset secure channel, determine network penetration data and domain name data according to the network data, and determine the target site according to the domain name data. The target sites in this embodiment may include, but are not limited to, chat sites, video sites, search sites, and music sites, which is not limited in this embodiment.
It should be noted that, in this embodiment, the preset security channel may be an HTTPS security channel, or may be another security channel with the same or similar functions, which is not limited in this embodiment, and in this embodiment, an HTTPS security channel is taken as an example for illustration.
It can be understood that, in order to improve the security of data transmission, when the server receives the handshake information sent by the client, the server may perform authentication and communication negotiation according to the handshake information to establish an HTTPS secure channel between the server and the client.
It should be understood that, after determining the data to be transmitted that needs to be sent to the server, the client may encrypt the data to be transmitted to obtain network data, and then send the network data to the server through the HTTPS secure channel in order to improve the confidentiality of the data.
It can be appreciated that, in order to select a suitable encryption algorithm to encrypt the data, the client may first send an algorithm list to the server through the HTTPS secure channel, where the algorithm list may include all the encryption algorithms supported by the client, which is not limited in this embodiment. After the server obtains the algorithm list sent by the client through the HTTPS secure channel, multiple to-be-selected encryption algorithms supported by the client can be determined according to the algorithm list, one algorithm is selected from the to-be-selected encryption algorithms to serve as a target encryption algorithm, and meanwhile, the server can obtain a corresponding server certificate and send the target encryption algorithm and the server certificate to the client together. After receiving the target encryption algorithm and the server certificate sent by the server, the client can determine a proper target encryption mode according to the target encryption algorithm and the server certificate, and encrypt the data to be transmitted according to the target encryption mode so as to obtain the network data.
It should be noted that, in this embodiment, the domain name data may include, but is not limited to, doH data, and may be other data capable of implementing the same or similar functions, which is not limited in this embodiment, and in this embodiment, doH data is taken as an example.
It can be understood that after the server obtains the network data included in the request sent by the client, the server identifies the DoH data from the network data, and then can decrypt the DoH data to obtain domain name address information, so that a target site that the client wants to access can be determined according to the domain name address, and a target domain name or a target address corresponding to the target site can be determined according to the domain name address information, so that the target site can be accessed according to the target domain name or the target address.
In step S20, a plurality of target pass-through servers are selected from the pass-through server cluster.
It should be understood that, in order to avoid that data is identified and found in the network communication process, the present solution does not use a fixed server to send data, and does not use a single server to send data, but selects multiple target penetration servers from the penetration server cluster in real time each time network penetration data transmission is required, and forwards the network penetration data multiple times through the target penetration servers, and finally sends the network penetration data to the target site, so as to prevent the network penetration data from being tracked and crawled.
It should be noted that, in this embodiment, the number of penetrating servers included in the penetrating server cluster is not limited, and the number of target penetrating servers selected during each network penetrating data transmission is also not limited, and may be limited according to practical situations, for example, in order to achieve a better security effect, improve the security of data transmission, more target penetrating servers may be selected from the penetrating server cluster as much as possible, and the number of target penetrating servers may be increased, so that a better effect may be achieved.
Step S30, generating a data transmission line according to the plurality of target penetration servers.
It should be noted that, in this embodiment, the penetrating servers may be P2P servers, that is, peer-to-peer data transmission may be performed between the penetrating servers, and in order to adapt to a plurality of different scenarios, in this embodiment, fixed communication objects may be set in advance for the penetrating servers, or corresponding communication objects may be set for the penetrating servers in real time.
It should be understood that, since the order is required for transmission and forwarding of data, after determining the plurality of target penetration servers that need to be used for the communication, the communication order of the plurality of target penetration servers may be determined, and the target penetration servers may be arranged in the communication order, so as to generate a data transmission line corresponding to the communication.
And step S40, the network penetration data is sent to a target site through the data transmission line.
It can be understood that according to the above-determined data transmission line, the network penetration data can be forwarded between the plurality of penetration servers, and finally the network penetration data is sent to the corresponding target site, so as to achieve the purpose that the client accesses the target site.
It should be understood that, because network communication is an interactive process, the target station may also generate feedback data after performing data processing according to the network penetration data, and transmit the feedback data reversely according to the data transmission line, and after forwarding multiple times, finally send the feedback data to the client through the HTTPS secure channel, which is not limited in this embodiment.
It should be noted that, in the process of integrating the network penetration data into the access of the conventional large-traffic large-station by using the CDN to perform data hiding, the conventional traffic access data may also be obtained, where the conventional traffic access data refers to the access data of the conventional large-traffic large-station. And the network penetration data and the conventional flow access data are mixed to obtain mixed data, so that the network penetration data are hidden and are not easy to monitor, and the risk of data leakage is reduced.
It should be understood that, when data transmission is performed, the hybrid data generated in the above manner may be sent to an initial penetration server in the data transmission line, and the initial penetration server identifies network penetration data in the hybrid data, and forwards the network penetration data to the target site after multiple times of forwarding according to the data transmission line. Therefore, the peer-to-peer network penetration of the P2P server cluster and CDN traffic hiding can be combined, a better data confidentiality effect is achieved, and the data security in the network communication process is further improved.
In this embodiment, network penetration data sent by a client is obtained; selecting a plurality of target penetration servers from the penetration server cluster; generating a data transmission line according to the plurality of target penetration servers; and sending the network penetration data to a target site through the data transmission line. According to the scheme, the network penetration data is forwarded for a plurality of times through the data transmission lines generated by the plurality of target penetration servers and then sent to the target site, so that the network penetration data can be prevented from being identified and found in the communication process, the risk of data leakage is reduced, and the confidentiality of the data in the network communication process is improved.
In an embodiment, as shown in fig. 4, a second embodiment of the network communication method according to the present invention is proposed based on the first embodiment, and the step S20 includes:
step S201, obtaining a plurality of candidate penetration servers corresponding to the client.
It should be understood that, by hiding the traffic of the network penetrating data by the P2P penetrating server cluster, the problem that the conventional CDN traffic is hidden, easy to track and easy to block can be solved.
It should be noted that the P2P penetration technique of the present solution is based on the following points: 1. one client will connect to multiple P2P server nodes at the same time, rather than a single vps. 2. The client penetrates the data and switches the plurality of P2P server nodes according to a traffic threshold (5 MB) and a time threshold (5 seconds). 3. The client connects with different P2P server nodes, and may use different encryption algorithms, keys, disguised CDN domain names, similar to the network conditions of the real environment. 4. The data request is directly connected to the P2P server node through multi-hop forwarding instead of directly connecting to the target website, so that the purpose of penetration and difficult monitoring is achieved.
It will be appreciated that since not all pass-through servers in a pass-through server cluster have authority to communicate directly with clients, some pass-through servers may only be able to act as intermediate servers in the data forwarding process. Therefore, in order to achieve a better communication effect and avoid occurrence of communication failure, a plurality of to-be-selected penetration servers to which the client can be connected may be determined first, where the number of to-be-selected penetration servers is not limited in this embodiment.
It will be appreciated that to facilitate distinguishing and managing multiple clients, each client may be assigned a corresponding client identification, and nodes corresponding to pass-through servers may be assigned to the client identifications, respectively. Therefore, the client identifier corresponding to the client initiating the communication can be obtained, the node to be selected connected with the client is searched according to the client identifier, and then a plurality of penetration servers to be selected corresponding to the client are determined according to the corresponding relation between the node and the penetration servers.
Step S202, selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data.
It should be appreciated that an initial pass-through server may be selected from a plurality of pass-through servers to be selected as the pass-through server in the present communication that requires a direct connection with the client. The initial penetration server may be selected through parameter information corresponding to the network penetration data, or may be selected through other manners, which is not limited in this embodiment.
It can be understood that corresponding parameter thresholds may be set for each penetration server, in order to select a more suitable initial penetration server, parameter information corresponding to network penetration data may be obtained, a current flow threshold and a current time threshold are determined according to the parameter information, and then the initial penetration server is selected from a plurality of candidate penetration servers according to the current flow threshold and the current time threshold.
Step S203, selecting a plurality of target pass-through servers from the pass-through server cluster according to the initial pass-through server.
It should be understood that, since the servers in the pass-through server cluster are P2P servers, data transmission can be performed point-to-point, and thus, after the initial pass-through server is determined in the above manner, an associated pass-through server corresponding to the initial pass-through server in the pass-through server cluster can also be obtained. For example, assuming that the initial pass-through server is server a, server a performs data transmission point-to-point with server B, server B performs data transmission point-to-point with server C, and server C performs data transmission point-to-point with server D, server B, C, D may be regarded as the associated pass-through server corresponding to server a.
It will be appreciated that after the initial pass-through server and the associated pass-through server are determined in the manner described above, the initial pass-through server and the associated pass-through server may be targeted pass-through servers.
In this embodiment, a plurality of penetration servers to be selected corresponding to the client are obtained; selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data; and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server. Therefore, the initial penetration server can be selected from the penetration servers to be selected corresponding to the client, and then a plurality of target penetration servers are selected, so that the situation of communication faults can be avoided under the condition of realizing the effect of P2P flow hiding, and a better network communication effect can be achieved.
In an embodiment, as shown in fig. 5, a third embodiment of the network communication method according to the present invention is proposed based on the first embodiment or the second embodiment, and in this embodiment, the description is given based on the first embodiment, and the step S30 includes:
step S301, determining a start node according to an initial penetration server in the target penetration servers.
It should be noted that, in the process of performing P2P traffic hiding, the target penetration servers need to forward the network penetration data in sequence, so that the data forwarding sequence of each target penetration server needs to be determined to achieve a better data forwarding effect.
It will be appreciated that since the initial pass-through server may be directly connected to the client, the start node may be determined from the initial one of the target pass-through servers. Wherein each node may correspond to a pass-through server.
Step S302, determining an intermediate node and a termination node according to the associated pass-through server in the target pass-through servers.
It should be appreciated that the intermediate pass-through server and the terminating pass-through server may be determined according to an association relationship between the association pass-through servers, and further that the intermediate node is determined according to the intermediate pass-through server and the terminating node is determined according to the terminating pass-through server.
Step S303, generating a data transmission line according to the start node, the intermediate node, and the end node.
It will be appreciated that, since the order of the start node and the end node is fixed, the former is the forefront and the latter is the last, the node order between the intermediate nodes may also be determined according to the association relationship between the association penetration servers, and then the intermediate nodes may be connected in series according to the node order to obtain an intermediate line, and then the data transmission line may be generated according to the start node, the end node and the intermediate line.
It will be appreciated that after the intermediate line is determined, a start node may be added to the forefront of the intermediate line and a termination node may be added to the rearmost of the intermediate line, thereby generating a data transmission line, and causing network penetration data to be transmitted between the plurality of target penetration servers in accordance with the data transmission line.
In this embodiment, an initial node is determined according to an initial penetration server in the target penetration server, intermediate nodes and end nodes are determined according to an associated penetration server in the target penetration server, and a data transmission line is generated according to the initial node, the intermediate nodes and the end nodes, so that the data transmission line can be accurately and reasonably generated according to the target penetration server in the above manner, and further P2P traffic hiding is performed according to the data transmission line, and a better P2P traffic hiding effect can be achieved.
In addition, the embodiment of the invention also provides a storage medium, wherein the storage medium stores a network communication program, and the network communication program realizes the steps of the network communication method when being executed by a processor.
Because the storage medium adopts all the technical schemes of all the embodiments, the storage medium has at least all the beneficial effects brought by the technical schemes of the embodiments, and the description is omitted here.
In addition, referring to fig. 6, an embodiment of the present invention further proposes a network communication device, including:
the data acquisition module 10 is configured to acquire network penetration data sent by the client.
It should be noted that, in order to solve the problem that the existing network penetration technology is easy to be detected, interfered and blocked in use, and forms a serious threat to the network security of related institutions and organizations, and has the potential problems that effective supervision of contents cannot be achieved, a state encryption algorithm is not supported, and the like, the confidentiality of data in the network communication process is improved, and further the reliability of various network channels facing to business work is improved.
It should be noted that, the clients in this embodiment may include, but are not limited to, a PC client and a mobile client, where the PC client may be a client installed on a PC device, and the mobile client may be a client installed on a mobile device, and the embodiment is not limited thereto.
It will be appreciated that as shown in fig. 3, fig. 3 is a schematic diagram of the functional structure of the system. The scheme constructs a novel network layer communication system with detection prevention capability and anti-interference capability, and relates to the technologies of HTTPS flow hiding, P2P server cluster point-to-point network penetration, doH, domestic encryption algorithm, CDN flow hiding, man-in-the-middle attack defense, replay attack defense and the like. In fig. 3, a plurality of types of servers are involved to implement different functions, and in this embodiment, the servers may be integrated into one total server to perform total control, or different functions may be implemented by different servers, which is not limited in this embodiment.
Note that DoH (DNS over HTTPS) refers to running DNS using a secure HTTPS protocol, and is mainly aimed at enhancing security and privacy of users. By using an encrypted HTTPS connection, the third party will no longer affect or monitor the parsing process, and thus the intruder will not be able to view the requested URL and make changes thereto. If the DNS based on HTTPS is used, when data is lost in the transmission process, a Transmission Control Protocol (TCP) in the DoH can make a faster response, and a better data confidentiality effect can be achieved.
It should be noted that HTTPS traffic hiding refers to transmitting network penetration data through an HTTPS secure channel. The network penetration data is transmitted in an encrypted manner as the payload data of HTTPS, and even if a corresponding data packet is obtained through routing, the data packet can only be finally identified as HTTPS data, and the data content thereof cannot be identified, so that the conventional service data cannot be blocked. In addition, the default port of the HTTPS service is 443, which is a conventional TCP standard port, and the router cannot be plugged according to the port logic strategy, so that the interception of data in the transmission process can be avoided.
It should be noted that, the flow hiding can be realized by the P2P server cluster penetrating the network, and when the network penetrating service in the traditional sense stores and forwards the remote data, a large amount of resources in the application server are required to be occupied, including bandwidth resources, storage resources, operation resources and the like, and domain names or IP addresses of the servers are generally relatively fixed, so that the servers are relatively easy to identify and find. The communication mode penetrated by the point-to-point protocol network does not need to process the data, and each time of linking and transmitting the data is relatively random, so that the conventional safety line server is well protected.
It should be noted that, the solution can also use a content delivery network (Content Delivery Network, CDN) server to implement traffic hiding, and the interference system has a relatively sensitive monitoring mechanism for abnormal and large-scale traffic monitoring, and once the interference system is found, the interference system is easily plugged from a protocol or even an IP address. The CDN can be used for integrating network penetration traffic into conventional large-traffic and large-station access to achieve hiding.
It should be noted that, general network security penetration technology uses international algorithms such as RSA/DH/ECDSA/ECDH, but the scheme uses sm2, sm3 and sm4 for encryption, so that penetration security is improved and encryption and decryption efficiency is enhanced. Moreover, the confidentiality of network communication data can be further improved through domestic commercial passwords, the cryptographic algorithm is a core technology for guaranteeing information security, and when the system adopts corresponding cryptography technology, the commercial cryptographic technology (namely SM2/3/4 algorithm) in China can be used for replacing international algorithm (RSA/AES/SHA 256 and the like), so that the usability, the integrity, the controllability, the confidentiality and the undeniability are improved, and the embodiment is not limited to the above.
It should be understood that, in addition to the technologies involved in the system communication flow described above, the present solution may further provide a plurality of functional modules on the client to support various communication technologies, where the functional modules provided on the client may include, but are not limited to, a trusted certificate management module, a pass-through software implementation module, a pass-through configuration management module, a commercial password support module, a DoH client implementation module, and an IPv6 support module.
It should be noted that, the trusted certificate management module may be used for a built-in RSA/ECC certificate and an SM2 certificate, the pass-through software implementation module may be used for pass-through link implementation and pass-through anti-interference implementation, the pass-through configuration management module may be used for dynamic management of line links and static configuration management of lines, the commercial password support module may be used for OpenSSL and cryptographic algorithm implementation, the DoH client implementation module may be used for DoH implementation and DoH server management, and the IPv6 support module may be used for DNS configuration and IP configuration.
It should be understood that the server may obtain network data sent by the client through a preset secure channel, determine network penetration data and domain name data according to the network data, and determine the target site according to the domain name data. The target sites in this embodiment may include, but are not limited to, chat sites, video sites, search sites, and music sites, which is not limited in this embodiment.
It should be noted that, in this embodiment, the preset security channel may be an HTTPS security channel, or may be another security channel with the same or similar functions, which is not limited in this embodiment, and in this embodiment, an HTTPS security channel is taken as an example for illustration.
It can be understood that, in order to improve the security of data transmission, when the server receives the handshake information sent by the client, the server may perform authentication and communication negotiation according to the handshake information to establish an HTTPS secure channel between the server and the client.
It should be understood that, after determining the data to be transmitted that needs to be sent to the server, the client may encrypt the data to be transmitted to obtain network data, and then send the network data to the server through the HTTPS secure channel in order to improve the confidentiality of the data.
It can be appreciated that, in order to select a suitable encryption algorithm to encrypt the data, the client may first send an algorithm list to the server through the HTTPS secure channel, where the algorithm list may include all the encryption algorithms supported by the client, which is not limited in this embodiment. After the server obtains the algorithm list sent by the client through the HTTPS secure channel, multiple to-be-selected encryption algorithms supported by the client can be determined according to the algorithm list, one algorithm is selected from the to-be-selected encryption algorithms to serve as a target encryption algorithm, and meanwhile, the server can obtain a corresponding server certificate and send the target encryption algorithm and the server certificate to the client together. After receiving the target encryption algorithm and the server certificate sent by the server, the client can determine a proper target encryption mode according to the target encryption algorithm and the server certificate, and encrypt the data to be transmitted according to the target encryption mode so as to obtain the network data.
It should be noted that, in this embodiment, the domain name data may include, but is not limited to, doH data, and may be other data capable of implementing the same or similar functions, which is not limited in this embodiment, and in this embodiment, doH data is taken as an example.
It can be understood that after the server obtains the network data included in the request sent by the client, the server identifies the DoH data from the network data, and then can decrypt the DoH data to obtain domain name address information, so that a target site that the client wants to access can be determined according to the domain name address, and a target domain name or a target address corresponding to the target site can be determined according to the domain name address information, so that the target site can be accessed according to the target domain name or the target address.
The target selection module 20 is configured to select a plurality of target pass-through servers from the pass-through server cluster.
It should be understood that, in order to avoid that data is identified and found in the network communication process, the present solution does not use a fixed server to send data, and does not use a single server to send data, but selects multiple target penetration servers from the penetration server cluster in real time each time network penetration data transmission is required, and forwards the network penetration data multiple times through the target penetration servers, and finally sends the network penetration data to the target site, so as to prevent the network penetration data from being tracked and crawled.
It should be noted that, in this embodiment, the number of penetrating servers included in the penetrating server cluster is not limited, and the number of target penetrating servers selected during each network penetrating data transmission is also not limited, and may be limited according to practical situations, for example, in order to achieve a better security effect, improve the security of data transmission, more target penetrating servers may be selected from the penetrating server cluster as much as possible, and the number of target penetrating servers may be increased, so that a better effect may be achieved.
The line generation module 30 is configured to generate a data transmission line according to a plurality of target penetration servers.
It should be noted that, in this embodiment, the penetrating servers may be P2P servers, that is, peer-to-peer data transmission may be performed between the penetrating servers, and in order to adapt to a plurality of different scenarios, in this embodiment, fixed communication objects may be set in advance for the penetrating servers, or corresponding communication objects may be set for the penetrating servers in real time.
It should be understood that, since the order is required for transmission and forwarding of data, after determining the plurality of target penetration servers that need to be used for the communication, the communication order of the plurality of target penetration servers may be determined, and the target penetration servers may be arranged in the communication order, so as to generate a data transmission line corresponding to the communication.
And a data transmitting module 40, configured to transmit the network penetration data to a target site through the data transmission line.
It can be understood that according to the above-determined data transmission line, the network penetration data can be forwarded between the plurality of penetration servers, and finally the network penetration data is sent to the corresponding target site, so as to achieve the purpose that the client accesses the target site.
It should be understood that, because network communication is an interactive process, the target station may also generate feedback data after performing data processing according to the network penetration data, and transmit the feedback data reversely according to the data transmission line, and after forwarding multiple times, finally send the feedback data to the client through the HTTPS secure channel, which is not limited in this embodiment.
It should be noted that, in the process of integrating the network penetration data into the access of the conventional large-traffic large-station by using the CDN to perform data hiding, the conventional traffic access data may also be obtained, where the conventional traffic access data refers to the access data of the conventional large-traffic large-station. And the network penetration data and the conventional flow access data are mixed to obtain mixed data, so that the network penetration data are hidden and are not easy to monitor, and the risk of data leakage is reduced.
It should be understood that, when data transmission is performed, the hybrid data generated in the above manner may be sent to an initial penetration server in the data transmission line, and the initial penetration server identifies network penetration data in the hybrid data, and forwards the network penetration data to the target site after multiple times of forwarding according to the data transmission line. Therefore, the peer-to-peer network penetration of the P2P server cluster and CDN traffic hiding can be combined, a better data confidentiality effect is achieved, and the data security in the network communication process is further improved.
In this embodiment, network penetration data sent by a client is obtained; selecting a plurality of target penetration servers from the penetration server cluster; generating a data transmission line according to the plurality of target penetration servers; and sending the network penetration data to a target site through the data transmission line. According to the scheme, the network penetration data is forwarded for a plurality of times through the data transmission lines generated by the plurality of target penetration servers and then sent to the target site, so that the network penetration data can be prevented from being identified and found in the communication process, the risk of data leakage is reduced, and the confidentiality of the data in the network communication process is improved.
In an embodiment, the target selection module 20 is further configured to obtain a plurality of penetration servers to be selected corresponding to the client; selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data; and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
In an embodiment, the target selection module 20 is further configured to obtain a client identifier corresponding to the client; searching a node to be selected connected with the client according to the client identifier; and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
In an embodiment, the target selection module 20 is further configured to obtain parameter information corresponding to the network penetration data; determining a current flow threshold and a current time threshold according to the parameter information; and selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
In an embodiment, the target selection module 20 is further configured to obtain an associated penetration server corresponding to the initial penetration server in the penetration server cluster; a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
In an embodiment, the line generating module 30 is further configured to determine a start node according to an initial penetration server of the target penetration servers; determining an intermediate node and a termination node according to an associated pass-through server in the target pass-through servers; and generating a data transmission line according to the starting node, the intermediate node and the termination node.
In an embodiment, the line generating module 30 is further configured to determine a node order between the intermediate nodes according to the association relationship between the association penetration servers; the intermediate nodes are connected in series according to the node sequence to obtain an intermediate line; and generating a data transmission line according to the starting node, the ending node and the intermediate line.
In one embodiment, the data sending module 40 is further configured to obtain conventional traffic access data; mixing the network penetration data with the conventional flow access data to obtain mixed data; and sending the network penetration data to a target site through the data transmission line according to the mixed data.
In an embodiment, the data sending module 40 is further configured to send the hybrid data to an initial penetration server in the data transmission line, so that the initial penetration server identifies network penetration data in the hybrid data, and forwards the network penetration data to a target site after forwarding the network penetration data for multiple times according to the data transmission line.
In an embodiment, the data obtaining module 10 is further configured to obtain, through a preset secure channel, network data sent by the client; determining network penetration data and domain name data according to the network data; and determining the target site according to the domain name data.
In an embodiment, the data obtaining module 10 is further configured to decrypt the domain name data to obtain domain name address information; and determining the target site according to the domain name address information.
In an embodiment, the data acquisition module 10 is further configured to, when receiving handshake information sent by a client, establish a preset secure channel with the client according to the handshake information.
In an embodiment, the data obtaining module 10 is further configured to obtain an algorithm list sent by the client through a preset secure channel; selecting a target encryption algorithm from the algorithm list, and acquiring a server certificate; and sending the target encryption algorithm and the server certificate to the client so that the client determines a target encryption mode according to the target encryption algorithm and the server certificate and encrypts data to be transmitted according to the target encryption mode to obtain network data.
Other embodiments or specific implementation methods of the network communication device according to the present invention may refer to the above method embodiments, and are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in an estimator-readable storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a smart device (which may be a mobile phone, estimator, or network communication device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
The invention discloses A1, a network communication method, which comprises the following steps:
acquiring network penetration data sent by a client;
selecting a plurality of target penetration servers from the penetration server cluster;
generating a data transmission line according to the plurality of target penetration servers;
and sending the network penetration data to a target site through the data transmission line.
A2, the network communication method as set forth in A1, wherein the selecting a plurality of target pass-through servers from the pass-through server cluster includes:
acquiring a plurality of to-be-selected penetration servers corresponding to the client;
selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data;
and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
A3, the network communication method as described in A2, wherein the obtaining a plurality of penetration servers to be selected corresponding to the client comprises:
Acquiring a client identifier corresponding to the client;
searching a node to be selected connected with the client according to the client identifier;
and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
A4, the network communication method as set forth in A2, wherein the selecting an initial penetration server from a plurality of penetration servers according to the network penetration data includes:
acquiring parameter information corresponding to the network penetration data;
determining a current flow threshold and a current time threshold according to the parameter information;
and selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
A5, the network communication method as set forth in A2, wherein the selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server includes:
acquiring an associated penetration server corresponding to the initial penetration server in the penetration server cluster;
a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
A6, the network communication method according to any of A1 to A5, the generating a data transmission line according to a plurality of target penetration servers, comprising:
Determining a starting node according to an initial penetration server in the target penetration servers;
determining an intermediate node and a termination node according to an associated pass-through server in the target pass-through servers;
and generating a data transmission line according to the starting node, the intermediate node and the termination node.
A7. the network communication method as described in A6, wherein the generating a data transmission line according to the start node, the intermediate node, and the end node includes:
determining the node sequence among the intermediate nodes according to the association relation among the association penetration servers;
the intermediate nodes are connected in series according to the node sequence to obtain an intermediate line;
and generating a data transmission line according to the starting node, the ending node and the intermediate line.
A8, the network communication method according to any of A1 to A5, before the network penetration data is transmitted to the target site through the data transmission line, further comprising:
acquiring conventional flow access data;
mixing the network penetration data with the conventional flow access data to obtain mixed data;
accordingly, the transmitting the network penetration data to the target site through the data transmission line includes:
And sending the network penetration data to a target site through the data transmission line according to the mixed data.
A9, the network communication method according to A8, wherein the transmitting the network penetration data to the target site through the data transmission line according to the mixed data includes:
and sending the mixed data to an initial penetration server in the data transmission line, so that the initial penetration server identifies network penetration data in the mixed data, and sends the network penetration data to a target site after forwarding the network penetration data for a plurality of times according to the data transmission line.
A10. the network communication method according to any of A1 to A5, wherein the obtaining network penetration data sent by the client includes:
acquiring network data sent by a client through a preset secure channel;
determining network penetration data and domain name data according to the network data;
and determining the target site according to the domain name data.
A11, the network communication method as set forth in A10, wherein the determining the target site according to the domain name data includes:
decrypting the domain name data to obtain domain name address information;
and determining the target site according to the domain name address information.
A12, the network communication method as described in A10, before the network data sent by the client is obtained through the preset secure channel, further includes:
when handshake information sent by a client is received, a preset safety channel between the client and the client is established according to the handshake information.
A13, the network communication method as described in A10, before the network data sent by the client is obtained through the preset secure channel, further includes:
acquiring an algorithm list sent by a client through a preset safety channel;
selecting a target encryption algorithm from the algorithm list, and acquiring a server certificate;
and sending the target encryption algorithm and the server certificate to the client so that the client determines a target encryption mode according to the target encryption algorithm and the server certificate and encrypts data to be transmitted according to the target encryption mode to obtain network data.
The invention also discloses a B14, a network communication device, the network communication device includes:
the data acquisition module is used for acquiring network penetration data sent by the client;
the target selection module is used for selecting a plurality of target penetration servers from the penetration server cluster;
A line generation module for generating a data transmission line according to the plurality of target penetration servers;
and the data transmission module is used for transmitting the network penetration data to a target site through the data transmission line.
The network communication device as described in B15, the target selection module is further configured to obtain a plurality of penetration servers to be selected corresponding to the client; selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data; and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
The network communication device as described in B16, the target selection module is further configured to obtain a client identifier corresponding to the client; searching a node to be selected connected with the client according to the client identifier; and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
B17, the network communication device of B15, the said goal is chosen the module, is used for obtaining the correspondent parameter information of the said network penetration data yet; determining a current flow threshold and a current time threshold according to the parameter information; and selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
B18, the network communication device of B15, the goal selecting module is further configured to obtain an associated penetration server corresponding to the initial penetration server in the penetration server cluster; a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
The invention also discloses C19, a network communication device, the network communication device includes: the network communication device comprises a memory, a processor and a network communication program stored on the memory and capable of running on the processor, wherein the network communication program realizes the network communication method when being executed by the processor.
The invention also discloses D20, a storage medium, the storage medium stores a network communication program, and the network communication program realizes the network communication method when being executed by a processor.

Claims (10)

1. A network communication method, the network communication method comprising:
acquiring network penetration data sent by a client;
selecting a plurality of target penetration servers from the penetration server cluster;
generating a data transmission line according to the plurality of target penetration servers;
and sending the network penetration data to a target site through the data transmission line.
2. The network communication method of claim 1, wherein selecting a plurality of target pass-through servers from a cluster of pass-through servers comprises:
acquiring a plurality of to-be-selected penetration servers corresponding to the client;
selecting an initial penetration server from a plurality of penetration servers to be selected according to the network penetration data;
and selecting a plurality of target penetration servers from the penetration server cluster according to the initial penetration server.
3. The network communication method of claim 2, wherein the obtaining a plurality of penetration-candidate servers corresponding to the client comprises:
acquiring a client identifier corresponding to the client;
searching a node to be selected connected with the client according to the client identifier;
and determining a plurality of to-be-selected penetration servers corresponding to the client according to the to-be-selected nodes.
4. The network communication method of claim 2, wherein selecting an initial penetration server from a plurality of candidate penetration servers according to the network penetration data comprises:
acquiring parameter information corresponding to the network penetration data;
determining a current flow threshold and a current time threshold according to the parameter information;
And selecting an initial penetration server from a plurality of penetration servers to be selected according to the current flow threshold and the current time threshold.
5. The network communication method of claim 2, wherein the selecting a plurality of target pass-through servers from the pass-through server cluster according to the initial pass-through server comprises:
acquiring an associated penetration server corresponding to the initial penetration server in the penetration server cluster;
a plurality of target pass-through servers are determined from the initial pass-through server and the associated pass-through server.
6. The network communication method according to any one of claims 1 to 5, wherein the generating a data transmission line from a plurality of target penetration servers includes:
determining a starting node according to an initial penetration server in the target penetration servers;
determining an intermediate node and a termination node according to an associated pass-through server in the target pass-through servers;
and generating a data transmission line according to the starting node, the intermediate node and the termination node.
7. The network communication method of claim 6, wherein the generating a data transmission line from the originating node, the intermediate node, and the terminating node comprises:
Determining the node sequence among the intermediate nodes according to the association relation among the association penetration servers;
the intermediate nodes are connected in series according to the node sequence to obtain an intermediate line;
and generating a data transmission line according to the starting node, the ending node and the intermediate line.
8. A network communication device, the network communication device comprising:
the data acquisition module is used for acquiring network penetration data sent by the client;
the target selection module is used for selecting a plurality of target penetration servers from the penetration server cluster;
a line generation module for generating a data transmission line according to the plurality of target penetration servers;
and the data transmission module is used for transmitting the network penetration data to a target site through the data transmission line.
9. A network communication device, the network communication device comprising: a memory, a processor and a network communication program stored on the memory and executable on the processor, which when executed by the processor implements the network communication method according to any one of claims 1 to 7.
10. A storage medium having stored thereon a network communication program which, when executed by a processor, implements the network communication method according to any one of claims 1 to 7.
CN202210277796.XA 2022-03-21 2022-03-21 Network communication method, device, equipment and storage medium Pending CN116827917A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210277796.XA CN116827917A (en) 2022-03-21 2022-03-21 Network communication method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210277796.XA CN116827917A (en) 2022-03-21 2022-03-21 Network communication method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116827917A true CN116827917A (en) 2023-09-29

Family

ID=88111400

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210277796.XA Pending CN116827917A (en) 2022-03-21 2022-03-21 Network communication method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116827917A (en)

Similar Documents

Publication Publication Date Title
CN110870277B (en) Introducing middleboxes into secure communication between a client and a server
US8364772B1 (en) System, device and method for dynamically securing instant messages
US8533465B2 (en) System and method of encrypting network address for anonymity and preventing data exfiltration
Alicherry et al. Doublecheck: Multi-path verification against man-in-the-middle attacks
CN111428225A (en) Data interaction method and device, computer equipment and storage medium
WO2014092702A1 (en) Detecting matched cloud infrastructure connections for secure off-channel secret generation
CN110493367B (en) Address-free IPv6 non-public server, client and communication method
US9444807B2 (en) Secure non-geospatially derived device presence information
CN110191052B (en) Cross-protocol network transmission method and system
Lam et al. Securing SDN southbound and data plane communication with IBC
JP2017130923A (en) Method for fast secure and privacy-friendly internet connection detection in wireless network
CN114938312B (en) Data transmission method and device
CN110086806B (en) Scanning system for plant station equipment system bugs
Kaiser et al. Adding privacy to multicast DNS service discovery
US20160105407A1 (en) Information processing apparatus, terminal, information processing system, and information processing method
CN113973007A (en) Anonymous query method and system based on broadcast encryption and onion routing and adopting time-controlled encryption
CN105591748A (en) Authentication method and device
CN110832806A (en) ID-based data plane security for identity-oriented networks
Manivannan et al. A prevention model for session hijack attacks in wireless networks using strong and encrypted session ID
Hansen et al. DevCom: Device communities for user-friendly and trustworthy communication, sharing, and collaboration
CN116827917A (en) Network communication method, device, equipment and storage medium
KR20130003616A (en) Apparatus and method for generating session key and cluster key
Magnusson et al. A survey on attacks and defences on LoRaWAN gateways
CN114268499B (en) Data transmission method, device, system, equipment and storage medium
US20230239138A1 (en) Enhanced secure cryptographic communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination