CN117560230B - Network data transmission encryption type data transmission method - Google Patents
Network data transmission encryption type data transmission method Download PDFInfo
- Publication number
- CN117560230B CN117560230B CN202410042897.8A CN202410042897A CN117560230B CN 117560230 B CN117560230 B CN 117560230B CN 202410042897 A CN202410042897 A CN 202410042897A CN 117560230 B CN117560230 B CN 117560230B
- Authority
- CN
- China
- Prior art keywords
- transmission line
- transmission
- line
- special
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 549
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000012216 screening Methods 0.000 claims description 12
- 238000012546 transfer Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000007123 defense Effects 0.000 claims description 6
- 230000006798 recombination Effects 0.000 claims description 6
- 238000005215 recombination Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 abstract description 10
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Abstract
The application discloses a transmission method of network data transmission encryption type data, which relates to the technical field of data security transmission, and comprises the following steps: acquiring a data transmission line of a target network; performing historical transmission identification to obtain an encrypted data transmission index; judging to obtain a special transmission line; carrying out safety configuration on a special transmission line; acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to a special transmission line, and acquiring a transmission starting address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line; performing coincidence matching from a special transmission line according to a transmission starting address and a transmission target address to obtain a first switching transmission line; the first encrypted data is transmitted using the first switched transmission line. Thereby achieving the technical effects of improving the transmission demand adaptability and the transmission safety and improving the resource utilization rate.
Description
Technical Field
The invention relates to the technical field of data security transmission, in particular to a transmission method for network data transmission encryption type data.
Background
In network communications, security of data is critical. The conventional way is to encrypt the data using an encryption algorithm, ensuring that it is not easily stolen or tampered with during transmission. If a vulnerability exists in a transit node of a transmission line, the transit node may become a potential attack point, and in order to improve the security of network transmission, it is generally required to comprehensively upgrade each node, including hardware and software, so that the technical problems of low transmission demand adaptability and resource waste exist.
Disclosure of Invention
The purpose of the application is to provide a transmission method for network data transmission encryption type data. The method is used for solving the technical problems of low transmission requirement adaptability and resource waste in the prior art.
In view of the above technical problems, the present application provides a transmission method for transmitting encrypted data by network data.
In a first aspect, the present application provides a method for transmitting encrypted data in network data, where the method includes:
acquiring a data transmission line of a target network;
carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information;
judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index;
performing security configuration on the special transmission line to obtain a configured special transmission line;
acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquiring a transmission start address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
performing overlap ratio matching from the special transmission line according to the transmission starting address and the transmission target address to obtain a first switching transmission line;
and transmitting the first encrypted data by using the first switching transmission line.
In a second aspect, the present application further provides a transmission system for transmitting encrypted data through network data, where the system includes:
the line analysis module is used for acquiring a data transmission line of the target network;
the transmission identification module is used for carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information;
the special line acquisition module is used for judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index;
the safety configuration module is used for carrying out safety configuration on the special transmission line to obtain a configured special transmission line;
the data judging module is used for acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquiring a transmission starting address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
the coincidence matching module is used for carrying out coincidence matching from the special transmission line according to the transmission starting address and the transmission target address to obtain a first switching transmission line;
and the encryption transmission module is used for transmitting the first encryption type data by utilizing the first switching transmission line.
One or more technical solutions provided in the present application have at least the following technical effects or advantages:
acquiring a data transmission line of a target network; carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information; judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index; performing safety configuration on the special transmission line to obtain a configured special transmission line; acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to a special transmission line, and acquiring a transmission starting address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line; performing coincidence matching from a special transmission line according to a transmission starting address and a transmission target address to obtain a first switching transmission line; the first encrypted data is transmitted using the first switched transmission line. Thereby achieving the technical effects of improving the transmission demand adaptability and the transmission safety and improving the resource utilization rate.
The foregoing description is merely an overview of the technical solutions of the present application, and may be implemented according to the content of the specification, so that the technical means of the present application can be more clearly explained, and the following specific embodiments of the present application are given for more understanding of the above and other objects, features and advantages of the present application.
Drawings
Embodiments of the invention and the following brief description are described with reference to the drawings, in which:
fig. 1 is a flow chart of a transmission method for transmitting encrypted data by network data;
fig. 2 is a schematic flow chart of performing overlap ratio matching from the special transmission line in the transmission method of network data transmission encrypted data;
fig. 3 is a schematic structural diagram of a transmission system for transmitting encrypted data through network data.
Reference numerals illustrate: the system comprises a line analysis module 11, a transmission identification module 12, a special line acquisition module 13, a security configuration module 14, a data discrimination module 15, a coincidence matching module 16 and an encryption transmission module 17.
Detailed Description
The transmission method for transmitting encrypted data through network data solves the technical problems of low transmission requirement adaptability and resource waste in the prior art.
In order to solve the above problems, the technical embodiment adopts the following overall concept:
obtaining a data transmission line of a target network; acquiring an encryption type data transmission index carrying encryption information by carrying out history transmission identification on a data transmission line; evaluating according to the encrypted data transmission index, and determining a special transmission line, wherein the special transmission line refers to a transmission line with a transmission index larger than a preset transmission index; performing safety configuration on the special transmission line to form a configured special transmission line; extracting first encrypted data to be transmitted, checking whether a current data transmission line of the first encrypted data belongs to a special transmission line, and if not, acquiring a transmission starting address and a transmission target address of the first encrypted data; the first switching transmission line is obtained by matching with a transmission start address and a transmission target address of a special transmission line; the first encrypted data is transmitted using the first switched transmission line. Thereby achieving the technical effects of improving the transmission demand adaptability and the transmission safety and improving the resource utilization rate.
In order to better understand the foregoing technical solutions, the following detailed description will be given with reference to the accompanying drawings and specific embodiments, and it should be noted that the described embodiments are only some examples of the present application, and not all examples of the present application, and it should be understood that the present application is not limited by the example embodiments described herein. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention. It should be further noted that, for convenience of description, only some, but not all of the drawings related to the present invention are shown.
Example 1
As shown in fig. 1, the present application provides a transmission method for transmitting encrypted data by using network data, where the method includes:
acquiring a data transmission line of a target network;
optionally, acquiring the data transmission route of the target network is a process of acquiring the network architecture or the network topology of the target network. The acquisition of the data transmission line of the target network is reflected as a network topology diagram by analyzing the network topology structure of the target network, and illustratively includes a connection manner between nodes (devices, servers, routers, etc.) of the target network and the nodes.
Optionally, network scan tools and analysis software are used to identify key elements such as devices, servers and routers in the target network. Data packets transmitted in the network are intercepted and analyzed using a data packet capture tool, such as Wireshark et al. This helps to get a deep understanding of the actual data transmission process and to get a data transmission route.
Optionally, compliance with applicable rules and compliance requirements is ensured prior to any form of data transmission line acquisition. Including privacy security, data protection, and other relevant regulations. Ensuring a reasonable and compliant behavior of the acquired data. In addition, when the data transmission line is acquired, the method further comprises the step of safety access based on authority management and identity verification, so that only authorized users or objects can access specific network resources. Where rights management is implemented by assigning appropriate rights to each user or system. Including role-based access control (RBAC) or other rights models. Meanwhile, identity verification is performed by using a user name and a password, two-factor identity verification, biological feature recognition and other modes. And further, the security of the data in the transmission process is ensured by utilizing the technologies of encryption communication, virtual Private Network (VPN), network isolation and the like, so that only legal users can obtain the access right.
Carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information;
optionally, historical data transmission data are acquired, historical transmission identification is performed on the data transmission line, and an encrypted data transmission value carrying encrypted information is generated based on a principle of a statistical analysis method. The historical data transmission data comprise network traffic records, data packets and the like. By checking information such as communication protocol, port number, source and destination addresses, etc., historical data transmission modes are identified and recorded, and data transmission lines possibly containing encryption information are screened out according to the result of historical transmission identification.
Optionally, the data transmission line identified as encrypted is further analyzed to extract characteristics of the encrypted information and generate an encrypted data transmission index. The characteristics of the encryption information comprise traffic mode, traffic size, traffic change period, encryption algorithm, encryption key management and the like. Specifically, an encrypted data transmission index is generated based on the characteristics of the encrypted information. The encrypted data transmission indexes comprise encrypted data transmission traffic, traffic encryption rate, encryption algorithm distribution, encryption security level and the like. Through the steps, data support is provided for the subsequent analysis of the data transmission line based on the encrypted data transmission index.
Judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index;
optionally, the special transmission line refers to a transmission line with a transmission index value greater than a preset transmission index value. Illustratively, the preset transmission index is set before the judgment is made. The predetermined transmission index is a threshold or set of thresholds, determined based on previous experience, security policies, or other relevant factors. And then, identifying the special transmission line by comparing the encryption type data transmission index of each transmission line with the preset transmission index, including comparing the indexes such as encryption rate, the strength of the used encryption algorithm and the like, namely, identifying the line of which the transmission index is larger than the preset transmission index.
Performing security configuration on the special transmission line to obtain a configured special transmission line;
further, the step of performing security configuration on the special transmission line to obtain a configured special transmission line includes:
carrying out security configuration on the special transmission line, wherein the security configuration comprises a plurality of security configuration parameters, and the plurality of security configuration parameters comprise attack defense parameters, security protection parameters, signal anti-interference parameters and network stability parameters;
and carrying out line safety configuration on the special transmission line according to the plurality of safety configuration parameters.
Optionally, the security configuration is implemented by setting or adjusting security configuration parameters of a specific transmission line in the multiple target networks. The security configuration can be selectively performed on part of nodes in the special line, such as key nodes, connected external network nodes, and the like.
Optionally, the security configuration parameters include a plurality of attack defense parameters, security protection parameters, signal interference rejection parameters, and network stability parameters. Wherein, the attack defense parameter configuration comprises the configuration of firewall rules, an Intrusion Detection System (IDS), an Intrusion Prevention System (IPS) and the like so as to prevent and detect network attacks; setting an Access Control List (ACL) to limit unnecessary traffic on a particular transmission line; anti-virus software and other security patches are updated and managed in time. The safety protection parameter configuration comprises the following steps: end-to-end encryption is carried out on the data by using an encryption protocol (such as TLS/SSL), so that confidentiality of the data in the transmission process is ensured; configuring Secure Socket Layer (SSL) parameters including encryption algorithm, key length and the like; access rights are set to ensure that only authorized users or systems can access the particular transmission line. The signal anti-interference parameter configuration comprises the following steps: configuring signal anti-interference parameters of network equipment to reduce the influence of interference and noise on a special transmission line; and using quality service (QoS) configuration to ensure the preferential transmission of key data and improve the quality of network service. The network stability parameter configuration includes: configuring stability parameters of routers, switches and other network devices on a special transmission line; setting redundant paths, load balancing and a fault transfer mechanism, and ensuring high availability of a network; network congestion and performance degradation are prevented using flow control and congestion management techniques.
Optionally, the security configuration of the special transmission line is recorded and archived, a security configuration log is generated, and the security configuration of the special transmission line is periodically evaluated to ensure that the security configuration still meets the latest security standard. And meanwhile, network events and anomalies are convenient to audit and analyze. In addition, the security configuration is updated in time to accommodate new threats and vulnerabilities.
By comprehensively configuring attack defense parameters, security protection parameters, signal anti-interference parameters and network stability parameters, the security and stability of the special transmission line are improved so as to meet the high encryption requirement, and the normal and safe operation of the network is ensured.
Acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquiring a transmission start address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
optionally, the first encrypted data is encrypted data at the top of the data transmission sequence, where the data transmission sequence is a data transmission task list generated by sorting based on factors such as importance and security level of data, and the encrypted data at the top of the list has higher priority.
Optionally, when the first encrypted data does not belong to a special transmission line, a transmission start address and a transmission destination address of the encrypted data are obtained. The transmission start address and the transmission destination address are physical addresses or logical addresses in the destination network, and the transmission route planning of the first encrypted data is performed based on the transmission start address and the transmission destination address.
Further, before determining whether the current data transmission line of the first encrypted data belongs to the special transmission line, the steps include:
acquiring the encryption grade of the first encrypted data;
if the encryption grade of the first encryption type data is greater than or equal to a preset encryption grade, judging whether the current data transmission line of the first encryption type data belongs to the special transmission line, and if the current data transmission line of the first encryption type data belongs to the special transmission line, transmitting the first encryption type data by the current data transmission line of the first encryption type data.
Optionally, the first encrypted data has an encryption grade mark, the encrypted data with different encryption grades is transmitted through different transmission lines, and the transmission line switching is considered for the encrypted data with higher encryption grade, and the data transmission is performed through a special transmission line, so that the security of the transmission process meets the security requirement of the encrypted data. Illustratively, the encryption level is determined based on a preset encryption level, and if the encryption level of the first encryption type data is greater than or equal to the preset encryption level, the first encryption type data is considered to be switched to a special transmission route for transmission. And then judging whether the current data transmission line of the first encrypted data is a special transmission line, and if so, directly taking the line as a transmission line to carry out data transmission.
And judging the special transmission line on the premise of ensuring that the encryption level meets a certain standard. This increases the sensitivity to the particular transmission line and ensures that appropriate security measures are taken when transmitting sensitive data.
Performing overlap ratio matching from the special transmission line according to the transmission starting address and the transmission target address to obtain a first switching transmission line;
optionally, when the encryption level of the first encrypted data is greater than or equal to a preset encryption level and the current transmission route of the encrypted data does not belong to a special transmission route, based on the transmission start address and the transmission target address, overlap matching is performed in the special transmission route, so as to obtain a first switching transmission route, and complete switching of the transmission route. And further, the data transmission safety is improved.
Further, as shown in fig. 2, the step of performing overlap matching from the special transmission line according to the transmission start address and the transmission destination address includes:
acquiring a router transit node corresponding to the first encrypted data according to the transmission starting address and the transmission target address;
respectively acquiring router transit nodes corresponding to all lines in the special transmission line;
performing coincidence matching based on the router transit node corresponding to the first encrypted data and the router transit node corresponding to each line, and obtaining the line coincidence based on the corresponding lines;
and obtaining a first switching transmission line according to the line overlapping ratio corresponding to each line, wherein the first switching transmission line is obtained by the transmission line with the highest line overlapping ratio.
Optionally, based on the historical data transmission record, screening the homologous data transmission record based on the transmission starting address and the transmission target address, and then, extracting nodes from the homologous data transmission record obtained by screening to obtain the node in the router. The obtained transit nodes in the router are provided with node frequency marks and node duty ratio marks, the node frequency marks reflect the occurrence times of the nodes in the homologous data transmission records, and the node duty ratio marks reflect the occurrence frequencies of the nodes in the homologous data transmission records. Illustratively, the node duty cycle is obtained based on the following formula:
wherein n is i Refers to the frequency of the transmission record occurring at the existence node i; n refers to the total number of transmission records included in the homologous data transmission record.
Alternatively, the path from the transmission start address to the transmission destination address is determined by querying a routing table on the router. The routing table contains information about where the data packet should be sent. And further, the technical effect of respectively acquiring the transit nodes of the router corresponding to each line in the special transmission line is achieved.
Optionally, traversing special transmission lines to respectively obtain node information in the router corresponding to each line. The transit node information includes the number and order of routers each particular transmission line experiences.
Specifically, the line contact ratio corresponding to each line is obtained, and an appropriate algorithm (for example, calculating the distance or the matching degree between the nodes) is used, so that the contact ratio of the node in the router corresponding to each line and the node corresponding to the first encryption type data is obtained according to the contact ratio matching result. The coincidence degree value represents the similarity degree of each line in the special transmission line and the corresponding line of the first encryption type data, and provides an intuitive quantized expression path.
Optionally, according to the line overlap ratio corresponding to each line, a special transmission line with the highest overlap ratio is selected as the first switching transmission line. The highest overlap ratio means that the special transmission line is most similar to the original transmission line of the first encrypted data in terms of the transit node of the router, so that the node adjustment required to be performed is minimum, and the method has the technical effects of high node switching resource utilization rate and low influence degree on other transmission lines or nodes. In addition, the node-by-node matching screening based on the coincidence degree has the effects of high screening quality and accurate screening result.
Further, according to the line overlap ratio corresponding to each line, a first switching transmission line is obtained, and the steps further include:
screening an identification transmission line by identifying a transmission target address corresponding to each line, wherein the identification transmission line is the same as the transmission target address of the first encrypted data;
and judging according to the line overlapping ratio of the identification transmission line to obtain the first switching transmission line.
Alternatively, first, a special transmission line is performed based on the transmission destination address corresponding to each line, and the special transmission line whose transmission destination address is the same as the transmission destination address of the first encrypted data is stored as the identification transmission line. The screening of the transmission target address is realized by comparing hardware ID, IP or node identification. Then, aiming at the identification transmission line, the corresponding line contact ratio is obtained based on the contact ratio calculation principle. And then judging according to the line overlapping ratio, and selecting the transmission line with the highest line overlapping ratio as the first switching transmission line.
The steps are based on the screening of the transmission target address and the coincidence ratio step by step, so that the screening efficiency is improved, and the timeliness of the acquisition of the first switching transmission line is ensured.
Further, according to the line overlap ratio corresponding to each line, a first switching transmission line is obtained, and the steps further include:
acquiring a first special transmission line according to the line overlapping ratio corresponding to each line;
acquiring a router reunion node between the first special transmission line and the first encrypted data transmission line;
carrying out security risk identification on a line between a transmission starting address of the first encrypted data and the router recombination node to obtain a first risk index;
and obtaining a first switching transmission line according to the first risk index.
Optionally, a path from the transmission start address of the first encrypted data to the special transmission line is a path from the transmission start address of the first encrypted data to the router node in the special transmission line. In order to ensure the data transmission safety of the section of path, carrying out safety risk identification on a line between a transmission start address of the first encrypted data and the router recombination node, and generating a first switching transmission line based on a risk identification result.
Optionally, the first M router reclosing nodes closest to the transmission start address of the first encrypted data among the plurality of router reclosing nodes are selected, and corresponding transmission paths are respectively generated. The judgment of the distance between the nodes involves the dimensions of physical distance, logical distance, ping test and the like. Illustratively, in a hierarchy of routers or switches, the logical distance between two nodes is calculated using routing table information. The logical distance is the number of hops (the number of intermediate nodes between routers) in the network topology.
Optionally, security risk identification is performed on the line between the transmission start address of the first encrypted data and the router reuse node. Using network security tools or services, potential security risks such as man-in-the-middle attacks, data tampering, etc. are detected. Exemplary include Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), network traffic analysis tools, network Security Information and Event Management (SIEM) systems, and the like.
Further, according to the first risk indicator, a first switching transmission line is obtained, and the steps further include:
when the first risk index is smaller than a preset risk index, acquiring a transfer switching instruction;
obtaining a first section of transmission line and a second section of transmission line according to the transfer switching instruction, wherein the first section of transmission line is a line of a transmission starting address of the first encrypted data and a re-combination node of the router, and the second section of transmission line is a line of a transmission target address of the re-combination node of the router and the first special transmission line;
and obtaining a first switching transmission line according to the first section transmission line and the second section transmission line.
Optionally, if the first risk indicator is smaller than the preset risk indicator, it indicates that the line risk between the transmission start address of the first encrypted data and the router reclosing node is low or meets the transmission requirement and the security protection level of the first encrypted data, and the data transmission can be directly performed through the first section of transmission line. The first switching transmission line consists of a first section of transmission line and a second section of transmission line, wherein a target node of the first section of transmission line is a starting node of the second section of transmission line, and the routes at two ends are connected end to end. The first encryption type data is transmitted to the selected router recombination node from the transmission start address through the first section of transmission line, and then the first encryption type data is transmitted to the transmission target address from the router recombination node through the special route.
Further, according to the first risk indicator, a first switching transmission line is obtained, and the steps further include:
when the first risk index is greater than or equal to a preset risk index, the first special transmission line is used as the first switching transmission line to be output;
the first switching transmission line is used for transmitting the first encrypted data, and the first switching transmission line is used for transmitting the first encrypted data according to the first encrypted data.
Optionally, if the first risk indicator is greater than or equal to the preset risk indicator, which indicates that there is a higher risk in transmitting the first encrypted data through the first section of transmission line, the first special transmission line is selected as a new transmission line, and the new transmission line is directly sent to the special line for data transmission.
Optionally, the first encrypted data is sent to a transmission start address of a first special transmission line, including bypass-based data transmission, and foreign network or path-based data transmission.
And transmitting the first encrypted data by using the first switching transmission line.
The first switching transmission line is generated through the steps, and the first encryption type data is transmitted based on the first switching transmission line, so that the effect of establishing the line according to the use condition is realized, the resource utilization rate is high in the mode, the transfer uncertainty of the transmission line is high, malicious attacks can be avoided, and the transmission safety is further improved.
In summary, the transmission method for transmitting encrypted data by using network data provided by the invention has the following technical effects:
acquiring a data transmission line of a target network; carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information; judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index; performing safety configuration on the special transmission line to obtain a configured special transmission line; acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to a special transmission line, and acquiring a transmission starting address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line; performing coincidence matching from a special transmission line according to a transmission starting address and a transmission target address to obtain a first switching transmission line; the first encrypted data is transmitted using the first switched transmission line. Thereby achieving the technical effects of improving the transmission demand adaptability and the transmission safety and improving the resource utilization rate.
Example two
Based on the same concept as the transmission method of the encrypted data for network data transmission in the embodiment, as shown in fig. 3, the present application further provides a transmission system of the encrypted data for network data transmission, the system comprising:
a line analysis module 11, configured to acquire a data transmission line of a target network;
a transmission identification module 12, configured to perform historical transmission identification according to the data transmission line, so as to obtain an encrypted data transmission indicator carrying encrypted information;
a special line acquisition module 13, configured to determine according to the encrypted data transmission index, to obtain a special transmission line, where the special transmission line is a transmission line with a transmission index greater than a preset transmission index;
a security configuration module 14, configured to perform security configuration on the special transmission line, to obtain a configured special transmission line;
a data discriminating module 15, configured to acquire first encrypted data to be transmitted, determine whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquire a transmission start address and a transmission destination address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
a coincidence matching module 16, configured to perform coincidence matching from the special transmission line according to the transmission start address and the transmission destination address, so as to obtain a first switched transmission line;
and an encryption transmission module 17, configured to transmit the first encrypted data using the first switching transmission line.
Further, the contact matching module 16 further includes:
a node obtaining unit, configured to obtain a router transit node corresponding to the first encrypted data according to the transmission start address and the transmission destination address;
the special node acquisition unit is used for respectively acquiring router transit nodes corresponding to all the lines in the special transmission line;
the coincidence matching unit is used for carrying out coincidence matching on the basis of the router transit node corresponding to the first encryption type data and the router transit node corresponding to each line, and obtaining the line coincidence degree corresponding to each line;
and the switching route unit is used for obtaining a first switching transmission route according to the line overlapping ratio corresponding to each route, wherein the first switching transmission route is obtained by the transmission route with the highest line overlapping ratio.
Further, the switching route unit further includes:
a target screening unit, configured to screen an identification transmission line by identifying a transmission target address corresponding to each line, where the identification transmission line is a transmission line that is the same as the transmission target address of the first encrypted data;
and the coincidence screening unit is used for judging according to the line coincidence of the identification transmission line to obtain the first switching transmission line.
Further, the switching route unit further includes:
a first special transmission line acquisition unit, configured to acquire a first special transmission line according to a line overlap ratio corresponding to each line;
a router overlap node acquisition unit configured to acquire a router overlap node between the first special transmission line and the first encrypted data transmission line;
the security risk identification unit is used for carrying out security risk identification on the line between the transmission starting address of the first encrypted data and the router recombination node to obtain a first risk index;
and the switching transmission unit is used for obtaining a first switching transmission line according to the first risk index.
Further, the switching transmission unit is further configured to:
when the first risk index is smaller than a preset risk index, acquiring a transfer switching instruction;
obtaining a first section of transmission line and a second section of transmission line according to the transfer switching instruction, wherein the first section of transmission line is a line of a transmission starting address of the first encrypted data and a re-combination node of the router, and the second section of transmission line is a line of a transmission target address of the re-combination node of the router and the first special transmission line;
and obtaining a first switching transmission line according to the first section transmission line and the second section transmission line.
Further, the switching transmission unit is further configured to:
when the first risk index is greater than or equal to a preset risk index, the first special transmission line is used as the first switching transmission line to be output;
the first switching transmission line is used for transmitting the first encrypted data, and the first switching transmission line is used for transmitting the first encrypted data according to the first encrypted data.
Further, the security configuration module 14 further includes:
the parameter configuration unit is used for carrying out security configuration on the special transmission line, wherein the security configuration comprises a plurality of security configuration parameters, and the plurality of security configuration parameters comprise attack defense parameters, security protection parameters, signal anti-interference parameters and network stability parameters;
and the line safety configuration unit is used for carrying out line safety configuration on the special transmission line according to the plurality of safety configuration parameters.
Further, the data discrimination module 15 further includes:
an encryption level acquisition unit configured to acquire an encryption level of the first encryption type data;
and the switching judging unit is used for judging whether the current data transmission line of the first encryption type data belongs to the special transmission line or not if the encryption grade of the first encryption type data is larger than or equal to a preset encryption grade, and transmitting the first encryption type data by the current data transmission line of the first encryption type data if the current data transmission line of the first encryption type data belongs to the special transmission line.
It should be understood that the embodiments mentioned in this specification focus on differences from other embodiments, and the specific embodiment in the first embodiment is equally applicable to a network data transmission encrypted data transmission system described in the second embodiment, which is not further developed herein for brevity of description.
It should be understood that the embodiments disclosed herein and the foregoing description may enable one skilled in the art to utilize the present application. While the present application is not limited to the above-mentioned embodiments, obvious modifications, combinations, and substitutions of the embodiments mentioned in the present application are also included in the scope of protection of the present application.
Claims (9)
1. A transmission method for transmitting encrypted data by network data, the method comprising:
acquiring a data transmission line of a target network;
carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information;
judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index;
performing security configuration on the special transmission line to obtain a configured special transmission line;
acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquiring a transmission start address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
performing overlap ratio matching from the special transmission line according to the transmission starting address and the transmission target address to obtain a first switching transmission line;
and transmitting the first encrypted data by using the first switching transmission line.
2. The method of claim 1, wherein the coincidence matching is performed from the special transmission line based on the transmission start address and the transmission destination address, the method comprising:
acquiring a router transit node corresponding to the first encrypted data according to the transmission starting address and the transmission target address;
respectively acquiring router transit nodes corresponding to all lines in the special transmission line;
performing coincidence matching based on the router transit node corresponding to the first encrypted data and the router transit node corresponding to each line, and obtaining the line coincidence based on the corresponding lines;
and obtaining a first switching transmission line according to the line overlapping ratio corresponding to each line, wherein the first switching transmission line is obtained by the transmission line with the highest line overlapping ratio.
3. The method of claim 2, wherein the first switched transmission line is obtained according to the line overlap ratio corresponding to each line, the method further comprising:
screening an identification transmission line by identifying a transmission target address corresponding to each line, wherein the identification transmission line is the same as the transmission target address of the first encrypted data;
and judging according to the line overlapping ratio of the identification transmission line to obtain the first switching transmission line.
4. The method of claim 2, wherein the first switched transmission line is obtained according to the line overlap ratio corresponding to each line, the method further comprising:
acquiring a first special transmission line according to the line overlapping ratio corresponding to each line;
acquiring a router reunion node between the first special transmission line and the first encrypted data transmission line;
carrying out security risk identification on a line between a transmission starting address of the first encrypted data and the router recombination node to obtain a first risk index;
and obtaining a first switching transmission line according to the first risk index.
5. The method of claim 4, wherein the first switched transmission line is derived based on the first risk indicator, the method comprising:
when the first risk index is smaller than a preset risk index, acquiring a transfer switching instruction;
obtaining a first section of transmission line and a second section of transmission line according to the transfer switching instruction, wherein the first section of transmission line is a line of a transmission starting address of the first encrypted data and a re-combination node of the router, and the second section of transmission line is a line of a transmission target address of the re-combination node of the router and the first special transmission line;
and obtaining a first switching transmission line according to the first section transmission line and the second section transmission line.
6. The method of claim 4, wherein the first switched transmission line is derived based on the first risk indicator, the method comprising:
when the first risk index is greater than or equal to a preset risk index, the first special transmission line is used as the first switching transmission line to be output;
the first switching transmission line is used for transmitting the first encrypted data, and the first switching transmission line is used for transmitting the first encrypted data according to the first encrypted data.
7. The method of claim 1, wherein the special transmission line is configured securely to obtain a configured special transmission line, the method comprising:
carrying out security configuration on the special transmission line, wherein the security configuration comprises a plurality of security configuration parameters, and the plurality of security configuration parameters comprise attack defense parameters, security protection parameters, signal anti-interference parameters and network stability parameters;
and carrying out line safety configuration on the special transmission line according to the plurality of safety configuration parameters.
8. The method of claim 1, wherein determining whether the current data transmission line of the first encrypted data belongs to the special transmission line is preceded by:
acquiring the encryption grade of the first encrypted data;
if the encryption grade of the first encryption type data is greater than or equal to a preset encryption grade, judging whether the current data transmission line of the first encryption type data belongs to the special transmission line, and if the current data transmission line of the first encryption type data belongs to the special transmission line, transmitting the first encryption type data by the current data transmission line of the first encryption type data.
9. A transmission system for transmitting encrypted data over network data, the system comprising:
the line analysis module is used for acquiring a data transmission line of the target network;
the transmission identification module is used for carrying out historical transmission identification according to the data transmission line to obtain an encrypted data transmission index carrying encrypted information;
the special line acquisition module is used for judging according to the encrypted data transmission index to obtain a special transmission line, wherein the special transmission line is a transmission line with a transmission index larger than a preset transmission index;
the safety configuration module is used for carrying out safety configuration on the special transmission line to obtain a configured special transmission line;
the data judging module is used for acquiring first encrypted data to be transmitted, judging whether a current data transmission line of the first encrypted data belongs to the special transmission line, and acquiring a transmission starting address and a transmission target address of the first encrypted data if the first encrypted data does not belong to the special transmission line;
the coincidence matching module is used for carrying out coincidence matching from the special transmission line according to the transmission starting address and the transmission target address to obtain a first switching transmission line;
and the encryption transmission module is used for transmitting the first encryption type data by utilizing the first switching transmission line.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410042897.8A CN117560230B (en) | 2024-01-11 | 2024-01-11 | Network data transmission encryption type data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410042897.8A CN117560230B (en) | 2024-01-11 | 2024-01-11 | Network data transmission encryption type data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117560230A CN117560230A (en) | 2024-02-13 |
| CN117560230B true CN117560230B (en) | 2024-04-02 |
Family
ID=89815206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410042897.8A Active CN117560230B (en) | 2024-01-11 | 2024-01-11 | Network data transmission encryption type data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117560230B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113965462A (en) * | 2020-06-29 | 2022-01-21 | 中兴通讯股份有限公司 | Service transmission method, device, network equipment and storage medium |
| CN115549954A (en) * | 2022-08-16 | 2022-12-30 | 北京连山科技股份有限公司 | Fragmentation network resource safe splicing communication system based on isomerism |
| CN116566661A (en) * | 2023-04-25 | 2023-08-08 | 北京航空航天大学 | Method, device, electronic equipment and storage medium for data security transmission |
| CN116980230A (en) * | 2023-09-19 | 2023-10-31 | 深圳市众志天成科技有限公司 | Information security protection method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3935810A1 (en) * | 2019-03-08 | 2022-01-12 | Lenovo (Singapore) Pte. Ltd. | Security mode integrity verification |
-
2024
- 2024-01-11 CN CN202410042897.8A patent/CN117560230B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113965462A (en) * | 2020-06-29 | 2022-01-21 | 中兴通讯股份有限公司 | Service transmission method, device, network equipment and storage medium |
| CN115549954A (en) * | 2022-08-16 | 2022-12-30 | 北京连山科技股份有限公司 | Fragmentation network resource safe splicing communication system based on isomerism |
| CN116566661A (en) * | 2023-04-25 | 2023-08-08 | 北京航空航天大学 | Method, device, electronic equipment and storage medium for data security transmission |
| CN116980230A (en) * | 2023-09-19 | 2023-10-31 | 深圳市众志天成科技有限公司 | Information security protection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117560230A (en) | 2024-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chung et al. | NICE: Network intrusion detection and countermeasure selection in virtual network systems | |
| Alsmadi et al. | Security of software defined networks: A survey | |
| US9860154B2 (en) | Streaming method and system for processing network metadata | |
| US9191365B2 (en) | Method and system for authentication event security policy generation | |
| US8707440B2 (en) | System and method for passively identifying encrypted and interactive network sessions | |
| US20040193943A1 (en) | Multiparameter network fault detection system using probabilistic and aggregation analysis | |
| Ganesh Kumar et al. | Improved network traffic by attacking denial of service to protect resource using Z-test based 4-tier geomark traceback (Z4TGT) | |
| US11558410B2 (en) | Measurement and analysis of traffic filtered by network infrastructure | |
| CN114302402A (en) | Electric power regulation and control business safety communication method based on 5G | |
| JP2005517349A (en) | Network security system and method based on multi-method gateway | |
| KR20010095337A (en) | Firewall system combined with embeded hardware and general-purpose computer | |
| JP2016508353A (en) | Improved streaming method and system for processing network metadata | |
| CN111031003A (en) | Intelligent evaluation system of cross-network isolation safety system | |
| Neu et al. | Lightweight IPS for port scan in OpenFlow SDN networks | |
| Ubaid et al. | Mitigating address spoofing attacks in hybrid SDN | |
| Almaini et al. | Delegation of authentication to the data plane in software-defined networks | |
| Khosravifar et al. | An experience improving intrusion detection systems false alarm ratio by using honeypot | |
| Molina et al. | Operational experiences with anomaly detection in backbone networks | |
| Hershey et al. | Procedure for detection of and response to distributed denial of service cyber attacks on complex enterprise systems | |
| CN117560230B (en) | Network data transmission encryption type data transmission method | |
| RU2531878C1 (en) | Method of detection of computer attacks in information and telecommunication network | |
| KR20100048105A (en) | Network management apparatus and method thereof, user terminal for managing network and recoding medium thereof | |
| Krishnan et al. | A multi plane network monitoring and defense framework for sdn operational security | |
| Al Salti et al. | LINK-GUARD: an effective and scalable security framework for link discovery in SDN networks | |
| Badea et al. | Computer network vulnerabilities and monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |