CN116886435A - Network security system based on mobile edge computing - Google Patents
Network security system based on mobile edge computing Download PDFInfo
- Publication number
- CN116886435A CN116886435A CN202311049114.0A CN202311049114A CN116886435A CN 116886435 A CN116886435 A CN 116886435A CN 202311049114 A CN202311049114 A CN 202311049114A CN 116886435 A CN116886435 A CN 116886435A
- Authority
- CN
- China
- Prior art keywords
- module
- encryption
- network
- edge computing
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 claims abstract description 22
- 241000700605 Viruses Species 0.000 claims description 14
- 230000009545 invasion Effects 0.000 claims description 4
- 239000010410 layer Substances 0.000 claims description 4
- 239000002344 surface layer Substances 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the field of mobile edge computing network security, in particular to a network security system based on mobile edge computing, which comprises an edge computing module, an encryption module, a firewall module, an isolation module and a host module, wherein all resource files in the host module are encrypted through the encryption module, when encryption of the resource files is required to be released, the encryption module is required to be accessed by the edge computing module to acquire a secret key, and encryption of the files can be contacted through a dynamic secret key.
Description
Technical Field
The invention relates to the field of mobile edge computing network security, in particular to a network security system based on mobile edge computing.
Background
Edge computing refers to providing near-end services by adopting an open platform with integrated network, computing, storage and application core capabilities on the side close to the object or data source. The application program is initiated at the edge side, faster network service response is generated, the basic requirements of the industry in the aspects of real-time service, application intelligence, security, privacy protection and the like are met, and the edge calculation is a calculation mode for carrying out data processing and decision making at the edge of equipment or equipment network. Its main function is to reduce reliance on remote data centers or cloud platforms so that the devices can operate independently in the event of an off-line or network connection instability. Edge computation may also improve the efficiency and security of data processing because data may be processed locally at the device without having to be transmitted over a network.
The network security system can increase the network security by adding the edge computing module, but after the existing network security system is invaded by network viruses, the viruses can directly copy and steal or destroy the resource files stored in the host, and although the invasion of the viruses can be organized in a rapid network disconnection mode, the invading viruses can not stop destroying the resource files.
Disclosure of Invention
The invention provides a network security system based on mobile edge computing, aiming at the problems in the prior art.
The technical scheme adopted for solving the technical problems is as follows: a network security system based on mobile edge computing, comprising:
the edge computing module is used for computing the encrypted file stored in the host equipment, when the resource file in the host module needs to be called, the encrypted file is copied and sent to the edge computing module through the host module, the encryption of the resource file is relieved by the edge computing module, then the decrypted resource file is copied through the edge computing module, the copied file is cut and sent to the host module after the copying is completed, then the original file is deleted, and the information of the resource file is prevented from being leaked;
the encryption module encrypts all the resource files in the host module through the encryption module, when the encryption of the resource files needs to be released, the edge calculation module is required to access the encryption module to acquire a secret key, and the encryption of the files can be contacted through the dynamic secret key, but the encryption module does not have a decoding function;
the firewall module is used for intercepting the accessed network through the firewall module, preventing virus information from invading the system through a network port accessed by the system to copy, steal and destroy the resource file, and sending an isolation signal to the isolation module after detecting that the system is attacked by the virus;
the isolation module is connected with the network module through the isolation module control system, and after receiving the isolation signal, the isolation module controls the host module to be rapidly disconnected with the network port, and the network is disconnected in a network mode and a mechanical mode, so that the host module is prevented from being controlled by viruses;
the host module is used for storing resource information and is connected with the edge computing module and the encryption module in series.
Specifically, when the encryption module encrypts the resource file, a layer of virtual data is created on the surface layer of the file, the virtual data corresponds to the dynamic password in the encryption module, the virtual data and the dynamic password have the same coded number, and the encryption module is required to be accessed to acquire a secret key to release the virtual data to acquire real data, so that the stolen resource file cannot be easily cracked.
Specifically, the decoding secret key used for encryption is dynamically replaced by the encryption module in real time, and the dynamic secret key of each resource file is different, so that the host can be prevented from being quickly cracked after being invaded by the encryption of the resource file.
Specifically, the isolation module comprises a network control component and a network cable cutting component, the network switch of the host module is controlled by the network control component, and after the network switch of the host module is out of control, the network can be directly and physically disconnected by the network cable cutting component to prevent invasion.
Specifically, when the edge computing module accesses the encryption module, virtual data of the resource file needs to be computed, then the number of the virtual data is analyzed, and the dynamic key in the encryption module can be called through the number.
The invention has the beneficial effects that:
(1) According to the network security system based on mobile edge computing, the edge computing module is used for computing the encrypted file stored in the host equipment, when the resource file in the host module needs to be called, the host module is used for copying and sending the encrypted file to the edge computing module, the edge computing module is used for releasing the encryption of the resource file, then the edge computing module is used for copying the decrypted resource file, the copied file is cut and sent to the host module after copying is completed, and then the original file is deleted, so that the information of the resource file is prevented from being leaked.
(2) According to the network security system based on mobile edge computing, all resource files in the host module are encrypted through the encryption module, when the encryption of the resource files needs to be released, the encryption module is required to be accessed by the edge computing module to obtain a secret key, the encryption of the files can be contacted through the dynamic secret key, but the encryption module does not have a decoding function, when the encryption module encrypts the resource files, a layer of virtual data is created on the surface layer of the files, and then the files are blocked by the virtual data.
Drawings
The invention will be further described with reference to the drawings and examples.
Fig. 1 is a diagram of a network security system based on mobile edge computing according to the present invention.
Detailed Description
The invention is further described in connection with the following detailed description in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the invention easy to understand.
As shown in fig. 1, the network security system based on mobile edge computing according to the present invention includes:
the edge computing module is used for computing the encrypted file stored in the host equipment, when the resource file in the host module needs to be called, the encrypted file is copied and sent to the edge computing module through the host module, the encryption of the resource file is relieved by the edge computing module, then the decrypted resource file is copied through the edge computing module, the copied file is cut and sent to the host module after the copying is completed, then the original file is deleted, and the information of the resource file is prevented from being leaked;
the encryption module encrypts all the resource files in the host module through the encryption module, when the encryption of the resource files needs to be released, the edge calculation module is required to access the encryption module to acquire a secret key, and the encryption of the files can be contacted through the dynamic secret key, but the encryption module does not have a decoding function;
the firewall module is used for intercepting the accessed network through the firewall module, preventing virus information from invading the system through a network port accessed by the system to copy, steal and destroy the resource file, and sending an isolation signal to the isolation module after detecting that the system is attacked by the virus;
the isolation module is connected with the network module through the isolation module control system, and after receiving the isolation signal, the isolation module controls the host module to be rapidly disconnected with the network port, and the network is disconnected through a network or a mechanical mode, so that the host module is prevented from being controlled by viruses;
and the host module is used for storing the resource information and controlling the edge computing module and the encryption module in series through the host module.
Specifically, when the encryption module encrypts the resource file, a layer of virtual data is created on the surface layer of the file, the virtual data corresponds to the dynamic password in the encryption module, the virtual data and the dynamic password have the same coded number, and the encryption module is required to be accessed to acquire a secret key to release the virtual data to acquire real data, so that the stolen resource file cannot be easily cracked.
Specifically, the decoding secret key used for encryption is dynamically replaced by the encryption module in real time, and the dynamic secret keys of each resource file are different, so that the encrypted resource file can be prevented from being quickly cracked even if the encrypted resource file is invaded.
Specifically, the isolation module comprises a network control component and a network cable cutting component, the network switch of the host module is controlled by the network control component, and when the network switch of the host module is out of control, the network can be directly and physically disconnected by the network cable cutting component to prevent virus invasion.
Specifically, when the edge computing module accesses the encryption module, virtual data of the resource file needs to be computed, then the number of the virtual data is analyzed, and the dynamic key in the encryption module can be called through the number.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the foregoing examples, and that the foregoing description and description are merely illustrative of the principles of this invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (5)
1. A network security system based on mobile edge computing, characterized by: comprising the following steps:
the edge computing module is used for computing the encrypted file stored in the host equipment, when the resource file in the host module needs to be called, the encrypted file is copied and sent to the edge computing module through the host module, the encryption of the resource file is relieved by the edge computing module, then the decrypted resource file is copied through the edge computing module, the copied file is cut and sent to the host module after the copying is completed, then the original file is deleted, and the information of the resource file is prevented from being leaked;
the encryption module encrypts all the resource files in the host module through the encryption module, when the encryption of the resource files needs to be released, the edge calculation module is required to access the encryption module to acquire a secret key, and the encryption of the files can be contacted through the dynamic secret key, but the encryption module does not have a decoding function;
the firewall module is used for intercepting the accessed network through the firewall module, preventing virus information from invading the system through a network port accessed by the system to copy, steal and destroy the resource file, and sending an isolation signal to the isolation module after detecting that the system is attacked by the virus;
the isolation module is connected with the network module through the isolation module control system, and after receiving the isolation signal, the isolation module controls the host module to be rapidly disconnected with the network port, and the network is disconnected in a network mode and a mechanical mode, so that the host module is prevented from being controlled by viruses;
the host module is used for storing resource information and is connected with the edge computing module and the encryption module in series.
2. The mobile edge computing-based network security system of claim 1, wherein: when the encryption module encrypts the resource file, a layer of virtual data is created on the surface layer of the file, the virtual data corresponds to the dynamic password in the encryption module, the virtual data and the dynamic password have the same coded number, and the virtual data can be relieved to obtain real data only by accessing the encryption module to obtain a secret key, so that the stolen resource file can be ensured not to be easily cracked.
3. The mobile edge computing-based network security system of claim 1, wherein: the decoding secret key used for encryption is dynamically replaced by the encryption module in real time, and the dynamic secret key of each resource file is different, so that the encrypted resource file can be prevented from being quickly cracked even if being invaded.
4. The mobile edge computing-based network security system of claim 1, wherein: the isolation module comprises a network control component and a network cable cutting component, the network switch of the host module is controlled by the network control component, and after the network switch of the host module is out of control, the network can be directly and physically disconnected by the network cable cutting component to prevent invasion.
5. The mobile edge computing-based network security system of claim 1, wherein: the edge computing module needs to compute virtual data of the resource file when accessing the encryption module, then analyzes the number of the virtual data, and can call the dynamic key in the encryption module through the number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311049114.0A CN116886435A (en) | 2023-08-21 | 2023-08-21 | Network security system based on mobile edge computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311049114.0A CN116886435A (en) | 2023-08-21 | 2023-08-21 | Network security system based on mobile edge computing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116886435A true CN116886435A (en) | 2023-10-13 |
Family
ID=88271628
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311049114.0A Pending CN116886435A (en) | 2023-08-21 | 2023-08-21 | Network security system based on mobile edge computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116886435A (en) |
-
2023
- 2023-08-21 CN CN202311049114.0A patent/CN116886435A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11227053B2 (en) | Malware management using I/O correlation coefficients | |
| US10839072B2 (en) | Ransomware resetter | |
| US8713667B2 (en) | Policy based cryptographic application programming interface in secure memory | |
| US12199954B2 (en) | Trusted cyber physical system | |
| EP3691216A1 (en) | Key offsite storage-based data encryption storage system and method | |
| KR20180019070A (en) | Protecting your computer-powered system with networked devices | |
| WO2017162081A1 (en) | Method and system for controlling access to clipboard, and storage medium | |
| RU2628925C1 (en) | System and method for protected transmission of audio-data from microphone to processes | |
| CN106778291A (en) | The partition method and isolating device of application program | |
| CN102065104A (en) | Method, device and system for accessing off-site document | |
| KR20140019574A (en) | System for privacy protection which uses logical network division method based on virtualization | |
| WO2018164503A1 (en) | Context awareness-based ransomware detection | |
| EP4002752B1 (en) | Protecting cloud application secret key with multi-party computation algorithm | |
| US8713640B2 (en) | System and method for logical separation of a server by using client virtualization | |
| JP4437043B2 (en) | Method and apparatus for automatically controlling access between a computer and a communication network | |
| CN111277539A (en) | Server Lesox virus protection system and method | |
| CN111970232A (en) | Safe access system of intelligent service robot of electric power business hall | |
| US12174988B2 (en) | System and method for managing transparent data encryption of database | |
| RU2573785C2 (en) | System and method for applying file access rules during transfer thereof between computers | |
| CN120915488A (en) | Safe sandbox system for trusted data space | |
| CN116886435A (en) | Network security system based on mobile edge computing | |
| KR101552688B1 (en) | Security method and system at endpoint stage using user policy | |
| CN113407984A (en) | System and method for providing security protection for database | |
| CN118740420A (en) | A security protection system and method for an Internet of Things server | |
| CN114662080B (en) | Data protection method and device and desktop cloud system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |