[go: up one dir, main page]

CN116980185A - Network security defense system based on cloud computing - Google Patents

Network security defense system based on cloud computing Download PDF

Info

Publication number
CN116980185A
CN116980185A CN202310804735.9A CN202310804735A CN116980185A CN 116980185 A CN116980185 A CN 116980185A CN 202310804735 A CN202310804735 A CN 202310804735A CN 116980185 A CN116980185 A CN 116980185A
Authority
CN
China
Prior art keywords
data
network
attack
module
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202310804735.9A
Other languages
Chinese (zh)
Inventor
方圆
张亮
盛剑桥
沈越欣
许静萱
张冠男
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
Priority to CN202310804735.9A priority Critical patent/CN116980185A/en
Publication of CN116980185A publication Critical patent/CN116980185A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种基于云计算的网络安全防御系统,涉及网络安全技术领域,包括云端存储模块、IP校验模块、数据传输模块、攻击监测模块以及安全评估模块;当有网络IP访问计算机的内部数据时,IP校验模块用于对网络IP进行校验;当检测到有恶意IP组库内的网络IP访问时,利用数据隔离模块隔离计算机的内部数据信息并生成报警指令,用于提示计算机的内部数据信息遭遇非法入侵;数据监控模块用于对所标记的内部数据和外部数据进行监控管理;云端存储模块用于通过云端存储技术对内部数据进行存储;本发明通过数据监控模块和IP校验模块从计算机的内部和外部同时进行安全管理,可以避免计算机内部数据的重要信息泄露,实现双重保护。

The invention discloses a network security defense system based on cloud computing, which relates to the field of network security technology and includes a cloud storage module, an IP verification module, a data transmission module, an attack monitoring module and a security assessment module; when a network IP accesses a computer When accessing internal data, the IP verification module is used to verify the network IP; when a malicious IP access is detected, the data isolation module is used to isolate the computer's internal data information and generate an alarm command for prompting. The internal data information of the computer encounters illegal intrusion; the data monitoring module is used to monitor and manage the marked internal data and external data; the cloud storage module is used to store internal data through cloud storage technology; the present invention uses the data monitoring module and IP The verification module performs security management from both the inside and outside of the computer, which can avoid the leakage of important information of the computer's internal data and achieve double protection.

Description

一种基于云计算的网络安全防御系统A network security defense system based on cloud computing

技术领域Technical field

本发明涉及网络安全技术领域,具体是一种基于云计算的网络安全防御系统。The invention relates to the field of network security technology, specifically a network security defense system based on cloud computing.

背景技术Background technique

随着计算机科学技术的迅猛发展和深度应用,网络空间中的变革正在不断改变和影响着人们的生活方式;由于人们对互联网的依赖性越来越高,在互联网上涉及许多关于企业、个人的保密信息,因此网络安全性问题一直是技术发展过程中的重要课题。With the rapid development and in-depth application of computer science and technology, changes in cyberspace are constantly changing and affecting people's lifestyles; because people are increasingly dependent on the Internet, many businesses and individuals are involved in the Internet. Confidential information, therefore network security issues have always been an important topic in the process of technological development.

目前,现有的网络安全系统通常是利用计算机自带的防火墙对进入计算机的数据进行检查,从而判断进入计算机的数据是否存在安全隐患,其安防性能一般,缺乏良好的数据交互功能,难以起到良好的数据提取、数据处理以及数据呈现工作,同时无法根据存储区块的存储状况及网络攻击情况合理选择对应的存储区块进行数据存储,从而提高数据存储安全;基于以上不足,本发明提出一种基于云计算的网络安全防御系统。At present, the existing network security system usually uses the computer's own firewall to check the data entering the computer to determine whether the data entering the computer has security risks. Its security performance is average, it lacks good data interaction functions, and it is difficult to function Good data extraction, data processing and data presentation work, but at the same time, it is impossible to reasonably select the corresponding storage block for data storage according to the storage status of the storage block and the network attack situation, thereby improving data storage security; based on the above shortcomings, the present invention proposes a A network security defense system based on cloud computing.

发明内容Contents of the invention

本发明旨在至少解决现有技术中存在的技术问题之一。为此,本发明提出一种基于云计算的网络安全防御系统。The present invention aims to solve at least one of the technical problems existing in the prior art. To this end, the present invention proposes a network security defense system based on cloud computing.

为实现上述目的,根据本发明的第一方面的实施例提出一种基于云计算的网络安全防御系统,包括云端存储模块、IP校验模块、数据传输模块、攻击监测模块以及安全评估模块;In order to achieve the above object, according to the first embodiment of the present invention, a network security defense system based on cloud computing is proposed, including a cloud storage module, an IP verification module, a data transmission module, an attack monitoring module and a security assessment module;

当有网络IP访问计算机的内部数据时,所述IP校验模块用于对网络IP进行校验;若该网络IP在白名单范围内,则向所述网络IP匹配的用户授予数据访问的权限;并向访问IP匹配的用户发送身份验证信息;若验证通过,则向具有数据访问权限的用户提供数据服务;When a network IP accesses the internal data of the computer, the IP verification module is used to verify the network IP; if the network IP is within the whitelist range, data access permissions are granted to users matching the network IP. ; And send identity verification information to users whose access IP matches; if the verification is passed, provide data services to users with data access rights;

所述数据传输模块用于传输计算机的外部数据和内部数据,并将所标记的内部数据和外部数据发送至数据监控模块进行监控管理;The data transmission module is used to transmit external data and internal data of the computer, and send the marked internal data and external data to the data monitoring module for monitoring and management;

当允许外部数据进入计算机内部环境时,则所述外部数据自动被标记为内部数据;所述云端存储模块用于通过云端存储技术对所述内部数据进行存储;其中,云端存储模块包括若干个存储区块,具体存储步骤如下:When external data is allowed to enter the internal environment of the computer, the external data is automatically marked as internal data; the cloud storage module is used to store the internal data through cloud storage technology; wherein the cloud storage module includes several storage devices. Block, the specific storage steps are as follows:

获取每个存储区块的剩余内存并标记为Ny;自动从云平台中获取存储区块的安全偏离系数WX;利用公式CPy=(Ny×r1)/(WX×r2)计算得到存储区块的存配值CPy,其中r1、r2为预设系数因子;Obtain the remaining memory of each storage block and mark it as Ny; automatically obtain the safety deviation coefficient WX of the storage block from the cloud platform; use the formula CPy=(Ny×r1)/(WX×r2) to calculate the storage block Store the allocation value CPy, where r1 and r2 are the preset coefficient factors;

选取存配值CPy最大的存储区块作为选中区块;云端存储模块用于将接收到的内部数据存储至选中区块。The storage block with the largest storage value CPy is selected as the selected block; the cloud storage module is used to store the received internal data in the selected block.

进一步地,所述IP校验模块的具体校验步骤包括:Further, the specific verification steps of the IP verification module include:

S1:根据计算机的具体要求,设定允许访问该计算机的网络IP及其访问权限,为该计算机生成其特有的网络访问白名单;S1: According to the specific requirements of the computer, set the network IP and access rights allowed to access the computer, and generate a unique network access whitelist for the computer;

S2:获取计算机网络访问恶意IP组库;对已有的计算机网络访问IP进行时间、空间特性和恶意性分析,并最终生成恶意IP组库;S2: Obtain the malicious IP group library for computer network access; analyze the time, space characteristics and maliciousness of the existing computer network access IPs, and finally generate the malicious IP group library;

S3:向指定用户分配具有数据访问权限的固定IP;S3: Assign fixed IP with data access rights to designated users;

S4:获取访问计算机的网络IP,将其标记为访问IP;比对校验访问IP是否在白名单范围内;S4: Obtain the network IP of the accessed computer and mark it as the access IP; compare and verify whether the access IP is within the whitelist range;

S5:若该访问IP不在白名单范围内,则判断访问IP是否存在非法入侵网站行为;即比对校验访问IP是否在恶意IP组库内;S5: If the accessed IP is not in the whitelist, determine whether the accessed IP has illegal intrusion into the website; that is, compare and verify whether the accessed IP is in the malicious IP library;

若该访问IP不在恶意IP组库内,则拒绝访问;若该访问IP在恶意IP组库内,则拒绝访问且查询获取该访问IP地址,追踪用户网络服务痕迹。If the access IP is not in the malicious IP group library, access is denied; if the access IP is in the malicious IP group library, access is denied and the access IP address is queried to track the user's network service traces.

进一步地,所述内部数据为计算机内部环境运行的数据;外部数据为计算机外部环境运行的数据;当内部数据向外部环境进行发送时,则将所需要发送的内部数据进行标记;当外部数据进入计算机内部环境时,则将所需要进入内部环境的外部数据进行标记。Further, the internal data is the data running in the internal environment of the computer; the external data is the data running in the external environment of the computer; when the internal data is sent to the external environment, the internal data that needs to be sent is marked; when the external data enters When entering the computer's internal environment, mark the external data that needs to enter the internal environment.

进一步地,当检测到有恶意IP组库内的网络IP访问时,利用数据隔离模块隔离计算机的内部数据信息并生成报警指令,用于提示计算机的内部数据信息遭遇非法入侵。Further, when a network IP access in the malicious IP group library is detected, the data isolation module is used to isolate the computer's internal data information and generate an alarm instruction to prompt that the computer's internal data information has encountered illegal intrusion.

进一步地,所述数据监控模块的具体工作步骤为:Further, the specific working steps of the data monitoring module are:

将所标记的内部数据和外部数据通过特征数据提取模块提取特征数据,将提取到的特征数据与预存在数据库中的预设特征数据进行对比匹配,具体为:Extract feature data from the marked internal data and external data through the feature data extraction module, and compare and match the extracted feature data with the preset feature data pre-existing in the database, specifically as follows:

V1:将从所标记的内部数据中提取的特征数据与内部数据特征数据库中存储的内部数据中敏感数据的特征点进行对比匹配;V1: Compare and match the feature data extracted from the marked internal data with the feature points of sensitive data in the internal data stored in the internal data feature database;

若无相同特征,则允许该内部数据向外部环境发送;若有相同特征,则中止该内部数据向外部环境发送;If there are no identical characteristics, the internal data is allowed to be sent to the external environment; if there are the same characteristics, the internal data is stopped from being sent to the external environment;

V2:将从所标记的外部数据中提取的特征数据与外部数据特征数据库中存储的外部数据中病毒数据的特征点进行对比匹配;V2: Compare and match the feature data extracted from the marked external data with the feature points of the virus data in the external data stored in the external data feature database;

若无相同特征,则允许该外部数据向内部环境发送;若有相同特征,则中止该外部数据向内部环境发送。If there are no identical characteristics, the external data is allowed to be sent to the internal environment; if there are the same characteristics, the external data is stopped from being sent to the internal environment.

进一步地,所述数据库包括内部数据特征数据库和外部数据特征数据库;所述内部数据特征数据库用于存储内部数据中敏感数据的特征点;所述外部数据特征数据用于存储外部数据中病毒数据的特征点。Further, the database includes an internal data feature database and an external data feature database; the internal data feature database is used to store feature points of sensitive data in internal data; and the external data feature data is used to store virus data in external data. Feature points.

进一步地,所述攻击监测模块与各个存储区块相连接,用于对各个存储区块进行网络攻击监测;当监测到存储区块遭到网络攻击时,开始计时;当再次未监测到网络攻击时,停止计时;具体监测步骤为:Further, the attack monitoring module is connected to each storage block and is used to monitor network attacks on each storage block; when it is detected that the storage block is attacked by a network, the timing starts; when no network attack is detected again when, stop timing; the specific monitoring steps are:

统计开始计时与停止计时之间的时间段为攻击持续时间段;将攻击持续时间段的时长标记为攻击持续时长Tc;The time period between the start and stop timing of statistics is the attack duration period; the duration of the attack duration period is marked as the attack duration Tc;

统计攻击持续时间段内网络攻击的次数为C1,网络攻击包括病毒攻击、电子邮件攻击、IP攻击以及冗余数据攻击;The number of network attacks within the statistical attack duration period is C1. Network attacks include virus attacks, email attacks, IP attacks and redundant data attacks;

统计网络攻击的种类数为Z1;利用公式GM=Tc×g1+C1×g2+Z1×g3计算得到攻击值GM,其中g1、g2、g3均为预设系数因子;The number of types of statistical network attacks is Z1; the attack value GM is calculated using the formula GM=Tc×g1+C1×g2+Z1×g3, where g1, g2, and g3 are all preset coefficient factors;

所述攻击监测模块用于将攻击持续时间段和对应的攻击值GM进行融合得到网络攻击记录并将网络攻击记录打上时间戳存储至云平台。The attack monitoring module is used to fuse the attack duration period and the corresponding attack value GM to obtain network attack records, and to time-stamp the network attack records and store them in the cloud platform.

进一步地,所述安全评估模块用于根据云平台内存储的带有时间戳的网络攻击记录对存储区块进行安全偏离系数评估,具体为:Further, the security assessment module is used to evaluate the security deviation coefficient of the storage block based on the network attack records with timestamps stored in the cloud platform, specifically as follows:

根据时间戳,统计预设时间段内同一存储区块的网络攻击记录;Based on the timestamp, count the network attack records of the same storage block within the preset time period;

统计对应存储区块的网络攻击次数为攻击频次P1,将每条网络攻击记录中的攻击值标记为Gi;将Gi与攻击阈值相比较;Count the number of network attacks in the corresponding storage block as attack frequency P1, mark the attack value in each network attack record as Gi; compare Gi with the attack threshold;

统计Gi大于攻击阈值的次数为C2,当Gi大于攻击阈值时,获取Gi与攻击阈值的差值并进行求和得到超攻总值CZ,利用公式Cg=C2×a1+CZ×a2计算得到超攻系数Cg,其中a1、a2均为预设比例因子;The number of times Gi is greater than the attack threshold is counted as C2. When Gi is greater than the attack threshold, the difference between Gi and the attack threshold is obtained and summed to obtain the total super attack value CZ. Use the formula Cg=C2×a1+CZ×a2 to calculate the super attack value. Attack coefficient Cg, where a1 and a2 are both preset scaling factors;

利用公式WA=P1×a3+Cg×a4计算得到对应存储区块的安全偏离系数WX,其中a3、a4均为预设比例因子;所述安全评估模块用于将存储区块的安全偏离系数WX打上时间戳并存储至云平台。The safety deviation coefficient WX of the corresponding storage block is calculated using the formula WA=P1×a3+Cg×a4, where a3 and a4 are both preset scaling factors; the safety assessment module is used to calculate the safety deviation coefficient WX of the storage block Timestamp and store to cloud platform.

与现有技术相比,本发明的有益效果是:Compared with the prior art, the beneficial effects of the present invention are:

1、本发明中当有网络IP访问计算机的内部数据时,IP校验模块用于对网络IP进行校验;当IP校验模块检测到有恶意IP组库内的网络IP访问时,利用数据隔离模块隔离计算机的内部数据信息并生成报警指令用于提示计算机的内部数据信息遭遇非法入侵;数据传输模块用于传输计算机的外部数据和内部数据,并将所标记的内部数据和外部数据发送至数据监控模块进行监控管理;本发明通过数据监控模块和IP校验模块从计算机的内部和外部同时进行安全管理,可以避免计算机内部数据的重要信息泄露,同时还可以防止病毒对计算机内部数据信息的攻击,实现双重保护;1. In the present invention, when a network IP accesses the internal data of the computer, the IP verification module is used to verify the network IP; when the IP verification module detects that a malicious IP accesses the network IP in the library, the IP verification module uses the data The isolation module isolates the computer's internal data information and generates alarm instructions to prompt the computer's internal data information to encounter illegal intrusions; the data transmission module is used to transmit the computer's external data and internal data, and send the marked internal data and external data to The data monitoring module performs monitoring and management; the present invention simultaneously performs security management from the inside and outside of the computer through the data monitoring module and the IP verification module, which can avoid the leakage of important information of the computer's internal data, and can also prevent viruses from damaging the computer's internal data information. attack to achieve double protection;

2、本发明中当允许外部数据进入计算机内部环境时,则外部数据自动被标记为内部数据;云端存储模块用于通过云端存储技术对内部数据进行存储;其中,云端存储模块包括若干个存储区块;获取每个存储区块的剩余内存并标记为Ny;结合存储区块的安全偏离系数WX计算得到存储区块的存配值CPy,选取存配值CPy最大的存储区块作为选中区块;云端存储模块用于将接收到的内部数据存储至选中区块;本发明能够根据存储区块的存储状况及网络攻击情况合理选择对应的存储区块进行数据存储,从而提高数据存储安全。2. In the present invention, when external data is allowed to enter the internal environment of the computer, the external data is automatically marked as internal data; the cloud storage module is used to store internal data through cloud storage technology; wherein the cloud storage module includes several storage areas block; obtain the remaining memory of each storage block and mark it as Ny; calculate the storage allocation value CPy of the storage block based on the safety deviation coefficient WX of the storage block, and select the storage block with the largest storage allocation value CPy as the selected block ; The cloud storage module is used to store the received internal data into the selected block; the present invention can reasonably select the corresponding storage block for data storage according to the storage status of the storage block and the network attack situation, thereby improving data storage security.

附图说明Description of the drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts.

图1为本发明一种基于云计算的网络安全防御系统的系统框图。Figure 1 is a system block diagram of a cloud computing-based network security defense system of the present invention.

具体实施方式Detailed ways

下面将结合实施例对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The technical solution of the present invention will be clearly and completely described below with reference to the embodiments. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.

如图1所示,一种基于云计算的网络安全防御系统,包括云端存储模块、IP校验模块、数据隔离模块、数据传输模块、特征数据提取模块、数据监控模块、数据库、攻击监测模块、云平台以及安全评估模块;As shown in Figure 1, a network security defense system based on cloud computing includes a cloud storage module, IP verification module, data isolation module, data transmission module, feature data extraction module, data monitoring module, database, attack monitoring module, Cloud platform and security assessment module;

云端存储模块用于通过云端存储技术对计算机的内部数据进行存储;内部数据为计算机内部环境运行的数据;外部数据为计算机外部环境运行的数据;The cloud storage module is used to store the internal data of the computer through cloud storage technology; the internal data is the data running in the internal environment of the computer; the external data is the data running in the external environment of the computer;

当有网络IP访问计算机的内部数据时,IP校验模块用于对网络IP进行校验,具体校验步骤包括:When a network IP accesses the internal data of the computer, the IP verification module is used to verify the network IP. The specific verification steps include:

S1:根据计算机的具体要求,设定允许访问该计算机的网络IP及其访问权限,为该计算机生成其特有的网络访问白名单;S1: According to the specific requirements of the computer, set the network IP and access rights allowed to access the computer, and generate a unique network access whitelist for the computer;

S2:获取计算机网络访问恶意IP组库;对已有的计算机网络访问IP进行时间、空间特性和恶意性分析,并最终生成恶意IP组库;S2: Obtain the malicious IP group library for computer network access; analyze the time, space characteristics and maliciousness of the existing computer network access IPs, and finally generate the malicious IP group library;

S3:向指定用户分配具有数据访问权限的固定IP;S3: Assign fixed IP with data access rights to designated users;

S4:获取访问计算机的网络IP,将其标记为访问IP;比对校验访问IP是否在白名单范围内;S4: Obtain the network IP of the accessed computer and mark it as the access IP; compare and verify whether the access IP is within the whitelist range;

S41:若该访问IP在白名单范围内,则向访问IP匹配的用户授予数据访问的权限;S41: If the access IP is within the whitelist range, grant data access permission to the user whose access IP matches;

S42:向访问IP匹配的用户发送身份验证信息;若验证通过,则向具有数据访问权限的用户提供数据服务;S42: Send identity verification information to users whose access IP matches; if the verification is passed, provide data services to users with data access rights;

S5:若该访问IP不在白名单范围内,则判断访问IP是否存在非法入侵网站行为;即比对校验访问IP是否在恶意IP组库内;S5: If the accessed IP is not in the whitelist, determine whether the accessed IP has illegal intrusion into the website; that is, compare and verify whether the accessed IP is in the malicious IP library;

S51:若该访问IP不在恶意IP组库内,则拒绝访问;S51: If the access IP is not in the malicious IP group library, access is denied;

S52:若该访问IP在恶意IP组库内,则拒绝访问且查询获取该访问IP地址,追踪用户网络服务痕迹;S52: If the access IP is in the malicious IP group library, access will be denied and the access IP address will be queried to track the user's network service traces;

当IP校验模块检测到有恶意IP组库内的网络IP访问时,数据隔离模块用于隔离计算机的内部数据信息并生成报警指令用于提示计算机的内部数据信息遭遇非法入侵;When the IP verification module detects access to a network IP in the malicious IP group library, the data isolation module is used to isolate the computer's internal data information and generate an alarm command to prompt that the computer's internal data information has encountered illegal intrusion;

本发明通过严格计算机的内部数据信息获取的权限要求,提高了计算机内部数据信息面向对象的安全性,配合数据隔离模块的主动隔离功能,能够有效地防止计算机内部数据信息的盗用,保证了数据信息的安全,另外通过追踪可疑用户的IP地址,能够对盗用计算机内部数据信息的用户进行追击,为数据信息提供了安全的运行环境;The invention improves the object-oriented security of the computer's internal data information by strictly restricting the authority requirements for acquiring the internal data information of the computer. Cooperating with the active isolation function of the data isolation module, it can effectively prevent the theft of the computer's internal data information and ensure the data information. In addition, by tracking the IP addresses of suspicious users, users who steal computer internal data information can be pursued, providing a safe operating environment for data information;

数据传输模块用于传输计算机的外部数据和内部数据;具体包括:The data transmission module is used to transmit external data and internal data of the computer; specifically includes:

当内部数据向外部环境进行发送时,则将所需要发送的内部数据进行标记;当外部数据进入计算机内部环境时,则将所需要进入内部环境的外部数据进行标记;When internal data is sent to the external environment, the internal data that needs to be sent is marked; when external data enters the internal environment of the computer, the external data that needs to enter the internal environment is marked;

数据传输模块用于将所标记的内部数据和外部数据发送至数据监控模块进行监控管理,具体工作步骤为:The data transmission module is used to send the marked internal data and external data to the data monitoring module for monitoring and management. The specific working steps are:

将所标记的内部数据和外部数据通过特征数据提取模块提取特征数据;Extract feature data from the marked internal data and external data through the feature data extraction module;

将提取到的特征数据与预存在数据库中的预设特征数据进行对比匹配,具体为:Compare and match the extracted feature data with the preset feature data stored in the database, specifically as follows:

V1:将从所标记的内部数据中提取的特征数据与内部数据特征数据库中存储的内部数据中敏感数据的特征点进行对比匹配;V1: Compare and match the feature data extracted from the marked internal data with the feature points of sensitive data in the internal data stored in the internal data feature database;

若无相同特征,则允许该内部数据向外部环境发送;若有相同特征,则中止该内部数据向外部环境发送;If there are no identical characteristics, the internal data is allowed to be sent to the external environment; if there are the same characteristics, the internal data is stopped from being sent to the external environment;

V2:将从所标记的外部数据中提取的特征数据与外部数据特征数据库中存储的外部数据中病毒数据的特征点进行对比匹配;V2: Compare and match the feature data extracted from the marked external data with the feature points of the virus data in the external data stored in the external data feature database;

若无相同特征,则允许该外部数据向内部环境发送;若有相同特征,则中止该外部数据向内部环境发送;If there are no identical characteristics, the external data is allowed to be sent to the internal environment; if there are the same characteristics, the external data is stopped from being sent to the internal environment;

数据库包括内部数据特征数据库和外部数据特征数据库;内部数据特征数据库用于存储内部数据中敏感数据的特征点;外部数据特征数据用于存储外部数据中病毒数据的特征点;The database includes an internal data feature database and an external data feature database; the internal data feature database is used to store feature points of sensitive data in internal data; the external data feature data is used to store feature points of virus data in external data;

本发明通过数据监控模块和IP校验模块从计算机的内部和外部同时进行安全管理,可以避免计算机内部数据的重要信息泄露,同时还可以防止病毒对计算机内部数据信息的攻击,实现双重保护;The present invention simultaneously performs security management from the inside and outside of the computer through the data monitoring module and the IP verification module, which can avoid the leakage of important information of the computer's internal data, and can also prevent viruses from attacking the computer's internal data information to achieve double protection;

当允许外部数据进入计算机内部环境时,则外部数据自动被标记为内部数据;云端存储模块用于通过云端存储技术对内部数据进行存储;其中,云端存储模块包括若干个存储区块,具体存储步骤如下:When external data is allowed to enter the internal environment of the computer, the external data is automatically marked as internal data; the cloud storage module is used to store internal data through cloud storage technology; among them, the cloud storage module includes several storage blocks, and the specific storage steps as follows:

获取每个存储区块的剩余内存并标记为Ny;自动从云平台中获取存储区块的安全偏离系数WX;利用公式CPy=(Ny×r1)/(WX×r2)计算得到存储区块的存配值CPy,其中r1、r2为预设系数因子;Obtain the remaining memory of each storage block and mark it as Ny; automatically obtain the safety deviation coefficient WX of the storage block from the cloud platform; use the formula CPy=(Ny×r1)/(WX×r2) to calculate the storage block Store the allocation value CPy, where r1 and r2 are the preset coefficient factors;

选取存配值CPy最大的存储区块作为选中区块;云端存储模块用于将接收到的内部数据存储至选中区块;本发明能够根据存储区块的存储状况及网络攻击情况合理选择对应的存储区块进行数据存储,从而提高数据存储安全;The storage block with the largest storage value CPy is selected as the selected block; the cloud storage module is used to store the received internal data in the selected block; the present invention can reasonably select the corresponding storage block according to the storage status and network attack situation. Storage blocks are used for data storage, thereby improving data storage security;

攻击监测模块与各个存储区块相连接,用于对各个存储区块进行网络攻击监测;当监测到存储区块遭到网络攻击时,开始计时;当再次未监测到网络攻击时,停止计时;具体监测步骤为:The attack monitoring module is connected to each storage block and is used to monitor network attacks on each storage block; when it is detected that the storage block is under network attack, the timing starts; when no network attack is detected again, the timing is stopped; The specific monitoring steps are:

统计开始计时与停止计时之间的时间段为攻击持续时间段;将攻击持续时间段的时长标记为攻击持续时长Tc;The time period between the start and stop timing of statistics is the attack duration period; the duration of the attack duration period is marked as the attack duration Tc;

统计攻击持续时间段内网络攻击的次数为C1,网络攻击包括病毒攻击、电子邮件攻击、IP攻击以及冗余数据攻击等;The number of network attacks within the statistical attack duration period is C1. Network attacks include virus attacks, email attacks, IP attacks, and redundant data attacks, etc.;

统计网络攻击的种类数为Z1;利用公式GM=Tc×g1+C1×g2+Z1×g3计算得到攻击值GM,其中g1、g2、g3均为预设系数因子;The number of types of statistical network attacks is Z1; the attack value GM is calculated using the formula GM=Tc×g1+C1×g2+Z1×g3, where g1, g2, and g3 are all preset coefficient factors;

攻击监测模块用于将攻击持续时间段和对应的攻击值GM进行融合得到网络攻击记录并将网络攻击记录打上时间戳存储至云平台;The attack monitoring module is used to fuse the attack duration period and the corresponding attack value GM to obtain network attack records and time-stamp the network attack records and store them in the cloud platform;

安全评估模块与云平台相连接,用于根据云平台内存储的带有时间戳的网络攻击记录对存储区块进行安全偏离系数评估,具体为:The security assessment module is connected to the cloud platform and is used to evaluate the security deviation coefficient of storage blocks based on the network attack records with timestamps stored in the cloud platform, specifically as follows:

根据时间戳,统计预设时间段内同一存储区块的网络攻击记录;Based on the timestamp, count the network attack records of the same storage block within the preset time period;

统计对应存储区块的网络攻击次数为攻击频次P1,将每条网络攻击记录中的攻击值标记为Gi;将Gi与攻击阈值相比较;Count the number of network attacks in the corresponding storage block as attack frequency P1, mark the attack value in each network attack record as Gi; compare Gi with the attack threshold;

统计Gi大于攻击阈值的次数为C2,当Gi大于攻击阈值时,获取Gi与攻击阈值的差值并进行求和得到超攻总值CZ,利用公式Cg=C2×a1+CZ×a2计算得到超攻系数Cg,其中a1、a2均为预设比例因子;The number of times Gi is greater than the attack threshold is counted as C2. When Gi is greater than the attack threshold, the difference between Gi and the attack threshold is obtained and summed to obtain the total super attack value CZ. Use the formula Cg=C2×a1+CZ×a2 to calculate the super attack value. Attack coefficient Cg, where a1 and a2 are both preset scaling factors;

利用公式WA=P1×a3+Cg×a4计算得到对应存储区块的安全偏离系数WX,其中a3、a4均为预设比例因子;安全评估模块用于将存储区块的安全偏离系数WX打上时间戳并存储至云平台。The safety deviation coefficient WX of the corresponding storage block is calculated using the formula WA=P1×a3+Cg×a4, where a3 and a4 are both preset scaling factors; the safety assessment module is used to time the safety deviation coefficient WX of the storage block Click and save to the cloud platform.

上述公式均是去除量纲取其数值计算,公式是由采集大量数据进行软件模拟得到最接近真实情况的一个公式,公式中的预设参数和预设阈值由本领域的技术人员根据实际情况设定或者大量数据模拟获得。The above formulas are all numerical calculations after removing the dimensions. The formula is a formula closest to the real situation obtained by collecting a large amount of data for software simulation. The preset parameters and preset thresholds in the formula are set by those skilled in the field according to the actual situation. Or obtain a large amount of data through simulation.

本发明的工作原理:Working principle of the invention:

一种基于云计算的网络安全防御系统,在工作时,当有网络IP访问计算机的内部数据时,IP校验模块用于对网络IP进行校验;当IP校验模块检测到有恶意IP组库内的网络IP访问时,数据隔离模块用于隔离计算机的内部数据信息并生成报警指令用于提示计算机的内部数据信息遭遇非法入侵;数据传输模块用于传输计算机的外部数据和内部数据,并将所标记的内部数据和外部数据发送至数据监控模块进行监控管理;将所标记的内部数据和外部数据通过特征数据提取模块提取特征数据;将提取到的特征数据与预存在数据库中的预设特征数据进行对比匹配;若无相同特征,则允许发送;若有相同特征,则中止数据传输;本发明通过数据监控模块和IP校验模块从计算机的内部和外部同时进行安全管理,可以避免计算机内部数据的重要信息泄露,同时还可以防止病毒对计算机内部数据信息的攻击,实现双重保护;A network security defense system based on cloud computing. When working, when a network IP accesses the internal data of the computer, the IP verification module is used to verify the network IP; when the IP verification module detects a malicious IP group When the network IP in the library is accessed, the data isolation module is used to isolate the computer's internal data information and generate alarm instructions to prompt the computer's internal data information to encounter illegal intrusions; the data transmission module is used to transmit the computer's external data and internal data, and Send the marked internal data and external data to the data monitoring module for monitoring and management; extract the feature data from the marked internal data and external data through the feature data extraction module; compare the extracted feature data with the presets pre-existing in the database The characteristic data is compared and matched; if there are no identical characteristics, transmission is allowed; if there are identical characteristics, data transmission is suspended; the present invention uses a data monitoring module and an IP verification module to simultaneously perform security management from the inside and outside of the computer, which can avoid computer Important information of internal data is leaked, and it can also prevent viruses from attacking the internal data information of the computer to achieve double protection;

当允许外部数据进入计算机内部环境时,则外部数据自动被标记为内部数据;云端存储模块用于通过云端存储技术对内部数据进行存储;其中,云端存储模块包括若干个存储区块;获取每个存储区块的剩余内存并标记为Ny;结合存储区块的安全偏离系数WX计算得到存储区块的存配值CPy,选取存配值CPy最大的存储区块作为选中区块;云端存储模块用于将接收到的内部数据存储至选中区块;本发明能够根据存储区块的存储状况及网络攻击情况合理选择对应的存储区块进行数据存储,从而提高数据存储安全。When external data is allowed to enter the internal environment of the computer, the external data is automatically marked as internal data; the cloud storage module is used to store internal data through cloud storage technology; among them, the cloud storage module includes several storage blocks; obtain each The remaining memory of the storage block is marked as Ny; the storage allocation value CPy of the storage block is calculated based on the safety deviation coefficient WX of the storage block, and the storage block with the largest storage allocation value CPy is selected as the selected block; the cloud storage module uses In order to store the received internal data in the selected block, the present invention can reasonably select the corresponding storage block for data storage according to the storage status of the storage block and the network attack situation, thereby improving data storage security.

在本说明书的描述中,参考术语“一个实施例”、“示例”、“具体示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, reference to the terms "one embodiment," "example," "specific example," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one aspect of the invention. in an embodiment or example. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

以上公开的本发明优选实施例只是用于帮助阐述本发明。优选实施例并没有详尽叙述所有的细节,也不限制该发明仅为的具体实施方式。显然,根据本说明书的内容,可作很多的修改和变化。本说明书选取并具体描述这些实施例,是为了更好地解释本发明的原理和实际应用,从而使所属技术领域技术人员能很好地理解和利用本发明。本发明仅受权利要求书及其全部范围和等效物的限制。The preferred embodiments of the invention disclosed above are only intended to help illustrate the invention. The preferred embodiments do not describe all details, nor do they limit the invention to specific implementations. Obviously, many modifications and variations are possible in light of the contents of this specification. These embodiments are selected and described in detail in this specification to better explain the principles and practical applications of the present invention, so that those skilled in the art can better understand and utilize the present invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (8)

1.一种基于云计算的网络安全防御系统,其特征在于,包括云端存储模块、IP校验模块、数据传输模块、攻击监测模块以及安全评估模块;1. A network security defense system based on cloud computing, characterized by including a cloud storage module, an IP verification module, a data transmission module, an attack monitoring module and a security assessment module; 当有网络IP访问计算机的内部数据时,所述IP校验模块用于对网络IP进行校验;若该网络IP在白名单范围内,则向所述网络IP匹配的用户授予数据访问的权限;并向访问IP匹配的用户发送身份验证信息;若验证通过,则向具有数据访问权限的用户提供数据服务;When a network IP accesses the internal data of the computer, the IP verification module is used to verify the network IP; if the network IP is within the whitelist range, data access permissions are granted to users matching the network IP. ; And send identity verification information to users whose access IP matches; if the verification is passed, provide data services to users with data access rights; 所述数据传输模块用于传输计算机的外部数据和内部数据,并将所标记的内部数据和外部数据发送至数据监控模块进行监控管理;The data transmission module is used to transmit external data and internal data of the computer, and send the marked internal data and external data to the data monitoring module for monitoring and management; 当允许外部数据进入计算机内部环境时,则所述外部数据自动被标记为内部数据;所述云端存储模块用于通过云端存储技术对所述内部数据进行存储;其中,云端存储模块包括若干个存储区块,具体存储步骤如下:When external data is allowed to enter the internal environment of the computer, the external data is automatically marked as internal data; the cloud storage module is used to store the internal data through cloud storage technology; wherein the cloud storage module includes several storage devices. Block, the specific storage steps are as follows: 获取每个存储区块的剩余内存并标记为Ny;自动从云平台中获取存储区块的安全偏离系数WX;利用公式CPy=(Ny×r1)/(WX×r2)计算得到存储区块的存配值CPy,其中r1、r2为预设系数因子;Obtain the remaining memory of each storage block and mark it as Ny; automatically obtain the safety deviation coefficient WX of the storage block from the cloud platform; use the formula CPy=(Ny×r1)/(WX×r2) to calculate the storage block Store the allocation value CPy, where r1 and r2 are the preset coefficient factors; 选取存配值CPy最大的存储区块作为选中区块;云端存储模块用于将接收到的内部数据存储至选中区块。The storage block with the largest storage value CPy is selected as the selected block; the cloud storage module is used to store the received internal data in the selected block. 2.根据权利要求1所述的一种基于云计算的网络安全防御系统,其特征在于,所述IP校验模块的具体校验步骤包括:2. A network security defense system based on cloud computing according to claim 1, characterized in that the specific verification steps of the IP verification module include: S1:根据计算机的具体要求,设定允许访问该计算机的网络IP及其访问权限,为该计算机生成其特有的网络访问白名单;S1: According to the specific requirements of the computer, set the network IP and access rights allowed to access the computer, and generate a unique network access whitelist for the computer; S2:获取计算机网络访问恶意IP组库;对已有的计算机网络访问IP进行时间、空间特性和恶意性分析,并最终生成恶意IP组库;S2: Obtain the malicious IP group library for computer network access; analyze the time, space characteristics and maliciousness of the existing computer network access IPs, and finally generate the malicious IP group library; S3:向指定用户分配具有数据访问权限的固定IP;S3: Assign fixed IP with data access rights to designated users; S4:获取访问计算机的网络IP,将其标记为访问IP;比对校验访问IP是否在白名单范围内;S4: Obtain the network IP of the accessed computer and mark it as the access IP; compare and verify whether the access IP is within the whitelist range; S5:若该访问IP不在白名单范围内,则判断访问IP是否存在非法入侵网站行为;即比对校验访问IP是否在恶意IP组库内;S5: If the accessed IP is not in the whitelist, determine whether the accessed IP has illegal intrusion into the website; that is, compare and verify whether the accessed IP is in the malicious IP library; 若该访问IP不在恶意IP组库内,则拒绝访问;若该访问IP在恶意IP组库内,则拒绝访问且查询获取该访问IP地址,追踪用户网络服务痕迹。If the access IP is not in the malicious IP group library, access is denied; if the access IP is in the malicious IP group library, access is denied and the access IP address is queried to track the user's network service traces. 3.根据权利要求1所述的一种基于云计算的网络安全防御系统,其特征在于,所述内部数据为计算机内部环境运行的数据;外部数据为计算机外部环境运行的数据;当内部数据向外部环境进行发送时,则将所需要发送的内部数据进行标记;当外部数据进入计算机内部环境时,则将所需要进入内部环境的外部数据进行标记。3. A network security defense system based on cloud computing according to claim 1, characterized in that the internal data is data running in the internal environment of the computer; the external data is data running in the external environment of the computer; when the internal data is transmitted to When the external environment sends, the internal data that needs to be sent is marked; when the external data enters the internal environment of the computer, the external data that needs to enter the internal environment is marked. 4.根据权利要求2所述的一种基于云计算的网络安全防御系统,其特征在于,当检测到有恶意IP组库内的网络IP访问时,利用数据隔离模块隔离计算机的内部数据信息并生成报警指令,用于提示计算机的内部数据信息遭遇非法入侵。4. A network security defense system based on cloud computing according to claim 2, characterized in that when a network IP access in a malicious IP group library is detected, the data isolation module is used to isolate the internal data information of the computer and Generate alarm instructions to prompt the computer's internal data information to be illegally intruded. 5.根据权利要求3所述的一种基于云计算的网络安全防御系统,其特征在于,所述数据监控模块的具体工作步骤为:5. A network security defense system based on cloud computing according to claim 3, characterized in that the specific working steps of the data monitoring module are: 将所标记的内部数据和外部数据通过特征数据提取模块提取特征数据;将提取到的特征数据与预存在数据库中的预设特征数据进行对比匹配,具体为:Extract feature data from the marked internal data and external data through the feature data extraction module; compare and match the extracted feature data with the preset feature data pre-existing in the database, specifically as follows: V1:将从所标记的内部数据中提取的特征数据与内部数据特征数据库中存储的内部数据中敏感数据的特征点进行对比匹配;V1: Compare and match the feature data extracted from the marked internal data with the feature points of sensitive data in the internal data stored in the internal data feature database; 若无相同特征,则允许该内部数据向外部环境发送;若有相同特征,则中止该内部数据向外部环境发送;If there are no identical characteristics, the internal data is allowed to be sent to the external environment; if there are the same characteristics, the internal data is stopped from being sent to the external environment; V2:将从所标记的外部数据中提取的特征数据与外部数据特征数据库中存储的外部数据中病毒数据的特征点进行对比匹配;V2: Compare and match the feature data extracted from the marked external data with the feature points of the virus data in the external data stored in the external data feature database; 若无相同特征,则允许该外部数据向内部环境发送;若有相同特征,则中止该外部数据向内部环境发送。If there are no identical characteristics, the external data is allowed to be sent to the internal environment; if there are the same characteristics, the external data is stopped from being sent to the internal environment. 6.根据权利要求5所述的一种基于云计算的网络安全防御系统,其特征在于,所述数据库包括内部数据特征数据库和外部数据特征数据库;所述内部数据特征数据库用于存储内部数据中敏感数据的特征点;所述外部数据特征数据用于存储外部数据中病毒数据的特征点。6. A network security defense system based on cloud computing according to claim 5, characterized in that the database includes an internal data feature database and an external data feature database; the internal data feature database is used to store internal data. Feature points of sensitive data; the external data feature data is used to store feature points of virus data in external data. 7.根据权利要求1所述的一种基于云计算的网络安全防御系统,其特征在于,所述攻击监测模块与各个存储区块相连接,用于对各个存储区块进行网络攻击监测;当监测到存储区块遭到网络攻击时,开始计时;当再次未监测到网络攻击时,停止计时;具体监测步骤为:7. A network security defense system based on cloud computing according to claim 1, characterized in that the attack monitoring module is connected to each storage block and is used to monitor network attacks on each storage block; when When it is detected that the storage block is under network attack, the timing starts; when no network attack is detected again, the timing is stopped; the specific monitoring steps are: 统计开始计时与停止计时之间的时间段为攻击持续时间段;将攻击持续时间段的时长标记为攻击持续时长Tc;The time period between the start and stop timing of statistics is the attack duration period; the duration of the attack duration period is marked as the attack duration Tc; 统计攻击持续时间段内网络攻击的次数为C1,网络攻击包括病毒攻击、电子邮件攻击、IP攻击以及冗余数据攻击;The number of network attacks within the statistical attack duration period is C1. Network attacks include virus attacks, email attacks, IP attacks and redundant data attacks; 统计网络攻击的种类数为Z1;利用公式GM=Tc×g1+C1×g2+Z1×g3计算得到攻击值GM,其中g1、g2、g3均为预设系数因子;The number of types of statistical network attacks is Z1; the attack value GM is calculated using the formula GM=Tc×g1+C1×g2+Z1×g3, where g1, g2, and g3 are all preset coefficient factors; 所述攻击监测模块用于将攻击持续时间段和对应的攻击值GM进行融合得到网络攻击记录并将网络攻击记录打上时间戳存储至云平台。The attack monitoring module is used to fuse the attack duration period and the corresponding attack value GM to obtain network attack records, and to time-stamp the network attack records and store them in the cloud platform. 8.根据权利要求7所述的一种基于云计算的网络安全防御系统,其特征在于,所述安全评估模块与云平台相连接,用于根据云平台内存储的带有时间戳的网络攻击记录对存储区块进行安全偏离系数评估,具体为:8. A network security defense system based on cloud computing according to claim 7, characterized in that the security assessment module is connected to the cloud platform and is used to perform network attacks based on time stamps stored in the cloud platform. Record the safety deviation coefficient assessment of the storage block, specifically: 根据时间戳,统计预设时间段内同一存储区块的网络攻击记录;Based on the timestamp, count the network attack records of the same storage block within the preset time period; 统计对应存储区块的网络攻击次数为攻击频次P1,将每条网络攻击记录中的攻击值标记为Gi;将Gi与攻击阈值相比较;Count the number of network attacks in the corresponding storage block as attack frequency P1, mark the attack value in each network attack record as Gi; compare Gi with the attack threshold; 统计Gi大于攻击阈值的次数为C2,当Gi大于攻击阈值时,获取Gi与攻击阈值的差值并进行求和得到超攻总值CZ,利用公式Cg=C2×a1+CZ×a2计算得到超攻系数Cg,其中a1、a2均为预设比例因子;The number of times Gi is greater than the attack threshold is counted as C2. When Gi is greater than the attack threshold, the difference between Gi and the attack threshold is obtained and summed to obtain the total super attack value CZ. Use the formula Cg=C2×a1+CZ×a2 to calculate the super attack value. Attack coefficient Cg, where a1 and a2 are both preset scaling factors; 利用公式WA=P1×a3+Cg×a4计算得到对应存储区块的安全偏离系数WX,其中a3、a4均为预设比例因子;所述安全评估模块用于将存储区块的安全偏离系数WX打上时间戳并存储至云平台。The safety deviation coefficient WX of the corresponding storage block is calculated using the formula WA=P1×a3+Cg×a4, where a3 and a4 are both preset scaling factors; the safety assessment module is used to calculate the safety deviation coefficient WX of the storage block Timestamp and store to cloud platform.
CN202310804735.9A 2023-07-03 2023-07-03 Network security defense system based on cloud computing Withdrawn CN116980185A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310804735.9A CN116980185A (en) 2023-07-03 2023-07-03 Network security defense system based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310804735.9A CN116980185A (en) 2023-07-03 2023-07-03 Network security defense system based on cloud computing

Publications (1)

Publication Number Publication Date
CN116980185A true CN116980185A (en) 2023-10-31

Family

ID=88470439

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310804735.9A Withdrawn CN116980185A (en) 2023-07-03 2023-07-03 Network security defense system based on cloud computing

Country Status (1)

Country Link
CN (1) CN116980185A (en)

Similar Documents

Publication Publication Date Title
Barona et al. A survey on data breach challenges in cloud computing security: Issues and threats
Hauer Data and information leakage prevention within the scope of information security
KR101737726B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
CN1291569C (en) Abnormal detection method for user access activity in attached net storage device
CN110233817B (en) Container safety system based on cloud computing
EP1590736A2 (en) Managed distribution of digital assets
CN110598404A (en) Security risk monitoring method, monitoring device, server and storage medium
CN105337971A (en) Electric power information system cloud safety guarantee system and implementation method thereof
CN107483414A (en) A security protection system and protection method based on cloud computing virtualization environment
CN108183901A (en) Host security defense physical card and its data processing method based on FPGA
CN115225315A (en) Network white list management and control scheme based on Android system
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
CN110119629A (en) Private data management and data safety unified platform
US20240311477A1 (en) Autonomous machine learning methods for detecting and thwarting ransomware attacks
CN112199700B (en) A security management method and system for an MES data system
WO2021217449A1 (en) Malicious intrusion detection method, apparatus, and system, computing device, medium, and program
CN116980185A (en) Network security defense system based on cloud computing
CN108111503A (en) Based on the information safety protection host machine for accessing limitation
CN116894259A (en) A secure access control system for databases
Fu et al. Timing channel in IaaS: How to identify and investigate
Lajevardi et al. Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats
Lin et al. VNGuarder: An Internal Threat Detection Approach for Virtual Network in Cloud Computing Environment
Wolf Ransomware detection
CN203982390U (en) A kind of private network computer safety system based on TPM
CN105871939A (en) Virtual machine safety isolation system under network environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20231031

WW01 Invention patent application withdrawn after publication