CN104283844A - Distributed cloud security system and control method - Google Patents
Distributed cloud security system and control method Download PDFInfo
- Publication number
- CN104283844A CN104283844A CN201310275906.XA CN201310275906A CN104283844A CN 104283844 A CN104283844 A CN 104283844A CN 201310275906 A CN201310275906 A CN 201310275906A CN 104283844 A CN104283844 A CN 104283844A
- Authority
- CN
- China
- Prior art keywords
- cloud security
- security platform
- distribution web
- address
- distributed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 11
- 238000009826 distribution Methods 0.000 claims description 44
- 241000700605 Viruses Species 0.000 claims description 8
- 238000001914 filtration Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000006399 behavior Effects 0.000 abstract description 3
- 238000009434 installation Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a network security device, and discloses a distributed cloud security system and a control method. The distributed cloud security system comprises internet surfing terminals of a plurality of regions and a plurality of distributed web cloud security platform subsystems. The internet surfing terminals of the regions are connected with the distributed web cloud security platform subsystems respectively. The distributed web cloud security platform subsystems are connected with the internet respectively and further connected to a cloud computing center node in a VPN mode respectively. By means of the distributed cloud security system and the control method, enterprises or individual users can stop hostile attack behaviors without installing any software by means of cloud computing, and users are helped to purify the network environment; the network delay problem is effectively solved through a distributed technology, the internet surfing experiences of users is optimized, and the function of increasing the speed of having access to the internet is achieved for the users.
Description
Technical field
The present invention relates to a kind of network security device, be specifically related to a kind of distributed cloud security system.The present invention relates to a kind of control method of distributed cloud security system.
Background technology
The virus that the Internet exists gets more and more, and netizen's environment of surfing the Net is subject to serious threat, current technology mainly:
For enterprise, be deployed in enterprise by hardware device, help enterprise to solve Internet Security and threaten problem;
For individual, realize by allowing user installation software;
These solutions are usually higher to the requirement of user, such as: allow user installation antivirus software, upgrading virus base etc.; And buy technical resource and the network bandwidth that expense that hardware produces costly and in a large number takies user.The technology of specific implementation comprises:
1, gateway-level security protection, this solution is that enterprise buys corresponding hardware, is deployed in enterprise gateway exit, and this equipment is checked by all packets of interception, analyze, determine whether to comprise attack according to certain characteristic sum behavior.
2, pure software security protection, similar solution has traditional antivirus software, need user installation related software and timely upgrading virus or security vault,
3, the solution of software and hardware combining, needs enterprise to buy gateway-level hardware simultaneously at enterprise terminal mounting software simultaneously
4, emerging cloud security solution, solution nearly all in market at present all needs virus killing or the security engine software of user installation desktop level, and cloud security provider helps user to upgrade in time by long-range propelling movement virus base.
Summary of the invention
The object of this invention is to provide a kind of distributed cloud security system, allow enterprise or personal user that any software need not be installed by the means of cloud computing and just can stop malicious attack behavior on network, help user to purify Internet environment; Use distributed computing technology effectively to solve network latency problems, optimizing user online is experienced, and plays as customer access network accelerates function.The object of this invention is to provide a kind of control method of distributed cloud security system.
In order to achieve the above object, the present invention has following technical scheme:
The distributed cloud security system of one of the present invention, comprise the access terminals in several regions, several distribution Web cloud security platform subsystems, the access terminals in several regions described is connected with several distribution Web cloud security platform subsystems respectively, several distribution Web cloud security platform subsystems are connected with the Internet respectively, and several distribution Web cloud security platform subsystems are also connected to cloud computing center node in the mode of VPN respectively;
Described distribution Web cloud security platform subsystem is used for the filtration being responsible for web safety itself;
Described cloud computing center is used for being responsible for unified management distribution Web cloud security platform subsystem, united portal and security strategy, unified virus base, URL storehouse.
The control method of a kind of distributed cloud security system of the present invention, has following steps:
1), user uses the direct open any browser of access terminals, access Intemet, and by giving the browser Configuration Agent of user, the server address of user's link points to the address that distribution Web cloud security platform subsystem provides service;
2), the request of reference address is sent to distribution Web cloud security platform subsystem by user's online, whether the address of the first scan request of distribution Web cloud security platform subsystem is safe, if dangerous, say and directly abandon, and return to access terminals and report that this website is dangerous; If the address of safety, distribution Web cloud security platform subsystem goes to access the network address needing access, when distribution Web cloud security platform subsystem receives the content returned, after the address returned is scanned, clean secure data is returned to access terminals.
Described step 1) in provide the address of service to comprise IP or domain name.
Owing to taking above technical scheme, the invention has the advantages that:
1, based on cloud computing technology, for user provides 100% high in the clouds filtration system, user's computational resource is saved.
2, user is without the need to installing any software.
3, for user provides network acceleration function.
Accompanying drawing explanation
Fig. 1 is the integrally-built schematic diagram of the present invention.
Embodiment
Following examples for illustration of the present invention, but are not used for limiting the scope of the invention.
Because user's online is higher to the requirement of real-time of webpage, common safety filtering will add the delay of macroreticular, has a strong impact on the experience of user, and therefore the present invention adopts distribution Web cloud security platform.
See Fig. 1, the distributed cloud security system of one of the present invention, comprise the access terminals in several regions, several distribution Web cloud security platform subsystems, the access terminals in several regions described is connected with several distribution Web cloud security platform subsystems respectively, several distribution Web cloud security platform subsystems are connected with the Internet respectively, and several distribution Web cloud security platform subsystems are also connected to cloud computing center node in the mode of VPN respectively;
Described distribution Web cloud security platform subsystem is used for the filtration being responsible for web safety itself;
Described cloud computing center is used for being responsible for unified management distribution Web cloud security platform subsystem, united portal and security strategy, unified virus base, URL storehouse.
The control method of a kind of distributed cloud security system of the present invention, has following steps:
1), user uses the direct open any browser of access terminals, access Intemet, and by giving the browser Configuration Agent of user, the server address of user's link points to the address that distribution Web cloud security platform subsystem provides service, as IP or domain name;
2), the request of reference address is sent to distribution Web cloud security platform subsystem by user's online, whether the address of the first scan request of distribution Web cloud security platform subsystem is safe, if dangerous, say and directly abandon, and return to access terminals and report that this website is dangerous; If the address of safety, distribution Web cloud security platform subsystem goes to access the network address needing access, when distribution Web cloud security platform subsystem receives the content returned, after the address returned is scanned, clean secure data is returned to access terminals.
Relation between distribution Web cloud security platform subsystem and cloud computing center:
1. cloud computing center plays the unified management to each distribution Web cloud security platform subsystem, such as: by cloud computing center distribution policy on different distribution Web cloud security platform subsystems, anti-malicious attack database is distributed in different distribution Web cloud security platform subsystems.
2. distribution Web cloud security platform subsystem and cloud computing center direct data communication rely on the vpn system of safety.
3. distribution Web cloud security platform subsystem can will filter log information, auditing system, unification is aggregated into cloud computing center, calculate potential malicious attack type by the method for machine learning and artificial intelligence after cloud computing center gathers the information of different distributions formula web cloud security platform subsystem, generate new anti-malicious attack database.
4. user configures related management unification and goes to the door of cloud computing center, and this door configures the type selecting oneself wanting to configure.
VPN: VPN (virtual private network) (Virtual Private Network is called for short VPN) refers to the technology setting up dedicated network in common network.Why it is called virtual net, mainly because the end to end physical link of connection not needed for traditional private network between any two nodes of whole VPN, but the network platform that framework provides in common network service provider, as the logical network on Intemet, ATM (asynchronous transfer mode), Frame Relay (frame relay) etc., user data transmits in logical links.It encompasses the expansion of the dedicated network across the encapsulation of shared network or public network, encryption and authentication link.
URL: URL(uniform resource locator) (abbreviation of URL, English Uniform Resource Locator) is also referred to as web page address, is the address of the resource of standard on internet.It is be used as the address of World Wide Web (WWW) by Di Mubainasi-Li Faming at first.It has been worked out as Internet Standard RFC1738 by World Wide Web Consortium now.
The distributed cloud security system of employing of the present invention has following benefit:
1, to the network of often access, distribution Web cloud security platform subsystem does lower high-speed cache to it, like this can the access speed of accelerating network, reduces system delay.
2, distribution Web cloud security platform subsystem is in different data centers and node, and by routing data to from the nearest node of user to the judgement intelligence of IP address, can reduce the route on network like this, user surfs the Net and experiences better.
3, without the need to mounting software hardware etc., only need to arrange a proxy server at browser.
Obviously, above-mentioned enforcement of the present invention is only for example of the present invention is clearly described, and is not the restriction to embodiments of the present invention.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here cannot give exhaustive to all execution modes.Every belong to technical scheme of the present invention the apparent change of extending out or variation be still in the row of protection scope of the present invention.
Claims (3)
1. a distributed cloud security system, it is characterized in that: the access terminals comprising several regions, several distribution Web cloud security platform subsystems, the access terminals in several regions described is connected with several distribution Web cloud security platform subsystems respectively, several distribution Web cloud security platform subsystems are connected with the Internet respectively, and several distribution Web cloud security platform subsystems are also connected to cloud computing center node in the mode of VPN respectively;
Described distribution Web cloud security platform subsystem is used for the filtration being responsible for web safety itself;
Described cloud computing center is used for being responsible for unified management distribution Web cloud security platform subsystem, united portal and security strategy, unified virus base, URL storehouse.
2. a control method for distributed cloud security system, is characterized in that there are following steps:
1), user uses the direct open any browser of access terminals, access Intemet, and by giving the browser Configuration Agent of user, the server address of user's link points to the address that distribution Web cloud security platform subsystem provides service;
2), the request of reference address is sent to distribution Web cloud security platform subsystem by user's online, whether the address of the first scan request of distribution Web cloud security platform subsystem is safe, if dangerous, say and directly abandon, and return to access terminals and report that this website is dangerous; If the address of safety, distribution Web cloud security platform subsystem goes to access the network address needing access, when distribution Web cloud security platform subsystem receives the content returned, after the address returned is scanned, clean secure data is returned to access terminals.
3., according to the control method of a kind of distributed cloud security system according to claim 2, it is characterized in that: described step 1) in provide the address of service to comprise IP or domain name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310275906.XA CN104283844A (en) | 2013-07-03 | 2013-07-03 | Distributed cloud security system and control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310275906.XA CN104283844A (en) | 2013-07-03 | 2013-07-03 | Distributed cloud security system and control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104283844A true CN104283844A (en) | 2015-01-14 |
Family
ID=52258331
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310275906.XA Pending CN104283844A (en) | 2013-07-03 | 2013-07-03 | Distributed cloud security system and control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104283844A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101111053A (en) * | 2006-07-18 | 2008-01-23 | 中兴通讯股份有限公司 | System and method for defending against network attacks in mobile networks |
| US7415723B2 (en) * | 2002-06-11 | 2008-08-19 | Pandya Ashish A | Distributed network security system and a hardware processor therefor |
| CN102045353A (en) * | 2010-12-13 | 2011-05-04 | 北京交通大学 | Distributed network security control method of public cloud service |
| CN102090019A (en) * | 2008-07-08 | 2011-06-08 | 微软公司 | Automatically distributed network protection |
| CN202772927U (en) * | 2012-09-10 | 2013-03-06 | 厦门锐思特软件科技有限公司 | Internal network information safety management system based on cloud desktop |
-
2013
- 2013-07-03 CN CN201310275906.XA patent/CN104283844A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7415723B2 (en) * | 2002-06-11 | 2008-08-19 | Pandya Ashish A | Distributed network security system and a hardware processor therefor |
| CN101111053A (en) * | 2006-07-18 | 2008-01-23 | 中兴通讯股份有限公司 | System and method for defending against network attacks in mobile networks |
| CN102090019A (en) * | 2008-07-08 | 2011-06-08 | 微软公司 | Automatically distributed network protection |
| CN102045353A (en) * | 2010-12-13 | 2011-05-04 | 北京交通大学 | Distributed network security control method of public cloud service |
| CN202772927U (en) * | 2012-09-10 | 2013-03-06 | 厦门锐思特软件科技有限公司 | Internal network information safety management system based on cloud desktop |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10826872B2 (en) | Security policy for browser extensions | |
| US20200287925A1 (en) | Entity Group Behavior Profiling | |
| Nobori et al. | {VPN} Gate: A {Volunteer-Organized} Public {VPN} Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls | |
| US10469514B2 (en) | Collaborative and adaptive threat intelligence for computer security | |
| JP5325335B2 (en) | Filtering method, system, and network device | |
| Abusaimeh | Distributed denial of service attacks in cloud computing | |
| CN103023924B (en) | The ddos attack means of defence of the cloud distribution platform of content-based distributing network and system | |
| CN105634998B (en) | Method and system for unified monitoring of physical machine and virtual machine in multi-tenant environment | |
| CN105897674A (en) | DDoS attack protection method applied to CDN server group and system | |
| CN109413069B (en) | Application method and device of virtual website firewall based on block chain | |
| US11140178B1 (en) | Methods and system for client side analysis of responses for server purposes | |
| CN103095778A (en) | Web application firewall and web application safety protection method | |
| KR101200906B1 (en) | High Performance System and Method for Blocking Harmful Sites Access on the basis of Network | |
| Ahmed et al. | Detection and prevention of DDoS attacks on software defined networks controllers for smart grid | |
| CN103916379A (en) | CC attack identification method and system based on high frequency statistics | |
| CN106210057A (en) | A kind of cloud security means of defence based on CDN | |
| CN111181850B (en) | Data packet flooding suppression method, device and equipment and computer storage medium | |
| Krishnaveni et al. | A survey on honeypot and honeynet systems for intrusion detection in cloud environment | |
| Rao et al. | SEDoS-7: a proactive mitigation approach against EDoS attacks in cloud computing | |
| US11874845B2 (en) | Centralized state database storing state information | |
| CN106789892B (en) | Universal method for defending distributed denial of service attack for cloud platform | |
| Achar | Science gateways: accelerating research for cloud infrastructure | |
| CN104378358A (en) | HTTP Get Flood attack prevention method based on server log | |
| CN101257502B (en) | Protecting server and network method | |
| Jiang et al. | Performance research on industrial demilitarized zone in defense-in-depth architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING POLY MIWIN SOFTWARE TECHNOLOGY CO., LTD. Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: BEIJING POLY MIWIN SOFTWARE TECHNOLOGY CO., LTD. Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING POLY MIWIN SOFTWARE TECHNOLOGY CO., LTD. Document name: Notification of Patent Invention Entering into Substantive Examination Stage |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING POLY MIWIN SOFTWARE TECHNOLOGY CO., LTD. Document name: the First Notification of an Office Action |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING POLY MIWIN SOFTWARE TECHNOLOGY CO., LTD. Document name: Notification that Application Deemed to be Withdrawn |
|
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150114 |
|
| WD01 | Invention patent application deemed withdrawn after publication |