[go: up one dir, main page]

CN109005165A - Integral network safety defence method, device and storage medium - Google Patents

Integral network safety defence method, device and storage medium Download PDF

Info

Publication number
CN109005165A
CN109005165A CN201810809767.7A CN201810809767A CN109005165A CN 109005165 A CN109005165 A CN 109005165A CN 201810809767 A CN201810809767 A CN 201810809767A CN 109005165 A CN109005165 A CN 109005165A
Authority
CN
China
Prior art keywords
website
abnormal
information
network safety
defence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810809767.7A
Other languages
Chinese (zh)
Inventor
龙春
宋丹劼
赵静
杨帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Computer Network Information Center of CAS
Original Assignee
Computer Network Information Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Computer Network Information Center of CAS filed Critical Computer Network Information Center of CAS
Priority to CN201810809767.7A priority Critical patent/CN109005165A/en
Publication of CN109005165A publication Critical patent/CN109005165A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of integral network safety defence method, device and storage mediums, are related to network safety filed.The method comprise the steps that obtaining the website abnormal information that monitoring system reports, the address information of abnormal website is carried in the website abnormal information;Based on the website abnormal information, cyber-defence integrated treatment is carried out;When the website abnormal for receiving the abnormal website feedback has removed information, the access authority of the abnormal website is opened.The present invention can be improved the validity of network security.

Description

一体化网络安全防御方法、装置及存储介质Integrated network security defense method, device and storage medium

技术领域technical field

本发明涉及网络安全领域,尤其涉及一种一体化网络安全防御方法、装置及存储介质。The invention relates to the field of network security, in particular to an integrated network security defense method, device and storage medium.

背景技术Background technique

随着网络技术的不断发展,企业或用户对网络的依赖性越来越强,与此同时,网络安全成为网络发展过程中的重要关注点。With the continuous development of network technology, enterprises or users are increasingly dependent on the network. At the same time, network security has become an important concern in the process of network development.

目前有很多安全防护产品,例如防火墙、入侵检测系统、漏洞扫描系统、网站风险评估系统、网络应用监控系统、上网行为审计系统等等,然而,各种安全设备、网络设备、应用系统等都涉及不同厂家、不同型号、且各设备之间彼此孤立,无法进行关联,导致网络安全无法得到保障。At present, there are many security protection products, such as firewalls, intrusion detection systems, vulnerability scanning systems, website risk assessment systems, network application monitoring systems, online behavior auditing systems, etc. However, various security devices, network devices, application systems, etc. Different manufacturers, different models, and each device is isolated from each other and cannot be associated, resulting in network security that cannot be guaranteed.

发明内容Contents of the invention

本发明的实施例提供一种一体化网络安全防御方法、装置及存储介质,能够解决网络安全无法得到保障的问题。Embodiments of the present invention provide an integrated network security defense method, device and storage medium, which can solve the problem that network security cannot be guaranteed.

为达到上述目的,本发明的实施例采用如下技术方案:In order to achieve the above object, embodiments of the present invention adopt the following technical solutions:

第一方面,本发明的实施例提供一种一体化网络安全防御方法,其特征在于,包括:In the first aspect, an embodiment of the present invention provides an integrated network security defense method, which is characterized in that it includes:

获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息;Obtaining abnormal website information reported by the monitoring system, the abnormal website information carrying address information of the abnormal website;

基于所述网站异常信息,进行网络防御一体化处理;Based on the abnormal information of the website, perform integrated network defense processing;

当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限。When the website abnormality cleared information fed back by the abnormal website is received, the access authority of the abnormal website is enabled.

结合第一方面,在第一方面的第一种可能的实现方式中,所述进行网络防御一体化处理,包括:With reference to the first aspect, in the first possible implementation manner of the first aspect, the integrated processing of network defense includes:

通过所述异常网站的管理员,关闭所述异常网站的访问权限;Through the administrator of the abnormal website, close the access authority of the abnormal website;

通过防火墙,关闭所述异常网站的外部访问权限。Through the firewall, close the external access authority of the abnormal website.

结合第一方面的第一种可能的实现方式,在第一方面的第一种可能的实现方式中,所述进行网络防御一体化处理,还包括:With reference to the first possible implementation of the first aspect, in the first possible implementation of the first aspect, the integrated processing of network defense further includes:

基于入侵检测系统、网站风险评估系统、漏洞扫描系统,获取网站异常原因。Based on the intrusion detection system, website risk assessment system, and vulnerability scanning system, the reasons for website abnormalities are obtained.

结合第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,所述方法还包括:With reference to the second possible implementation of the first aspect, in a third possible implementation of the first aspect, the method further includes:

当网站异常原因为安全漏洞遭受黑客攻击时,通过所述异常网站的管理员进行安全漏洞修复。When the cause of the abnormality of the website is that the security hole is attacked by hackers, the administrator of the abnormal website performs the repair of the security hole.

结合第一方面的第三种可能的实现方式,在第一方面的第四种可能的实现方式中,所述当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限,包括:With reference to the third possible implementation of the first aspect, in the fourth possible implementation of the first aspect, when the information that the abnormal website has been cleared is received from the abnormal website, start the abnormal website access rights, including:

当接收到所述异常网站的管理员反馈的安全漏洞已修复信息时,通过所述漏洞扫描系统扫描确认所述异常网站当前是否存在漏洞;When receiving feedback from the administrator of the abnormal website that the security vulnerability has been repaired, scan through the vulnerability scanning system to confirm whether there is currently a vulnerability in the abnormal website;

响应于接收到所述漏洞扫描系统反馈的当前无安全漏洞信息,开启所述异常网站的访问权限。In response to receiving the feedback from the vulnerability scanning system that there is currently no security vulnerability information, enable the access authority of the abnormal website.

第二方面,本发明的实施例提供一种一体化网络安全防御装置,包括:In a second aspect, embodiments of the present invention provide an integrated network security defense device, including:

获取模块,用于获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息;An acquisition module, configured to acquire abnormal website information reported by the monitoring system, where the abnormal website information carries address information of the abnormal website;

防御模块,用于基于所述网站异常信息,进行网络防御一体化处理;A defense module, configured to perform integrated processing of network defense based on the abnormal information of the website;

开启模块,用于当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限。The opening module is used to open the access authority of the abnormal website when receiving the information that the website abnormality has been cleared from the feedback of the abnormal website.

结合第二方面,在第二方面的第一种可能的实现方式中,所述防御模块,包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, the defense module includes:

第一关闭子模块,用于通过所述异常网站的管理员,关闭所述异常网站的访问权限;The first closing sub-module is used to close the access authority of the abnormal website through the administrator of the abnormal website;

第二关闭子模块,用于通过防火墙,关闭所述异常网站的外部访问权限。The second closing sub-module is used to close the external access authority of the abnormal website through the firewall.

结合第二方面的第一种可能的实现方式,在第二方面的第一种可能的实现方式中,所述防御模块,还包括:With reference to the first possible implementation of the second aspect, in the first possible implementation of the second aspect, the defense module further includes:

获取子模块,用于基于入侵检测系统、网站风险评估系统、漏洞扫描系统,获取网站异常原因。The obtaining sub-module is used to obtain the cause of the abnormality of the website based on the intrusion detection system, the website risk assessment system, and the vulnerability scanning system.

结合第二方面的第二种可能的实现方式,在第二方面的第三种可能的实现方式中,所述装置还包括:With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect, the device further includes:

修复模块,用于当网站异常原因为安全漏洞遭受黑客攻击时,通过所述异常网站的管理员进行安全漏洞修复。The repairing module is used for repairing the security hole through the administrator of the abnormal website when the reason for the abnormality of the website is that the security hole is attacked by hackers.

结合第二方面的第三种可能的实现方式,在第二方面的第四种可能的实现方式中,包括:In combination with the third possible implementation of the second aspect, the fourth possible implementation of the second aspect includes:

确认子模块,用于当接收到所述异常网站的管理员反馈的安全漏洞已修复信息时,通过所述漏洞扫描系统扫描确认所述异常网站当前是否存在漏洞;The confirmation sub-module is used to scan and confirm whether the abnormal website currently has a vulnerability through the scanning of the vulnerability scanning system when receiving the information that the security vulnerability has been repaired fed back by the administrator of the abnormal website;

开启子模块,用于响应于接收到所述漏洞扫描系统反馈的当前无安全漏洞信息,开启所述异常网站的访问权限。The opening sub-module is used to open the access authority of the abnormal website in response to receiving the information that there is currently no security vulnerability fed back by the vulnerability scanning system.

第三方面,本发明的实施例提供一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现第一方面提供的方法的步骤。In a third aspect, an embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, wherein, when the program is executed by a processor, the steps of the method provided in the first aspect are implemented.

本发明实施例提供的一体化网络安全防御方法、装置及存储介质,通过获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息;基于所述网站异常信息,进行网络防御一体化处理;当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限。能够通过网络防御一体化平台获取各存在异常的网站信息,并统一调度平台关联的各网络安全设备统一进行网络安全防御,从而可以实现各种安全设备、网络设备、应用系统等都涉及不同厂家、不同型号、且各设备之间彼此关联,可以实现上下游多种安全设备联动和一键式控制指令的下达,提供网络安全主动防御、通报预警及相应支持,进而可以提高网络安全的有效性。The integrated network security defense method, device, and storage medium provided by the embodiments of the present invention obtain the abnormal website information reported by the monitoring system, and the abnormal website information carries the address information of the abnormal website; based on the abnormal website information, the Integrated processing of network defense; when receiving feedback from the abnormal website that the website abnormality has been cleared, enable access to the abnormal website. It is possible to obtain abnormal website information through the network defense integrated platform, and uniformly dispatch all network security devices associated with the platform for unified network security defense, so that various security devices, network devices, application systems, etc. are involved in different manufacturers, Different models and each device are related to each other, which can realize the linkage of multiple security devices upstream and downstream and the issuance of one-click control commands, provide network security active defense, notification and early warning, and corresponding support, thereby improving the effectiveness of network security.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

图1是本发明实施例的一体化网络安全防御方法的流程示意图;FIG. 1 is a schematic flow diagram of an integrated network security defense method according to an embodiment of the present invention;

图2是本发明实施例的一体化网络安全防御方法的另一流程示意图;Fig. 2 is another schematic flow chart of the integrated network security defense method according to the embodiment of the present invention;

图3是本发明实施例的一体化网络安全防御装置结构示意图;3 is a schematic structural diagram of an integrated network security defense device according to an embodiment of the present invention;

图4是本发明实施例的防御模块的结构示意图;Fig. 4 is a schematic structural diagram of a defense module according to an embodiment of the present invention;

图5是本发明实施例的一体化网络安全防御装置的另一结构示意图;Fig. 5 is another structural schematic diagram of the integrated network security defense device according to the embodiment of the present invention;

图6是本发明实施例的开启模块的结构示意图;Fig. 6 is a schematic structural diagram of an opening module according to an embodiment of the present invention;

图7是本发明实施例的一体化网络安全防御装置700的结构示意图。FIG. 7 is a schematic structural diagram of an integrated network security defense device 700 according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明一实施例提供一种一体化网络安全防御方法,如图1所示,所述方法包括:An embodiment of the present invention provides an integrated network security defense method, as shown in Figure 1, the method includes:

101、获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息。101. Obtain abnormal website information reported by the monitoring system, where the abnormal website information carries address information of the abnormal website.

102、基于所述网站异常信息,进行网络防御一体化处理。102. Based on the abnormal website information, perform integrated network defense processing.

其中,网络防御一体化处理涉及异常网站的管理员、防火墙、入侵检测系统、网站风险评估系统、漏洞扫描系统等相关联的设备或系统。Among them, the integrated processing of network defense involves related equipment or systems such as administrators of abnormal websites, firewalls, intrusion detection systems, website risk assessment systems, and vulnerability scanning systems.

103、当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限。103. When receiving the information that the website abnormality has been cleared from the abnormal website, enable the access permission of the abnormal website.

与现有技术相比,本发明实施例能够通过网络防御一体化平台获取各存在异常的网站信息,并统一调度平台关联的各网络安全设备统一进行网络安全防御,从而可以实现各种安全设备、网络设备、应用系统等都涉及不同厂家、不同型号、且各设备之间彼此关联,可以实现上下游多种安全设备联动和一键式控制指令的下达,提供网络安全主动防御、通报预警及相应支持,进而可以提高网络安全的有效性。Compared with the prior art, the embodiment of the present invention can obtain the abnormal website information through the integrated network defense platform, and uniformly dispatch all network security devices associated with the platform to perform network security defense in a unified manner, so that various security devices, Network devices and application systems all involve different manufacturers and models, and the devices are related to each other. It can realize the linkage of multiple security devices upstream and downstream and the issuance of one-click control commands, and provide network security active defense, notification and early warning and corresponding support, which in turn can increase the effectiveness of cybersecurity.

本发明又一实施例提供一种一体化网络安全防御方法,如图2所示,所述方法包括:Another embodiment of the present invention provides an integrated network security defense method, as shown in Figure 2, the method includes:

201、获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息。201. Obtain abnormal website information reported by the monitoring system, where the abnormal website information carries address information of the abnormal website.

202、通过所述异常网站的管理员,关闭所述异常网站的访问权限。202. Close the access authority of the abnormal website through the administrator of the abnormal website.

203、通过防火墙,关闭所述异常网站的外部访问权限。203. Close the external access authority of the abnormal website through the firewall.

204、基于入侵检测系统、网站风险评估系统、漏洞扫描系统,获取网站异常原因。204. Based on the intrusion detection system, the website risk assessment system, and the vulnerability scanning system, obtain the cause of the website abnormality.

在本发明实施例中,可通过侵检测系统、网站风险评估系统、漏洞扫描系统中的任意一项或任意多相配合,获取网站异常原因。In the embodiment of the present invention, any one or more of the intrusion detection system, the website risk assessment system, and the vulnerability scanning system can cooperate to obtain the cause of the abnormality of the website.

其中,网站异常可以为网站访问量异常等问题。Wherein, the website abnormality may be a problem such as abnormal website visits.

205、当网站异常原因为安全漏洞遭受黑客攻击时,通过所述异常网站的管理员进行安全漏洞修复。205. When the reason for the website abnormality is that a security hole is attacked by a hacker, the administrator of the abnormal website repairs the security hole.

206、当接收到所述异常网站的管理员反馈的安全漏洞已修复信息时,通过所述漏洞扫描系统扫描确认所述异常网站当前是否存在漏洞。206. When receiving feedback from the administrator of the abnormal website that the security vulnerability has been repaired, scan and confirm whether the abnormal website currently has a vulnerability through the vulnerability scanning system.

207、响应于接收到所述漏洞扫描系统反馈的当前无安全漏洞信息,开启所述异常网站的访问权限。207. In response to receiving the information that there is currently no security vulnerability fed back by the vulnerability scanning system, enable the access authority of the abnormal website.

与现有技术相比,本发明实施例能够通过网络防御一体化平台获取各存在异常的网站信息,并统一调度平台关联的各网络安全设备统一进行网络安全防御,从而可以实现各种安全设备、网络设备、应用系统等都涉及不同厂家、不同型号、且各设备之间彼此关联,可以实现上下游多种安全设备联动和一键式控制指令的下达,提供网络安全主动防御、通报预警及相应支持,进而可以提高网络安全的有效性。Compared with the prior art, the embodiment of the present invention can obtain the abnormal website information through the integrated network defense platform, and uniformly dispatch all network security devices associated with the platform to perform network security defense in a unified manner, so that various security devices, Network devices and application systems all involve different manufacturers and models, and the devices are related to each other. It can realize the linkage of multiple security devices upstream and downstream and the issuance of one-click control commands, and provide network security active defense, notification and early warning and corresponding support, which in turn can increase the effectiveness of cybersecurity.

本发明又一实施例提供一种一体化网络安全防御装置,如图3所示,所述装置包括:Another embodiment of the present invention provides an integrated network security defense device, as shown in Figure 3, the device includes:

获取模块31,用于获取监控系统上报的网站异常信息,所述网站异常信息中携带有异常网站的地址信息;The obtaining module 31 is used to obtain the abnormal website information reported by the monitoring system, and the abnormal website information carries the address information of the abnormal website;

防御模块32,用于基于所述网站异常信息,进行网络防御一体化处理;A defense module 32, configured to perform integrated processing of network defense based on the abnormal information of the website;

开启模块33,用于当接收到所述异常网站反馈的网站异常已清除信息时,开启所述异常网站的访问权限。The opening module 33 is configured to open the access authority of the abnormal website when receiving the information that the website abnormality has been cleared from the feedback of the abnormal website.

进一步的,如图4所示,所述防御模块32,包括:Further, as shown in Figure 4, the defense module 32 includes:

第一关闭子模块3201,用于通过所述异常网站的管理员,关闭所述异常网站的访问权限;The first closing sub-module 3201 is used to close the access authority of the abnormal website through the administrator of the abnormal website;

第二关闭子模块3202,用于通过防火墙,关闭所述异常网站的外部访问权限。The second closing sub-module 3202 is configured to close the external access authority of the abnormal website through the firewall.

获取子模块3203,用于基于入侵检测系统、网站风险评估系统、漏洞扫描系统,获取网站异常原因。The obtaining sub-module 3203 is used to obtain the cause of the abnormality of the website based on the intrusion detection system, the website risk assessment system, and the vulnerability scanning system.

进一步的,如图5所示,所述装置还包括:Further, as shown in Figure 5, the device also includes:

修复模块51,用于当网站异常原因为安全漏洞遭受黑客攻击时,通过所述异常网站的管理员进行安全漏洞修复。The repairing module 51 is used for repairing the security hole through the administrator of the abnormal website when the cause of the abnormality of the website is that the security hole is attacked by hackers.

进一步的,如图6所示,所述开启模块33,包括:Further, as shown in Figure 6, the opening module 33 includes:

确认子模块3301,用于当接收到所述异常网站的管理员反馈的安全漏洞已修复信息时,通过所述漏洞扫描系统扫描确认所述异常网站当前是否存在漏洞;Confirmation sub-module 3301, configured to scan and confirm whether the abnormal website currently has a vulnerability through the vulnerability scanning system when receiving feedback from the administrator of the abnormal website that the security vulnerability has been repaired;

开启子模块3302,用于响应于接收到所述漏洞扫描系统反馈的当前无安全漏洞信息,开启所述异常网站的访问权限。The opening sub-module 3302 is configured to open the access authority of the abnormal website in response to receiving the information that there are currently no security vulnerabilities fed back by the vulnerability scanning system.

与现有技术相比,本发明实施例能够通过网络防御一体化平台获取各存在异常的网站信息,并统一调度平台关联的各网络安全设备统一进行网络安全防御,从而可以实现各种安全设备、网络设备、应用系统等都涉及不同厂家、不同型号、且各设备之间彼此关联,可以实现上下游多种安全设备联动和一键式控制指令的下达,提供网络安全主动防御、通报预警及相应支持,进而可以提高网络安全的有效性。Compared with the prior art, the embodiment of the present invention can obtain the abnormal website information through the integrated network defense platform, and uniformly dispatch all network security devices associated with the platform to perform network security defense in a unified manner, so that various security devices, Network devices and application systems all involve different manufacturers and models, and the devices are related to each other. It can realize the linkage of multiple security devices upstream and downstream and the issuance of one-click control commands, and provide network security active defense, notification and early warning and corresponding support, which in turn can increase the effectiveness of cybersecurity.

本发明实施例还提供另一种计算机可读存储介质,该计算机可读存储介质可以是上述实施例中的存储器中所包含的计算机可读存储介质;也可以是单独存在,未装配入终端中的计算机可读存储介质。所述计算机可读存储介质存储有一个或者一个以上程序,所述一个或者一个以上程序被一个或者一个以上的处理器用来执行图1、图2所示实施例提供的一体化网络安全防御方法。The embodiment of the present invention also provides another computer-readable storage medium, which may be the computer-readable storage medium included in the memory in the above-mentioned embodiments; or exist independently and not be assembled into the terminal computer readable storage media. The computer-readable storage medium stores one or more programs, and the one or more programs are used by one or more processors to execute the integrated network security defense method provided by the embodiments shown in FIG. 1 and FIG. 2 .

本发明实施例提供的一体化网络安全防御装置可以实现上述提供的方法实施例,具体功能实现请参见方法实施例中的说明,在此不再赘述。本发明实施例提供的一体化网络安全防御方法、装置及存储介质可以适用于进行一体化网络安全防御,但不仅限于此。The integrated network security defense device provided in the embodiment of the present invention can implement the method embodiment provided above. For specific function implementation, please refer to the description in the method embodiment, and details will not be repeated here. The integrated network security defense method, device, and storage medium provided by the embodiments of the present invention may be applicable to integrated network security defense, but are not limited thereto.

如图7所示,一体化网络安全防御装置700可以是移动电话,计算机,数字广播终端,消息收发设备,游戏控制台,平板设备,个人数字助理等。As shown in FIG. 7 , the integrated network security defense device 700 can be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a personal digital assistant, and the like.

参照图7,一体化网络安全防御装置700可以包括以下一个或多个组件:处理组件702,存储器704,电源组件706,多媒体组件708,音频组件710,输入/输出(I/O)的接口712,传感器组件714,以及通信组件716。Referring to FIG. 7, the integrated network security defense device 700 may include one or more of the following components: a processing component 702, a memory 704, a power supply component 706, a multimedia component 708, an audio component 710, and an input/output (I/O) interface 712 , sensor component 714, and communication component 716.

处理组件702通常控制无人机控制装置700的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理组件702可以包括一个或多个处理器720来执行指令。The processing component 702 generally controls the overall operations of the drone control device 700, such as operations associated with display, phone calls, data communications, camera operations, and recording operations. Processing component 702 may include one or more processors 720 to execute instructions.

此外,处理组件702可以包括一个或多个模块,便于处理组件702和其他组件之间的交互。例如,处理组件702可以包括多媒体模块,以方便多媒体组件708和处理组件702之间的交互。Additionally, processing component 702 may include one or more modules that facilitate interaction between processing component 702 and other components. For example, processing component 702 may include a multimedia module to facilitate interaction between multimedia component 708 and processing component 702 .

存储器704被配置为存储各种类型的数据以支持在无人机控制装置700的操作。这些数据的示例包括用于在无人机控制装置700上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器704可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The memory 704 is configured to store various types of data to support operations at the drone control device 700 . Examples of such data include instructions for any application or method operating on the drone control device 700, contact data, phonebook data, messages, pictures, videos, etc. The memory 704 can be realized by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

电源组件706为无人机控制装置700的各种组件提供电力。电源组件706可以包括电源管理系统,一个或多个电源,及其他与为无人机控制装置700生成、管理和分配电力相关联的组件。The power supply component 706 provides power to various components of the drone control device 700 . Power components 706 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to drone control 700 .

多媒体组件708包括在所述无人机控制装置700和用户之间的提供一个输出接口的屏幕。在一些实施例中,屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。在一些实施例中,多媒体组件708包括一个前置摄像头和/或后置摄像头。当无人机控制装置700处于操作模式,如拍摄模式或视频模式时,前置摄像头和/或后置摄像头可以接收外部的多媒体数据。每个前置摄像头和后置摄像头可以是一个固定的光学透镜系统或具有焦距和光学变焦能力。The multimedia component 708 includes a screen that provides an output interface between the drone control device 700 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense a boundary of a touch or swipe action, but also detect duration and pressure associated with the touch or swipe action. In some embodiments, the multimedia component 708 includes a front camera and/or a rear camera. When the UAV control device 700 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera can receive external multimedia data. Each front camera and rear camera can be a fixed optical lens system or have focal length and optical zoom capability.

音频组件710被配置为输出和/或输入音频信号。例如,音频组件710包括一个麦克风(MIC),当无人机控制装置700处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器704或经由通信组件716发送。在一些实施例中,音频组件710还包括一个扬声器,用于输出音频信号。The audio component 710 is configured to output and/or input audio signals. For example, the audio component 710 includes a microphone (MIC), which is configured to receive external audio signals when the drone control device 700 is in operation modes, such as calling mode, recording mode and voice recognition mode. Received audio signals may be further stored in memory 704 or sent via communication component 716 . In some embodiments, the audio component 710 also includes a speaker for outputting audio signals.

I/O接口712为处理组件702和外围接口模块之间提供接口,上述外围接口模块可以是键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。The I/O interface 712 provides an interface between the processing component 702 and a peripheral interface module, which may be a keyboard, a click wheel, a button, and the like. These buttons may include, but are not limited to: a home button, volume buttons, start button, and lock button.

传感器组件714包括一个或多个传感器,用于为无人机控制装置700提供各个方面的状态评估。例如,传感器组件714可以检测到无人机控制装置700的打开/关闭状态,组件的相对定位,例如所述组件为无人机控制装置700的显示器和小键盘,传感器组件714还可以检测无人机控制装置700或无人机控制装置700一个组件的位置改变,用户与无人机控制装置700接触的存在或不存在,无人机控制装置700方位或加速/减速和无人机控制装置700的温度变化。传感器组件714可以包括接近传感器,被配置用来在没有任何的物理接触时检测附近物体的存在。传感器组件714还可以包括光传感器,如CMOS或CCD图像传感器,用于在成像应用中使用。在一些实施例中,该传感器组件714还可以包括加速度传感器,陀螺仪传感器,磁传感器,压力传感器或温度传感器。Sensor assembly 714 includes one or more sensors for providing various aspects of status assessment for drone controls 700 . For example, the sensor assembly 714 can detect the open/closed state of the drone control device 700, the relative positioning of components, such as the display and keypad of the drone control device 700, and the sensor assembly 714 can also detect unmanned vehicles. A change in position of drone controls 700 or a component of drone controls 700 , presence or absence of user contact with drone controls 700 , drone controls 700 orientation or acceleration/deceleration and drone controls 700 temperature change. Sensor assembly 714 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. Sensor assembly 714 may also include an optical sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor component 714 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.

通信组件716被配置为便于无人机控制装置700和其他设备之间有线或无线方式的通信。无人机控制装置700可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件716经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件716还包括近场通信(NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。The communication component 716 is configured to facilitate wired or wireless communication between the drone control device 700 and other devices. The UAV control device 700 can access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 716 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 716 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology and other technologies.

在示例性实施例中,无人机控制装置700可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现。In an exemplary embodiment, the drone control device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs) , field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于设备实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for relevant parts, please refer to part of the description of the method embodiment.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random AccessMemory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. All should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (11)

1. a kind of integral network safety defence method characterized by comprising
The website abnormal information that monitoring system reports is obtained, the address letter of abnormal website is carried in the website abnormal information Breath;
Based on the website abnormal information, cyber-defence integrated treatment is carried out;
When the website abnormal for receiving the abnormal website feedback has removed information, the access right of the abnormal website is opened Limit.
2. integration integral network safety defence method according to claim 1, which is characterized in that the carry out network Defend integrated treatment, comprising:
By the administrator of the abnormal website, the access authority of the abnormal website is closed;
By firewall, the outside access permission of the abnormal website is closed.
3. integration integral network safety defence method according to claim 2, which is characterized in that the carry out network Defend integrated treatment, further includes:
Based on intruding detection system, website risk evaluating system, vulnerability scanning system, website abnormal reason is obtained.
4. integration integral network safety defence method according to claim 3, which is characterized in that the method is also wrapped It includes:
When website abnormal reason be security breaches by hacker attack when, the administrator for passing through the abnormal website carries out safe leakage It repairs in hole.
5. integration integral network safety defence method according to claim 4, described to receive the abnormal net When the website abnormal for feedback of standing has removed information, the access authority of the abnormal website is opened characterized by comprising
When receiving the security breaches restoration information of administrator's feedback of the abnormal website, pass through the vulnerability scanning system The system scanning confirmation abnormal website currently whether there is loophole;
In response to receiving the current no safety loophole information of the vulnerability scanning system feedback, the visit of the abnormal website is opened Ask permission.
6. a kind of integral network safety defence installation characterized by comprising
Module is obtained, the website abnormal information reported for obtaining monitoring system carries exception in the website abnormal information The address information of website;
Defense module carries out cyber-defence integrated treatment for being based on the website abnormal information;
Opening module, for opening the exception when the website abnormal for receiving the abnormal website feedback has removed information The access authority of website.
7. integration integral network safety defence installation according to claim 6, which is characterized in that the defence mould Block, comprising:
First closes submodule, for the administrator by the abnormal website, closes the access authority of the abnormal website;
Second closes submodule, for closing the outside access permission of the abnormal website by firewall.
8. integration integral network safety defence installation according to claim 7, which is characterized in that the defence mould Block, further includes:
It is different to obtain website for being based on intruding detection system, website risk evaluating system, vulnerability scanning system for acquisition submodule Normal reason.
9. integration integral network safety defence installation according to claim 8, which is characterized in that described device is also wrapped It includes:
Repair module, for when website abnormal reason be security breaches by hacker attack when, pass through the pipe of the abnormal website Reason person carries out security breaches reparation.
10. integration integral network safety defence installation according to claim 9, which is characterized in that the unlatching mould Block, comprising:
Submodule is confirmed, for leading to when receiving the security breaches restoration information of administrator's feedback of the abnormal website Crossing the vulnerability scanning system scanning confirmation abnormal website currently whether there is loophole;
Submodule is opened, for the current no safety loophole information in response to receiving the vulnerability scanning system feedback, is opened The access authority of the exception website.
11. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed The step of claim 1-5 the method is realized when device executes.
CN201810809767.7A 2018-07-23 2018-07-23 Integral network safety defence method, device and storage medium Pending CN109005165A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810809767.7A CN109005165A (en) 2018-07-23 2018-07-23 Integral network safety defence method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810809767.7A CN109005165A (en) 2018-07-23 2018-07-23 Integral network safety defence method, device and storage medium

Publications (1)

Publication Number Publication Date
CN109005165A true CN109005165A (en) 2018-12-14

Family

ID=64596150

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810809767.7A Pending CN109005165A (en) 2018-07-23 2018-07-23 Integral network safety defence method, device and storage medium

Country Status (1)

Country Link
CN (1) CN109005165A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040221178A1 (en) * 2002-03-26 2004-11-04 Aaron Jeffrey A Firewall system and method via feedback from broad-scope monitoring for intrusion detection
CN101257399A (en) * 2007-12-29 2008-09-03 中国移动通信集团四川有限公司 Business system unified security platform
CN107277080A (en) * 2017-08-23 2017-10-20 深信服科技股份有限公司 A kind of is the internet risk management method and system of service based on safety

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040221178A1 (en) * 2002-03-26 2004-11-04 Aaron Jeffrey A Firewall system and method via feedback from broad-scope monitoring for intrusion detection
CN101257399A (en) * 2007-12-29 2008-09-03 中国移动通信集团四川有限公司 Business system unified security platform
CN107277080A (en) * 2017-08-23 2017-10-20 深信服科技股份有限公司 A kind of is the internet risk management method and system of service based on safety

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑继胜: ""Web网站安全防御系统的研究与应用"", 《中国优秀硕士学位论文全文数据库》 *

Similar Documents

Publication Publication Date Title
CN104503688B (en) Control implementation method and device of intelligent hardware equipment
EP3136648B1 (en) Method and device for determining control authority on user device
CN106487584B (en) Management method, router and the mobile terminal of router
CN108632081A (en) Network Situation appraisal procedure, device and storage medium
WO2017166582A1 (en) Payment method and device
WO2017080076A1 (en) Method and apparatus for monitoring files in system partition
CN110191085A (en) Intrusion detection method, device and storage medium based on multi-classification
US20180332004A1 (en) Camera and instrument double firewall apparatus and method of operation
CN106446653A (en) Application authority management method and device and electronic equipment
CN105930721A (en) Method and device for managing application program
CN105809440B (en) Online payment method and device
CN105282416A (en) Terminal device and shooting processing method and system thereof
CN105677513A (en) Method and device for restoring backup data
CN113901496A (en) Service processing method, device and device based on multi-service system
CN107528860A (en) Network security method of testing, system and storage medium
CN106385470A (en) Information push method and device
CN107292173A (en) File safety protection method, device and equipment
WO2018049611A1 (en) Permission control method and device
CN107040547A (en) Method, device and the terminal device of administrator password
CN106775234A (en) Application management method and device
CN106250763A (en) The safety protecting method of intelligent robot and device
CN109005165A (en) Integral network safety defence method, device and storage medium
WO2013137855A1 (en) Method and apparatus for controlling content capture of prohibited content
CN110149310B (en) Flow intrusion detection method, device and storage medium
WO2018058598A1 (en) Method and apparatus for prompting abnormal information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214

RJ01 Rejection of invention patent application after publication