Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A cloud-based web application firewall system and its security protection method

A technology that applies firewalls and firewalls. It is applied in transmission systems, electrical components, etc., and can solve problems such as firewall performance bottlenecks, non-upgrades, and difficult operations for non-professionals.

Active Publication Date: 2019-02-12
ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Cost issues. Traditional WEB application firewalls generally use a set of WEB application firewalls for a WEB application system
[0006] 2. Ease of use, the deployment and installation of the WEB application firewall requires professionals from product manufacturers to deploy and install, and it is difficult for non-professionals to operate;
[0007] 3. Upgrade and maintenance. Due to the endless methods of application layer attacks, the rule base of WEB application firewalls also needs to be updated in time to effectively block application layer attacks. Traditional WEB application firewalls are generally upgraded manually by maintenance personnel, but many enterprises are in short supply. Therefore, some rule bases are only upgraded once every six months, and some are never even upgraded.
[0008] 4. Performance. Traditional WEB application firewalls have performance bottlenecks. If you want to improve the performance of WEB application firewalls, you need to re-purchase a WEB application firewall with better processing performance to replace the existing WEB application firewall, resulting in waste of resources.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A cloud-based web application firewall system and its security protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] The cloud-based WEB application firewall system of this embodiment is composed of a cloud firewall engine and a firewall control center; wherein, the firewall control center configures and manages the cloud firewall engine; the cloud firewall engine is deployed on a network consisting of multiple scalable high-performance servers On the cloud; the cloud firewall engine detects and intercepts attacks at the application layer. The detection rules of the WEB application firewall system are divided into general detection rules (root_rules) and private detection rules (private_rules). The general detection rules are maintained and updated by the security personnel of the owner of the cloud WEB application firewall (for some public or undisclosed new attack methods ), at the same time, each cloud WEB application firewall user can also formulate special detection rules according to the needs of their own business systems.

[0036] The WEB application firewall system allocates ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a cloud-based WEB application firewall system which is formed by a cloud firewall engine and a firewall control center. The firewall control center configures and manages a cloud firewall engine which is arranged in a cloud formed by multiple extendible high-performance servers. The cloud firewall engine detects and intercepts the attack to an application layer. Compared with the prior art, the system has the advantages that: (1) the WEB application firewall system deployment can become effective only after a user reconfigures a DNS, which is convenient and fast, (2) the safety officer of a WEB application firewall system provider carries out unified configuration upgrade, and novel attack can be intercepted earlier than that of a traditional WEB application firewall, (3) when the WEB application firewall system performance has a bottleneck, only buying more cloud resources is needed, and buying equipment again to carry out redeployment is not needed. The invention also provides a security protection method with the use of the WEB application firewall system.

Description

technical field [0001] The invention relates to a cloud-based WEB application firewall system and a security protection method thereof. Background technique [0002] At present, traditional network layer firewalls cannot block application layer (such as http) attacks. Enterprises generally need to deploy WEB application firewalls (WAF) to detect and block application layer attacks. There are generally two types of WEB application firewalls, one is software The product does not need to be modified on the network, and is directly installed on the WEB application server. Since the performance of the WEB application firewall depends on the performance of the WEB application server and has requirements for the operating system of the WEB application server, it is generally used on small WEB applications; the other is For hardware products, the network needs to be transformed, and the hardware WEB application firewall should be connected in series to the network. [0003] Chinese...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L63/168H04L63/20H04L67/02
Inventor 蒙家晓蒋屹新郭晓斌许爱东陈华军关泽武陈富汉陈立明黄建理
Owner ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products