Content delivery network security detection method and system

A content distribution network and security detection technology, applied in the field of content distribution network security detection methods and systems, can solve the problems of network risk hysteresis and passivity, achieve accurate and reliable analysis results, improve security, and protect legitimate interests.

Inactive Publication Date: 2019-04-02
ZTE CORP
View PDF6 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current security measures are mainly aimed at network equipment and host equipment, and there is still a certain lag and passivity in the prevention of network risks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Content delivery network security detection method and system
  • Content delivery network security detection method and system
  • Content delivery network security detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] The content distribution network security detection method provided in this embodiment is applicable to a converged content distribution network. For the CDN (Content Delivery Network) node that needs to be detected, the CDN node needs to copy the traffic data forwarded by itself and send it to the node analysis device connected to the CDN node, so that the node analysis device can perform security analysis. In this embodiment, a node analysis device can be set up for each CDN node to be detected, so as to meet the timely and rapid analysis of a large amount of data. Of course, multiple CDN nodes can also share one node analysis device, which can be flexibly set according to specific needs. Specifically, on the node analysis device side, the content distribution network security detection method can be found in figure 1 shown, including:

[0026] S101: Obtain the network traffic data replicated by the CDN nodes to obtain the full amount of network traffic data.

[00...

Embodiment 2

[0066] This embodiment provides a content distribution network security detection system, see Figure 7 As shown, including a node analysis device 71 and a central server 72;

[0067] The node analysis device 72 is connected to the node of the content distribution network, and is used for obtaining the network flow data copied by the node of the content distribution network to obtain the full amount of network flow data, and for intruding the obtained network flow data according to the preset obtained from the central server The detection rules conduct security analysis, and determine whether there is a security alarm based on the analysis results.

[0068] The preset protocol in this embodiment may be Hypertext Transfer Protocol (HyperText Transfer Protocol, http), HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) protocol, and the like. The target field data in this embodiment includes but not limited to IP address, text string, host name, email address, file na...

Embodiment 3

[0087] In order to better understand the present invention, this embodiment further describes the present invention in combination with a converged CDN system. see Figure 8 As shown, the node analysis device includes a flow collection module 81 and an intrusion detection module 82;

[0088] The traffic collection module 81 is deployed on the CDN node in a bypass, collects traffic data, stores it, generates information such as sessions and statistics, and transmits (periodically, or using other transmission rules) to the information collector module of the central analysis device.

[0089] Intrusion detection module 82: Deployed on the side of the traffic collection module to analyze traffic information in real time, and judge whether the traffic is a security threat according to the preset intrusion detection rules in the rule base.

[0090] Central analysis equipment includes:

[0091] The information collection module 83 is used to collect the log information from the CDN...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a content delivery network security detection method and system. A content delivery network node replicates all the traffic, the network traffic data replicated by the content delivery network node can further be acquired, and full content network traffic data are obtained; then, the acquired network traffic data are subjected to security analysis accordingto a preset intrusion detection rule; and according to an analysis result, whether security warning exists is determined, and security detection on the content delivery network is realized. The traffic forwarded by the content delivery network node is analyzed, the analysis result is accurate and reliable, potential security threats can be timely and effectively detected, the legitimate interestsof a user and a service provider are protected, the security is enhanced, and the security risks are reduced.

Description

technical field [0001] The invention relates to the communication field, in particular to a content distribution network security detection method and system. Background technique [0002] With the development and wide application of the Internet, more and more service providers use CDN (Content Delivery Network) technology to accelerate website resources, especially video content, to save bandwidth and improve user experience. Converged CDN is a technology that realizes multi-service converged bearer and unified access of multiple terminals on the basis of traditional CDN. Individual needs. Its business capabilities include video services, Web acceleration, application acceleration, and file acceleration. [0003] The development of business has also brought greater challenges to network security. At the same time, governments of various countries have paid more attention to the governance of Internet security. my country has even introduced relevant laws and industry gui...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416H04L63/1425
Inventor 贺镇海杨斌王雨
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap