Security policy matching method and device, network equipment and storage medium

A security policy and matching method technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of security policy not taking effect, security policy matching speed is slow, etc.

Inactive Publication Date: 2020-05-19
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of this application is to disclose a security policy matching method, device, network equipment, and storage medium, which are used to at least solve technical problems such as the slow matching speed of existing security policies and the failure of security policies set later

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security policy matching method and device, network equipment and storage medium
  • Security policy matching method and device, network equipment and storage medium
  • Security policy matching method and device, network equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] see figure 1 , figure 1 It is a schematic flowchart of a security policy matching method disclosed in the embodiment of this application. Such as figure 1 As shown, the method includes the steps of:

[0060] 101. Receive a security policy matching request, where the security policy matching request carries characteristic information of the target packet;

[0061] 102. Determine the target security policy information matching the target message according to the security policy linked list and feature information, the security policy linked list includes a horizontal linked list and a vertical linked list cascaded with the horizontal linked list, the horizontal linked list includes at least one quintuple node, and the vertical linked list Contains at least one policy information node.

[0062] In some optional implementation manners, the feature information includes source IP information of the target packet, source port information of the target packet, destination I...

Embodiment 2

[0089] see Figure 4 , Figure 4 It is a schematic flowchart of a security policy matching method disclosed in the embodiment of this application. Such as Figure 4 As shown, the method includes the steps of:

[0090] 201. Obtain a security policy configuration file, where the security policy configuration file includes at least one piece of quintuple configuration information and at least one piece of security policy configuration information associated with the quintuple configuration information;

[0091] 202. Construct a security policy linked list according to at least one quintuple configuration information and security policy configuration information;

[0092] 203. Receive a security policy matching request, where the security policy matching request carries characteristic information of the target packet;

[0093] 204. Determine the target security policy information matching the target message according to the security policy list and feature information. The sec...

Embodiment 3

[0105] see Image 6 , Image 6 It is a schematic structural diagram of a security policy matching device disclosed in the embodiment of this application. Such as Image 6 As shown, the device includes:

[0106] The receiving module 301 is configured to receive a security policy matching request, where the security policy matching request carries characteristic information of the target packet;

[0107] A determining module 302, configured to determine target security policy information matching the target message according to the security policy linked list and feature information, the security policy linked list includes a horizontal linked list and a vertical linked list cascaded with the horizontal linked list, and the horizontal linked list includes at least one quintuple node, the vertical chain includes at least one policy information node.

[0108] In some optional implementation manners, the feature information includes source IP information of the target packet, s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security policy matching method and device, network equipment and a storage medium, and the method comprises the steps: receiving a security policy matching request which carries the feature information of a target message; and determining target security policy information matched with the target message according to the security policy chain table and the feature information, wherein the security policy chain table comprises a transverse chain table and a longitudinal chain table cascaded with the transverse chain table, the transverse chain table comprises at leastone quintuple node, and the longitudinal chain comprises at least one policy information node. According to the method and the device, the plurality of linked lists can be generated by extracting thekeywords in the security policy, then association is performed according to the correlation among the linked lists, and finally the security policy is selected based on the linked lists, so the matching speed can be increased and the matching process of irrelevant policies can be skipped. And on the other hand, the matched result is copied to the standby linked list, so the standby linked list can be called again.

Description

technical field [0001] The present application relates to the technical field of computer security protection, and specifically relates to a security policy matching method, device, network equipment, and storage medium. Background technique [0002] Currently, firewall manufacturers use security policies to control packets. During this process, packets need to be matched with security policies. At present, the main method of packet security policy matching is to match according to the order of security policy settings. This matching method has the following defects: first, when the content of the policy set earlier in the order includes the content of the policy set later, the policy set later cannot take effect; second, the security policy matching speed of the message is slow and wastes memory resources. Contents of the invention [0003] The purpose of this application is to disclose a security policy matching method, device, network equipment, and storage medium, whic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/20
Inventor 李小佳
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap