Search

CN-121984740-A - Customizable application-level cross-network protection device

CN121984740ACN 121984740 ACN121984740 ACN 121984740ACN-121984740-A

Abstract

The invention relates to a customizable application-level cross-network protection device, and belongs to the field of network security. The protocol definition module is used for providing structural definition and combination of private protocol fields, the protocol analysis engine is used for adopting a layered processing architecture based on protocol identification, when network traffic passes through the cross-network protection component, the protocol analysis engine is used for judging the protocol type, the policy execution module is used for executing real-time judgment and traffic filtering on semantic field data output by the protocol analysis engine based on a user-defined rule set, and the cross-network security agent is used for isolating internal and external network data streams by adopting a dual-stack agent architecture. The invention realizes field-level deep analysis and filtration of private protocols, breaks through coarse-grained control of the traditional firewall based on quintuple only, realizes cross-network data flow management and control based on semantics through the linkage of the security agent and the analysis engine at the cross-network level, and ensures that sensitive data does not go out of an intranet.

Inventors

  • WU ZHIYONG
  • HUANG HE
  • SONG XIAOBIN
  • LIU WEIWEI
  • MIAO YU
  • GU YUNJIE
  • ZHOU WEI
  • JIA YAYONG
  • JING BO
  • SUN HAO
  • LI CHUNHAO
  • ZHAO YUANJIE
  • MU YUAN
  • LIU LEI
  • Yin Qidi
  • LIU WEI
  • CHEN GUOCHUN
  • LIAO JIANHUA
  • ZHU TAO

Assignees

  • 中国人民解放军32003部队

Dates

Publication Date
20260505
Application Date
20260127

Claims (10)

  1. 1. The customizable application-level cross-network protection device is characterized by comprising a protocol definition module, a protocol analysis engine, a strategy execution module and a cross-network security agent; a protocol definition module for providing structured definition and combination of private protocol fields; The protocol analysis engine is used for adopting a layered processing architecture based on protocol identification, and judging the protocol type when the network traffic passes through the cross-network protection component; The policy execution module is used for executing real-time judgment and flow filtering on the semantic field data output by the protocol analysis engine based on a user-defined rule set; the cross-network security agent is used as a network boundary portal realized by pure software, and a dual stack agent architecture is adopted to isolate the data flow of the internal and external networks.
  2. 2. The customizable application-level cross-network guard of claim 1, wherein the protocol definition module constructs a complete protocol template through a graphical interface.
  3. 3. The customizable application level cross-network guard of claim 2, wherein the protocol definition module provides precise configuration of field levels including field length definitions, field content specifications, and semantic annotation tags, the field length definitions supporting fixed length byte designations or dynamic length calculations based on associated fields, the field content specifications encompassing enumeration types, strings, and hexadecimal data, the semantic annotation tags being used to make notes to field content.
  4. 4. The customizable application level cross-network guard of claim 1, wherein the protocol definition module integrates check bit calculation functions allowing a user to specify check domain locations and define check algorithms by arithmetic expressions or scripts, the data integrity verification being automatically performed by a protocol parsing engine.
  5. 5. The customizable application-level cross-network protection device according to any one of claims 1-4, wherein the protocol parsing engine first determines whether the protocol is an HTTP and SSH standard protocol, if so, starts a dynamic matching mechanism to match with a private protocol template predefined by a user in a protocol definition module to determine a specific private protocol type and version, and after the protocol type is confirmed, the engine parses the data packet according to a field structure defined by the template, extracts a semantic field value and performs verification rule verification.
  6. 6. The customizable application-level cross-network guard of claim 5, wherein the policy enforcement module provides multi-protocol oriented field-level policy configuration, allowing a user to define multiple types of rules through a graphical interface, the policy enforcement module matches and logically determines parsed structured field data piece by piece according to a user-preconfigured policy, and performs discard, alarm, or connection reset actions on traffic violating the policy, thereby implementing application-level semantics-based accurate access control and security protection.
  7. 7. The customizable application-level cross-network guard of claim 6, wherein the multi-protocol comprises a standard protocol and a proprietary protocol that a user builds through a protocol definition module.
  8. 8. The customizable application-level cross-network guard of claim 6, wherein the plurality of types of rules include field value range constraints, field content exact matches, and sensitive data or malicious instruction identification, wherein the sensitive data or malicious instruction identification detects whether a field payload contains sensitive information or attack code by built-in user-defined rules.
  9. 9. The customizable application-level cross-network guard of claim 6, wherein the cross-network security agent establishes dual network stack instances in an operating system kernel or user space, respectively binding an internal and external network card.
  10. 10. The customizable application-level cross-network protection device of claim 9, wherein when the traffic reaches the ingress network card, the cross-network security agent does not directly forward, but redirects the traffic to a protocol parsing engine of the user space for application layer parsing, the parsed structured data delivery policy execution module performs rule matching, and performs actions according to the policy decision result, namely, forwarding the reconstructed structured data to the egress network card after executing application layer protocol reorganization on the structured data, immediately blocking the offending data, and generating an audit log.

Description

Customizable application-level cross-network protection device Technical Field The invention belongs to the field of network security, and particularly relates to a customizable application-level cross-network protection device. Background Traditional network security protection means, such as firewalls, gateways, intrusion Detection Systems (IDS), mainly perform access control and traffic filtering based on five-tuple (source IP, destination IP, source port, destination port, legacy protocol) information of the network layer and the transport layer. For applications (such as financial transaction systems, industrial control systems, and enterprise-internal customization software) that use proprietary protocols or nonstandard ports for communication, the traditional method cannot understand the communication semantics, only allows or rejects at a coarse granularity, and cannot check specific fields in the protocol payload. With the increasing demands of data security and privacy protection, there is a need for finer-grained, more intelligent content auditing and filtering when data is transmitted across networks (e.g., from an internal production network to an external office network). Thus, there is an urgent need for a protection solution that can understand application semantics, can be flexibly customized by users, and can be deployed across a network environment. The prior art has two limitations, namely, the flexibility is insufficient. For applications that use proprietary protocols or nonstandard ports for communication, the traditional method is difficult to analyze the communication semantics, and only coarse-grained access control based on the ports can be generally realized, but specific fields inside protocol loads cannot be deeply detected. Secondly, the traditional gateway generally intercepts and filters traffic in the local area network only, and lacks related research and effective support for data interaction in a cross-network communication scene. Disclosure of Invention First, the technical problem to be solved The invention aims to solve the technical problem of how to provide a customizable application-level cross-network protection device so as to solve the problems of insufficient flexibility of the traditional network security protection means and lack of support for data interaction in a cross-network communication scene. (II) technical scheme In order to solve the technical problems, the invention provides a customizable application-level cross-network protection device, which comprises a protocol definition module, a protocol analysis engine, a strategy execution module and a cross-network security agent; a protocol definition module for providing structured definition and combination of private protocol fields; The protocol analysis engine is used for adopting a layered processing architecture based on protocol identification, and judging the protocol type when the network traffic passes through the cross-network protection component; The policy execution module is used for executing real-time judgment and flow filtering on the semantic field data output by the protocol analysis engine based on a user-defined rule set; the cross-network security agent is used as a network boundary portal realized by pure software, and a dual stack agent architecture is adopted to isolate the data flow of the internal and external networks. (III) beneficial effects The invention provides a customizable application-level cross-network protection device, which realizes a field-level structure of a user-customizable private protocol through a protocol definition module, completes the identification and semantic extraction of the private protocol by utilizing a protocol analysis engine, carries out real-time filtration according to a field-level rule defined by a user through a strategy execution module, and finally realizes cross-network safety data transmission based on application layer analysis by a cross-network safety agent through a pure software double-stack structure. Compared with the prior art, the customizable application-level cross-network protection device provided by the invention realizes field-level deep analysis and filtration of a private protocol at an application level, breaks through coarse-grained control of a traditional firewall based on quintuple only, realizes cross-network data flow management and control based on semantics through linkage of a security agent and an analysis engine at a cross-network level, ensures that sensitive data does not go out of an intranet, and solves the problem that the traditional agent only forwards flow and has no application-level protection capability. Drawings FIG. 1 is a diagram of a customizable application level cross-network guard architecture of the present invention. Detailed Description To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention w