CN101127594A - A device and method for secure information joint processing - Google Patents
A device and method for secure information joint processing Download PDFInfo
- Publication number
- CN101127594A CN101127594A CNA2007101639065A CN200710163906A CN101127594A CN 101127594 A CN101127594 A CN 101127594A CN A2007101639065 A CNA2007101639065 A CN A2007101639065A CN 200710163906 A CN200710163906 A CN 200710163906A CN 101127594 A CN101127594 A CN 101127594A
- Authority
- CN
- China
- Prior art keywords
- linkage
- unit
- network
- processing unit
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a linkage processing method of the safety information in the network which comprises a plurality of linkage units and linkage processing devices, and is characterized in that the safety information is obtained from the linkage units and comprises an alarm parameter; an attack source device is positioned according to the alarm parameter and a linkage strategy corresponding to the alarm parameter is searched; the linkage strategy controls safely the attack source device by the corresponding linkage units. The utility model can be flexibly combined with the journaling system, the network management system, the authenticating system. The network equipment, can rapidly locate the attacker by the authenticating system and then send the safe strategy disposition to the network equipment, and can rapidly stop and control the oriented source.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of secure information joint processing unit and method.
Background technology
Along with the fast development of network technology and day by day going deep into of IT application process, computer network has become the important support of the efficient operation of enterprise.The expansion of the raising of operating efficiency, the lifting of goodwill, the source of profit all depends on stable, efficient, safe network environment.Meanwhile, that the diverse network attack technology also becomes is more and more advanced, universalness more and more, and the network system of enterprise is faced with the danger of being attacked at any time, often suffers in various degree invasion and destruction, has seriously disturbed the normal operation of enterprise network.Increasingly serious security threat forces enterprise to have to strengthen security protection to network system, constantly pursue Prevention-Security system multi-level, three-dimensional, anti-virus, fire compartment wall, IDS (IntrusionDetection Systems have progressively been introduced, intruding detection system), VPN (Virtual Private Network, the Virtual Private Network road), the one-point safety defense technique of AAA a large amount of isomeries such as (Authentication, Authorization and Accounting, authentications).Yet existing network Prevention-Security system still based on isolated single-point defence, lacks effectively cooperation to each other, thereby has formed safe isolated island one by one.
In order to address the above problem, prior art one has proposed a kind of scheme, syslog (system journal) information at the fecund product is carried out alert analysis, the networking of Syslog analytical system as shown in Figure 1, user terminal is connected with capital equipment in the network by the log analysis system, this capital equipment comprises fire compartment wall, vpn gateway, IPS (Intrusion Prevention System, intrusion prevention system), IDS, core switch, router, anti-garbage mail system, virus protection system, these capital equipments can produce syslog, a lot of important network operations informations have been comprised among the syslog, the log analysis system can provide plurality of devices in the network is carried out centralized collection and unified analysis based on the security incident of syslog, polymerization storage and analysis are carried out in the security incident of collecting, monitor the situation of network-wide security incident in real time, and provide icon, report and warning etc.
The log analysis system can only analyze the syslog security incident and converge in this scheme, security incident is put in order and alarmed, can reduce a part of security event information amount according to converging rule, but still need carry out manual analysis to data, the log analysis system can not provide the ability of the security threat source being blocked control.Because the log analysis system can only collect security information in the collection network by syslog, and is more single for the amount of the obtaining approach of network-wide security information, can't receive for the security information log analysis system that sends by other mode such as TRAP.In addition, the autgmentability of log analysis system is not strong, because lack authentification of user resource, security strategy resource allocation, flow control resource, the log analysis system can only be to (the Internet Protocol of the IP among the syslog, IP Internet Protocol), MAC (Medium Access Control, the medium access control), information such as time, module is to showing, but can't navigate to the people fast according to IP, to the source of launching a offensive block, extended operation such as current limliting, control of authority.
Prior art two as shown in Figure 2, the user is connected to Internet network or certificate server by access-layer switch, wherein, certificate server has been realized the function of Security Policy Server, on the basis of comprehensive management network user information, support the multiple network authentication mode, support security strategy setting at the user, with standard agreement and network apparatus linking, realize the control of behavior that the user is inserted.Need before the user surfs the Net user identity to be confirmed that as 802.1X authentication, Portal authentication etc., the user that identity validation passes through just can normally surf the Net, otherwise will be isolated to the control access region or could not get on to the Net by authentication.In this scheme, though the authority that whether can surf the Net be checked and be issued according to check result to customer certification system can to user's access authority, user's PC version etc., but can not control the behavior of user terminal, by attacks such as the user who authenticates still might initiate to scan, flood.
Prior art three has proposed log analysis interlock integration apparatus, syslog by collecting device analyzes and converges, infer assailant's IP, MAC by the information such as user MAC, IP in the analysis daily record, and by issuing ACL (Access Control Lists, Access Control List (ACL)) strategy, port shutdown (closing), revising firewall policy and wait the attack source is responded.
Yet this scheme is only paid close attention to the analysis interlock of syslog, and the security fields of concern are single, can not accept information such as tarp, can't manage for the safety approach that can't send syslog.And the information resources that this scheme mainly relies on self analyze interlock, and available user, Internet resources are less, can't combine with existing network management system, Verification System in the network, utilize existing ample resources, cause the location, attack source to be not easy accurately.In addition, this scheme can only provide ACL strategy, port shutdown, modification firewall policy to come the assailant is controlled, and control device is abundant inadequately, and ability is meticulous inadequately.Syslog incident for the needs interlock is manually selected linkage strategy by the user, can't carry out unified policy configurations to certain network segment, some security incidents, can't criticize automatically for the syslog incident and match the linkage strategy that the user configures.
Summary of the invention
The embodiment of the invention provides a kind of secure information joint processing unit and method, and the syslog safety management scheme is difficult for expansion in the prior art to solve, and can not unified management, the defective of the linkage strategy that configures of Dynamic matching user.
The embodiment of the invention provides a kind of secure information joint processing method, is applied to comprise in the network of a plurality of linkage units and interlock processing unit, said method comprising the steps of:
Described interlock processing unit obtains security information from described linkage unit, comprises alarm parameter in the described security information;
Described interlock processing unit is according to described alarm parameter seat offence source device, and searches the linkage strategy of described alarm parameter correspondence;
Described interlock processing unit is notified corresponding linkage unit, according to described linkage strategy described source attack equipment is carried out security control.
The described dynamic registration that also comprises linkage unit before the security information that obtains from linkage unit.
Described dynamic registration comprises: register by the configuration file registration or by registration function.
The described registration by configuration file specifically comprises:
Described interlock processing unit arrives assigned catalogue with registered file copy;
Described interlock processing unit timing or the newly-increased linkage unit of real-time searching will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into described assigned catalogue newly.
Describedly specifically comprise by the registration function mode:
Whether linkage unit detects the process of interlock processing unit and moves, if move, then the linkage strategy of available interlock action and correspondence is registered to the policy library of interlock processing unit with functional form.
Described linkage unit includes but not limited to the network equipment, Verification System, network management system, bandwidth management system and safety management system.
The described security alarm information mode of obtaining includes but not limited to: system journal, TRAP, NetStream and NAT daily record.
Described security control includes but not limited to roll off the production line, access authority is controlled and point-to-point Limit Rate.
The present invention also provides a kind of secure information joint to handle network, comprises a plurality of linkage units, also comprises:
The interlock processing unit, after being used for obtaining the security information that comprises alarm parameter from described linkage unit, according to described alarm parameter seat offence source device, and search the linkage strategy of described alarm parameter correspondence, so that corresponding linked system is carried out security control according to described linkage strategy to described source attack equipment.
Described interlock processing unit specifically comprises:
The safety information acquisition unit is used for obtaining security information from described linkage unit, comprises alarm parameter in the described security information;
The linkage strategy acquiring unit is connected with described safety information acquisition unit, is used for according to described alarm parameter seat offence source device, and searches the linkage strategy of described alarm parameter correspondence;
Security control unit is connected with described linkage strategy acquiring unit, is used to notify corresponding linkage unit, according to described linkage strategy described source attack equipment is carried out security control.
Described interlock processing unit also comprises:
The dynamic registration unit is used for described linkage unit dynamic registration to described interlock processing unit.
Described dynamic registration unit specifically comprises:
Configuration file registration subelement is used for regularly or the newly-increased linkage unit of real-time searching, will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into described assigned catalogue newly.
Described dynamic registration unit specifically comprises:
Registration function registration subelement is used to receive the registration function that linkage unit sends, and carries available interlock action and corresponding linkage strategy in the described registration function.
Described linkage unit includes but not limited to the network equipment, Verification System, network management system, bandwidth management system and safety management system.
The described security alarm information mode of obtaining includes but not limited to: system journal, TRAP, NetStream and NAT daily record.
In the embodiments of the invention, the secure information joint processing unit with log system, network management system, Verification System, the network equipment is flexible combines, can navigate to the assailant fast by Verification System, can issue the security strategy configuration to the network equipment by network management system, can block or control the source of location fast, can form perfect Intranet protectiving scheme, no longer need the manual beaching accommodation of user, craft to search user profile and investigate the attack source; Avoid the assailant constantly equipment to be attacked simultaneously, the consumer device performance.
In addition, the secure information joint processing unit can all be gathered safety interaction modes such as syslog daily record, TRAP, NetStream, NAT daily records, and the network equipment of avoiding the user to use is only supported wherein a kind of information format, and the security information that reports is not comprehensive.
Also have, the secure information joint processing unit can combine with network management system, Verification System, the network equipment flexibly by dynamic registration framework technology, and realize that coupling is called security strategy, safety interaction assembly automatically, and reduce user's purchase cost, improve ease for use.
Description of drawings
Fig. 1 is a Syslog analytical system networking schematic diagram in the prior art one;
Fig. 2 is a Syslog analytical system networking schematic diagram in the prior art two;
Fig. 3 the invention provides a kind of secure information joint process flow figure;
Fig. 4 is the embodiment of the invention one schematic diagram;
Fig. 5 is the embodiment of the invention two schematic diagrames.
Embodiment
Be elaborated below in conjunction with specific embodiment.
The invention provides a kind of secure information joint and handle network, comprise a plurality of linkage units and interlock processing unit.Wherein, after the interlock processing unit is used for obtaining the security information that comprises alarm parameter from linkage unit, according to alarm parameter seat offence source device, and search the linkage strategy of alarm parameter correspondence, so that corresponding linked system is carried out security control according to linkage strategy to source attack equipment.
The interlock processing unit specifically comprises: the safety information acquisition unit, be used for obtaining security information from linkage unit, and comprise alarm parameter in the security information; The linkage strategy acquiring unit is connected with the safety information acquisition unit, is used for according to alarm parameter seat offence source device, and searches the linkage strategy of alarm parameter correspondence; Security control unit is connected with the linkage strategy acquiring unit, is used to notify corresponding linkage unit, according to linkage strategy attack equipment in source is carried out security control; The dynamic registration unit is used for the linkage unit dynamic registration to the interlock processing unit.
Wherein the dynamic registration unit specifically comprises: configuration file registration subelement, be used for regularly or the newly-increased linkage unit of real-time searching, and will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into assigned catalogue newly; And/or registration function registration subelement, be used to receive the registration function that linkage unit sends, carry available interlock action and corresponding linkage strategy in the registration function.
Based on above-mentioned network, the invention provides a kind of secure information joint processing method, be applied to comprise in the network of a plurality of linkage units and interlock processing unit, as shown in Figure 3, may further comprise the steps:
Step s301, the interlock processing unit obtains security information from linkage unit, comprises alarm parameter in the security information.Obtain the dynamic registration that security information also comprises linkage unit before from linkage unit, for example register by the configuration file registration or by registration function.Specifically comprise by the configuration file registration: the interlock processing unit is installed the linkage unit client; The interlock processing unit arrives assigned catalogue with registered file copy; The newly-increased linkage unit of timing of interlock processing unit or real-time searching will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into assigned catalogue newly.Specifically comprise by the registration function mode: linkage unit is installed the linkage unit client; Whether linkage unit detects the process of interlock processing unit and moves, if move, then the linkage strategy of available interlock action and correspondence is registered to the policy library of interlock processing unit with functional form.
Step s302, interlock processing unit be according to alarm parameter seat offence source device, and search the linkage strategy of alarm parameter correspondence.After linkage unit is finished registration, to mate according to the alarm parameter of security information and the linkage strategy parameter in the interlock processing unit policy library, the action on the coupling is as the linkage strategy of this alarm.
Step s303, the interlock processing unit is notified corresponding linkage unit, according to linkage strategy attack equipment in source is carried out security control.
Embodiments of the invention one provide a kind of secure information joint processing method, be applied to comprise in the network of Network Management Equipment, the network equipment, log analysis system and interlock processing unit, wherein, the network equipment includes but not limited to client device, switch, router, fire compartment wall, IPS etc.The secure information joint processing unit can combine with Verification System, network management system, bandwidth management system, the network equipment, safety approach flexibly, call the resource of each system flexibly, navigate to real user in the network by information such as IP, MAC in each security alarm information (syslog daily record, TRAP, NetStream, NAT daily record), ports, and can by Verification System, network management system, bandwidth management system come to the user roll off the production line, operation such as access authority control, user P2P (Point to Point, point-to-point) Limit Rate.This processing method may further comprise the steps as shown in Figure 4:
Step s401 is by Network Management Equipment configuration safety interaction strategy on the interlock processing unit.The corresponding relation tabulation of security incident and linkage strategy is set specifically, exactly.Wherein, security incident comprise but be not limited to that DHCP is counterfeit, customer service is attack traffic, ARP attack message etc.; (include but not limited to close port, user offline, user isolation, VLAN isolation etc. with linkage strategy.For example: the message that receives when the interlock processing unit is the ARP attack message, then by searching this corresponding relation tabulation, determine linkage strategy (as closing the port that receives this message etc.), and will carry out this linkage strategy, corresponding ports is closed by Network Management Equipment at the ARP attack message.
Step s402, in the log analysis system, dispose warning strategies by Network Management Equipment, the user thinks to be needed (includes but not limited to find to attack, situation such as address forgery, speed limit) Lian Dong syslog information just can report the interlock processing unit, and the information that does not need in the massive logs to report is effectively filtered.
Step s403 is to step s405, and when the network equipment noted abnormalities, processing linked.Wherein, the network equipment comprises two kinds with the interlock mode of interlock processing unit, a kind ofly be: the network equipment notes abnormalities, syslog information is reported the log analysis system, the log analysis system reports TRAP information to give the interlock processing unit, wherein according to the warning strategies in the syslog information, carry alarm in the TRAP information, for example tabulation that comprises information such as alarm type, alarm time through the log analysis comprehensive analysis of system; Another kind is: the network equipment notes abnormalities, directly report security information to linked system by information such as Netstream, TRAP, NAT, this mode is not owing to pass through the integrated treatment of log analysis system, therefore needs in the interlock processing unit reporting security information processing such as classify.
Step s406, the interlock processing unit can carry out form after receiving corresponding warning information, topology is showed.
Step s407, the interlock processing unit is equal to information such as IP by the information such as IP, MAC of the attack source of carrying under one's arms in the daily record, and the mib information of the MAC table by searching switch, ARP table, network management system is searched the attack source automatically.For example, for the ARP attack message, the interlock processing unit is by monitoring DHCP message, information such as the IP/MAC/VLAN/PORT of recording user, and form a DHCP Snooping binding table, behind the ARP message that the interlock processing unit receives, by searching the binding relationship table that DHCP Snooping sets up, whether the sender source IP, the source MAC that judge the arp reply message be legal, if the content in sender source MAC, IP in the ARP message coupling binding table is then thought legal message; Otherwise think the spoofing attack message.Therefore, the interlock processing unit carries out the Search and Orientation attack source by IP and the MAC that carries under one's arms in the warning information in Verification System, and seat offence side, can control the user by network management system then, two kinds of control modes are arranged here, network management system is directly controlled access switch with user offline or speed limit, or network management system notification authentication system rolls off the production line to the user or processing such as speed limit.。
The embodiment of the invention two is safety interaction system and Verification System, network management system networking, has introduced Verification System on embodiment one basis, and network management system and Verification System cooperatively interact and carry out safety interaction, as shown in Figure 5, may further comprise the steps:
Step s501 needs to install client software before the user surfs the Net, carry out network access authentication by this client software and Verification System.
Step s502, authentification of user by after still may attack network, attack such as for example scan, flood.
Step s503, the Prevention-Security characteristic of the network equipment perceives this attack information, for example, when IPS detects security exception, reports security incident to give the log analysis system by syslog.
Step s504, the log analysis system converges analysis with syslog information according to predetermined policy, and the alarm that needs are linked reports the interlock processing unit by TRAP.Certainly the interlock processing unit also can directly receive the security alarm information from network equipments such as client, switch, router, fire compartment wall, IPS.
Step s505, after security control center is received alarm, call the resource lookup attack source of network management system and Verification System, network management system is called linkage strategy from the interlock processing unit, the network management system controls access switch is user offline or speed limit, or the notification authentication system rolls off the production line to the user or processing such as speed limit.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (15)
1. a secure information joint processing method is applied to comprise in the network of a plurality of linkage units and interlock processing unit, it is characterized in that, said method comprising the steps of:
Described interlock processing unit obtains security information from described linkage unit, comprises alarm parameter in the described security information;
Described interlock processing unit is according to described alarm parameter seat offence source device, and searches the linkage strategy of described alarm parameter correspondence;
Described interlock processing unit is notified corresponding linkage unit, according to described linkage strategy described source attack equipment is carried out security control.
2. secure information joint processing method according to claim 1 is characterized in that, and is described from also comprising the dynamic registration of linkage unit before linkage unit obtains security information.
3. as secure information joint processing method as described in the claim 2, it is characterized in that described dynamic registration comprises: register by the configuration file registration or by registration function.
4. as secure information joint processing method as described in the claim 3, it is characterized in that, describedly specifically comprise by the configuration file registration:
Described interlock processing unit arrives assigned catalogue with registered file copy;
Described interlock processing unit timing or the newly-increased linkage unit of real-time searching will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into described assigned catalogue newly.
5. as secure information joint processing method as described in the claim 3, it is characterized in that, describedly specifically comprise by the registration function mode:
Whether linkage unit detects the process of interlock processing unit and moves, if move, then the linkage strategy of available interlock action and correspondence is registered to the policy library of interlock processing unit with functional form.
6. as secure information joint processing method as described in each in the claim 1 to 5, it is characterized in that described linkage unit includes but not limited to the network equipment, Verification System, network management system, bandwidth management system and safety management system.
7. as secure information joint processing method as described in each in the claim 1 to 5, it is characterized in that the described security alarm information mode of obtaining includes but not limited to: system journal, TRAP, NetStream and NAT daily record.
8. as secure information joint processing method as described in each in the claim 1 to 5, it is characterized in that described security control includes but not limited to roll off the production line, access authority control and point-to-point Limit Rate.
9. a secure information joint is handled network, comprises a plurality of linkage units, it is characterized in that, also comprises:
The interlock processing unit, after being used for obtaining the security information that comprises alarm parameter from described linkage unit, according to described alarm parameter seat offence source device, and search the linkage strategy of described alarm parameter correspondence, so that corresponding linked system is carried out security control according to described linkage strategy to described source attack equipment.
10. handle network as secure information joint as described in the claim 9, it is characterized in that described interlock processing unit specifically comprises:
The safety information acquisition unit is used for obtaining security information from described linkage unit, comprises alarm parameter in the described security information;
The linkage strategy acquiring unit is connected with described safety information acquisition unit, is used for according to described alarm parameter seat offence source device, and searches the linkage strategy of described alarm parameter correspondence;
Security control unit is connected with described linkage strategy acquiring unit, is used to notify corresponding linkage unit, according to described linkage strategy described source attack equipment is carried out security control.
11. handle network as secure information joint as described in the claim 9, it is characterized in that described interlock processing unit also comprises:
The dynamic registration unit is used for described linkage unit dynamic registration to described interlock processing unit.
12. handle network as secure information joint as described in the claim 11, it is characterized in that described dynamic registration unit specifically comprises:
Configuration file registration subelement is used for regularly or the newly-increased linkage unit of real-time searching, will increase the alarm of linkage unit and the policy library that corresponding linkage strategy is loaded into described assigned catalogue newly.
13. handle network as secure information joint as described in claim 11 or 12, it is characterized in that described dynamic registration unit specifically comprises:
Registration function registration subelement is used to receive the registration function that linkage unit sends, and carries available interlock action and corresponding linkage strategy in the described registration function.
14. as in the claim 9 to 13 as described in each secure information joint handle network, it is characterized in that described linkage unit includes but not limited to the network equipment, Verification System, network management system, bandwidth management system and safety management system.
15. as in the claim 9 to 13 as described in each secure information joint handle network, it is characterized in that the described security alarm information mode of obtaining includes but not limited to: system journal, TRAP, NetStream and NAT daily record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710163906A CN100592680C (en) | 2007-10-10 | 2007-10-10 | A device and method for secure information joint processing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710163906A CN100592680C (en) | 2007-10-10 | 2007-10-10 | A device and method for secure information joint processing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101127594A true CN101127594A (en) | 2008-02-20 |
| CN100592680C CN100592680C (en) | 2010-02-24 |
Family
ID=39095531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710163906A Active CN100592680C (en) | 2007-10-10 | 2007-10-10 | A device and method for secure information joint processing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100592680C (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247217B (en) * | 2008-03-17 | 2010-09-29 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
| CN103701816A (en) * | 2013-12-27 | 2014-04-02 | 北京奇虎科技有限公司 | Scanning method and scanning device of server executing DOS (Denial Of service) |
| CN104038494A (en) * | 2014-06-11 | 2014-09-10 | 普联技术有限公司 | Method for recording attack source and exchanger |
| CN104580178A (en) * | 2014-12-26 | 2015-04-29 | 杭州华三通信技术有限公司 | Method and equipment for Portal authentication |
| CN105207826A (en) * | 2015-10-26 | 2015-12-30 | 南京联成科技发展有限公司 | Security attack alarm positioning system based on Spark big data platform of Tachyou |
| CN106470203A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | Information getting method and device |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
| CN107426141A (en) * | 2016-05-23 | 2017-12-01 | 纬创资通股份有限公司 | Malicious code protection method, system and monitoring device |
| CN107547229A (en) * | 2016-06-29 | 2018-01-05 | 南京联成科技发展股份有限公司 | A kind of implementation method of the safe operation management platform intelligent control based on big data |
| CN109861865A (en) * | 2019-02-14 | 2019-06-07 | 上海鹏越惊虹信息技术发展有限公司 | A kind of alarm interlock method, device, system, computer equipment and storage medium |
| CN111083086A (en) * | 2018-10-18 | 2020-04-28 | 珠海格力电器股份有限公司 | File downloading abnormity monitoring and positioning system and abnormity monitoring and positioning method thereof |
| CN111131253A (en) * | 2019-12-24 | 2020-05-08 | 北京优特捷信息技术有限公司 | Scene-based security event global response method, device, equipment and storage medium |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN113315779A (en) * | 2021-06-07 | 2021-08-27 | 深信服科技股份有限公司 | Security protection method, system and readable storage medium |
-
2007
- 2007-10-10 CN CN200710163906A patent/CN100592680C/en active Active
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247217B (en) * | 2008-03-17 | 2010-09-29 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
| CN103701816A (en) * | 2013-12-27 | 2014-04-02 | 北京奇虎科技有限公司 | Scanning method and scanning device of server executing DOS (Denial Of service) |
| CN103701816B (en) * | 2013-12-27 | 2017-07-11 | 北京奇安信科技有限公司 | Perform the scan method and scanning means of the server of Denial of Service attack |
| CN104038494A (en) * | 2014-06-11 | 2014-09-10 | 普联技术有限公司 | Method for recording attack source and exchanger |
| CN104580178B (en) * | 2014-12-26 | 2018-09-04 | 新华三技术有限公司 | A kind of method and apparatus of Portal certifications |
| CN104580178A (en) * | 2014-12-26 | 2015-04-29 | 杭州华三通信技术有限公司 | Method and equipment for Portal authentication |
| CN106470203A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | Information getting method and device |
| CN106470203B (en) * | 2015-08-21 | 2021-01-22 | 中兴通讯股份有限公司 | Information acquisition method and device |
| CN105207826A (en) * | 2015-10-26 | 2015-12-30 | 南京联成科技发展有限公司 | Security attack alarm positioning system based on Spark big data platform of Tachyou |
| CN107426141A (en) * | 2016-05-23 | 2017-12-01 | 纬创资通股份有限公司 | Malicious code protection method, system and monitoring device |
| CN107426141B (en) * | 2016-05-23 | 2020-06-09 | 纬创资通股份有限公司 | Malicious code protection method, system and monitoring device |
| CN107547229A (en) * | 2016-06-29 | 2018-01-05 | 南京联成科技发展股份有限公司 | A kind of implementation method of the safe operation management platform intelligent control based on big data |
| CN106792684B (en) * | 2016-12-13 | 2020-04-14 | 国家电网有限公司信息通信分公司 | Multi-protection wireless network safety protection system and protection method |
| CN106792684A (en) * | 2016-12-13 | 2017-05-31 | 国家电网公司信息通信分公司 | The wireless network secure guard system and means of defence of a kind of multiple-protection |
| CN111083086A (en) * | 2018-10-18 | 2020-04-28 | 珠海格力电器股份有限公司 | File downloading abnormity monitoring and positioning system and abnormity monitoring and positioning method thereof |
| CN109861865A (en) * | 2019-02-14 | 2019-06-07 | 上海鹏越惊虹信息技术发展有限公司 | A kind of alarm interlock method, device, system, computer equipment and storage medium |
| WO2021008028A1 (en) * | 2019-07-18 | 2021-01-21 | 平安科技(深圳)有限公司 | Network attack source tracing and protection method, electronic device and computer storage medium |
| CN111131253A (en) * | 2019-12-24 | 2020-05-08 | 北京优特捷信息技术有限公司 | Scene-based security event global response method, device, equipment and storage medium |
| CN113315779A (en) * | 2021-06-07 | 2021-08-27 | 深信服科技股份有限公司 | Security protection method, system and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100592680C (en) | 2010-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100592680C (en) | A device and method for secure information joint processing | |
| Ganame et al. | A global security architecture for intrusion detection on computer networks | |
| EP2715975B1 (en) | Network asset information management | |
| CN110493195B (en) | Network access control method and system | |
| Fung | Collaborative Intrusion Detection Networks and Insider Attacks. | |
| CN101257416B (en) | Networking type abnormal flow defense method based on combining network with host computer | |
| CN102857388A (en) | Cloud detection safety management auditing system | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| Mohamed et al. | A collaborative intrusion detection and prevention system in cloud computing | |
| WO2016197782A2 (en) | Service port management method and apparatus, and computer readable storage medium | |
| CN103618613A (en) | Network access control system | |
| Patidar et al. | Information Theory-based Techniques to Detect DDoS in SDN: A Survey | |
| Toosarvandani et al. | The risk assessment and treatment approach in order to provide LAN security based on ISMS standard | |
| Khosravifar et al. | An experience improving intrusion detection systems false alarm ratio by using honeypot | |
| Vokorokos et al. | Network security on the intrusion detection system level | |
| CN106209867B (en) | Advanced threat defense method and system | |
| Salim et al. | Preventing ARP spoofing attacks through gratuitous decision packet | |
| WO2005026872A2 (en) | Internal lan perimeter security appliance composed of a pci card and complementary software | |
| KR20140078329A (en) | Method and apparatus for defensing local network attacks | |
| Dressler et al. | Attack detection using cooperating autonomous detection systems (CATS) | |
| Zaheer et al. | Intrusion detection and mitigation framework for SDN controlled IoTs network | |
| Li et al. | A defense model study based on IDS and firewall linkage | |
| Masera et al. | Security assessment of a turbo-gas power plant | |
| Singhrova | A host based intrusion detection system for DDoS attack in WLAN | |
| Coughlin et al. | EDSGuard: Enforcing network security requirements for energy delivery systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |