Hierarchical type mobile internet security monitoring and guard system
Technical field
The present invention relates to a kind of mobile Internet security fields, specifically adopt multi-C stereo prevention policies and intelligent safety monitoring technology, innovative design a kind of hierarchical type mobile internet security monitoring and protection system.
Background technology
Mobile communication enters the mobile Internet epoch just on a large scale, and the intelligent terminals such as mobile phone become most important communication and information carrying platform day by day, becomes the main access main body of information interchange, ecommerce, mobile office, consumption and payment, amusement.Yet, because directly interconnecting of mobile Internet and general internet, originally wreaked havoc the malicious attacks such as virus on the Internet, wooden horse, hacker, illegal invasion also pours in thereupon, present virus for mobile Internet, smart mobile phone, wooden horse, vicious attack software etc. have had been found that several thousand kinds, and with hundreds of speed increase per month, cause very serious harm for terminal client and mobile network operation.Particularly directly access the portable terminal (smart mobile phone, PDA etc.) of the Internet for those, can introduce mobile data network inside to the virus on all the Internets, hacker, rogue attacks.These harmful softwares or reside on the mobile phone, perhaps reside on the server, perhaps be hidden in webpage or the file, all unlawful activities such as enforcement Communication Jamming, service denial, professional swindle, information are stolen, account is usurped, fund is moved steathily, device resource takies, if there are not strong safeguard procedures, inevitable Network is chaotic, brings loss difficult to the appraisal and disaster for operator and numerous clients.
It should be noted that simultaneously the data service of mobile communications network never is same as general Internet service, the former requires to provide the secure business that business is controlled, safety is controlled, satisfy SLA, and the latter is at present also without any controlled guarantee; The user will quantitatively pay when the former provided business, and the latter is free in principle.Causing thus the former ISP, service user all must be carrier-class to the requirement of network and quality of service level---this also is the Value Realization basis of mobile network data service, so the safety guarantee of mobile Internet is the great core operation support problem that must solve.
Yet, even if general internet, the satisfied solution that also is far from obtaining of most network securitys and information security issue---there is not the real-time effective end-by-end security counter-measure of the complete safety monitoring and preventing system of a cover/yet do not have, so especially stern challenge of safety problem for mobile Internet, not only lack complete efficient total solution, even do not have the special supporting technology for mobile Internet safety.At present, in the core research topic has been included the mobile data network service security in all International Telecommunications Union, standardization body, mobile communication carrier, network and IT service commercial city, attempts effectively to solve business and the information security issue of mobile Internet.
Summary of the invention
The purpose of this invention is to provide a kind of hierarchical type mobile internet security monitoring and protection system.
The objective of the invention is to realize in the following manner, can move on the basis of maintainable characteristics and latest network safe practice at the further investigation mobile Internet, adopt the quality assurance strategy of initiatively monitoring guard technology, intellectualized technology and curstomer-oriented service, proposed complete mobile internet security monitoring and the protection system of a cover.This system is divided into three layers: safe operation center SOC (Security Operation Center), TSM Security Agent SA (Security Agent) and gateway SGW (Security Gateway), safety access entity SAE (SecurityAccess Entity).SOC is responsible for the management of overall safety monitoring operation, SGW is responsible for general internet to the flow safety detection of mobile Internet, and SA is responsible for the safety detection of network main node (or net territory) turnover flow and safety access and the safe operation that management, SAE are responsible for terminal.
Particular content comprises
(1) SOC of security centre
Be responsible for overall safety monitoring and protection, formed by functional entitys such as security monitoring management system (SOM), operation protection server (OPS), Security Policy Servers (SPS).SOM is responsible for monitoring the safety significant incident of the whole network, analyzes various unusual and dangerous trends, and implements control according to the characteristic of event and process.SPS issues SOM with corresponding strategies and carries out according to the full monitoring in dynamic system Dingan County of security status and great security incident and prevention policies.OPS implements safety prevention measure according to the requirement of SOM to objects such as certain network element, terminal, flow, contents, such as depth recognition control, scanning, virus killing, connection control etc., also offer the functions such as the corresponding security tool downloading-running of terminal use and on-line operation.
(2) security gateway SGW
Security gateway SGW is arranged on the junction of mobile Internet and general internet, the main flow safety of being responsible for from the general internet to the mobile Internet comprises flow detection, network attack identification, the identification of virus extension horse, harmful content discriminating, abnormal operation and Malware early warning etc.For detecting armful traffic or operation, can take to forbid manufacture according to the prevention and control strategy, abandon, the measure such as alarm, and the warning information of in time will being correlated with sends to SOC and does further control and process.
SGW also can be arranged in the large-scale TSM Security Agent node, carries out security monitoring for the net stream that passes in and out the region within the jurisdiction network.
(3) TSM Security Agent SA
TSM Security Agent is arranged on the main node place in the mobile Internet, such as mobile switching centre, base station controller, important edge router or switch, main business node (such as mobile commerce platform) etc.Be responsible for the flow safety of a certain cohort of turnover or Local Area Network.Mainly contain three kinds of functions, the one, operation exception, operation exception and the warning information of responsible detecting collection network terminal report the SOC of security centre; The 2nd, according to the instruction of security centre, the network terminal (or subnet) is carried out specific safety detection, control; Three provide the function (generally only having large-scale TSM Security Agent node just to dispose) of security gateway, and flow and the abnormal operation that passes in and out the region within the jurisdiction network carried out security monitoring.
(4) safety access entity SAE
Safety access entity generally is configured on the network terminal, such as mobile phone, net book, value-added service server etc.SAE is security monitoring plug-in unit or the code packages of a compactness, and the operation situation of monitoring terminal notes abnormalities and then sends in real time alarm, reports terminal main interface, SA and SOC.SAE implements corresponding control operation according to instruction or alarm signal that SA/SOC sends, as send security warning, block some abnormal operation, the special safety detection code of downloading-running SOC etc.
The invention has the beneficial effects as follows: the present invention is adapted to be built into complete mobile internet security monitoring and guard system.By the layered modular architecture, contained the structure at all levels of mobile Internet from terminal, Access Network, core net to service network, can guarantee to monitor guard system the deployment flexibility, cover integrality, function expansibility, upgrading convenience and defense-in-depth ability.Active integral intelligent operating mechanism can guarantee that each function cohort under the unified regulation and control of SOC, finishes end-by-end security fast synergistic and monitor and safeguard function.Therefore the present invention is as a kind of security monitoring and protection system framework of innovation, be suitable for telecom operators and Virtual network operator and make up unified complete intelligent safety monitoring and preventing system, the safety of Effective Raise mobile Internet is transported management ability, guarantees numerous clients' service security and information security.
Description of drawings:
Fig. 1 is position and the relation of each safety function entity in network;
Fig. 2 is the configuration diagram of safety monitoring and preventing system.
Embodiment
Explain to hierarchical type mobile internet security monitoring of the present invention and below the protection system work with reference to Figure of description.
Hierarchical type mobile internet security monitoring of the present invention and protection system, the modular architecture that comprises four basic function groups of three aspects is so that whole monitoring protection system has the characteristics such as end-to-end deep layer protection flexible, that autgmentability is strong, upgrading is convenient, complete of disposing.The structure at all levels of mobile Internet from terminal, Access Network, core net to service network can be adapted to, complete security monitoring and guard system can be built into whereby;
The intelligent behaviour of each module guarantees that it has very strong security monitoring autonomy function, can be according to the configuration of self, and running and the resource object of administrative area protected in monitoring.Guarantee that when other safety systems break down the local security monitoring keeps basic function, when other system is normal, can realize collaborative work, realize more senior more powerful safety custody guarantee;
The functional structure of the SOC of security centre, comprise security monitoring management system SOM, operation protection server OPS, Security Policy Server SPS functional entity, intelligent and the cooperative mechanism of each functional entity guarantees security of system monitoring autonomy function, and function comprises:
A) according to the configuration of self, running and the resource object of administrative area protected in monitoring;
B) guarantee that when other safety systems break down the local security monitoring keeps basic function, collaborative work when other system is normal realizes the safety custody guarantee.
Attribute regulation and the matching relationship thereof of each function cohort provide as follows:
A) SOC monitors the abnormality alarming information that SGW, SA, SAE send as overall monitoring management person, determines corresponding processing policy according to analysis result, in time controls SGW, SA, SAE makes concrete reply operation;
B) SGW, SA, SAE according to the unified regulation and control of SOC, finish collaborative work on the basis that Each performs its own functions;
C) SA, SAE work in cooperation: SA act on behalf of SOC and manage many SAE when institute's pipe node or Local Area Network flow safety are come in and gone out in monitoring, and SAE is then when possessing the inherently safe monitoring function, from controlling in SA.The major technique innovative point
Main innovate point of the present invention is the intelligent characteristic of delamination modularization architecture, each module, active integration operating mechanism.
Active integration operating mechanism is mainly stipulated and matching relationship based on the attribute of each function cohort.SOC monitors the abnormality alarming information that SGW, SA, SAE send as overall monitoring management person, determines corresponding processing policy according to analysis result, in time controls SGW, SA, SAE makes concrete reply operation.SGW, SA, SAE according to the unified regulation and control of SOC, finish collaborative work on the basis that Each performs its own functions.Such as, when SGW detects one when importing into the web webpage of hanging horse, then according to predetermined strategy or stop voluntarily or report immediately that SOC, SOC then notify corresponding SA and SAE to make the prevention and control operation immediately, thereby realize effective end-by-end security monitoring protection.