CN107277070A - A kind of computer network instrument system of defense and intrusion prevention method - Google Patents

A kind of computer network instrument system of defense and intrusion prevention method Download PDF

Info

Publication number
CN107277070A
CN107277070A CN201710694099.3A CN201710694099A CN107277070A CN 107277070 A CN107277070 A CN 107277070A CN 201710694099 A CN201710694099 A CN 201710694099A CN 107277070 A CN107277070 A CN 107277070A
Authority
CN
China
Prior art keywords
data
unit
network
computer network
defence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710694099.3A
Other languages
Chinese (zh)
Inventor
邢长宝
魏巍
徐志飞
王绪哲
杨镇宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Huanuo Network Technology Co Ltd
Original Assignee
Shandong Huanuo Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Huanuo Network Technology Co Ltd filed Critical Shandong Huanuo Network Technology Co Ltd
Priority to CN201710694099.3A priority Critical patent/CN107277070A/en
Publication of CN107277070A publication Critical patent/CN107277070A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies

Abstract

The invention discloses a kind of computer network instrument system of defense and intrusion prevention method, the system includes intrusion detecting unit, linkage unit, strategy generating unit, core defence program unit, Alarm Unit and information memory cell, then the system defends the method solved the problems, such as to realize that computer network instrument is defendd by first perception problems information, the present invention can monitor the operating system in computer network well, prevent illegal program from invading, improve the security of network.

Description

A kind of computer network instrument system of defense and intrusion prevention method
Technical field
The present invention relates to field of computer technology, specifically a kind of computer network instrument system of defense and invasion are anti- Imperial method.
Background technology
Intrusion detection (Intrusion Detection) is the detection to intrusion behavior, and it is by collecting and analyzing network The letter of some key points in behavior, security log, Audit data, the information and computer system that can obtain on other networks Breath, is checked in network or system with the presence or absence of the sign violated the behavior of security strategy and attacked.Intrusion detection is used as one kind Positive ground safety protection technique there is provided to internaling attack, the real-time guard of external attack and maloperation, in network system Intercepted and responding to intrusions before being compromised.
Most of traditional Prevention-Security facility is all by analyzing attack of the daily record of some safety means to having occurred and that Behavior is analyzed and monitored, and is substantially the thinking of Passive Defence, lacks network security situation awareness and the energy of linkage early warning Power, takes corresponding emergency measure again after assault is detected, often late, because now network attack Have occurred and that over, attack has had resulted in irremediable loss.
The content of the invention
It is an object of the invention to overcome above-mentioned deficiency, there is provided a kind of computer network instrument system of defense and intrusion prevention Method, the operating system in computer network can be monitored well, prevents illegal program from invading, the safety of network is improved Property.
The object of the present invention is achieved like this:A kind of computer network instrument system of defense, including intrusion detecting unit, Intrusion detecting unit is used for the safe state data for detecting goal systems;Linkage unit, linkage unit is used to receive intrusion detection The data of unit detection;Strategy generating unit, policy unit is used for the data generation correspondence defence plan received according to linkage unit Set slightly or directly defence policies;Core defends program unit, and core defence program unit is used to perform defence policies, and core is prevented Imperial program unit includes perception analysis system in vain, and perception analysis system is used to analyze the network data currently flowed through;Alarm Unit, Alarm Unit is used to block when finding and meeting the network data of defence policies and sends warning information;Information memory cell, letter Breath memory cell is used to store the data being blocked and warning information.
Further, data include invasion data, divulge a secret behavioral data and/or abnormal data.
Further, defence policies are set according to network communication protocol generation corresponding with data mode progress.
A kind of computer network instrument defence method, comprises the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, network data is blocked simultaneously Send warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Further, the method for perception analysis comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
Further, abnormal data includes invasion data, divulge a secret behavioral data and/or abnormal data.
The advantage of the invention is that:The computer network instrument system of defense of the present invention can monitor computer network well Operating system in network, prevents illegal program from invading, and improves the security of network.
Brief description of the drawings
Fig. 1 is the structure chart of the computer network instrument system of defense of the present invention.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings.
The present invention is a kind of computer network instrument system of defense, including intrusion detecting unit, intrusion detecting unit is used for The safe state data of detection goal systems, wherein security status data include invasion data, divulge a secret behavioral data and abnormal number According to;Linkage unit, linkage unit is used for the data for receiving intrusion detecting unit detection;Strategy generating unit, strategy generating unit The defence policies of generation include two classes:I.e. can be according to network communication protocol and data mode into correspondence defence policies, can also Defence policies are directly set by user;Core defends program unit, and core defence program unit is used to perform defence policies, core Program unit is defendd to include perception analysis system in vain, perception analysis system is used to analyze the network data currently flowed through;Alarm is single Member, Alarm Unit is used to block when finding and meeting the network data of defence policies and sends warning information;Information memory cell, Information memory cell is used to store the data being blocked and warning information.
The intrusion prevention method of the system is such:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, network data is blocked simultaneously Send warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Wherein, the method for perception analysis comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
Finally it should be noted that:Obviously, above-described embodiment is only intended to clearly illustrate the application example, and simultaneously The non-restriction to embodiment.For those of ordinary skill in the field, it can also do on the basis of the above description Go out other various forms of changes or variation.There is no necessity and possibility to exhaust all the enbodiments.And thus drawn Among the obvious changes or variations that Shen goes out is still in the protection domain of the application type.

Claims (6)

1. a kind of computer network instrument system of defense, it is characterised in that including
Intrusion detecting unit, the intrusion detecting unit is used for the safe state data for detecting goal systems;
Linkage unit, the linkage unit is used for the safe state data for receiving the intrusion detecting unit detection;
Strategy generating unit, the data that the policy unit is used to be received according to linkage unit generate correspondence defence policies or user Directly set defence policies;
Core defends program unit, and the core defence program unit is used to perform the defence policies, and the core defends journey Sequence unit includes perception analysis system, and the perception analysis system is used to analyze the network data currently flowed through;
Alarm Unit, the Alarm Unit is used to block when finding and meeting the network data of the defence policies and sends alarm Information;
Information memory cell, described information memory cell is used to store the data being blocked and warning information.
2. a kind of computer network instrument system of defense according to claim 1, it is characterised in that the safe condition number According to including invasion data, divulge a secret behavioral data and/or abnormal data.
3. a kind of computer network instrument system of defense according to claim 2, it is characterised in that the defence policies root According to network communication protocol generation setting corresponding with data mode progress.
4. a kind of computer network instrument defence method, it is characterised in that comprise the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data and send Warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
5. a kind of computer network instrument defence method according to claim 4, it is characterised in that the perception analysis Method comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
6. a kind of computer network instrument defence method according to claim 5, it is characterised in that the abnormal data bag Include invasion data, divulge a secret behavioral data and/or abnormal data.
CN201710694099.3A 2017-08-15 2017-08-15 A kind of computer network instrument system of defense and intrusion prevention method Pending CN107277070A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710694099.3A CN107277070A (en) 2017-08-15 2017-08-15 A kind of computer network instrument system of defense and intrusion prevention method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710694099.3A CN107277070A (en) 2017-08-15 2017-08-15 A kind of computer network instrument system of defense and intrusion prevention method

Publications (1)

Publication Number Publication Date
CN107277070A true CN107277070A (en) 2017-10-20

Family

ID=60080260

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710694099.3A Pending CN107277070A (en) 2017-08-15 2017-08-15 A kind of computer network instrument system of defense and intrusion prevention method

Country Status (1)

Country Link
CN (1) CN107277070A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540474A (en) * 2018-04-10 2018-09-14 成都理工大学 A kind of computer network defense decision system
CN111371750A (en) * 2020-02-21 2020-07-03 浙江德迅网络安全技术有限公司 Intrusion prevention system and intrusion prevention method based on computer network
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505302A (en) * 2009-02-26 2009-08-12 中国联合网络通信集团有限公司 Dynamic regulating method and system for security policy
CN101707601A (en) * 2009-11-23 2010-05-12 成都市华为赛门铁克科技有限公司 Invasion defence detection method and device and gateway equipment
CN102546638A (en) * 2012-01-12 2012-07-04 冶金自动化研究设计院 Scene-based hybrid invasion detection method and system
CN102624717A (en) * 2012-03-02 2012-08-01 深信服网络科技(深圳)有限公司 Security policy automatic generation method and security policy automatic generation device based on leak scanning
CN106209814A (en) * 2016-07-04 2016-12-07 安徽天达网络科技有限公司 A kind of distributed network intrusion prevention system
CN106357637A (en) * 2016-09-13 2017-01-25 国家电网公司 Active defense system in allusion to smart energy terminal data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505302A (en) * 2009-02-26 2009-08-12 中国联合网络通信集团有限公司 Dynamic regulating method and system for security policy
CN101707601A (en) * 2009-11-23 2010-05-12 成都市华为赛门铁克科技有限公司 Invasion defence detection method and device and gateway equipment
CN102546638A (en) * 2012-01-12 2012-07-04 冶金自动化研究设计院 Scene-based hybrid invasion detection method and system
CN102624717A (en) * 2012-03-02 2012-08-01 深信服网络科技(深圳)有限公司 Security policy automatic generation method and security policy automatic generation device based on leak scanning
CN106209814A (en) * 2016-07-04 2016-12-07 安徽天达网络科技有限公司 A kind of distributed network intrusion prevention system
CN106357637A (en) * 2016-09-13 2017-01-25 国家电网公司 Active defense system in allusion to smart energy terminal data

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540474A (en) * 2018-04-10 2018-09-14 成都理工大学 A kind of computer network defense decision system
CN108540474B (en) * 2018-04-10 2021-03-05 成都理工大学 Computer network defense decision-making system
CN111371750A (en) * 2020-02-21 2020-07-03 浙江德迅网络安全技术有限公司 Intrusion prevention system and intrusion prevention method based on computer network
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium
CN113992431B (en) * 2021-12-24 2022-03-25 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN102624696B (en) Network security situation evaluation method
EP2080317B1 (en) Apparatus and a security node for use in determining security attacks
CN101803337B (en) Intrusion detection method and system
CN106411562A (en) Electric power information network safety linkage defense method and system
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN108520187A (en) Industrial control system physics Network Intrusion detection method based on the analysis of serial communication bus signal
CN101364981A (en) Hybrid intrusion detection method based on Internet protocol version 6
Gómez et al. Design of a snort-based hybrid intrusion detection system
CN102546638A (en) Scene-based hybrid invasion detection method and system
CN108462714A (en) A kind of APT systems of defense and its defence method based on system resilience
CN107277070A (en) A kind of computer network instrument system of defense and intrusion prevention method
CN114666088A (en) Method, device, equipment and medium for detecting industrial network data behavior information
CN106209902A (en) A kind of network safety system being applied to intellectual property operation platform and detection method
CN113411295A (en) Role-based access control situation awareness defense method and system
Suo et al. Research on the application of honeypot technology in intrusion detection system
CN103686737A (en) Wireless sensor network intrusion tolerance method and system based on tree topology
CN108924129A (en) One kind being based on computer network instrument system of defense and intrusion prevention method
CN113489703A (en) Safety protection system
CN104580087A (en) Immune network system
CN108206826B (en) Lightweight intrusion detection method for integrated electronic system
KR20170127849A (en) Method for securiting control system using whitelist and system for the same
TianYu et al. Research on security threat assessment for power iot terminal based on knowledge graph
CN106878338B (en) Telecontrol equipment gateway firewall integrated machine system
Papa et al. A transfer function based intrusion detection system for SCADA systems
CN107493259A (en) A kind of network security control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171020