CN107277070A - A kind of computer network instrument system of defense and intrusion prevention method - Google Patents
A kind of computer network instrument system of defense and intrusion prevention method Download PDFInfo
- Publication number
- CN107277070A CN107277070A CN201710694099.3A CN201710694099A CN107277070A CN 107277070 A CN107277070 A CN 107277070A CN 201710694099 A CN201710694099 A CN 201710694099A CN 107277070 A CN107277070 A CN 107277070A
- Authority
- CN
- China
- Prior art keywords
- data
- unit
- network
- computer network
- defence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
The invention discloses a kind of computer network instrument system of defense and intrusion prevention method, the system includes intrusion detecting unit, linkage unit, strategy generating unit, core defence program unit, Alarm Unit and information memory cell, then the system defends the method solved the problems, such as to realize that computer network instrument is defendd by first perception problems information, the present invention can monitor the operating system in computer network well, prevent illegal program from invading, improve the security of network.
Description
Technical field
The present invention relates to field of computer technology, specifically a kind of computer network instrument system of defense and invasion are anti-
Imperial method.
Background technology
Intrusion detection (Intrusion Detection) is the detection to intrusion behavior, and it is by collecting and analyzing network
The letter of some key points in behavior, security log, Audit data, the information and computer system that can obtain on other networks
Breath, is checked in network or system with the presence or absence of the sign violated the behavior of security strategy and attacked.Intrusion detection is used as one kind
Positive ground safety protection technique there is provided to internaling attack, the real-time guard of external attack and maloperation, in network system
Intercepted and responding to intrusions before being compromised.
Most of traditional Prevention-Security facility is all by analyzing attack of the daily record of some safety means to having occurred and that
Behavior is analyzed and monitored, and is substantially the thinking of Passive Defence, lacks network security situation awareness and the energy of linkage early warning
Power, takes corresponding emergency measure again after assault is detected, often late, because now network attack
Have occurred and that over, attack has had resulted in irremediable loss.
The content of the invention
It is an object of the invention to overcome above-mentioned deficiency, there is provided a kind of computer network instrument system of defense and intrusion prevention
Method, the operating system in computer network can be monitored well, prevents illegal program from invading, the safety of network is improved
Property.
The object of the present invention is achieved like this:A kind of computer network instrument system of defense, including intrusion detecting unit,
Intrusion detecting unit is used for the safe state data for detecting goal systems;Linkage unit, linkage unit is used to receive intrusion detection
The data of unit detection;Strategy generating unit, policy unit is used for the data generation correspondence defence plan received according to linkage unit
Set slightly or directly defence policies;Core defends program unit, and core defence program unit is used to perform defence policies, and core is prevented
Imperial program unit includes perception analysis system in vain, and perception analysis system is used to analyze the network data currently flowed through;Alarm Unit,
Alarm Unit is used to block when finding and meeting the network data of defence policies and sends warning information;Information memory cell, letter
Breath memory cell is used to store the data being blocked and warning information.
Further, data include invasion data, divulge a secret behavioral data and/or abnormal data.
Further, defence policies are set according to network communication protocol generation corresponding with data mode progress.
A kind of computer network instrument defence method, comprises the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, network data is blocked simultaneously
Send warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Further, the method for perception analysis comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
Further, abnormal data includes invasion data, divulge a secret behavioral data and/or abnormal data.
The advantage of the invention is that:The computer network instrument system of defense of the present invention can monitor computer network well
Operating system in network, prevents illegal program from invading, and improves the security of network.
Brief description of the drawings
Fig. 1 is the structure chart of the computer network instrument system of defense of the present invention.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings.
The present invention is a kind of computer network instrument system of defense, including intrusion detecting unit, intrusion detecting unit is used for
The safe state data of detection goal systems, wherein security status data include invasion data, divulge a secret behavioral data and abnormal number
According to;Linkage unit, linkage unit is used for the data for receiving intrusion detecting unit detection;Strategy generating unit, strategy generating unit
The defence policies of generation include two classes:I.e. can be according to network communication protocol and data mode into correspondence defence policies, can also
Defence policies are directly set by user;Core defends program unit, and core defence program unit is used to perform defence policies, core
Program unit is defendd to include perception analysis system in vain, perception analysis system is used to analyze the network data currently flowed through;Alarm is single
Member, Alarm Unit is used to block when finding and meeting the network data of defence policies and sends warning information;Information memory cell,
Information memory cell is used to store the data being blocked and warning information.
The intrusion prevention method of the system is such:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, network data is blocked simultaneously
Send warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Wherein, the method for perception analysis comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
Finally it should be noted that:Obviously, above-described embodiment is only intended to clearly illustrate the application example, and simultaneously
The non-restriction to embodiment.For those of ordinary skill in the field, it can also do on the basis of the above description
Go out other various forms of changes or variation.There is no necessity and possibility to exhaust all the enbodiments.And thus drawn
Among the obvious changes or variations that Shen goes out is still in the protection domain of the application type.
Claims (6)
1. a kind of computer network instrument system of defense, it is characterised in that including
Intrusion detecting unit, the intrusion detecting unit is used for the safe state data for detecting goal systems;
Linkage unit, the linkage unit is used for the safe state data for receiving the intrusion detecting unit detection;
Strategy generating unit, the data that the policy unit is used to be received according to linkage unit generate correspondence defence policies or user
Directly set defence policies;
Core defends program unit, and the core defence program unit is used to perform the defence policies, and the core defends journey
Sequence unit includes perception analysis system, and the perception analysis system is used to analyze the network data currently flowed through;
Alarm Unit, the Alarm Unit is used to block when finding and meeting the network data of the defence policies and sends alarm
Information;
Information memory cell, described information memory cell is used to store the data being blocked and warning information.
2. a kind of computer network instrument system of defense according to claim 1, it is characterised in that the safe condition number
According to including invasion data, divulge a secret behavioral data and/or abnormal data.
3. a kind of computer network instrument system of defense according to claim 2, it is characterised in that the defence policies root
According to network communication protocol generation setting corresponding with data mode progress.
4. a kind of computer network instrument defence method, it is characterised in that comprise the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data and send
Warning information;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
5. a kind of computer network instrument defence method according to claim 4, it is characterised in that the perception analysis
Method comprises the following steps:
Step 1, network data is subjected to data modeling;
Step 2, with reference to being associated property of secure data analysis;
Step 3, by after analysis data carry out intelligent screening, by abnormal data extract progress step 4;
Step 4, abnormal data carried into extraction and analysis, hazardous act is inferred using free deduce;
Step 5, abnormal data reduced;Obtain compromising feature.
6. a kind of computer network instrument defence method according to claim 5, it is characterised in that the abnormal data bag
Include invasion data, divulge a secret behavioral data and/or abnormal data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710694099.3A CN107277070A (en) | 2017-08-15 | 2017-08-15 | A kind of computer network instrument system of defense and intrusion prevention method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710694099.3A CN107277070A (en) | 2017-08-15 | 2017-08-15 | A kind of computer network instrument system of defense and intrusion prevention method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107277070A true CN107277070A (en) | 2017-10-20 |
Family
ID=60080260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710694099.3A Pending CN107277070A (en) | 2017-08-15 | 2017-08-15 | A kind of computer network instrument system of defense and intrusion prevention method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107277070A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108540474A (en) * | 2018-04-10 | 2018-09-14 | 成都理工大学 | A kind of computer network defense decision system |
CN111371750A (en) * | 2020-02-21 | 2020-07-03 | 浙江德迅网络安全技术有限公司 | Intrusion prevention system and intrusion prevention method based on computer network |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
CN101707601A (en) * | 2009-11-23 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Invasion defence detection method and device and gateway equipment |
CN102546638A (en) * | 2012-01-12 | 2012-07-04 | 冶金自动化研究设计院 | Scene-based hybrid invasion detection method and system |
CN102624717A (en) * | 2012-03-02 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Security policy automatic generation method and security policy automatic generation device based on leak scanning |
CN106209814A (en) * | 2016-07-04 | 2016-12-07 | 安徽天达网络科技有限公司 | A kind of distributed network intrusion prevention system |
CN106357637A (en) * | 2016-09-13 | 2017-01-25 | 国家电网公司 | Active defense system in allusion to smart energy terminal data |
-
2017
- 2017-08-15 CN CN201710694099.3A patent/CN107277070A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
CN101707601A (en) * | 2009-11-23 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Invasion defence detection method and device and gateway equipment |
CN102546638A (en) * | 2012-01-12 | 2012-07-04 | 冶金自动化研究设计院 | Scene-based hybrid invasion detection method and system |
CN102624717A (en) * | 2012-03-02 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Security policy automatic generation method and security policy automatic generation device based on leak scanning |
CN106209814A (en) * | 2016-07-04 | 2016-12-07 | 安徽天达网络科技有限公司 | A kind of distributed network intrusion prevention system |
CN106357637A (en) * | 2016-09-13 | 2017-01-25 | 国家电网公司 | Active defense system in allusion to smart energy terminal data |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108540474A (en) * | 2018-04-10 | 2018-09-14 | 成都理工大学 | A kind of computer network defense decision system |
CN108540474B (en) * | 2018-04-10 | 2021-03-05 | 成都理工大学 | Computer network defense decision-making system |
CN111371750A (en) * | 2020-02-21 | 2020-07-03 | 浙江德迅网络安全技术有限公司 | Intrusion prevention system and intrusion prevention method based on computer network |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
CN113992431B (en) * | 2021-12-24 | 2022-03-25 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102624696B (en) | Network security situation evaluation method | |
EP2080317B1 (en) | Apparatus and a security node for use in determining security attacks | |
CN101803337B (en) | Intrusion detection method and system | |
CN106411562A (en) | Electric power information network safety linkage defense method and system | |
KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
CN108520187A (en) | Industrial control system physics Network Intrusion detection method based on the analysis of serial communication bus signal | |
CN101364981A (en) | Hybrid intrusion detection method based on Internet protocol version 6 | |
Gómez et al. | Design of a snort-based hybrid intrusion detection system | |
CN102546638A (en) | Scene-based hybrid invasion detection method and system | |
CN108462714A (en) | A kind of APT systems of defense and its defence method based on system resilience | |
CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
CN114666088A (en) | Method, device, equipment and medium for detecting industrial network data behavior information | |
CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
CN113411295A (en) | Role-based access control situation awareness defense method and system | |
Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
CN103686737A (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method | |
CN113489703A (en) | Safety protection system | |
CN104580087A (en) | Immune network system | |
CN108206826B (en) | Lightweight intrusion detection method for integrated electronic system | |
KR20170127849A (en) | Method for securiting control system using whitelist and system for the same | |
TianYu et al. | Research on security threat assessment for power iot terminal based on knowledge graph | |
CN106878338B (en) | Telecontrol equipment gateway firewall integrated machine system | |
Papa et al. | A transfer function based intrusion detection system for SCADA systems | |
CN107493259A (en) | A kind of network security control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |