CN108924129A - One kind being based on computer network instrument system of defense and intrusion prevention method - Google Patents

One kind being based on computer network instrument system of defense and intrusion prevention method Download PDF

Info

Publication number
CN108924129A
CN108924129A CN201810703906.8A CN201810703906A CN108924129A CN 108924129 A CN108924129 A CN 108924129A CN 201810703906 A CN201810703906 A CN 201810703906A CN 108924129 A CN108924129 A CN 108924129A
Authority
CN
China
Prior art keywords
unit
data
defence
computer network
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810703906.8A
Other languages
Chinese (zh)
Inventor
方义成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui He Soft Information Technology Co Ltd
Original Assignee
Anhui He Soft Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui He Soft Information Technology Co Ltd filed Critical Anhui He Soft Information Technology Co Ltd
Priority to CN201810703906.8A priority Critical patent/CN108924129A/en
Publication of CN108924129A publication Critical patent/CN108924129A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses one kind about computer network instrument system of defense and intrusion prevention method, the system includes intrusion detecting unit, linkage unit, strategy generating unit, core defence program unit, Alarm Unit and information memory cell, this system passes through first perception problems information and solution to the problem is then defendd to realize computer network instrument defence, the present invention can monitor the operating system in computer network well, it prevents illegal program from invading, improves the safety of network.

Description

One kind being based on computer network instrument system of defense and intrusion prevention method
Technical field
The present invention relates to field of computer technology, specifically a kind of to be based on computer network instrument system of defense and enter Invade defence method.
Background technique
Intrusion detection (Intrusion Detection) is the detection to intrusion behavior, it is by collecting and analyzing network Behavior, security log, Audit data, in the information and computer system that can obtain on other networks several key points letter Breath checks in network or system with the presence or absence of the sign for violating the behavior of security strategy and being attacked.Intrusion detection is as a kind of Positive ground safety protection technique, provide to internal attack, the real-time guard of external attack and maloperation, in network system Interception and responding to intrusions before being compromised.
Most of traditional Prevention-Security facility is all by analyzing attack of the log of certain safety equipments to having occurred and that Behavior is analyzed and is monitored, and the thinking of Passive Defence is substantially, and lacks the energy of network security situation awareness and the early warning that links Power takes corresponding emergency measure again after detecting assault, often late, because of network attack at this time It has occurred and that over, attack has had resulted in irremediable loss.
Summary of the invention
The purpose of the present invention is to overcome the above shortcomings and to provide one kind to be based on computer network instrument system of defense and invasion Defence method can monitor the operating system in computer network well, prevent illegal program from invading, improve the peace of network Quan Xing.
The object of the present invention is achieved like this:One kind being based on computer network instrument system of defense, including intrusion detection Unit, intrusion detecting unit are used to detect the safe state data of goal systems;Linkage unit, linkage unit is for receiving invasion The data of detection unit detection;Strategy generating unit, policy unit are used to be generated according to the received data of linkage unit corresponding anti- Imperial strategy directly sets defence policies;Core defends program unit, and core defence program unit is used to execute defence policies, It includes perception analysis system that core, which defends program unit white, and perception analysis system is for analyzing the network data currently flowed through;It accuses Alert unit, Alarm Unit are used to block when discovery meets the network data of defence policies and issue warning information;Information storage Unit, information memory cell is for storing the data being blocked and warning information.
Further, data include invasion data, divulge a secret behavioral data and/or abnormal data.
Further, defence policies carry out corresponding generation setting according to network communication protocol and data mode.
A kind of computer network instrument defence method, includes the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data concurrent Warning information out;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Further, the method for perception analysis includes the following steps:
Network data is carried out data modeling by step 1;
Step 2 is analyzed in conjunction with being associated property of secure data;
Data after analysis are carried out intelligent screening by step 3, and abnormal data is extracted and carries out step 4;
Abnormal data is mentioned extraction and analysis by step 4, infers hazardous act using free deduction;
Step 5 restores abnormal data;Obtain compromising feature.
Further, abnormal data includes invasion data, divulge a secret behavioral data and/or abnormal data.
The advantage of the invention is that:Computer network instrument system of defense of the invention can monitor computer network well Operating system in network, prevents illegal program from invading, and improves the safety of network.
Detailed description of the invention
Fig. 1 is a kind of structure chart about computer network instrument system of defense of the invention.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.
The present invention is one kind about computer network instrument system of defense, including intrusion detecting unit, intrusion detecting unit For detecting the safe state data of goal systems, wherein security status data includes invasion data, the behavioral data and different of divulging a secret Regular data;Linkage unit, linkage unit are used to receive the data of intrusion detecting unit detection;Strategy generating unit, strategy generating The defence policies that unit generates include two classes:Can according to network communication protocol and data mode at corresponding defence policies, Defence policies can directly be set by user;Core defends program unit, and core defends program unit for executing defence plan Slightly, it includes perception analysis system that core, which defends program unit white, and perception analysis system is for analyzing the network number currently flowed through According to;Alarm Unit, Alarm Unit are used to block when discovery meets the network data of defence policies and issue warning information;Letter Storage unit is ceased, information memory cell is for storing the data being blocked and warning information.
The intrusion prevention method of this system is such:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data concurrent Warning information out;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Wherein, the method for perception analysis includes the following steps:
Network data is carried out data modeling by step 1;
Step 2 is analyzed in conjunction with being associated property of secure data;
Data after analysis are carried out intelligent screening by step 3, and abnormal data is extracted and carries out step 4;
Abnormal data is mentioned extraction and analysis by step 4, infers hazardous act using free deduction;
Step 5 restores abnormal data;Obtain compromising feature.
Finally it should be noted that:Obviously, above-described embodiment is only intended to clearly illustrate the application example, and simultaneously The non-restriction to embodiment.For those of ordinary skill in the art, it can also do on the basis of the above description Other various forms of variations or variation out.There is no necessity and possibility to exhaust all the enbodiments.And thus drawn Shen go out obvious changes or variations still in the protection scope of the application type among.

Claims (1)

1. one kind is based on computer network instrument system of defense and intrusion prevention method, which is characterized in that including intrusion detection list Member, the intrusion detecting unit are used to detect the safe state data of goal systems;Linkage unit, the linkage unit is for connecing Receive the safe state data of the intrusion detecting unit detection;Strategy generating unit, the policy unit are used for single according to linkage The received data of member generate corresponding defence policies or user directly sets defence policies;Core defends program unit, the core For defence program unit for executing the defence policies, the core defence program unit includes perception analysis system, the sense Know analysis system for analyzing the network data currently flowed through;Alarm Unit, the Alarm Unit are used to meet in discovery described It is blocked when the network data of defence policies and issues warning information;Information memory cell, the information memory cell is for storing The data being blocked and warning information.
CN201810703906.8A 2018-07-01 2018-07-01 One kind being based on computer network instrument system of defense and intrusion prevention method Withdrawn CN108924129A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810703906.8A CN108924129A (en) 2018-07-01 2018-07-01 One kind being based on computer network instrument system of defense and intrusion prevention method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810703906.8A CN108924129A (en) 2018-07-01 2018-07-01 One kind being based on computer network instrument system of defense and intrusion prevention method

Publications (1)

Publication Number Publication Date
CN108924129A true CN108924129A (en) 2018-11-30

Family

ID=64423928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810703906.8A Withdrawn CN108924129A (en) 2018-07-01 2018-07-01 One kind being based on computer network instrument system of defense and intrusion prevention method

Country Status (1)

Country Link
CN (1) CN108924129A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022007581A1 (en) * 2020-07-10 2022-01-13 Kyndryl, Inc. Deep learning network intrusion detection
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022007581A1 (en) * 2020-07-10 2022-01-13 Kyndryl, Inc. Deep learning network intrusion detection
US11611588B2 (en) 2020-07-10 2023-03-21 Kyndryl, Inc. Deep learning network intrusion detection
GB2611189A (en) * 2020-07-10 2023-03-29 Kyndryl Inc Deep learning network intrusion detection
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium
CN113992431B (en) * 2021-12-24 2022-03-25 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN102624696B (en) Network security situation evaluation method
EP2080317B1 (en) Apparatus and a security node for use in determining security attacks
US8418247B2 (en) Intrusion detection method and system
CN108931968B (en) Network security protection system applied to industrial control system and protection method thereof
Gómez et al. Design of a snort-based hybrid intrusion detection system
CN105264861A (en) Method and apparatus for detecting a multi-stage event
CN108462714A (en) A kind of APT systems of defense and its defence method based on system resilience
CN113839935B (en) Network situation awareness method, device and system
CN114666088A (en) Method, device, equipment and medium for detecting industrial network data behavior information
CN113411295A (en) Role-based access control situation awareness defense method and system
CN107277070A (en) A kind of computer network instrument system of defense and intrusion prevention method
CN108924129A (en) One kind being based on computer network instrument system of defense and intrusion prevention method
CN113660222A (en) Situation awareness defense method and system based on mandatory access control
KR101871406B1 (en) Method for securiting control system using whitelist and system for the same
CN108206826B (en) Lightweight intrusion detection method for integrated electronic system
TianYu et al. Research on security threat assessment for power iot terminal based on knowledge graph
KR20130033161A (en) Intrusion detection system for cloud computing service
Dhangar et al. Analysis of proposed intrusion detection system
KR101606090B1 (en) Apparatus and method for protecting network
Papa et al. A transfer function based intrusion detection system for SCADA systems
CN107493259A (en) A kind of network security control system
CN102970188B (en) A kind of 110kV digital transformer substation secure network
CN113779566A (en) Computer network security situation sensing system and method
CN111291390A (en) Key data safety destruction triggering system and triggering method
Cui et al. Real-time early warning of network security threats based on improved ant colony algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20181130

WW01 Invention patent application withdrawn after publication