CN108924129A - One kind being based on computer network instrument system of defense and intrusion prevention method - Google Patents
One kind being based on computer network instrument system of defense and intrusion prevention method Download PDFInfo
- Publication number
- CN108924129A CN108924129A CN201810703906.8A CN201810703906A CN108924129A CN 108924129 A CN108924129 A CN 108924129A CN 201810703906 A CN201810703906 A CN 201810703906A CN 108924129 A CN108924129 A CN 108924129A
- Authority
- CN
- China
- Prior art keywords
- unit
- data
- defence
- computer network
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses one kind about computer network instrument system of defense and intrusion prevention method, the system includes intrusion detecting unit, linkage unit, strategy generating unit, core defence program unit, Alarm Unit and information memory cell, this system passes through first perception problems information and solution to the problem is then defendd to realize computer network instrument defence, the present invention can monitor the operating system in computer network well, it prevents illegal program from invading, improves the safety of network.
Description
Technical field
The present invention relates to field of computer technology, specifically a kind of to be based on computer network instrument system of defense and enter
Invade defence method.
Background technique
Intrusion detection (Intrusion Detection) is the detection to intrusion behavior, it is by collecting and analyzing network
Behavior, security log, Audit data, in the information and computer system that can obtain on other networks several key points letter
Breath checks in network or system with the presence or absence of the sign for violating the behavior of security strategy and being attacked.Intrusion detection is as a kind of
Positive ground safety protection technique, provide to internal attack, the real-time guard of external attack and maloperation, in network system
Interception and responding to intrusions before being compromised.
Most of traditional Prevention-Security facility is all by analyzing attack of the log of certain safety equipments to having occurred and that
Behavior is analyzed and is monitored, and the thinking of Passive Defence is substantially, and lacks the energy of network security situation awareness and the early warning that links
Power takes corresponding emergency measure again after detecting assault, often late, because of network attack at this time
It has occurred and that over, attack has had resulted in irremediable loss.
Summary of the invention
The purpose of the present invention is to overcome the above shortcomings and to provide one kind to be based on computer network instrument system of defense and invasion
Defence method can monitor the operating system in computer network well, prevent illegal program from invading, improve the peace of network
Quan Xing.
The object of the present invention is achieved like this:One kind being based on computer network instrument system of defense, including intrusion detection
Unit, intrusion detecting unit are used to detect the safe state data of goal systems;Linkage unit, linkage unit is for receiving invasion
The data of detection unit detection;Strategy generating unit, policy unit are used to be generated according to the received data of linkage unit corresponding anti-
Imperial strategy directly sets defence policies;Core defends program unit, and core defence program unit is used to execute defence policies,
It includes perception analysis system that core, which defends program unit white, and perception analysis system is for analyzing the network data currently flowed through;It accuses
Alert unit, Alarm Unit are used to block when discovery meets the network data of defence policies and issue warning information;Information storage
Unit, information memory cell is for storing the data being blocked and warning information.
Further, data include invasion data, divulge a secret behavioral data and/or abnormal data.
Further, defence policies carry out corresponding generation setting according to network communication protocol and data mode.
A kind of computer network instrument defence method, includes the following steps:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data concurrent
Warning information out;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Further, the method for perception analysis includes the following steps:
Network data is carried out data modeling by step 1;
Step 2 is analyzed in conjunction with being associated property of secure data;
Data after analysis are carried out intelligent screening by step 3, and abnormal data is extracted and carries out step 4;
Abnormal data is mentioned extraction and analysis by step 4, infers hazardous act using free deduction;
Step 5 restores abnormal data;Obtain compromising feature.
Further, abnormal data includes invasion data, divulge a secret behavioral data and/or abnormal data.
The advantage of the invention is that:Computer network instrument system of defense of the invention can monitor computer network well
Operating system in network, prevents illegal program from invading, and improves the safety of network.
Detailed description of the invention
Fig. 1 is a kind of structure chart about computer network instrument system of defense of the invention.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.
The present invention is one kind about computer network instrument system of defense, including intrusion detecting unit, intrusion detecting unit
For detecting the safe state data of goal systems, wherein security status data includes invasion data, the behavioral data and different of divulging a secret
Regular data;Linkage unit, linkage unit are used to receive the data of intrusion detecting unit detection;Strategy generating unit, strategy generating
The defence policies that unit generates include two classes:Can according to network communication protocol and data mode at corresponding defence policies,
Defence policies can directly be set by user;Core defends program unit, and core defends program unit for executing defence plan
Slightly, it includes perception analysis system that core, which defends program unit white, and perception analysis system is for analyzing the network number currently flowed through
According to;Alarm Unit, Alarm Unit are used to block when discovery meets the network data of defence policies and issue warning information;Letter
Storage unit is ceased, information memory cell is for storing the data being blocked and warning information.
The intrusion prevention method of this system is such:
Start intrusion prevention system, the network data currently flowed through is collected in monitoring;
Whether the network data collected in perception analysis step 1 meets defence policies:If meeting, block network data concurrent
Warning information out;If not meeting, continue monitoring network;
Storage blocks data and warning information, continues monitoring network.
Wherein, the method for perception analysis includes the following steps:
Network data is carried out data modeling by step 1;
Step 2 is analyzed in conjunction with being associated property of secure data;
Data after analysis are carried out intelligent screening by step 3, and abnormal data is extracted and carries out step 4;
Abnormal data is mentioned extraction and analysis by step 4, infers hazardous act using free deduction;
Step 5 restores abnormal data;Obtain compromising feature.
Finally it should be noted that:Obviously, above-described embodiment is only intended to clearly illustrate the application example, and simultaneously
The non-restriction to embodiment.For those of ordinary skill in the art, it can also do on the basis of the above description
Other various forms of variations or variation out.There is no necessity and possibility to exhaust all the enbodiments.And thus drawn
Shen go out obvious changes or variations still in the protection scope of the application type among.
Claims (1)
1. one kind is based on computer network instrument system of defense and intrusion prevention method, which is characterized in that including intrusion detection list
Member, the intrusion detecting unit are used to detect the safe state data of goal systems;Linkage unit, the linkage unit is for connecing
Receive the safe state data of the intrusion detecting unit detection;Strategy generating unit, the policy unit are used for single according to linkage
The received data of member generate corresponding defence policies or user directly sets defence policies;Core defends program unit, the core
For defence program unit for executing the defence policies, the core defence program unit includes perception analysis system, the sense
Know analysis system for analyzing the network data currently flowed through;Alarm Unit, the Alarm Unit are used to meet in discovery described
It is blocked when the network data of defence policies and issues warning information;Information memory cell, the information memory cell is for storing
The data being blocked and warning information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810703906.8A CN108924129A (en) | 2018-07-01 | 2018-07-01 | One kind being based on computer network instrument system of defense and intrusion prevention method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810703906.8A CN108924129A (en) | 2018-07-01 | 2018-07-01 | One kind being based on computer network instrument system of defense and intrusion prevention method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108924129A true CN108924129A (en) | 2018-11-30 |
Family
ID=64423928
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810703906.8A Withdrawn CN108924129A (en) | 2018-07-01 | 2018-07-01 | One kind being based on computer network instrument system of defense and intrusion prevention method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108924129A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022007581A1 (en) * | 2020-07-10 | 2022-01-13 | Kyndryl, Inc. | Deep learning network intrusion detection |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
-
2018
- 2018-07-01 CN CN201810703906.8A patent/CN108924129A/en not_active Withdrawn
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022007581A1 (en) * | 2020-07-10 | 2022-01-13 | Kyndryl, Inc. | Deep learning network intrusion detection |
US11611588B2 (en) | 2020-07-10 | 2023-03-21 | Kyndryl, Inc. | Deep learning network intrusion detection |
GB2611189A (en) * | 2020-07-10 | 2023-03-29 | Kyndryl Inc | Deep learning network intrusion detection |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
CN113992431B (en) * | 2021-12-24 | 2022-03-25 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102624696B (en) | Network security situation evaluation method | |
EP2080317B1 (en) | Apparatus and a security node for use in determining security attacks | |
US8418247B2 (en) | Intrusion detection method and system | |
CN108931968B (en) | Network security protection system applied to industrial control system and protection method thereof | |
Gómez et al. | Design of a snort-based hybrid intrusion detection system | |
CN105264861A (en) | Method and apparatus for detecting a multi-stage event | |
CN108462714A (en) | A kind of APT systems of defense and its defence method based on system resilience | |
CN113839935B (en) | Network situation awareness method, device and system | |
CN114666088A (en) | Method, device, equipment and medium for detecting industrial network data behavior information | |
CN113411295A (en) | Role-based access control situation awareness defense method and system | |
CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method | |
CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
KR101871406B1 (en) | Method for securiting control system using whitelist and system for the same | |
CN108206826B (en) | Lightweight intrusion detection method for integrated electronic system | |
TianYu et al. | Research on security threat assessment for power iot terminal based on knowledge graph | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
Dhangar et al. | Analysis of proposed intrusion detection system | |
KR101606090B1 (en) | Apparatus and method for protecting network | |
Papa et al. | A transfer function based intrusion detection system for SCADA systems | |
CN107493259A (en) | A kind of network security control system | |
CN102970188B (en) | A kind of 110kV digital transformer substation secure network | |
CN113779566A (en) | Computer network security situation sensing system and method | |
CN111291390A (en) | Key data safety destruction triggering system and triggering method | |
Cui et al. | Real-time early warning of network security threats based on improved ant colony algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181130 |
|
WW01 | Invention patent application withdrawn after publication |