CN112671781A - RASP-based firewall system - Google Patents
RASP-based firewall system Download PDFInfo
- Publication number
- CN112671781A CN112671781A CN202011573399.4A CN202011573399A CN112671781A CN 112671781 A CN112671781 A CN 112671781A CN 202011573399 A CN202011573399 A CN 202011573399A CN 112671781 A CN112671781 A CN 112671781A
- Authority
- CN
- China
- Prior art keywords
- information
- rule
- network
- unit
- rasp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 claims abstract description 8
- 238000004458 analytical method Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000002265 prevention Effects 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 9
- 230000006399 behavior Effects 0.000 claims description 8
- 241000700605 Viruses Species 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 4
- 238000007405 data analysis Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 4
- 238000000034 method Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 230000010485 coping Effects 0.000 claims 2
- 230000000694 effects Effects 0.000 abstract description 4
- 238000012216 screening Methods 0.000 description 9
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Abstract
The invention discloses a RASP-based firewall system, which comprises: the rule setting module comprises a rule unit to be intercepted and a bottom layer interception rule unit; the required interception unit is used for establishing a rule required to be intercepted, wherein the rule comprises an intercepted rule name, intercepted data packet content and an execution data parameter, and a component interception hook rule is carried out; the bottom layer interception rule unit mainly acquires the server authority through the final purpose of vulnerability attack, finally needs to execute a certain system command, and then intercepts the system command by taking the characteristics of the executed system command as the bottom layer interception rule; the effects of higher vulnerability processing efficiency, strong protection, wide application range and easy popularization and use are achieved.
Description
Technical Field
The invention belongs to the field of firewalls, and particularly relates to a RASP-based firewall system.
Background
In the era of rapid development of big data, various vulnerabilities are attacked every day, the vulnerabilities may be published vulnerabilities and undisclosed vulnerabilities, keywords in the published vulnerabilities can be intercepted, and for the undisclosed vulnerabilities, characteristic keywords cannot be captured, so that the vulnerabilities may face the risk of being attacked. Because, what we need to do at present is to protect against attacks of these unknown, undisclosed vulnerabilities; because the development of the internet is very fast at present, the corresponding vulnerability attack technology is continuously improved, the attack is carried out through the known public vulnerability under the normal condition, but the attack can be carried out by breaking through the known vulnerability in a special task or a special time period, the attack is carried out by using the internal unpublished vulnerability or the 0day vulnerability, the target site can be greatly attacked, and in order to avoid the condition, a novel technology is needed to prevent the damage caused by the vulnerability attack.
Disclosure of Invention
It is an object of the present invention to provide a RASP-based firewall system to solve the problems set forth in the background above.
In order to achieve the purpose, the invention provides the following technical scheme:
a RASP based firewall system comprising:
the rule setting module comprises a rule unit to be intercepted and a bottom layer interception rule unit; the required interception unit is used for establishing a rule required to be intercepted, wherein the rule comprises an intercepted rule name, intercepted data packet content and an execution data parameter, and a component interception hook rule is carried out;
the bottom layer interception rule unit mainly acquires the server authority through the final purpose of vulnerability attack, finally needs to execute a certain system command, and then intercepts the system command by taking the characteristics of the executed system command as the bottom layer interception rule;
after the rules of the unit needing to intercept and the bottom layer intercepting rule unit are established, the unit needing to intercept and the bottom layer intercepting rule unit are operated in a java agent operation mode, vulnerability interception is carried out on a system needing to be protected, and when the protected system is attacked by related vulnerabilities, the hook intercepting rules are matched to carry out interception processing; finally, the data of the malicious attack is subjected to vulnerability enforcement points and inflow points backtracking in a context mode;
and the management control module is used for centrally managing the operation of the system.
Preferably, the system also comprises a hardware architecture module, a parallel scheduling algorithm and a memory management mechanism for improving the performance of the flow forwarding message are operated on the hardware architecture module, Data processed by the CPU is divided into a Data Plane and a Control Plane according to the characteristics of the Data, and the Data is operated in 30% of CPU full-time Control planes and 70% of CPU full-time Data planes of the multi-core system.
Preferably, the hardware architecture module includes an IP screening router, the IP screening router determines whether to forward each incoming IP packet by checking it according to a group rule, and the IP screening router obtains protocol number information, IP address information of a transmission/reception packet, port number information, connection flag information, and IP option information from a packet header, and is configured to filter the IP packet.
Preferably, the hardware architecture module further includes a proxy server with a TCP/TP function, the proxy server requires a user to provide a name of a remote host to which the user wants to access when the proxy server is running, after the user replies and provides correct user identity and authentication information, the proxy server communicates with the remote host to serve as a relay for the two communication points, and the user identity and authentication information provided by the user are used for user-level authentication.
Preferably, the system also comprises an intrusion prevention module, wherein the intrusion prevention module is used for monitoring the transmission behavior of the network or the network equipment and carrying out interruption and adjusting or isolating abnormal or harmful network transmission behavior, and the intrusion prevention module actively prevents the running host from being invaded by virus and avoids data leakage, client information and equipment program from being damaged.
Preferably, the system also comprises a WEB application safety protection module, wherein the WEB application safety protection module detects and verifies WEB requests to ensure the safety and the validity of the host, blocks illegal requests in real time and effectively protects various Web sites or Web applications according to OWASP, protects the integrity and the correctness of files and website information, prevents the information of the network pages from being tampered before attack, and recovers the website information in real time after attack and ensures the integrity and the correctness of the website information.
Preferably, the management control module includes an information reviewing unit, and the information reviewing unit includes unified policy management of vulnerabilities, service change self-learning, attack event monitoring, attack event analysis, and report analysis.
Preferably, the management control module further includes an access recording unit, the access recording unit is configured to log all accesses and provide statistical data of network usage conditions, the access recording unit performs an alarm and provides detailed information of whether the network is monitored and attacked when a suspicious action occurs on the network, the access recording unit collects usage and misuse conditions of the network and is used to analyze whether the network withstands detection and attack of an attacker and analyze whether network control is sufficient, and the network usage analyzes network requirements and network threats.
Preferably, the management control module further includes a data analysis and response unit for summarizing and analyzing the network information, the analysis and response unit is connected to an internet information base, the internet information base finds out the sensitive information and analyzes the feature code thereof, and the internet information base collects the feature code of the sensitive information and the corresponding reference policy.
Preferably, the network information includes application program information, user log information and monitoring information, and the sensitive information includes application program vulnerability information, user log abnormal information and abnormal attack information.
Compared with the prior art, the invention has the beneficial effects that:
when the RASP-based firewall system is used, the rule setting module and the management control module are arranged, so that the system purifies an external network by using the required interception rule unit and the bottom layer interception rule unit, protects from a dangerous source based on RASP and hook rules, and timely blocks dangerous data from entering an internal network by changing an IP address, so that the invention protects from the outside and the inside of the network, improves the safety of the system, and achieves the effects of higher vulnerability processing efficiency, strong protection, wide application range and easy popularization and use.
Drawings
FIG. 1 is a schematic structural diagram of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
A RASP based firewall system comprising:
the rule setting module comprises a rule unit to be intercepted and a bottom layer interception rule unit; the required interception unit is used for establishing a rule required to be intercepted, wherein the rule comprises an intercepted rule name, intercepted data packet content and an execution data parameter, and a component interception hook rule is carried out;
the bottom layer interception rule unit is mainly used for acquiring the authority of the server through the final purpose of attacking by the vulnerability, finally executing a certain system command, and then intercepting the characteristic of the executed system command as a bottom layer interception rule;
after the rules of the interception rule unit and the bottom layer interception rule unit are established, the system to be protected is subjected to vulnerability interception through operation in a java agent operation mode, and when the protected system is attacked by related vulnerabilities, the hook interception rules are matched to judge whether interception processing is carried out; finally, the data of the malicious attack is subjected to vulnerability enforcement points and inflow points backtracking in a context mode;
and the management control module is used for centrally managing the operation of the system.
In this embodiment, the system preferably further includes a hardware architecture module, where a parallel scheduling algorithm and a memory management mechanism for improving the performance of the flow forwarding packet are run on the hardware architecture module, and Data processed by the CPU is divided into a Data Plane and a Control Plane according to the characteristics of the Data, and the Data is operated in 30% of CPU-dedicated Control planes and 70% of CPU-dedicated Data planes of the multi-core system.
In this embodiment, preferably, the hardware architecture module includes an IP screening router, the IP screening router determines whether to forward each incoming IP packet by checking the incoming IP packet according to a group rule, and the IP screening router obtains protocol number information, IP address information of a transmission/reception packet, port number information, connection flag information, and IP option information from the packet header, and is configured to filter the IP packet.
In this embodiment, preferably, the hardware architecture module further includes a proxy server having a TCP/TP function, the proxy server needs a user to provide a name of a remote host that the user wants to access when the proxy server is running, after the user replies and provides correct user identity and authentication information, the proxy server communicates with the remote host to serve as a relay for the two communication points, and the user identity and the authentication information provided by the user are used for user-level authentication.
In this embodiment, it is preferable that the system further includes an intrusion prevention module, where the intrusion prevention module is configured to monitor and interrupt a transmission behavior of a network or a network device, and adjust or isolate an abnormal or harmful network transmission behavior, and the intrusion prevention module actively prevents an operating host from being invaded by a virus and prevents data leakage, client information, and a device program from being damaged.
In this embodiment, it is preferable that the WEB application security protection system further includes a WEB application security protection module, the WEB application security protection module detects and verifies the WEB request to ensure security and validity of the host, blocks the illegal request in real time and effectively protects various WEB sites or WEB applications according to OWASP, the WEB application security protection module protects integrity and correctness of files and WEB site information, prevents falsification of the WEB site information before attack, and recovers the WEB site information in real time after attack to ensure integrity and correctness of the WEB site information.
In this embodiment, preferably, the management control module includes an information reviewing unit, and the information reviewing unit includes unified policy management of vulnerabilities, service change self-learning, attack event monitoring, attack event analysis, and report analysis.
In this embodiment, preferably, the management control module further includes an access recording unit, where the access recording unit is configured to log all accesses and provide statistical data of network usage conditions, and when a suspicious action occurs to the network, the access recording unit performs an alarm and provides detailed information about whether the network is monitored and attacked, and the access recording unit collects usage and misuse conditions of the network and is used to analyze whether the network withstands detection and attack of an attacker and analyze whether network control is sufficient, and the network usage analyzes network requirements and network threats.
In this embodiment, preferably, the management control module further includes a data analysis responding unit for summarizing and analyzing the network information, the analysis responding unit is connected to the internet information base, the sensitive information is found out through the internet information base and the feature code of the sensitive information is analyzed, and the feature code of the sensitive information and the corresponding reference policy are collected by the internet information base.
In this embodiment, preferably, the network information includes application program information, user log information, and monitoring information, and the sensitive information includes application program vulnerability information, user log abnormal information, and abnormal attack information.
The working principle and the using process of the invention are as follows:
when the RASP-based firewall system is used, the rule setting module and the management control module are arranged, so that the system purifies an external network by using the required interception rule unit and the bottom layer interception rule unit, protects from a dangerous source based on RASP and hook rules, and timely blocks dangerous data from entering an internal network by changing an IP address, so that the invention protects from the outside and the inside of the network, improves the safety of the system, and achieves the effects of higher vulnerability processing efficiency, strong protection, wide application range and easy popularization and use.
Example 2
A RASP based firewall system comprising:
the rule setting module comprises a rule unit to be intercepted and a bottom layer interception rule unit; the required interception unit is used for establishing a rule required to be intercepted, wherein the rule comprises an intercepted rule name, intercepted data packet content and an execution data parameter, and a component interception hook rule is carried out;
the bottom layer interception rule unit is mainly used for acquiring the authority of the server through the final purpose of attacking by the vulnerability, finally executing a certain system command, and then intercepting the characteristic of the executed system command as a bottom layer interception rule;
after the rules of the interception rule unit and the bottom layer interception rule unit are established, the system to be protected is subjected to vulnerability interception through operation in a java agent operation mode, and when the protected system is attacked by related vulnerabilities, the hook interception rules are matched to judge whether interception processing is carried out; finally, the data of the malicious attack is subjected to vulnerability enforcement points and inflow points backtracking in a context mode;
and the management control module is used for centrally managing the operation of the system.
In this embodiment, the system preferably further includes a hardware architecture module, where a parallel scheduling algorithm and a memory management mechanism for improving the performance of the flow forwarding packet are run on the hardware architecture module, and Data processed by the CPU is divided into a Data Plane and a Control Plane according to the characteristics of the Data, and the Data is operated in 30% of CPU-dedicated Control planes and 70% of CPU-dedicated Data planes of the multi-core system.
In this embodiment, preferably, the hardware architecture module includes an IP screening router, the IP screening router determines whether to forward each incoming IP packet by checking the incoming IP packet according to a group rule, and the IP screening router obtains protocol number information, IP address information of a transmission/reception packet, port number information, connection flag information, and IP option information from the packet header, and is configured to filter the IP packet.
In this embodiment, preferably, the hardware architecture module further includes a proxy server having a TCP/TP function, the proxy server needs a user to provide a name of a remote host that the user wants to access when the proxy server is running, after the user replies and provides correct user identity and authentication information, the proxy server communicates with the remote host to serve as a relay for the two communication points, and the user identity and the authentication information provided by the user are used for user-level authentication.
In this embodiment, it is preferable that the system further includes an intrusion prevention module, where the intrusion prevention module is configured to monitor and interrupt a transmission behavior of a network or a network device, and adjust or isolate an abnormal or harmful network transmission behavior, and the intrusion prevention module actively prevents an operating host from being invaded by a virus and prevents data leakage, client information, and a device program from being damaged.
In this embodiment, it is preferable that the WEB application security protection system further includes a WEB application security protection module, the WEB application security protection module detects and verifies the WEB request to ensure security and validity of the host, blocks the illegal request in real time and effectively protects various WEB sites or WEB applications according to OWASP, the WEB application security protection module protects integrity and correctness of files and WEB site information, prevents falsification of the WEB site information before attack, and recovers the WEB site information in real time after attack to ensure integrity and correctness of the WEB site information.
In this embodiment, preferably, the management control module includes an information reviewing unit, and the information reviewing unit includes unified policy management of vulnerabilities, service change self-learning, attack event monitoring, attack event analysis, and report analysis.
In this embodiment, preferably, the management control module further includes an access recording unit, where the access recording unit is configured to log all accesses and provide statistical data of network usage conditions, and when a suspicious action occurs to the network, the access recording unit performs an alarm and provides detailed information about whether the network is monitored and attacked, and the access recording unit collects usage and misuse conditions of the network and is used to analyze whether the network withstands detection and attack of an attacker and analyze whether network control is sufficient, and the network usage analyzes network requirements and network threats.
In this embodiment, preferably, the management control module further includes a data analysis responding unit for summarizing and analyzing the network information, the analysis responding unit is connected to the internet information base, the sensitive information is found out through the internet information base and the feature code of the sensitive information is analyzed, and the feature code of the sensitive information and the corresponding reference policy are collected by the internet information base.
The working principle and the using process of the invention are as follows:
when the RASP-based firewall system is used, the rule setting module and the management control module are arranged, so that the system purifies an external network by using the required interception rule unit and the bottom layer interception rule unit, protects from a dangerous source based on RASP and hook rules, and timely blocks dangerous data from entering an internal network by changing an IP address, so that the invention protects from the outside and the inside of the network, improves the safety of the system, and achieves the effects of higher vulnerability processing efficiency, strong protection, wide application range and easy popularization and use.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. RASP-based firewall system, comprising:
the rule setting module comprises a rule unit to be intercepted and a bottom layer interception rule unit; the required interception unit is used for establishing a rule required to be intercepted, wherein the rule comprises an intercepted rule name, intercepted data packet content and an execution data parameter, and a component interception hook rule is carried out;
the bottom layer interception rule unit mainly acquires the server authority through the final purpose of vulnerability attack, finally needs to execute a certain system command, and then intercepts the system command by taking the characteristics of the executed system command as the bottom layer interception rule;
after the rules of the unit needing to intercept and the bottom layer intercepting rule unit are established, the unit needing to intercept and the bottom layer intercepting rule unit are operated in a java agent operation mode, vulnerability interception is carried out on a system needing to be protected, and when the protected system is attacked by related vulnerabilities, the hook intercepting rules are matched to carry out interception processing; finally, the data of the malicious attack is subjected to vulnerability enforcement points and inflow points backtracking in a context mode;
and the management control module is used for centrally managing the operation of the system.
2. The RASP-based firewall system according to claim 1, wherein: the system also comprises a hardware architecture module, wherein a parallel scheduling algorithm and a memory management mechanism for improving the flow forwarding message performance are operated on the hardware architecture module, Data processed by the CPU are divided into a Data Plane and a Control Plane according to the characteristics of the Data, and the Data are worked in 30% of CPU full-time Control planes and 70% of CPU full-time Data planes of the multi-core system.
3. The RASP-based firewall system according to claim 2, wherein: the hardware architecture module comprises an IP shielding router, the IP shielding router judges whether to forward each incoming IP packet by checking the incoming IP packet according to a group rule, and the IP shielding router acquires protocol number information, IP address information of a receiving and sending message, port number information, connection mark information and IP option information from a packet header.
4. The RASP-based firewall system according to claim 3, wherein: the hardware architecture module also comprises a proxy server with a TCP/TP function, the proxy server needs a user to provide a remote host name to be accessed when the proxy server is in operation, after the user replies and provides correct user identity and authentication information, the proxy server is communicated with the remote host to serve as a relay for the two communication points, and the user identity and the authentication information provided by the user are used for user-level authentication.
5. The RASP-based firewall system according to claim 1, wherein: the system comprises a network or network equipment, and is characterized by further comprising an intrusion prevention module, wherein the intrusion prevention module is used for monitoring the transmission behavior of the network or the network equipment, interrupting and adjusting or isolating the abnormal or harmful network transmission behavior, and actively preventing the running host from being invaded by viruses and avoiding data leakage, client information and equipment program from being damaged.
6. The RASP-based firewall system according to claim 1, wherein: the WEB application safety protection module detects and verifies WEB requests to ensure the safety and the legality of a host, blocks illegal requests in real time and effectively protects various Web sites or Web applications according to OWASP, protects the integrity and the correctness of files and website information, prevents network page information from being tampered before attack, and recovers the website information in real time after attack and ensures the integrity and the correctness of the website information.
7. The RASP-based firewall system according to claim 1, wherein: the management control module comprises an information reviewing unit, and the information reviewing unit comprises unified strategy management of the vulnerability, self-learning of service change, attack event monitoring, attack event analysis and report analysis.
8. The RASP-based firewall system according to claim 1, wherein: the management control module also comprises an access recording unit, the access recording unit is used for making log records on all accesses and providing statistical data of network use conditions, the access recording unit alarms and provides detailed information whether the network is monitored and attacked or not when suspicious actions occur on the network, the access recording unit collects the use and misuse conditions of the network and is used for analyzing whether the network resists detection and attack of attackers or not and analyzing whether network control is sufficient or not, and the network use analyzes and processes network requirements and network threats.
9. The RASP-based firewall system according to claim 1, wherein: the management control module further comprises a data analysis coping unit used for summarizing and analyzing the network information, the analysis coping unit is connected with an internet information base, the sensitive information is found out through the internet information base and the feature codes of the sensitive information are analyzed, and the feature codes of the sensitive information and the corresponding reference strategies are collected by the internet information base.
10. The RASP-based firewall system according to claim 9, wherein: the network information comprises application program information, user log information and monitoring information, and the sensitive information comprises application program vulnerability information, user log abnormal information and abnormal attack information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011573399.4A CN112671781A (en) | 2020-12-24 | 2020-12-24 | RASP-based firewall system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011573399.4A CN112671781A (en) | 2020-12-24 | 2020-12-24 | RASP-based firewall system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112671781A true CN112671781A (en) | 2021-04-16 |
Family
ID=75410189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011573399.4A Pending CN112671781A (en) | 2020-12-24 | 2020-12-24 | RASP-based firewall system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671781A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500105A (en) * | 2022-04-01 | 2022-05-13 | 北京指掌易科技有限公司 | Network packet interception method, device, equipment and storage medium |
| CN115150189A (en) * | 2022-07-28 | 2022-10-04 | 深圳市瑞云科技有限公司 | Method for automatically intercepting outgoing files based on enterprise private cloud disk |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197851A (en) * | 2008-01-08 | 2008-06-11 | 杭州华三通信技术有限公司 | Method and system for implementing control of plane centralized type data plane distribution |
| EP2028793A1 (en) * | 2007-08-21 | 2009-02-25 | Nokia Siemens Networks Oy | Mediation device and method for adapting a first connection to a second connection in a communication network |
| CN103685315A (en) * | 2013-12-30 | 2014-03-26 | 曙光云计算技术有限公司 | Method and device for defending denial of service attack |
| US20140201838A1 (en) * | 2012-01-31 | 2014-07-17 | Db Networks, Inc. | Systems and methods for detecting and mitigating threats to a structured data storage system |
| CN104301304A (en) * | 2014-09-16 | 2015-01-21 | 赛尔网络有限公司 | Vulnerability detection system based on large ISP interconnection port and method thereof |
| CN104660610A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Cloud computing environment based intelligent security defending system and defending method thereof |
| CN107342999A (en) * | 2017-07-04 | 2017-11-10 | 郑州云海信息技术有限公司 | A kind of system and method based on agent protection certificate is strengthened |
| CN109194606A (en) * | 2018-07-05 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Attack detection system, method, computer equipment and storage medium |
| CN110149350A (en) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | A kind of associated assault analysis method of alarm log and device |
| CN110266669A (en) * | 2019-06-06 | 2019-09-20 | 武汉大学 | A kind of Java Web frame loophole attacks the method and system of general detection and positioning |
| CN111581644A (en) * | 2020-03-26 | 2020-08-25 | 中国电力科学研究院有限公司 | Vulnerability mining method and system for intercepting data packet based on Hook function |
-
2020
- 2020-12-24 CN CN202011573399.4A patent/CN112671781A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2028793A1 (en) * | 2007-08-21 | 2009-02-25 | Nokia Siemens Networks Oy | Mediation device and method for adapting a first connection to a second connection in a communication network |
| CN101197851A (en) * | 2008-01-08 | 2008-06-11 | 杭州华三通信技术有限公司 | Method and system for implementing control of plane centralized type data plane distribution |
| US20140201838A1 (en) * | 2012-01-31 | 2014-07-17 | Db Networks, Inc. | Systems and methods for detecting and mitigating threats to a structured data storage system |
| CN103685315A (en) * | 2013-12-30 | 2014-03-26 | 曙光云计算技术有限公司 | Method and device for defending denial of service attack |
| CN104301304A (en) * | 2014-09-16 | 2015-01-21 | 赛尔网络有限公司 | Vulnerability detection system based on large ISP interconnection port and method thereof |
| CN104660610A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Cloud computing environment based intelligent security defending system and defending method thereof |
| CN107342999A (en) * | 2017-07-04 | 2017-11-10 | 郑州云海信息技术有限公司 | A kind of system and method based on agent protection certificate is strengthened |
| CN109194606A (en) * | 2018-07-05 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Attack detection system, method, computer equipment and storage medium |
| CN110266669A (en) * | 2019-06-06 | 2019-09-20 | 武汉大学 | A kind of Java Web frame loophole attacks the method and system of general detection and positioning |
| CN110149350A (en) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | A kind of associated assault analysis method of alarm log and device |
| CN111581644A (en) * | 2020-03-26 | 2020-08-25 | 中国电力科学研究院有限公司 | Vulnerability mining method and system for intercepting data packet based on Hook function |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114500105A (en) * | 2022-04-01 | 2022-05-13 | 北京指掌易科技有限公司 | Network packet interception method, device, equipment and storage medium |
| CN115150189A (en) * | 2022-07-28 | 2022-10-04 | 深圳市瑞云科技有限公司 | Method for automatically intercepting outgoing files based on enterprise private cloud disk |
| CN115150189B (en) * | 2022-07-28 | 2023-11-07 | 深圳市瑞云科技有限公司 | Method for automatically intercepting file outgoing based on enterprise private cloud disk |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10097578B2 (en) | Anti-cyber hacking defense system | |
| Cazorla et al. | Cyber stealth attacks in critical information infrastructures | |
| JP5844938B2 (en) | Network monitoring device, network monitoring method, and network monitoring program | |
| KR100942456B1 (en) | Method for detecting and protecting ddos attack by using cloud computing and server thereof | |
| Chakrabarti et al. | Study of snort-based IDS | |
| US20060282893A1 (en) | Network information security zone joint defense system | |
| US20030084319A1 (en) | Node, method and computer readable medium for inserting an intrusion prevention system into a network stack | |
| KR100973076B1 (en) | System for depending against distributed denial of service attack and method therefor | |
| WO2015178933A1 (en) | Advanced persistent threat identification | |
| CN112671781A (en) | RASP-based firewall system | |
| KR20220081145A (en) | AI-based mysterious symptom intrusion detection and system | |
| CN111131168A (en) | Self-adaptive protection method based on Web application | |
| Prabha et al. | A survey on IPS methods and techniques | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| KR100607110B1 (en) | Security information management and vulnerability analysis system | |
| CN116781380A (en) | Campus network security risk terminal interception traceability system | |
| RU2703329C1 (en) | Method of detecting unauthorized use of network devices of limited functionality from a local network and preventing distributed network attacks from them | |
| CN111464551A (en) | Network security analysis system | |
| CN115766235A (en) | Network security early warning system and early warning method | |
| KR20120000942A (en) | Bot-infected host detection apparatus and method based on blacklist access statistics | |
| Ahmed et al. | Characterizing strengths of snort-based IDPS | |
| Luo et al. | DDOS Defense Strategy in Software Definition Networks | |
| CN111541644A (en) | Illegal IP scanning prevention technology realized based on dynamic host configuration protocol | |
| Selvaraj et al. | Enhancing intrusion detection system performance using firecol protection services based honeypot system | |
| Singh | Intrusion detection system (IDS) and intrusion prevention system (IPS) for network security: a critical analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |
|
| RJ01 | Rejection of invention patent application after publication |