CN1744524A - Invasion detecting device and invasion detecting system - Google Patents
Invasion detecting device and invasion detecting system Download PDFInfo
- Publication number
- CN1744524A CN1744524A CN 200510095840 CN200510095840A CN1744524A CN 1744524 A CN1744524 A CN 1744524A CN 200510095840 CN200510095840 CN 200510095840 CN 200510095840 A CN200510095840 A CN 200510095840A CN 1744524 A CN1744524 A CN 1744524A
- Authority
- CN
- China
- Prior art keywords
- attack
- module
- security strategy
- detecting device
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The device includes detecting module, storage and statistical module for attacking event and World Wide Web service module. The detecting module detects attacking event in network flow. The storage and statistical module stores attacking event detected by the detecting module, and the statistical result is sent back to Web service module. Managing issuance of Web pages, the Web service module creates management instruction based on received request of Web. Result of executing management instruction is as a response. The invention can inquire about statistical result of attacking event and setup security policy on Web page. Without need of server in high cost, users can carry out graphic management for attack detection device through standard browser.
Description
Technical field
The present invention relates to communicate by letter information security field with network relates in particular to a kind of invasion detecting device and uses the intruding detection system of this device.
Background technology
In recent years along with the extensive use of network, increasing incorporated business as its important professional approach, thereby has higher requirement network to the safety of network.Traditional Network Security Device as fire compartment wall etc., can only detect the attack below the network layer, can not satisfy the requirement to network security.
Invasion detecting device is the Network Security Device that a kind of bypass is disposed, the employing bypass mode is monitored the data traffic on the network key path comprehensively, by the data flow that listens to is carried out 4 to 7 layers, be the real-time deep analysis of application layer, session layer, presentation layer, transport layer, find assault.By invasion detecting device, operation conditions that can awareness network and relate to safe attack, and adjust security strategy and preventive means according to attack.Simultaneously the record of attack can provide foundation for regular security evaluation and analysis, thereby improves the integral level of network security.
To invasion detecting device, the attack that detects in the data flow is its basic functions the most.The detection of attack is depended on the security strategy that is provided with into invasion detecting device, and the basis that the rational and effective security strategy is set is that attack is analyzed and summed up.Therefore, security strategy and attack statistics is the important means that intrusion detection is managed.
Chang Yong invasion detecting device is IDS (Intrusion Detection System) equipment the most.In the prior art, the typical structure of the intruding detection system of employing IDS equipment as shown in Figure 1.IDS equipment 110 only as the detection engine of function singleness, detects data traffic on the network, sends a warning message to server 120 when detecting attack; Warning information such as the attack that server 120 sends when being responsible for receiving 110 operations of IDS equipment, system journal, and finish the security strategy configuration management of IDS equipment 110 and other Equipment Management Function; Administrative client 130 is configured, checks the record of attack to security strategy by the client software on it.
This intruding detection system must adopt high performance server and specific client software, cost height and installation and maintenance complexity; Simultaneously, all client software must be installed on the terminal of all participative managements, the user must learn the method for manipulating of client software.
The invasion detecting device that has in the prior art itself also provides the management function of security strategy configuration and attack statistics, by the login invasion detecting device, with command line mode security strategy is managed for configuration, and also can obtains some attack statistic analysis result with command line mode.
Because order line is based on text, and security strategy configuration and attack statistics all are complicated operations, and very not directly perceived with the order line realization, the user not only needs to learn multiple loaded down with trivial details order, and wastes time and energy when practical operation.
Summary of the invention
The present invention will solve is that the security strategy configuration or the attack statistical operation complexity of invasion detecting device in the prior art is time-consuming, intruding detection system installation and maintenance cost height, awkward problem.
Invasion detecting device of the present invention comprises detection module, attack storage statistical module and World Wide Web Web service module, wherein:
Detection module carries out attack to network traffics and detects;
The detected attack of attack storage statistical module storage detection module after the attack statistics, is recycled to the Web service module with statistics;
The Web service module manages the issue of the Web page, generates supervisory instruction according to the request based on Web that receives, with the execution result of supervisory instruction in response.
Preferably, described device also comprises security strategy memory module and security strategy configuration module, wherein:
The security strategy memory module is used for preserving and provides the current security strategy that attack detects of carrying out according to this to detection module;
The security strategy configuration module is edited the security strategy in the security strategy memory module according to the security policy parameters that comprises in the instruction of Web service module management, and execution result is transferred to the Web service module.
Preferably, described attack storage statistical module comprises attack database and attack statistic unit, wherein:
The attack database is used for storing the detected attack of detection module;
The attack statistic unit is added up attacking the attack of storing in the event database according to the statistical parameter that comprises in the instruction of Web service module management.
Preferably, HTML (Hypertext Markup Language) HTTP or Secure Hypertext Transfer Protocol HTTPS are adopted in the response of the request of described Web service module reception and transmission.
Another kind of invasion detecting device of the present invention comprises detection module, security strategy memory module, security strategy configuration module and Web service module, wherein:
Detection module carries out attack according to the security strategy of the storage in the security strategy memory module to network traffics and detects;
The security strategy configuration module is edited the security strategy in the security strategy memory module, and execution result is recycled to the Web service module;
The Web service module manages the issue of the Web page, generates supervisory instruction according to the request based on Web that receives, with the execution result of supervisory instruction in response.
Preferably, described security strategy is edited comprises at least one security strategy inquired about, revises, increased and delete.
The present invention also provides a kind of intruding detection system, comprises invasion detecting device and browsing apparatus, wherein:
Invasion detecting device comprises detection and the record that network traffics is carried out attack, to the browsing apparatus release management Web page, carries out browsing apparatus and returns execution result based on the management request of the page to it;
The browsing apparatus display management Web page to the management request of invasion detecting device transmission based on the page, receives also demonstration execution result.
Preferably, the management request of described browsing apparatus comprises the attack query requests, and invasion detecting device carries out after the attack statistics statistics being sent to browsing apparatus according to statistical parameter wherein.
Preferably, the management request of described browsing apparatus comprises the security strategy request, and invasion detecting device is used for detecting the security strategy of attack according to security policy parameters editor wherein, and operating result is sent to browsing apparatus.
Preferably, described browsing apparatus is the device with Web browser; Described browsing apparatus graphically shows execution result.
The present invention is by built-in Web (World Wide Web) service module in invasion detecting device, mode with the Web page provides the management function that relates to invasion detecting device, thereby can on the Web page, carry out the statistics inquiry of attack and the setting of security strategy, the user does not need to drop into expensive server, only needs standard browser to carry out graphically managing to invasion detecting device with simply saving time.
Description of drawings
Fig. 1 is the structure chart of the intruding detection system of available technology adopting IDS equipment;
Fig. 2 is the structure chart of invasion detecting device embodiment one of the present invention;
Fig. 3 is the workflow diagram of invasion detecting device in the embodiment of the invention one;
Fig. 4 is the structure chart of invasion detecting device embodiment two of the present invention;
Fig. 5 is the workflow diagram of invasion detecting device in the embodiment of the invention two;
Fig. 6 is the structure chart of invasion detecting device embodiment three of the present invention.
Embodiment
In order to overcome loaded down with trivial details, the awkward problem of order line statement in the prior art, adopt embedded graphically managing instrument to come invasion detecting device is managed among the present invention.Because the graphics management instrument need show and accept user's instruction by terminal, and terminal has different hardware and software platforms, make invasion detecting device can realize independence with terminal platform, the graphical tools that should adopt each platform all to support, promptly realize the management tool of invasion detecting device based on Web, the Web browser of standard just can manage invasion detecting device as long as any terminal has.
As previously mentioned, for the management of invasion detecting device, of paramount importance two functions are attack statistics and security strategy configuration.Figure 2 shows that the structure of invasion detecting device embodiment one among the present invention, the invasion detecting device in the present embodiment is built-in with the graphically managing instrument that carries out the attack statistics.
Network traffics input to detection module 210, and attack storage statistical module 220 is connected with Web service module 230 with detection module 210 respectively, and Web service module 230 is communicated by letter with the Web browser of invasion detecting device outside.Attack storage statistical module 220 comprises interconnected attack database 221 and attack statistic unit 222, and wherein attack database 221 is connected with detection module 210, and attack statistic unit 222 is connected with Web service module 230.
The network traffics of 210 pairs of inputs of detection module are carried out attack and are detected, and detected attack is write attack database 221, and attack is that detection module 210 detects the alarm event of once attacking the back generation according to current security strategy.
The various information of attack storage statistical module 220 storage detection modules 210 detected attacks, when Web service module 230 transmission supervisory instructions are carried out the attack statistics, finish statistical work according to the statistical parameter in the supervisory instruction, and statistics is returned to Web service module 230.
Receive the statistical parameter that Web service module 230 sends in supervisory instruction after, attack statistic unit 222 reads the attack record according to statistical parameter from attack database 221, after carrying out statistical analysis, generate statistics and be back to Web service module 230.Statistical parameter comprises a set querying condition of certain attack information at record in the attack database 221 at least, also can be the combination of one or more querying condition.Attack statistic unit 222 generates standard SQL (Structured Query Language, SQL) statement by above-mentioned querying condition, inquires about to attack database 221.
Figure 3 shows that the workflow of invasion detecting device among the embodiment one, wherein Web browser is used for showing the Web page and the interface of realizing the user in the outside of invasion detecting device.After detection module 210 detects attack, it is write attack database 221.After Web browser graphically editted statistical parameter, the request based on Web by standard was handed down to the Web service module 230 in the invasion detecting device.After Web service module 230 in the invasion detecting device is received this request, the statistical parameter that carries in this request resolved to supervisory instruction give attack statistic unit 222, attack statistic unit 222 obtains the attack data according to these statistical parameters to attack database 221, carry out the statistical analysis computing then, statistics is issued Web service module 230.Web service module 230 is packaged into the response based on Web of standard with statistics, issues Web browser, and Web browser comes out statistical result showed more graphically.
All attack information of storing in attack database 221 can be used as the parameter of editor and query composition condition on the Web page of Web service module 230 issues.Equally, the statistics page of Web service module 230 issue also can adopt various form as required, in full according to the show, block diagram, cake chart, Line Chart or the like.
5 kinds of maximum attack types of number of times with inquiry generation on the same day are example, the keeper clicks 5 kinds of maximum attack types of inquiry generation on the same day on the page of Web browser issue in Web service module 230, attack statistic unit 222 will obtain this querying condition, obtain all attacks that produced the same day to the inquiry of attack database 221 usefulness standard SQL sentence, calculate 5 kinds of maximum attack types of number of times, and obtain the percentage of the shared general offensive number of times of these 5 kinds of attack types, then with 5 kinds of attack type titles, attack the number of times that takes place, attack information such as shared percentage and issue Web browser by Web service module 230, Web browser shows this statistics for the keeper intuitively with patterned form and checks.
The agreement that request between Web browser and Web service module 230 and response are adopted without limits, for example can adopt HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)), also can adopt HTTPS (Hypertext Transfer Protocol Secure, Secure Hypertext Transfer Protocol) to realize better fail safe.
Figure 4 shows that the structure of invasion detecting device embodiment two of the present invention, the invasion detecting device in the present embodiment is built-in with the graphically managing instrument that carries out the security strategy configuration.
Network traffics input to detection module 210, security strategy memory module 240 is connected to detection module 210 and security strategy configuration module 250 respectively, security strategy configuration module 250 is connected to Web service module 230, and Web service module 230 is communicated by letter with the Web browser of invasion detecting device outside.
The network traffics of 210 pairs of inputs of detection module are carried out attack and are detected, and detect according to the security strategy of storage in the security strategy memory module 240 and carry out.Most important security strategy is an attack detecting feature rule in the invasion detecting device, comprising the feature that attack message had.When the message on the network possesses these attack detecting features fully, just think attack has taken place.
Storing the current security strategy that comes into force in the security strategy memory module 240, with binary-coded form storage, the feature rule of each binary format has formed the regular texture tree of tree type to each attack detecting feature rule in security strategy memory module 240.Detection module 210 is set according to regular texture and is detected attack.
After security strategy configuration module 250 receives the supervisory instruction of Web service module 230, take out the security policy parameters that comprises in the instruction, the security strategy in the security strategy memory module 240 is edited according to security policy parameters.Security policy parameters comprise editor the execution item and at security strategy, editor's execution item comprises inquiry at least one security strategy, interpolation, deletion, modification etc.When adding or revise security strategy, security strategy configuration module 250 is before writing security strategy memory module 240 with new security strategy, can check the validity and the reasonability of this security strategy earlier, whether, this security strategy whether legal as the IP address conflicts or the like mutually with existing security strategy.After checking, security strategy configuration module 250 is converted into binary coding with this security strategy and writes in the regular texture tree of security strategy memory module 240.After executing editing, security strategy configuration module 250 returns to Web service module 230 with execution result.To adding, delete, revise the operation of security strategy, its result only comprises configuration successful or configuration failure information.
Figure 5 shows that the workflow of invasion detecting device among the embodiment two, wherein Web browser is identical with function among the embodiment one, also is not included in the invasion detecting device.
After Web browser graphically editted security strategy, the request of the basic Web by standard was handed down to the Web service module 230 in the invasion detecting device.After Web service module 230 in the invasion detecting device is received this request, the security strategy of carrying in this request is resolved to gives security strategy configuration module 250 in the supervisory instruction.Security strategy configuration module 250 can be handled these security strategies, comprises validity and the reasonability of judging security strategy, security strategy is changed into specific form etc., and the security strategy after will handling then deposits security strategy memory module 240 in.Security strategy memory module 240 return results, operating result is after security strategy configuration module 250 arrives Web service module 230, Web service module 230 is packaged into the response based on Web of standard with it, send to Web browser, Web browser shows operating result more graphically.
For example, the keeper has found a kind of attack at the Intranet application-specific, and obtains this attack and comprise following content characteristic: window .open|28 23|helpdoc .eml|27|; In addition, also obtain this feature during setting up the TCP stream that is included in after TCP connects from the attack client to the destination server end, then the keeper just can carry out patterned feature rule configuration to conduction by Web service module 230 on the page of issuing on the Web browser, and the Rule content that configuration is finished is as shown in the table:
| The list item that the characteristic matching rule comprises | Content |
| Regular number | 20001 |
| Protocol type | TCP |
| Source address | Any |
| Source port | Any |
| Destination address (being attacked the address of using) | 10.10.2.23、10.10.3.23 |
| Destination interface (by is attacked the application port) | 1308 |
| The TCP stream mode | Established |
| The TCP flow path direction | Client-to-Server |
| Feature | window.open|28 23|helpdoc.eml|27| |
| Response mode | Email、SNMP Trap |
After configuration is finished, will comprise that the request of above-mentioned feature rule is sent to Web service module 230.Web service module 230 generates the supervisory instruction that comprises increase and this feature rule, by security strategy configuration module 250 this feature rule is increased in the security strategy memory module 240.
With identical among the embodiment one, the agreement that in the present embodiment request between Web browser and Web service module 230 and response is adopted without limits.
For invasion detecting device, security strategy configuration and attack statistics have same importance.Security strategy configuration is to carry out the basis that attack detects, and to the statistics of the attack safe condition on can awareness network, and can further adjust and improve security strategy according to statistics.Thereby detecting with the attack of invasion detecting device is core, adds up forming a closed loop with security strategy configuration and attack, thereby the network security integral level constantly is improved.Invasion detecting device in the embodiment of the invention three is built-in with the graphically managing instrument that carries out security strategy configuration and attack statistics simultaneously, and its structure as shown in Figure 6.
As seen, as long as in embodiment one, increase security strategy memory module 240 and security strategy configuration module 250 on the basis of structure, perhaps in embodiment two, increase the structure that the attack storage statistical module 220 that comprises attack database 221 and attack statistic unit 222 has just formed Fig. 6 on the basis of structure; Therefore, the function that makes detection module 210 and Web service module 230 have simultaneously among embodiment one and the embodiment two can realize embodiment three, and the function of other modules and correlation all do not have to change, and repeat no more herein.
Equally, the agreement that among the embodiment three request between Web browser and Web service module 230 and response is adopted for example can adopt HTTP or HTTPS without limits.
The typical structure of using the intruding detection system of invasion detecting device among the present invention is: invasion detecting device is connected with browsing apparatus, and wherein browsing apparatus has the Web browser that can graphically show the Web page.Network traffics input invasion detecting device, invasion detecting device carries out the detection of attack and writes down detected attack.When being connected with browsing apparatus, invasion detecting device is to the browsing apparatus release management Web page, and browsing apparatus sends to invasion detecting device according to this management Web page editing management request.Invasion detecting device is carried out the management request that receives, and execution result is returned to browsing apparatus, is graphically shown by browsing apparatus.
The management request of browsing apparatus can be the attack query requests, comprising the statistical parameter of attack.Invasion detecting device is added up attack according to statistical parameter, and statistics is recycled to browsing apparatus.
The management request of browsing apparatus can be the security strategy request also, comprising security policy parameters.Invasion detecting device is edited the security strategy that is used for detecting attack according to security policy parameters, for example inquiry, additions and deletions and modification, and the result of edit operation is recycled to browsing apparatus.
After using the present invention, the management of invasion detecting device is no longer needed to remember complicated order and carry out time-consuming operation, the user can carry out patterned management easily and safely; To intruding detection system, no longer need expensive server, avoided the installation and maintenance complexity, used inconvenient, inflexible problem, the user only need a standard browser (as Internet Explore) just can make things convenient for, safe, invasion detecting device is carried out the configuration of security strategy and the statistics of attack whenever and wherever possible.
Above-described embodiment of the present invention does not constitute the qualification to protection range of the present invention.Any any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection range of the present invention.
Claims (10)
1. an invasion detecting device is characterized in that, comprises detection module, attack storage statistical module and World Wide Web Web service module, wherein:
Detection module carries out attack to network traffics and detects;
The detected attack of attack storage statistical module storage detection module after the attack statistics, is recycled to the Web service module with statistics;
The Web service module manages the issue of the Web page, generates supervisory instruction according to the request based on Web that receives, with the execution result of supervisory instruction in response.
2. according to the described invasion detecting device of claim 1, it is characterized in that described device also comprises security strategy memory module and security strategy configuration module, wherein:
The security strategy memory module is used for preserving and provides the current security strategy that attack detects of carrying out according to this to detection module;
The security strategy configuration module is edited the security strategy in the security strategy memory module according to the security policy parameters that comprises in the instruction of Web service module management, and execution result is transferred to the Web service module.
3. according to the described intrusion detection module of claim 1, it is characterized in that described attack storage statistical module comprises attack database and attack statistic unit, wherein:
The attack database is used for storing the detected attack of detection module;
The attack statistic unit is added up attacking the attack of storing in the event database according to the statistical parameter that comprises in the instruction of Web service module management.
4. according to any described invasion detecting device of claim 1 to 3, it is characterized in that: HTML (Hypertext Markup Language) HTTP or Secure Hypertext Transfer Protocol HTTPS are adopted in the request that described Web service module receives and the response of transmission.
5. an invasion detecting device is characterized in that, comprises detection module, security strategy memory module, security strategy configuration module and Web service module, wherein:
Detection module carries out attack according to the security strategy of the storage in the security strategy memory module to network traffics and detects;
The security strategy configuration module is edited the security strategy in the security strategy memory module, and execution result is recycled to the Web service module;
The Web service module manages the issue of the Web page, generates supervisory instruction according to the request based on Web that receives, with the execution result of supervisory instruction in response.
6. according to the described invasion detecting device of claim 5, it is characterized in that: described security strategy is edited comprises at least one security strategy inquired about, revises, increased and delete.
7. an intruding detection system is characterized in that, comprises invasion detecting device and browsing apparatus, wherein:
Invasion detecting device comprises detection and the record that network traffics is carried out attack, to the browsing apparatus release management Web page, carries out browsing apparatus and returns execution result based on the management request of the page to it;
The browsing apparatus display management Web page to the management request of invasion detecting device transmission based on the page, receives also demonstration execution result.
8. according to the described intruding detection system of claim 7, it is characterized in that: the management request of described browsing apparatus comprises the attack query requests, and invasion detecting device carries out after the attack statistics statistics being sent to browsing apparatus according to statistical parameter wherein.
9. according to claim 7 or 8 any described intruding detection systems, it is characterized in that: the management request of described browsing apparatus comprises the security strategy request, invasion detecting device is used for detecting the security strategy of attack according to security policy parameters editor wherein, and operating result is sent to browsing apparatus.
10. according to the described intruding detection system of claim 9, it is characterized in that: described browsing apparatus is the device with Web browser; Described browsing apparatus graphically shows execution result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100958401A CN100342692C (en) | 2005-09-02 | 2005-09-02 | Invasion detecting device and invasion detecting system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100958401A CN100342692C (en) | 2005-09-02 | 2005-09-02 | Invasion detecting device and invasion detecting system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1744524A true CN1744524A (en) | 2006-03-08 |
| CN100342692C CN100342692C (en) | 2007-10-10 |
Family
ID=36139732
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100958401A Active CN100342692C (en) | 2005-09-02 | 2005-09-02 | Invasion detecting device and invasion detecting system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100342692C (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217408B (en) * | 2008-01-17 | 2010-12-08 | 中兴通讯股份有限公司 | A processing system on all-round failure pertinence treatment system and the corresponding processing method |
| CN102209006A (en) * | 2011-03-04 | 2011-10-05 | 北京神州绿盟信息安全科技股份有限公司 | Rule test equipment and method |
| CN101459548B (en) * | 2007-12-14 | 2011-10-12 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
| CN104137115A (en) * | 2012-02-29 | 2014-11-05 | 惠普发展公司,有限责任合伙企业 | Network service interface analysis |
| CN106330949A (en) * | 2016-09-13 | 2017-01-11 | 哈尔滨工程大学 | Intrusion detection method based on Markov chains |
| CN108470407A (en) * | 2018-04-19 | 2018-08-31 | 深圳鼎智通讯股份有限公司 | The method of POS machine Network Intrusion record |
| CN110493140A (en) * | 2019-08-26 | 2019-11-22 | 中国人民解放军国防科技大学 | The cognitive method and its operating system of link event in information network system |
| CN110521179A (en) * | 2017-03-22 | 2019-11-29 | 赛门铁克公司 | System and method for enforcing dynamic network security strategy |
| CN111416724A (en) * | 2019-01-04 | 2020-07-14 | 天津科技大学 | Server intrusion detection alarm design method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1203641C (en) * | 2002-10-11 | 2005-05-25 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| KR100456634B1 (en) * | 2002-10-31 | 2004-11-10 | 한국전자통신연구원 | Alert transmission apparatus and method for policy-based intrusion detection & response |
| CN1450758A (en) * | 2003-05-16 | 2003-10-22 | 上海金诺网络安全技术发展股份有限公司 | High performance network intrusion detecting system and detecting method |
| US8220052B2 (en) * | 2003-06-10 | 2012-07-10 | International Business Machines Corporation | Application based intrusion detection |
| US20050066193A1 (en) * | 2003-09-22 | 2005-03-24 | Overby Linwood Hugh | Selectively responding to intrusions by computers evaluating intrusion notices based on local intrusion detection system policy |
-
2005
- 2005-09-02 CN CNB2005100958401A patent/CN100342692C/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459548B (en) * | 2007-12-14 | 2011-10-12 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
| CN101217408B (en) * | 2008-01-17 | 2010-12-08 | 中兴通讯股份有限公司 | A processing system on all-round failure pertinence treatment system and the corresponding processing method |
| CN102209006A (en) * | 2011-03-04 | 2011-10-05 | 北京神州绿盟信息安全科技股份有限公司 | Rule test equipment and method |
| CN102209006B (en) * | 2011-03-04 | 2014-09-03 | 北京神州绿盟信息安全科技股份有限公司 | Rule test equipment and method |
| CN104137115A (en) * | 2012-02-29 | 2014-11-05 | 惠普发展公司,有限责任合伙企业 | Network service interface analysis |
| CN106330949A (en) * | 2016-09-13 | 2017-01-11 | 哈尔滨工程大学 | Intrusion detection method based on Markov chains |
| CN106330949B (en) * | 2016-09-13 | 2019-07-16 | 哈尔滨工程大学 | One kind being based on markovian intrusion detection method |
| CN110521179A (en) * | 2017-03-22 | 2019-11-29 | 赛门铁克公司 | System and method for enforcing dynamic network security strategy |
| CN110521179B (en) * | 2017-03-22 | 2022-06-03 | Ca公司 | System and method for enforcing dynamic network security policies |
| CN108470407A (en) * | 2018-04-19 | 2018-08-31 | 深圳鼎智通讯股份有限公司 | The method of POS machine Network Intrusion record |
| CN111416724A (en) * | 2019-01-04 | 2020-07-14 | 天津科技大学 | Server intrusion detection alarm design method |
| CN110493140A (en) * | 2019-08-26 | 2019-11-22 | 中国人民解放军国防科技大学 | The cognitive method and its operating system of link event in information network system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100342692C (en) | 2007-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100342692C (en) | Invasion detecting device and invasion detecting system | |
| RU2417417C2 (en) | Real-time identification of resource model and resource categorisation for assistance in protecting computer network | |
| US9071637B2 (en) | Automated security analytics platform | |
| CN103152442B (en) | A kind of detection and treatment method of corpse domain names and system | |
| US10200388B2 (en) | Automated security analytics platform with multi-level representation conversion for space efficiency and incremental persistence | |
| CN100518076C (en) | Journal accounting method and system | |
| CN111258979A (en) | Cloud protection log system and working method thereof | |
| CN103853743A (en) | Distributed system and log query method thereof | |
| CN1863211A (en) | Content filtering system and method thereof | |
| CN105490831A (en) | Internet data center/Internet service provider (IDC/ISP) information security management system and information management method thereof | |
| CN1874254A (en) | Method for browsing data based on structure of client end / server end | |
| CN1997000A (en) | Virtual-host-based web server and method for user obtaining access data | |
| US8973132B2 (en) | Automated security analytics platform with pluggable data collection and analysis modules | |
| CN1645799A (en) | Distributed unified data access system based on long-range authority | |
| CN102253948A (en) | Method and device for searching information in multi-source information system | |
| CN1852263A (en) | Message access controlling method and a network apparatus | |
| CN103414735B (en) | A kind of web site contents Secret-related Inspecting System | |
| CN102413201B (en) | Processing method and equipment for domain name system (DNS) query request | |
| CN1314293C (en) | System and method for intelligent monitoring message center | |
| CN114500122B (en) | Specific network behavior analysis method and system based on multi-source data fusion | |
| CN101478406A (en) | Method for real-time monitoring network operation behavior of remote user | |
| CN106850345B (en) | Method for monitoring and inquiring network user state | |
| CN1889502A (en) | Method for preventing star-shape network from invading and attacking based on intelligent exchanger | |
| CN1632799A (en) | Hyperlink automatic redirecting and management system and method | |
| TWI417737B (en) | Real-time identification of an asset model and categorization of an asset to assist in computer network security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180928 Address after: 230088 the 541 phase of H2 two, two innovation industrial park, No. 2800, innovation Avenue, Hi-tech Zone, Hefei, Anhui. Patentee after: Xinhua three information Safe Technology Ltd Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466 Patentee before: Xinhua three Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |