CN1960369A - Method and system for protecting security of Internet by simulating biological neural network - Google Patents
Method and system for protecting security of Internet by simulating biological neural network Download PDFInfo
- Publication number
- CN1960369A CN1960369A CN 200510117456 CN200510117456A CN1960369A CN 1960369 A CN1960369 A CN 1960369A CN 200510117456 CN200510117456 CN 200510117456 CN 200510117456 A CN200510117456 A CN 200510117456A CN 1960369 A CN1960369 A CN 1960369A
- Authority
- CN
- China
- Prior art keywords
- gateway
- information
- work station
- data
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention is used for ensuring the safety of content, anti junk mail, antivirus, and anti attack. The method thereof comprises: monitoring the suspicious network behaviors through internet nodes; all collected suspicious behaviors and sampled data are sent to the information security analyzing center to analyze; the information security center uses the release processing strategy and feature base to block the attack behavior and the traffic concerning illegal content.
Description
Technical field
The present invention relates to the Internet and field of security systems, particularly protection internet information safe practice is the method and system of simulation biological neural network protection internet security concretely.
Background technology
Internet development is greatest inventions in 20 end of the centurys, and the Internet brings great convenience with people's life.When the Internet brings convenience to people, the virus of propagating by the Internet begins to wreak havoc, the assault behavior happens occasionally, propagate invalid information by the Internet and bring threat, the anti-virus that therefore has been born, the visitor that cracks down upon evil forces, information security, the special security fields of content safety energy to national security.
The impact that Internet Age arrives, the influence power that the look that makes virus begin to possess to make us hearing becomes.Transnational, as to stride continent property Internet Worm, not only the influence area extends to all parts of the world, and the most fearful is that propagation velocity is very surprising.In the internet, viral selectable media is not only many but also possess powerful effect power, and different approaches such as these fearful poisonous insects can see through webpage, share software, P2P, real-time communication, network are shared, system vulnerability and Email and mode are scattered.Antivirus techniques worker adopts multiple technologies such as virtual technology, scanning technique to carry out checking and killing virus on work station, greatly the computing capability of the whole network work station of Xiao Haoing.
And will be a no small input for a company, country for each work station is equipped with antivirus software, Kaspersky Anti-Hacker and information filtering software, need a large amount of managerial personnel simultaneously, because administrative staff's sense of responsibility and technical merit are uneven.Threaten for effectively management and control and bring inconvenience, this simulation biological neural network protection internet security just occurred, and collaborative work protection internet safety improves the efficiency of management in a scope of organization.
The biological variation that will adapt to external environment just must can be experienced this variation, just can make a response.Biological receptor plays a part information gathering in whole nervous system, it conducts signal reaction extraneous physics or chemistry on sensory neurone to far-end.Intermediate nerve plays a part to calculate in system and the information conduction, and the signal that sensory nerve transmits is through being delivered to efferent nerve formation reflex arc after the calculated response of several intrerneurons.Efferent nerve is finally connecting effector, transfers empty human body organ to make corresponding reaction by effector at last.
Neural maximum characteristics are exactly can coordinate all systems of human body according to the stimulation in the external world to make a response.Simulation biological neural network protection internet security systems is with the integral body of internet as a cooperation, and any node of network is attacked, and the information security central control system is coordinated whole Internet resources attack is made a response, and resists contingent danger.
The method and system of simulation biological neural network protection internet security are according to the principle design of biology nerve network system.As a huge nervous system, gateway and work station are as network receptor and network effects device with whole the Internet in system, and network is as intermediate nerve.The network receptor is responsible for attack information and the spam information on the collection network, the information that intermediate nerve is collected receptor is sent to the maincenter processing mechanism information is analyzed, and maincenter processing mechanism commander is distributed in the network effects device collaborative work on the network then.
The method and system of simulation biological neural network protection internet security are different from nerve network system.
Neural net is called artificial neural net, neuro-computer etc. traditionally, is a part that belongs to artificial intelligence field.Neuron is the basic processing unit of neural net operation.A neural net is a large-scale parallel distributed processor that is made of simple process unit.Natural have the storage Heuristics and make it available characteristic.Using nerve network system to calculate need go on foot through two: 1) obtain certain knowledge by training, make it to have the ability that can calculate, 2) use this system to finish calculation task;
The knowledge store of neural net is on the weights between the node, and the result of neural network learning is the connection weights of adjusting between the node, the connection weight value record information of knowledge.Neural net is used for finishing certain Intelligent Calculation task, realizes useful calculating by learning process, as computation optimization etc.
The method and system of simulation biological neural network protection internet security are the network systems that is made of the Internet and work station PC, minicomputer, large-scale computer, local area network (LAN), other electric terminals of being distributed in the Internet end.Utilize the information security module simulation biology nervous system on the gateway to get receptor and effector, accept the threat information of self terminal, coordination and commander's gateway are blocked the network interconnection system of security threat.
Because Windows often quoted security breaches, so use the user of Windows system just to need often on Microsoft's website, download patch, Here it is Update.The method update system storehouse of the Update that anti-virus system, firewall system, Spam filtering system also all adopt.If can not be upgraded in time and huge safety problem will occur in case system quotes leak, be not each staff update system in time then, bury potential safety hazard for the system of tissue.The method and system technology of simulation biological neural network protection internet security on gateway shutoff any possible security threat, and the subnetwork function by safety management protocols limit danger main frame reaches the purpose of safety precaution.
The effect of Update is patch upgrading software systems of downloading software systems in the official website of software systems, remedies security breaches or update software system.Microsoft is the advocate of Update, comprises user's authentication informations such as bug information, configuration information and sequence number according to the saying Update uploaded content of Microsoft, does not comprise the information of individual subscriber.The information of uploading is used for the position of reason that analyzing defect produces, existence with fixed software, and perhaps upload version information judges whether the user needs upgraded version.But the upgrade information that the Update system reports can only provide version information for the upgrading of local host, and the Bug that the Update system reports need wait until that the software developer develops the software or the patch problem that make new advances and just can be resolved.
The information that the method and system of simulation biological neural network protection internet security are uploaded is the content-data and the network behavior data of gateway or work station sampling; not to be used for local upgrade but to provide the analysis data to Analysis server; Analysis server is made analysis and issuing command and feature database to the content-data and the network behavior data instant of gateway or work station sampling, does not need manual intervention or develops new software.
Update is applied in a lot of systems, such as Brightmail whole world mail supervisory control system and SurfControl risk track database.Brightmail mail supervisory control system is collected the spam in the whole world and is regularly issued mail features information, and SurfControl regularly publishes URL information.Brightmail and SurfControl block network according to the information of tabulation and connect in the server download list.But all on the internet gateways all obtain up-to-date tabulation the time needs the time, attacks when server real under attack obtains tabulation and may stop.And owing to there is the problem of system compatibility; security information tabulation or attack signature information bank have often just been protected server under fire, and the network resource consumption of gateway under attack (perhaps server), CPU consume the minimizing that does not obtain essence.
Such as in mail filtering system, on work station, filter having little significance of essence, reason is exactly that mail has downloaded to work station.Stop that really spam and virus enter internal network and must check on gateway.Spam generally adopts behavior pattern recognition, blacklist or content recognition.Adopt behavior pattern recognition can adopt the method in the local analytics data to obtain, blacklist and content aware keyword need in time to upgrade to related web site.Adopt mail filtering system that behavior pattern recognition and blacklist filter finish SMTP shake hands after will the handling as spam of arbitrary decision from all mails of this address, filter effect is very poor; Adopt in the mail filtering system of content analysis, during mail process gateway, Spam filtering engine interception firmly mail is analyzed its content, and discovery is that the strategy that spam adopts refusal, clearance, transmits or deletes is handled.Though it is these methods can both be filtered spam to a certain extent, very big to the resource occupation of gateway system.In order to solve the above problems, the spam that should filter, the various resources of protecting network need to adopt a kind of new technological means again.
Summary of the invention
The present invention is in order to overcome the above problems; the method of simulation biological neural network protection internet security has been proposed; set up one or more information security processing center on the internet; on gateway or switching equipment or work station, set up a network receptor and a network effects device; the principle that simulating organism stimulates the generation reflection to external world reaches blocks threat, the purpose of protecting network and information security.
The present invention also provides the system of simulation biological neural network protection internet security; the interface of the system by simulation biological neural network protection internet security sends the port activity information of the gateway in the network, work station to the information security processing center, and utilizes the information security processing center that the analysis ability of secure data is handled data.
The method of simulation biological neural network protection internet security, in network, have a gateway or work station and an information security processing center at least, gateway or work station are reported and submitted the port activity information of gateway or work station to the information security processing center, utilize ability that the data analysis of information security processing center handles that the data of gateway or work station are made and analyze and judge; The information security processing center is responsible for the information of gateway or work station collection is analyzed, and issues intrusion feature database and operational order, and carries out input and output by the interface of simulation biological neural network protection internet security.
Specifically comprise the steps:
Set up a step with system of simulation biological neural network protection internet security;
The step of gateway or work station collection network action message;
The step that the information security processing center is analyzed the data that receive;
The result's of gateway or the issue of work station received information safety processing center step;
The step that gateway or work station filter the network information.
Describedly set up a step and also should comprise with system of simulation biological neural network protection internet security:
Foundation has network information capacity gauge and has the gateway of closed portion network concatenation ability or the step of work station, is used to collect attack information or blocks illegal network behavior.
Foundation has the step of the processing center of network behavior analysis ability and content analysis capability, and whether be used for the phase-split network behavior is whether illegal act and content be legal.
The step of described gateway or work station collection network action message also should comprise the step of submission, and the information of collecting is sent to the information security processing center.
The step that described information security processing center is analyzed the data that receive also should comprise:
The step of Data Receiving is used to receive the data that gateway or work station are submitted to;
The step that data are analyzed analyzes in the information of submitting to whether comprise junk information or attack.
The step of data issue, information security processing center issue analysis result.
The result's of described gateway or the issue of work station received information safety processing center step also should comprise:
Gateway or work station receive the step of data from the safe handling center, receive attack signature sign indicating number or instruction at the safe handling center.
Gateway or work station load the step of attack signature sign indicating number, are used for filtering virus, spam, hacker attacks, Http content etc.
Gateway or work station are carried out the step of safe handling center instruction, are used for blocking illegal network behavior according to the instruction collaborative work of safe handling center.
The step that gateway or work station filter the network information also should comprise:
The step of garbage information filtering is filtered the step of virus, spam, Http content etc.
Block the step of illegal network behavior, block illegal network behavior according to the instruction collaborative work of safe handling center.
The step that described foundation has the information security processing center of attack analysis ability also comprises:
The step that system installs is used for the basic system of safety.
The step of systematic learning, training is used to load knowledge base or training system, makes system possess the ability of analyzing and processing information.
Simulation biological neural network protection internet security systems, in network, have a gateway or work station and the network that the information security server constitutes at least, gateway or work station are reported and submitted the port activity information of gateway or work station to the information security server, utilize information security server data analysis and processing module that the data of gateway or work station are made and analyze and judge; The information security server is responsible for the data of gateway or work station collection are analyzed, and information characteristics or operational order are attacked in issue, and carries out input and output by the agreement of simulation biological neural network protection internet security.
Described gateway or work station also should comprise data collection module, are used to collect local network activity information;
Described gateway or work station also should comprise sending module, and the information that is used for collecting sends to the information security server;
Described gateway or work station also should comprise data reception module, are used for the attack signature or the instruction of the issue of received information safety server;
Described gateway or work station also should comprise the information filtering module, are used to filter out the information flow into gateway or work station;
Described gateway or work station also should comprise network blocking-up module, are used for blocking-up or closed portion network and connect;
Described information security server also should comprise data reception module, is used to receive the data of gateway or work station transmission;
Described information security server also should comprise data transmission blocks, is used to send the result data that the information security server is analyzed;
Described information security server also should comprise analysis module, is used to analyze the data of gateway or work station transmission;
Described information security server should comprise that also analysis module also should comprise: study module, information analysis module, knowledge store module, decision-making and release module.
Described study module is used for the analysis result of the data that send according to gateway or work station or other approach and obtains knowledge, promotes the disposal ability of the knowledge base of information security server;
Described information analysis module is used for according to the knowledge analysis gateway of knowledge base or the data of work station transmission, for decision-making and release module provide input information;
Described knowledge store module is used for the stored information security server and obtains knowledge according to the analysis result of the data of gateway or work station transmission or other approach;
Described decision-making and release module are used for information security server issue condition code or instruction.
Beneficial effect of the present invention is; on gateway, filter virus, spam, HTTP content; block attack and protected the safety of being attacked terminal; blocked the access point that attack enters the Internet; reduce the wasting of resources of the network bandwidth and CPU; improved response speed; for global cooperation protecting network safety provides platform; and on gateway, realize not adding extra equipment; discriminating by processing center management attack; reduced equipment management personnel, reduced dependence keeper's technical merit.
Description of drawings
Fig. 1 is a system construction drawing of the present invention;
Fig. 2 is the flow chart of the inventive method;
Adopt the flow chart of the inventive method in Fig. 3 mail filtering system;
Figure 4 shows that the flow chart that adopts the inventive method in the instant message filtering system;
Figure 5 shows that the flow chart that adopts the inventive method in the HTTP filtration system;
Figure 6 shows that the flow chart that adopts the inventive method in the traffic control system;
Figure 7 shows that system construction drawing of the present invention.
Embodiment
Below in conjunction with description of drawings the specific embodiment of the present invention.
Fig. 1 is a system construction drawing of the present invention, and first part is the network receptor, analysis center during second part, and the 3rd part is the network effects devices.To collect local version information different with bug information with Update, and the network receptor is partly monitored and collected local network communication activity information and content correlated information among the present invention, sends to the information analysis center.Different with Update in server download patches program or storehouse; the data that analysis center will utilize the knowledge of center accumulation that the network receptor is reported and submitted are analyzed; if the data that the network receptor is reported and submitted possess the characteristic of attack or comprise violated information; the some or all of connection of the system that closes the information of send violating a ban is just instructed by analysis center, breaking part or connected the system that protection is attacked by the network of attacking system.The feature database of analysis center's issue is simultaneously downloaded for other system, with the other system on the protection the Internet.The defect problem that the Update system needs the programmer to solve, and on patch or new version software upload onto the server, just can download.Different with Update download patches program or storehouse or new edition software, network effects device of the present invention is initiatively accepted the storehouse and the instruction of analysis center's issue network communication is controlled, and the blocking-up network connects or carries out information filtering.The invention provides ability to network and network information monitoring and control.
Fig. 2 is the flow chart of the inventive method, has provided the present invention among the figure and how to have realized.System is made of server and the A of system, system B, system C, and system A, B, C can mutual communication by the network connection.The develop rapidly of network communications technology now brings great convenience to data communication, the A of system can send any information to any system in theory, but network communications technology is also provided convenience to the lawless person, attack, spam, virus, illegal homepage etc. are propagated on the internet wantonly, the a large amount of loan of waste resource has a strong impact on people's productive life simultaneously.Utilize the present invention to set up the system of a simulation biological neural network protection the Internet on the internet, server is finished initialization, step 201; System A sends information, step 202 to the B of system; The intelligence sample of system B to receiving, step 203; System B sends to server, step 204 with the information of sampling; Server is analyzed step 205 to the data that the B of system submits to; The server distributing data carries out analysis result, and the content of the inventive method system applies analysis result when other data handling procedures is different, step 206; System A, B, C be the receiving and analyzing result on server, step 207,209,211, the analysis result that system A, B, C receive comprises instruction, filtering policy and feature database, the content of the different analysis results that receive in system A, B, the C status in same system is different, and the content of the analysis result that receives when other data handling procedures for the inventive method system applies also is different certainly; System A is according to the analysis result Adjustment System strategy of server, step 208; System B is according to the analysis result Adjustment System strategy of server, step 210; System C is according to the analysis result Adjustment System strategy of server, step 212;
Adopt the inventive method utilization simulation biological neural network to filter the detail flowchart of spam in Fig. 3 mail filtering system.The server of spam analysis center is at first finished initialization, step 301, initialization system comprises that training implements the storehouse, loads knowledge base in system, is different for the inventive method system applies initialized content when other data handling procedures certainly; The gateway initialization, step 302, the initialization gateway system loads knowledge base and strategy in system, is different for the inventive method system applies initialized content of gateway when other data handling procedures.Mail server A sends mail, step 303 to mail server B; The mail of gateway A forwarding by mail server A, step 304; Gateway B samples step 305 to mail transmission behavior and the Mail Contents of hairnet mail server B; Gateway B sends to spam analysis center server, step 306 with the data of sampling; Spam analysis center server receives the message that gateway B sends, step 307; Spam analysis center server is analyzed step 308 according to knowledge base information to behavioral data and the Mail Contents of mail server A; Spam analysis center server judges according to analysis result whether mail server A is spammer, step 309; If mail server A is not a spammer, spam analysis center server sends instruction, and notification gateway B lets pass mail, step 310; Gateway B is forwarded to mail on the mail server B, step 311; If mail server A is a spammer, spam analysis center server sends instruction, and notification gateway A closes the part mail connection of mail server A or mail server A network is closed step 312; Gateway A is accepted the instruction of spam analysis center server, step 313; Gateway A is closed the part mail connection of mail server A or mail server A network is closed step 314; Spam analysis center server sends instruction, and the part mail of notification gateway B blocking-up mail server A connects step 315; Gateway B accepts the instruction of spam analysis center server, step 316; The part mail of gateway B blocking-up mail server A connects step 317; Spam analysis center server issue feature database, step 318 also is different for the inventive method system applies content of feature database when other data handling procedures; Gateway A, B, C receive the feature database of spam analysis center server issue, step 319,321,323, the content of the different feature databases that receive in gateway A, B, the C status in same system is possible identical or inequality, the inventive method system applies is not limited to the A of Mail Gateway system, B, C, and the designer can principle according to the present invention infer system arbitrarily; Gateway A, B, C adjust gateway strategy, step 320,322,324 according to the feature database that receives.
The method that the present invention utilizes the simulation biological neural network to filter the protection internet security not only can be used for filtering spam; can also be used for content safety (instant message filtering, HTTP filter), virus filtration,, assault takes precautions against; also can be applied in the traffic information management congestion phenomenon of road improvement traffic.
Application on the gateway content safety system:
1, A gateway collection network outflow, the information that flows into.
2, the A gateway sends to the content safety processing center with the information of collecting.
3, the content safety processing center is analyzed the information that A gateway collection network flows out, flows into.Find that the B network is the cradle that content safety threatens.
4, content safety processing center issue A gateway strategy, B gateway strategy and information filtering feature bag.
5, A gateway, B gateway, C gateway are accepted the information filtering feature bag of content safety processing center issue, and the A gateway is accepted A gateway strategy, the B gateway accept B gateway strategy.
6, the information filtering feature bag of A gateway, B gateway, the issue of C gateway loading content safe handling center, the A gateway is carried out A gateway strategy, B gateway execution B gateway strategy.
7, A gateway, B gateway, C gateway filter the content of turnover network, A gateway, B gateway, the content that exists content safety to threaten of A mail server issue are tackled.
Application on the inner content safety system:
The network of supposing unit is the A network, and gateway is the A gateway, has the X main frame.
1, unit is to the sensitive information training content filter engine of our unit.
2, A gateway loading content filter engine filters the content that flows out our unit.
3, A gateway discovery, the X main frame sends sensitive information.
4, the A gateway will be collected the sensitive information feature.
5, the A gateway sends to sensitive information in administrative center's main frame of our unit.
6, administrative center's main frame update content filter engine feature bag.
7, A gateway issuing command order X Host Shutdown is dangerous connects, the connection of A gateway blocking-up X main frame.
Application in the outer counter virus system:
1, there is abnormal movement in A gateway discovery A network, and the A gateway is collected abnormal movement information.
2, the A gateway is played the abnormal movement sampling and is delivered to the anti-virus processing center.
3, virus attack processing center is accepted the A gateway information.
4, the information that virus attack processing center analysis is received.
5, virus attack processing center issue attack signature information bank and A gateway strategy, B gateway strategy, C gateway strategy.
6, A gateway, B gateway, C gateway receive the attack signature information bank and the gateway strategy of virus attack processing center issue.
7, A gateway, B gateway, C gateway load the attack signature information bank of virus attack processing center issue.
8, A, B, C gateway are blocked the virus attack behavior, the virus in A, B, the C gateway screen.
The internal lan anti-virus:
1, the A host activities is unusual in the A gateway discovery A network, and the A gateway is collected abnormal movement information.
2, the A gateway is played the abnormal movement sampling and is delivered to the anti-virus processing center.
3, virus attack processing center is accepted the A gateway information.
4, the information that virus attack processing center analysis is received.
5, virus attack processing center issue attack signature information bank and A gateway strategy.
6, A gateway, B gateway, C gateway receive the attack signature information bank of virus attack processing center issue, and the A gateway receives the A gateway strategy of virus attack processing center issue.
7, the A gateway is closed the danger connection of A main frame.
8, A gateway, B gateway, C gateway load the attack signature information bank of virus attack processing center issue.
9, the virus in A, B, the C gateway screen.
Application on the gateway attack defending system:
1, the A host activities is unusual in the A gateway discovery A network, and the A gateway is collected abnormal movement information.
2, the A gateway is beaten the protection center of attacking of delivering to the abnormal movement sampling.
3, attack the protection center and accept the A gateway information.
4, attack the protection center and analyze the information of receiving.
5, attack protection center issue attack signature information bank and A gateway strategy.
6, A gateway, B gateway, C gateway receive the attack signature information bank of attacking the issue of protection center, and the A gateway receives the A gateway strategy of attacking the issue of protection center.
7, the A gateway is closed the danger connection of A main frame.
8, A gateway, B gateway, C gateway load the attack signature information bank of attacking the issue of protection center.
9, A, B, C gateway are blocked the gateway attack.
Internal attack the application on the system of defense:
1, the A host activities is unusual in the A gateway discovery A network, and the A gateway is collected abnormal movement information.
2, the A gateway is beaten the protection center of attacking of delivering to the abnormal movement sampling.
3, attack the protection center and accept the A gateway information.
4, attack the protection center and analyze the information of receiving.
5, attack protection center issue attack signature information bank and A gateway strategy.
6, A gateway, B gateway, C gateway receive the attack signature information bank of attacking the issue of protection center, and the A gateway receives the A gateway strategy of attacking the issue of protection center.
7, the A gateway is closed the danger connection of A main frame.
8, A gateway, B gateway, C gateway load the attack signature information bank of attacking the issue of protection center.
9, A, B, C gateway are blocked the gateway attack.
Application in the vehicle flow management
1, collecting device is gathered the data on flows at each crossing.
2, flow information is sent to the traffic control center server.
3, the traffic control center server calculates each crossing flow situation.
4, traffic control center server issue traffic forecast.
5, the traffic lights management system is according to traffic forecast delivery system lamp dispatch command.
6, each belisha beacon is according to instruction works.
Mail Gateway is finished sampling, mail refuse collection, the transmission of behavior that mail is sent, spam analysis center finishes issuing command or feature database after the analysis of spam, and Mail Gateway is finished interception and filtering function according to the instruction of spam Analysis server.Multiple function can certainly be arranged, and narration those skilled in the art of this specification of process can guess.
Method of the present invention does not limit concrete a certain data processing method, as long as satisfy these data handling procedure needs through over-sampling (because needs are analyzed the data of sampling), perhaps the result of data analysis can be shared by a plurality of systems.Possessing the system of above-mentioned general character or application program just can extract as simulation biological neural network system and handle.As long as and meet arbitrarily above-mentioned general character in the system between the application server and just can propose out to handle as simulating the biological neural network system.
Fig. 4 adopts the inventive method simulation biological neural network to filter the detail flowchart of instant message in the instant message filtering system.The server initialization of content safety analysis center, step 401, initialization system comprises that training implements the storehouse, loads knowledge base in system, is different for the inventive method system applies initialized content when other data handling procedures certainly; The gateway initialization, step 402, the initialization gateway system loads knowledge base and strategy in system, and gateway is different as interception sender's gateway or protection recipient gateway for the inventive method system applies initialized content of gateway when other data handling procedures in the same system; QQ1 sends a message to QQ2 step 403; Gateway is with message block and sample step 404; Gateway sends to content safety analysis center server, step 405 with the information of sampling; Content safety analysis center server is accepted the information of gateway with sampling, step 406; Knowledge in the content safety analysis center server by utilizing knowledge base is analyzed step 407 to the information of gateway sampling; The result that content safety analysis center server will be analyzed sends to gateway, step 408; Gateway is accepted the analysis result of content safety analysis center server, step 409; Gateway is made judgement, step 410 according to the analysis result and the local policy of content safety server to the message that QQ1 sends to QQ2; If it is illegal message that QQ1 sends to the message of QQ2, the gateway refusal is transmitted message, step 411; The QQ1 display message is illegal, step 412; If it is legal message that QQ1 sends to the message of QQ2, gateway forwards message, step 413; The QQ2 display message, step 414;
Fig. 5 adopts the inventive method simulation biological neural network to filter the detail flowchart of instant message in the HTTP filtration system.The server initialization of content safety analysis center, step 501, initialization system comprises that training implements the storehouse, loads knowledge base in system, is different for the inventive method system applies initialized content when other data handling procedures certainly; The gateway initialization, step 502, the initialization gateway system loads knowledge base and strategy in system, and gateway filters the Web page or leaf content of returning in the system, is different for the inventive method system applies initialized content of gateway when other data handling procedures; The user sends a message to http server, step 503; Gateway A arrives http server, step 404 with forwards; The Web page, step 505 are returned in http server response user request; Gateway A is tackled the Web page and the content of the page is made a summary step 506; Gateway A sends to content safety central server, step 507 with the summary info of the Web page; The content safety central server receives the web content summary info that gateway A sends, step 508; The content safety central server is according to the knowledge of knowledge base and the web content summary of rule analysis gateway A transmission, step 509; The content safety central server according to the result who analyzes to the Web page or leaf of gateway A interception legal judgement, the step 510 made whether; The result that the content safety central server will be judged sends to gateway A, step 511; The result that gateway A received content security centre server will be judged, step 512; Gateway A is analyzed the judged result of content safety central server and whether is let pass step 513; If the judged result of content safety central server is to let pass, the Web page that gateway A is let pass and is blocked, step 514; The user browses to the Web page, step 515; If the judged result of content safety central server is blocking-up, the Web page that the gateway A blocking-up is blocked, step 516; The user browses to blocking-up information page, step 517; Content safety central server issue invalid information filtering characteristic storehouse, step 518; Gateway A, B receive the information filtering feature database at the content safety central server, step 519,521, and gateway A, B be residing status difference in system, and the feature database that falls of acceptance may be different; Gateway A, B adjust filtering policy, step 520,522.
Fig. 6 is the detail flowchart that adopts the inventive method simulation biological neural network commander grade crossing signal lamp in the traffic control system.The initialization of point duty server, step 601 is different for the inventive method system applies initialized content when other data handling procedures; Road junction flow collection device A, B gather the flow motor of road junction A box road junction B, and flow information is sent to point duty server, step 602; The point duty server receives the flow motor data that road junction flow collection device is gathered the road junction, step 603; The information of point duty server by utilizing knowledge base is analyzed step 604 to the flow information at B road junction; The point duty server is judged whether traffic congestion of B, step 605 according to the result who analyzes; If the traffic congestion phenomenon takes place road junction B, the point duty server is to the instruction of a-signal lamp issue limited flow, step 607; The a-signal lamp is accepted the instruction of point duty server, step 608; The a-signal lamp is implemented current limliting, step 608 to the A road junction; If traffic congestion does not take place in road junction B, the a-signal lamp A road junction vehicle of normally letting pass, step 610;
Be illustrated in figure 7 as system construction drawing of the present invention.Gateway or work station 701 link to each other with server 702, and wherein gateway or work station information acquisition module 703 is responsible for gathering the content and the network behaviors of the flow of turnover networks, and send the data to analysis module 707 and carry out analyzing and processing; Analysis module 707 links to each other with the knowledge store module, when 707 pairs of data of analysis module are analyzed, proposes knowledge in knowledge store module 706; Knowledge store module 706 links to each other with study module 705, and study module 705 is obtained knowledge by manual intervention or automatic study, and knowledge is kept in the knowledge base; Release module 708 is issued feature database or instruction according to the result of analysis module 707, and the content of issuing in different systematizations may be inequality; Effect module 704 is carried out communication with release module 708, obtains the issue result of release module 708, adjusts strategy according to the issue result of release module 708.
Beneficial effect of the present invention is; on gateway, filter virus, spam, HTTP content; block attack and protected the safety of being attacked terminal; blocked the access point that attack enters the Internet; reduce the wasting of resources of the network bandwidth and CPU; improved response speed; for global cooperation protecting network safety provides platform; and on gateway, realize not adding extra equipment; discriminating by processing center management attack; reduced equipment management personnel, reduced dependence keeper's technical merit.
Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.
Claims (12)
1. the simulation biological neural network is protected the method and system of internet security; it is characterized in that: suspicious actions and sampled data that all nodes are collected send to information security analysis center centralized Analysis; the knowledge of the behavioural characteristic that report and submit according to node at the information security analysis center, sampled data and the accumulation of information security analysis center is made and being analyzed and judgement, utilizes the Internet issue suspicious actions processing policy and feature database.The information security analysis center utilizes publishing policy and feature database coordinate network resources, on gateway and work station attack or the network traffics of being accused of illegal contents is blocked.
2. the method for simulation biological neural network protection internet security according to claim 1 is characterized in that comprising the steps:
Set up a step with system of simulation biological neural network protection internet security;
The step of gateway or work station collection network action message;
The step that the information security processing center is analyzed the data that receive;
The result's of gateway or the issue of work station received information safety processing center step;
The step that gateway or work station filter the network information.
3. according to the method for the described simulation biological neural network protection of claim 2 internet security, it is characterized in that setting up a step and also comprise with system of simulation biological neural network protection internet security:
Foundation has network information capacity gauge and has the gateway of closed portion network concatenation ability or the step of work station, is used to collect attack information or blocks illegal network behavior.
Foundation has the step of the processing center of network behavior analysis ability and content analysis capability, and whether be used for the phase-split network behavior is whether illegal act and content be legal.
4. protect the method for internet security according to the described simulation biological neural network of claim 2; the step that it is characterized in that gateway or work station collection network action message also should comprise the step of submission, and the information of collecting is sent to the information security processing center.
5. according to the method for the described simulation biological neural network protection of claim 2 internet security, it is characterized in that the step that described information security processing center is analyzed the data that receive also comprises because of this:
The step of Data Receiving is used to receive the data that gateway or work station are submitted to;
The step that data are analyzed analyzes in the information of submitting to whether comprise junk information or attack.
The step of data issue, information security processing center issue analysis result.
6. according to the method for the described simulation biological neural network protection of claim 2 internet security, it is characterized in that the result's of gateway or work station received information safety processing center issue step also comprises:
Gateway or work station receive the step of data from the safe handling center, receive attack signature sign indicating number or instruction at the safe handling center.
Gateway or work station load the step of attack signature sign indicating number, are used for filtering virus, spam, hacker attacks, Http content etc.
Gateway or work station are carried out the step of safe handling center instruction, are used for blocking illegal network behavior according to the instruction collaborative work of safe handling center.
7. according to the method for the described simulation biological neural network protection of claim 2 internet security, it is characterized in that the step that gateway or work station filter the network information, also should comprise:
The step of garbage information filtering is filtered the step of virus, spam, Http content etc.
Block the step of illegal network behavior, block illegal network behavior according to the instruction collaborative work of safe handling center.
8. according to the method for the described simulation biological neural network of claim 3 protection internet security, it is characterized in that the step that described foundation has an information security processing center of attack analysis ability also comprises:
The step that system installs is used for the basic system of safety.
The step of systematic learning, training is used to load knowledge base or training system, makes system possess the ability of analyzing and processing information.
9. the simulation biological neural network is protected internet security systems, in network, have a gateway or work station and the network that the information security server constitutes at least, it is characterized in that gateway or work station report and submit the port activity information of gateway or work station to the information security server, utilize information security server data analysis and processing module that the data of gateway or work station are made and analyze and judge; The information security server is responsible for the data of gateway or work station collection are analyzed, and information characteristics or operational order are attacked in issue, and carries out input and output by the interface of simulation biological neural network protection internet security.
10. according to the system of the described simulation biological neural network protection of claim 9 internet security, it is characterized in that described gateway or work station also should comprise:
Data collection module is used to collect local network activity information;
Sending module, the information that is used for collecting sends to the information security server;
Data reception module is used for the attack signature and the instruction of the issue of received information safety server;
The information filtering module is used to filter out the information flow into gateway or work station;
Network blocking-up module is used for blocking-up or closed portion network and connects;
11. the system according to the described simulation biological neural network protection of claim 9 internet security is characterized in that the information security server also should comprise:
Data reception module is used to receive the data that gateway or work station send;
Data transmission blocks is used to send the result data that the information security server is analyzed;
Analysis module is used to analyze the data that gateway or work station send;
12. the system according to the described simulation biological neural network protection of claim 9 internet security is characterized in that described information security server should comprise that also analysis module also should comprise: study module, information analysis module, knowledge store module, decision-making and release module.
Described study module is used for the analysis result of the data that send according to gateway or work station or other approach and obtains knowledge, promotes the disposal ability of the knowledge base of information security server;
Described information analysis module is used for according to the knowledge analysis gateway of knowledge base or the data of work station transmission, for decision-making and release module provide input information;
Described knowledge store module is used for the stored information security server and obtains knowledge according to the analysis result of the data of gateway or work station transmission or other approach;
Described decision-making and release module are used for information security server issue condition code or instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510117456 CN1960369A (en) | 2005-11-02 | 2005-11-02 | Method and system for protecting security of Internet by simulating biological neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510117456 CN1960369A (en) | 2005-11-02 | 2005-11-02 | Method and system for protecting security of Internet by simulating biological neural network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1960369A true CN1960369A (en) | 2007-05-09 |
Family
ID=38071860
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510117456 Pending CN1960369A (en) | 2005-11-02 | 2005-11-02 | Method and system for protecting security of Internet by simulating biological neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1960369A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986605A (en) * | 2010-11-04 | 2011-03-16 | 北京迈朗世讯科技有限公司 | Method and system for processing web surfing data of user based on backbone network |
| CN102075502A (en) * | 2009-11-24 | 2011-05-25 | 北京网御星云信息技术有限公司 | Virus protection system based on cloud computing |
| CN102214320A (en) * | 2010-04-12 | 2011-10-12 | 宋威 | Neural network training method and junk mail filtering method using same |
| CN101645117B (en) * | 2008-08-06 | 2011-11-30 | 武汉大学 | Method for controlling contents distributed in media distribution network |
| CN102354352A (en) * | 2011-09-23 | 2012-02-15 | 宇龙计算机通信科技(深圳)有限公司 | Method for monitoring safety of application software and device therefor |
| WO2012019540A1 (en) * | 2010-08-11 | 2012-02-16 | 腾讯科技(深圳)有限公司 | Method, terminal and system for processing file transfer |
| CN104468632A (en) * | 2014-12-31 | 2015-03-25 | 北京奇虎科技有限公司 | Loophole attack prevention method, device and system |
| CN105160248A (en) * | 2015-07-02 | 2015-12-16 | 哈尔滨工程大学 | Correlation pruning neural network based identification system and method for malicious process of Xen virtual machine |
| CN105592024A (en) * | 2014-11-14 | 2016-05-18 | 江苏威盾网络科技有限公司 | Network protection system and method based on cognition network |
| CN107707462A (en) * | 2017-10-31 | 2018-02-16 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | Spam emergency processing method based on cloud computing |
-
2005
- 2005-11-02 CN CN 200510117456 patent/CN1960369A/en active Pending
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101645117B (en) * | 2008-08-06 | 2011-11-30 | 武汉大学 | Method for controlling contents distributed in media distribution network |
| CN102075502B (en) * | 2009-11-24 | 2013-12-11 | 北京网御星云信息技术有限公司 | Virus protection system based on cloud computing |
| CN102075502A (en) * | 2009-11-24 | 2011-05-25 | 北京网御星云信息技术有限公司 | Virus protection system based on cloud computing |
| CN102214320A (en) * | 2010-04-12 | 2011-10-12 | 宋威 | Neural network training method and junk mail filtering method using same |
| CN102377684A (en) * | 2010-08-11 | 2012-03-14 | 腾讯科技(深圳)有限公司 | Method, terminal and system for automatically blocking transmission of pornographic video files |
| WO2012019540A1 (en) * | 2010-08-11 | 2012-02-16 | 腾讯科技(深圳)有限公司 | Method, terminal and system for processing file transfer |
| CN102377684B (en) * | 2010-08-11 | 2015-08-19 | 腾讯科技(深圳)有限公司 | The method of the pornographic video file transfer of a kind of automatic blocking-up, terminal and system |
| CN101986605A (en) * | 2010-11-04 | 2011-03-16 | 北京迈朗世讯科技有限公司 | Method and system for processing web surfing data of user based on backbone network |
| CN102354352A (en) * | 2011-09-23 | 2012-02-15 | 宇龙计算机通信科技(深圳)有限公司 | Method for monitoring safety of application software and device therefor |
| CN105592024A (en) * | 2014-11-14 | 2016-05-18 | 江苏威盾网络科技有限公司 | Network protection system and method based on cognition network |
| CN104468632A (en) * | 2014-12-31 | 2015-03-25 | 北京奇虎科技有限公司 | Loophole attack prevention method, device and system |
| CN105160248A (en) * | 2015-07-02 | 2015-12-16 | 哈尔滨工程大学 | Correlation pruning neural network based identification system and method for malicious process of Xen virtual machine |
| CN105160248B (en) * | 2015-07-02 | 2018-04-24 | 哈尔滨工程大学 | A kind of Xen virtual machine malicious process identifying systems and method based on correlation beta pruning neutral net |
| CN107707462A (en) * | 2017-10-31 | 2018-02-16 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | Spam emergency processing method based on cloud computing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1960369A (en) | Method and system for protecting security of Internet by simulating biological neural network | |
| EP2562986B1 (en) | Systems and methods for enhancing electronic communication security | |
| US8346923B2 (en) | Methods for identifying an application and controlling its network utilization | |
| RU2444056C1 (en) | System and method of speeding up problem solving by accumulating statistical information | |
| WO2019236795A1 (en) | Threat mitigation system and method | |
| CN1647079A (en) | Using neural networks for data mining | |
| CN1658589A (en) | Load control method and communication system | |
| CN1798436A (en) | Method and system for ensuring safe data service in mobile communication system | |
| CN1885788A (en) | Network safety protection method and system | |
| CN1871612A (en) | Network isolation techniques suitable for virus protection | |
| CN101496025A (en) | System and method for providing network security to mobile devices | |
| CN1961545A (en) | Filtering messages comprising spam and/or viruses in a wireless communication | |
| EP1488316A2 (en) | Systems and methods for enhancing electronic communication security | |
| CN1960246A (en) | Method for filtering out harmfulness data transferred between terminal and destination host in network | |
| CN1859178A (en) | Network safety control method and system | |
| CN109165508A (en) | A kind of external device access safety control system and its control method | |
| CN102158830B (en) | Real time monitoring system for mobile network spam | |
| CN1808992A (en) | Security management service system and its implementation method | |
| CN1922583A (en) | Method and apparatus for open internet security for mobile wireless devices | |
| CN1507233A (en) | Firm gateway system and its attack detecting method | |
| CN105429980B (en) | network security processing method and device | |
| CN1852268A (en) | Junk-mail preventing method and system | |
| CN1798064A (en) | Method and system for guaranteeing safety of data service in wireless broadband access system | |
| CN1969524A (en) | Method and system for identifyingthe content of files in a network | |
| CA3180341A1 (en) | Threat mitigation system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Dong Xiaofeng Document name: Deemed as a notice of withdrawal (Trial) |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070509 |