Hierarchical type mobile internet security monitoring and guard system
Technical field
The present invention relates to a kind of mobile Internet security fields, specifically adopt multi-C stereo prevention policies and intelligent safety monitoring technology, innovative design a kind of hierarchical type mobile internet security monitoring and protection system.
Background technology
Mobile communication enters the mobile Internet epoch just on a large scale, and intelligent terminals such as mobile phone become most important communication and information-bearing platform day by day, becomes the main access main body of information interchange, ecommerce, mobile office, consumption and payment, amusement.Yet, because directly interconnecting of mobile Internet and general internet, originally wreaked havoc malicious attacks such as virus on the Internet, wooden horse, hacker, illegal invasion also pours in thereupon, present virus at mobile Internet, smart mobile phone, wooden horse, malicious attack software etc. have had been found that several thousand kinds, and, cause very serious harm for terminal client and mobile network operation with every month hundreds of speed increase.Particularly, can introduce mobile data network inside to the virus on all the Internets, hacker, rogue attacks for the portable terminal (smart mobile phone, PDA etc.) of those direct access internet.These harmful softwares or reside on the mobile phone, perhaps reside on the server, perhaps be hidden in webpage or the file, all unlawful activities such as enforcement Communication Jamming, service denial, professional swindle, information are stolen, number of the account is usurped, fund is moved steathily, device resource takies, if there are not strong safeguard procedures, inevitable Network confusion brings loss difficult to the appraisal and disaster for operator and numerous clients.
It should be noted that simultaneously the data service of mobile communications network never is same as general Internet service, the former requires the secure business that business is controlled, safety is controlled, satisfy SLA is provided, and the latter does not also have any controlled guarantee at present; The user will quantitatively pay when the former provided business, and the latter is free in principle.Causing the former ISP, service user thus all must be carrier-class to the requirement of network and quality of service level---this also is the Value Realization basis of mobile network data service, so the safety guarantee of mobile Internet is the great core operation support problem that must solve.
Yet, even if general internet, most network securitys and information security issue also are far from obtaining satisfied solution---there is not the real-time effective safe end to end counter-measure of a cover complete safe monitoring protection system/yet do not have, safety problem stern challenge especially for mobile Internet so, not only lack complete total solution efficiently, even do not have special supporting technology at mobile Internet safety.At present, in the core research topic has been included the mobile data network service security in all International Telecommunications Union, standardization body, mobile communication carrier, network and IT service commercial city, attempts effectively to solve the business and the information security issue of mobile Internet.
Summary of the invention
The purpose of this invention is to provide a kind of hierarchical type mobile internet security monitoring and protection system.
The objective of the invention is to realize in the following manner, can move on the basis of maintainable characteristics and latest network safe practice at the further investigation mobile Internet, adopt the quality assurance strategy of initiatively monitoring guard technology, intellectualized technology and curstomer-oriented service, proposed complete mobile internet security monitoring and the protection system of a cover.This system is divided into three layers: safe operation center SOC (Security Operation Center), TSM Security Agent SA (Security Agent) and gateway SGW (Security Gateway), safety insert entity SAE (SecurityAccess Entity).SOC is responsible for the management of overall safety monitoring operation, and SGW is responsible for the flow safety detection of general internet to mobile Internet, and SA is responsible for the safety detection of network main node (or net territory) turnover flow and safety access and the safe operation that management, SAE are responsible for terminal.
Particular content comprises
(1) SOC of security centre
Be responsible for overall safety monitoring and protection, form by security monitoring management system (SOM), operation protection server (OPS), Security Policy Server functional entitys such as (SPS).SOM is responsible for monitoring the safety significant incident of the whole network, analyzes various unusual and dangerous trends, and implements control and treatment according to the characteristic of incident.SPS issues SOM with corresponding strategies and carries out according to full monitoring in dynamic system Dingan County of network security situation and great security incident and prevention policies.OPS implements safety prevention measure according to the requirement of SOM to objects such as certain network element, terminal, flow, contents, as degree of depth identification control, scanning, virus killing, connection control etc., also offer functions such as corresponding security tool downloading-running of terminal use and on-line operation.
(2) security gateway SGW
Security gateway SGW is arranged on the junction of mobile Internet and general internet, the main flow safety of being responsible for from the general internet to the mobile Internet comprises flow detection, network attack identification, the identification of virus extension horse, harmful content discriminating, abnormal operation and Malware early warning etc.For detecting armful traffic or operation, can take to forbid manufacture according to the prevention and control strategy, abandon, measure such as alarm, and the warning information of in time will being correlated with sends to SOC and makes further control and treatment.
SGW also can be arranged in the large-scale TSM Security Agent node, carries out security monitoring for the net stream that passes in and out the region within the jurisdiction network.
(3) TSM Security Agent SA
TSM Security Agent is arranged on the main node place in the mobile Internet, as mobile switching centre, base station controller, important edge router or switch, main business node (as mobile commerce platform) etc.Be responsible for the flow safety of a certain cohort of turnover or Local Area Network.Mainly contain three kinds of functions, the one, operation exception, operation exception and the warning information of responsible detecting collection network terminal report the SOC of security centre; The 2nd, according to the instruction of security centre, the network terminal (or subnet) is carried out specific safety detection, control; Three provide the function (generally having only large-scale TSM Security Agent node just to dispose) of security gateway, and flow and the abnormal operation that passes in and out the region within the jurisdiction network carried out security monitoring.
(4) safety inserts entity SAE
Safety inserts entity and generally is configured on the network terminal, as mobile phone, net book, value-added service server etc.SAE is the security monitoring plug-in unit or the code packages of a compactness, and the operation situation of monitoring terminal notes abnormalities and then sends alarm in real time, reports terminal main interface, SA and SOC.Instruction that SAE sends according to SA/SOC or alarm signal are implemented the control corresponding operation, as send security warning, block some abnormal operation, the special safety detection code of downloading-running SOC etc.
The invention has the beneficial effects as follows: the present invention is adapted to be built into complete mobile internet security monitoring and guard system.By the layer-stepping modular architecture, contained the structure at all levels of mobile Internet from terminal, Access Network, core net to service network, can guarantee to monitor guard system the deployment flexibility, cover integrality, function expansibility, upgrading convenience and defense-in-depth ability.Active integral intelligent operating mechanism can guarantee that each function cohort under the unified regulation and control of SOC, finishes security monitoring end to end and safeguard function fast synergistic.Therefore the present invention is as a kind of security monitoring and protection system framework of innovation, be suitable for telecom operators and Virtual network operator and make up unified complete intelligent safety monitoring and preventing system, effectively improve the safety fortune management ability of mobile Internet, guarantee numerous clients' service security and information security.
Description of drawings:
Fig. 1 is position and the relation of each safety function entity in network;
Fig. 2 is the configuration diagram of safety monitoring and preventing system.
Embodiment
Explain to hierarchical type mobile internet security monitoring of the present invention and below the protection system work with reference to Figure of description.
Hierarchical type mobile internet security monitoring of the present invention and protection system, the modular architecture that comprises four basic function groups of three aspects makes whole monitoring protection system have and disposes characteristics such as end-to-end deep layer protection flexible, that autgmentability is strong, upgrading is convenient, complete.The structure at all levels of mobile Internet can be adapted to, complete safe monitoring and guard system can be built into whereby from terminal, Access Network, core net to service network;
The intelligent behaviour of each module guarantees that it has very strong security monitoring autonomy function, can be according to the configuration of self, and the running and the resource object of administrative area protected in monitoring.When breaking down, other safety systems guarantee that the local security monitoring keeps basic function, when other system just often can be realized collaborative work, realizes more senior more powerful safety custody guarantee;
The functional structure of the SOC of security centre, comprise the SOM of security monitoring management system, operation protection server OPS, Security Policy Server SPS functional entity, intelligent and the cooperative mechanism of each functional entity, the security monitoring autonomy function of assurance system, function comprises:
A) according to the configuration of self, the running and the resource object of administrative area protected in monitoring;
B) when breaking down, other safety systems guarantee that the local security monitoring keeps basic function, when other system collaborative work just often, realizes the safety custody guarantee.
The attribute regulation and the matching relationship regulation thereof of each function cohort are as follows:
A) SOC monitors the abnormality alarming information that SGW, SA, SAE send as overall monitoring management person, determines corresponding processing policy according to analysis result, in time controls SGW, SA, SAE makes concrete reply operation;
B) SGW, SA, SAE according to the unified regulation and control of SOC, finish collaborative work on the basis that Each performs its own functions;
C) SA, SAE collaborative work mechanism: SA act on behalf of SOC and manage many SAE when institute's pipe node or Local Area Network flow safety are come in and gone out in monitoring, and SAE is then when possessing the inherently safe monitoring function, from controlling in SA.The major technique innovative point
Main innovate point of the present invention is the intelligent characteristic of delamination modularization architecture, each module, active integrated operating mechanism.
Active integrated operating mechanism is mainly stipulated and matching relationship based on the attribute of each function cohort.SOC monitors the abnormality alarming information that SGW, SA, SAE send as overall monitoring management person, determines corresponding processing policy according to analysis result, in time controls SGW, SA, SAE makes concrete reply operation.SGW, SA, SAE according to the unified regulation and control of SOC, finish collaborative work on the basis that Each performs its own functions.Such as, when SGW detects one when having the web webpage of hanging horse and importing into, then according to predetermined strategy or stop voluntarily or report immediately that SOC, SOC then notify corresponding SA and SAE to make the prevention and control operation immediately, thereby realize effectively safety monitoring and preventing end to end.