CN103118036A - Cloud end based intelligent security protection system and method - Google Patents
Cloud end based intelligent security protection system and method Download PDFInfo
- Publication number
- CN103118036A CN103118036A CN2013100741589A CN201310074158A CN103118036A CN 103118036 A CN103118036 A CN 103118036A CN 2013100741589 A CN2013100741589 A CN 2013100741589A CN 201310074158 A CN201310074158 A CN 201310074158A CN 103118036 A CN103118036 A CN 103118036A
- Authority
- CN
- China
- Prior art keywords
- module
- intelligent
- ftp
- clouds
- ftp client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a cloud end based intelligent security protection system which integrates a cloud computing technology, a network security protection technology and a new artificial intelligence technology, combines intelligent technologies such as superiorities and a core technology of a cloud security technology, an HSPS (Host Security Protection System) technology, an expert system reasonably, and carries out multilevel and multi-module integral linkage and interactive coordination. Cloud based intelligent HSPS and system structure are constructed by utilizing a new design idea; and a new multifunctional network supervision and protection system with a positive, comprehensive and cooperative protection integral function and a capability of protecting the network three-dimensionally, lengthways and dynamically is established in a multi-angle and omnibearing manner. By integrating the supervision of detection of abnormal behavior events, searching and killing of viruses, blocking of defensive attack and multi-protection into one, and realizing integration of real-time intelligent supervision of virus and attack, detection analysis and security protection, the cloud end based intelligent security protection system improves dynamic intelligent detection, identification and attack blocking performances of the whole network efficiently, and enhances the efficiency of the whole intelligent protection.
Description
Technical field
The present invention relates to the information security of computer network technical field, particularly a kind of intelligent security defense system and method based on high in the clouds.
Background technology
Cloud security (Cloud Security) is development and the network security application model of cloud computing; it is a kind of Security Architecture of the whole network defence; with intelligent client, concentrating type service end and three levels of open platform, the protecting network security of system efficiently moves effectively.Network security protection system (Security ProtectionSystem, SPS) is integrated and merged fire compartment wall and intruding detection system (Intrusion Detection System, IDS) technology, and being intended to provides profound effectively security protection for network.The safety defense system in high in the clouds is that a kind of safety defense system based on main frame (server) (Host Security Protection System, HSPS) mainly stresses high in the clouds main frame (server) dynamic Initiative Defense.
Have traditional network security defense technique both at home and abroad now, have dynamic and Initiative Defense ability, fail to report the rate of false alarm height, be difficult to identify new virus and network attack, can not interlock and deficiency and the limitation such as composite defense, intelligent and interactivity be weak, be difficult to effectively defend complicated virus and network attack.Although the research aspect the cloud security defence both at home and abroad is some progress slightly, but the effect that addresses the above problem is not remarkable, mainly at integrated cloud computing technology, network security defense technique and New Technologies in Artificial Intelligence, with cloud security technical advantage and core technology, the intellectual technologies such as HSPS technology and expert system organically combine, multi-level multimode Coupled motion, the mutual coordination, utilize a kind of new design philosophy to make up based on cloud intelligence HSPS and architecture, with multi-angle, comprehensive, structure has initiatively, comprehensively, the composite defense integrated function can carry out solid to network, depth, the new system of the multifunctional network monitoring and defense of dynamic protection.Integrate abnormal behaviour event-monitoring, detection, killing virus, blocking-up defensive attack, multiple-protection, realize virus and attack real time intelligent control, detect and analyze and Prevention-Security is integrated etc. that the aspect slightly is weak and not enough.
Deficiency and the limitation of legacy network Prevention-Security technology: the one, a little less than the dynamic security ability.Basic by traditional firewall with to the defence of equipment static configuration, be difficult to tackle more and more and the advanced dynamic attacks of technological means.The 2nd, can not carry out Initiative Defense.Traditional firewall and IDS can only tackle various attack passively, and can not initiatively block.The 3rd, be difficult to identify new virus or network attack.Dependence makes cyber-defence lag behind all the time network attack based on the detection technique of feature database.The 4th, a little less than detection and the defence capability, fail to report the rate of false alarm height.Particularly in the various data transmission procedures of catenet, various numerous and diverse virus or the network attack of appearance.The 5th, can not link and overall coordination defence, intelligent and interactivity is poor.
Summary of the invention
The object of the present invention is to provide a kind of intelligent security defense system and method based on high in the clouds to improve the not enough and shortcoming of existing traditional network security defense technique.
For solving the problems of the technologies described above, the invention provides: a kind of intelligent security defense system based on high in the clouds comprises: high in the clouds Intelligent treatment assembly is used for identification and analyzes the abnormal information that a FTP client FTP sends to network;
Intelligent Processing Platform is used for the abnormal information of described high in the clouds Intelligent treatment assembly is carried out comprehensive maintenance;
System core function scheduler module is used for dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly.
Optionally, in described intelligent security defense system based on high in the clouds, described high in the clouds Intelligent treatment assembly comprises:
The data acquisition download module is used for downloading the property data base of real-time update and FTP client FTP is sent to network anomalous event information, classification, filtration and analysis;
The host data acquisition module is for the malicious file, trojan horse feature database and the attack equal samples data that gather FTP client FTP;
Sort module is analyzed in identification, is used for preliminary identification and analyzes the abnormal information that the classification processing said data gathers download module and host data acquisition module.
Optionally, in described intelligent security defense system based on high in the clouds, property data base comprises in the described data acquisition download module: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
Optionally, in described intelligent security defense system based on high in the clouds, described Intelligent Processing Platform is included in application layer: system diagnostics evaluation module and attack detection module are used for the safe condition of described FTP client FTP is carried out comprehensive diagnos assessment and detection;
Malware killing module is used for described FTP client FTP is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing;
Hole Detection repairs that module is used for that leak and hidden danger to described FTP client FTP scans, detects, warning and download patches and reparation;
Trace detection is removed detection and the removing that module is used for the anomalous event vestiges such as virus that described FTP client FTP is occurred at network and attack;
Analyzing the blocking-up defense module is used for the anomalous event of described FTP client FTP is carried out identification, analysis and blocking-up defence;
High level diagnostics is repaired module and is used for the anomalous event of described FTP client FTP is carried out deeper analysis, diagnosis and reparation
Estimating the Audit Report module is used for anomalous event and processing procedure are formed the safety evaluation Audit Report;
The process registration table drives that monitoring module is used for monitoring before all the other modules are called the anomalous event process, identification and blocking-up operation;
Detecting the recovery module with the system service descriptor table is used for the described FTP client FTP service of scanning detection, distributes the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
Optionally, in described intelligent security defense system based on high in the clouds, the described Intelligent Processing Platform stratum nucleare that also included: expert system, feature knowledge storehouse and monitoring rules storehouse, described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
Simultaneously, the present invention also provides a kind of intelligent security defense method based on high in the clouds, use described intelligent security defense system based on high in the clouds, comprise: system core function scheduler module is dispatched described Intelligent Processing Platform alternately according to described high in the clouds Intelligent treatment assembly, wherein, described high in the clouds Intelligent treatment assembly identification and analysis one FTP client FTP send to the abnormal information in the network; Described Intelligent Processing Platform is carried out comprehensive maintenance to the abnormal information in the Intelligent treatment assembly of described high in the clouds.
Optionally, in described intelligent security defense method based on high in the clouds, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification;
Described data acquisition download module is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in the network;
Described host data acquisition module gathers malicious file, trojan horse feature database and the attack equal samples data of FTP client FTP;
The abnormal information in the preliminary identification analysis of sort module classification processing said data collection download module and the host data acquisition module is analyzed in described identification.
Optionally, in described intelligent security defense method based on high in the clouds, at the property data base of downloading real-time update with in the step of anomalous event information, classification, filtration and analysis in to network, described property data base comprises: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
Optionally, in described intelligent security defense method based on high in the clouds, described Intelligent Processing Platform is included in application layer: system diagnostics evaluation module, attack detection module, Malware killing module, Hole Detection are repaired that module, trace detection are removed module, analyzed the blocking-up defense module, high level diagnostics is repaired module, are estimated the Audit Report module, the process registration table drives monitoring module and the SSDT table detects and recovers module;
Described system diagnostics evaluation module, attack detection module are carried out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing to described FTP client FTP;
Described Hole Detection repair module to leak and the hidden danger of described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of the anomalous event vestiges such as virus that module occurs described FTP client FTP and attack in network;
Described analysis blocking-up defense module carries out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module the anomalous event of described FTP client FTP is carried out deeper analysis, diagnosis and reparation, and in described evaluation Audit Report module anomalous event and processing procedure is formed the safety evaluation Audit Report;
Described process registration table drives that monitoring module was monitored before all the other modules are called the anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects the scanning of recovery module and detects described FTP client FTP service, distributes the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
Optionally, in described intelligent security defense method based on high in the clouds, that application layer and the inner nuclear layer interlock of described Intelligent Processing Platform is mutual and collaborative.
Optionally, in described intelligent security defense method based on high in the clouds, described interlock comprises that to utilize home server group response, buffer memory support and enterprises Cloud Server synchronous.
A kind of intelligent security defense system and method based on high in the clouds provided by the invention, has following beneficial effect: dispatch alternately described Intelligent Processing Platform by system core function scheduler module according to described high in the clouds Intelligent treatment assembly, consist of one to abnormal information detect, the network security system of monitoring, killing, blocking-up, defence, audit and restore funcitons module, effectively improve the performance of dynamic and intelligent detection, identification and the blocking-up defence of whole network, strengthened the usefulness of overall intelligence defence.
Description of drawings
The invention will be further described below in conjunction with drawings and Examples, in the accompanying drawing:
Fig. 1 is the structural representation based on the intelligent security defense system and method in high in the clouds of the embodiment of the invention;
Fig. 2 be the embodiment of the invention be deployed in the structural representation of FTP client FTP based on the intelligent security defense system and method in high in the clouds.
Embodiment
Below in conjunction with the drawings and specific embodiments a kind of intelligent security defense system and method based on high in the clouds that the present invention proposes is described in further detail.According to the following describes and claims, advantages and features of the invention will be clearer.It should be noted that accompanying drawing all adopts very the form of simplifying and all uses non-accurately ratio, only in order to convenient, the purpose of the aid illustration embodiment of the invention lucidly.
Network security has become one of the 21 century world's ten big hot topic problems, has caused social extensive concern.Fast development along with informatization and IT technology, the application of computer networking technology more extensively and profoundly, network security problem constantly occurs, cause the importance of network security technology more outstanding, network security has become the focus that various countries pay close attention to, not only be related to user's information and asset risk, also be related to national security and social stability, become the frontier of popular research and demand for talent.Network security is a system engineering, has become the vital task of networking.Not only be related to national economy, also closely related with national security.The network security defense technique is the key technology that " putting prevention first " guarantees network security, is badly in need of very much the new cloud security technology of research and development.
Intelligent security defense system based on high in the clouds is a kind of cloud client secure infrastructure of new generation, can stop it before new threat arrives, and reaches network security intellectuality and Initiative Defense.Intelligent security defense system based on high in the clouds is divided into two classes: the one, and feature database or the storage beyond the clouds of category feature storehouse are with shared; The 2nd, as the quick collection of a up-to-date malicious code, spam or fishing network address etc., gather and respond the system of processing.The present invention mainly utilizes the 7 large core technologies of " cloud security ": Web prestige service (WRS), mail prestige service (ERS), file prestige are served (FRS), behavior association analysis technology, automatic feedback mechanism, threat information gathers and virus characteristic blacklist technology.The core of this Technical Architecture has surmounted the conventional method that stops the Web threat.
As shown in Figure 1, a kind of intelligent security defense system based on high in the clouds comprises:
High in the clouds Intelligent treatment assembly is used for identification and analyzes the abnormal information that a FTP client FTP sends to network;
Intelligent Processing Platform is used for the abnormal information of described high in the clouds Intelligent treatment assembly is carried out comprehensive maintenance;
System core function scheduler module is used for dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly.
Further, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification, and is arranged side by side with system self-insurance administration module, desktop display management module and system configuration administration module.
Concrete, the data acquisition download module is used for downloading the property data base of real-time update and FTP client FTP is sent to network anomalous event information, classification, filtration and analysis;
Concrete, described property data base comprises: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
Concrete, described host data acquisition module is for the malicious file, trojan horse feature database and the attack equal samples data that gather FTP client FTP;
Concrete, sort module is analyzed in described identification, is used for preliminary identification and analyzes the abnormal information that the classification processing said data gathers download module and host data acquisition module.
Further, described Intelligent Processing Platform is divided into application layer and inner nuclear layer.
Concrete, described Intelligent Processing Platform is included in application layer:
System diagnostics evaluation module and attack detection module, be used for the safe condition of described FTP client FTP is carried out comprehensive diagnos assessment and detection, by scanning and aspect ratio pair, detection of malicious software, suspicious event and file, system's startup item, BHO(Browser Helper Object), disk space and garbage files etc., according to evaluation criteria evaluation system safe condition and grade, and take Corresponding Countermeasures and mechanism;
Malware killing module is used for described FTP client FTP is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing, specifically comprises catalogue file, Installed System Memory and system core self-starting item etc.;
Hole Detection repairs that module is used for that leak and hidden danger to described FTP client FTP scans, detects, warning and download patches and reparation, the main information and the leak feature database that gather of utilizing compared identification, upgrade Sample Storehouse from security centres such as Microsofts, its leak patch is stored in registration table with knowledge base numbering form;
Trace detection is removed detection and the removing that module is used for the anomalous event vestiges such as virus that described FTP client FTP is occurred at network and attack;
Analyzing the blocking-up defense module is used for the anomalous event of described FTP client FTP is carried out identification, analysis and blocking-up defence, this module is based on the key of the intelligent security defense system and method in high in the clouds, link with other module composite defenses by intelligent interaction, and by cloud computing, self study and the anomalous events such as the inference mechanism intelligence blocking-up new variant viral of defence and attack;
High level diagnostics is repaired module and is used for the anomalous event of described FTP client FTP is carried out deeper analysis, diagnosis and reparation, monitoring is also confirmed attack plane viral source, character, type, key item, means and feature, protection effect evaluation and audit trail situation etc., so that in time repairing and reinforcement is perfect, and by summary, feedback, self study with deep-cut root, renolation feature database, rule base and knowledge base;
Estimating the Audit Report module is used for anomalous event and processing procedure are formed the safety evaluation Audit Report;
The process registration table drives monitoring module to be used for by the update service function address, to realize the key objects such as system process, registration table and driver load operation are carried out Real Time Monitoring with kernel level system service address table, monitors before all the other modules are called the anomalous event process, identification and blocking-up move; With
The system service descriptor table detects and recovers module for scanning the described FTP client FTP service of detection, distributing the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
Concrete, the described Intelligent Processing Platform stratum nucleare that also included: expert system, feature knowledge storehouse and monitoring rules storehouse, described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.Further, the described Intelligent Processing Platform stratum nucleare that also included: the process registration table drives monitoring kernel module and system service descriptor table (SSDT) and detects and recover kernel module, and driving, monitoring, the SSDT table that stresses kernel detects, system is recovered, the feature rule is with knowledge and inference mechanism and upgrade self study etc.
Further, except with corresponding feature database and described high in the clouds Intelligent treatment component interaction, also need network connection, application program, startup item, process, service and output report.
Simultaneously, the present invention also provides a kind of intelligent security defense method based on high in the clouds, uses the intelligent security defense system based on high in the clouds as described, comprising:
System core function scheduler module is dispatched described Intelligent Processing Platform alternately according to described high in the clouds Intelligent treatment assembly, and wherein, the Intelligent treatment assembly identification of described high in the clouds and analysis one FTP client FTP send to the abnormal information in the network; Described Intelligent Processing Platform is carried out comprehensive maintenance to the abnormal information in the Intelligent treatment assembly of described high in the clouds.
Further, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification, and is arranged side by side with system self-insurance administration module, desktop display management module and system configuration administration module.
Concrete, the data acquisition download module is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in the network;
Concrete, described property data base comprises: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
Concrete, described host data acquisition module, malicious file, trojan horse feature database and the attack equal samples data of collection FTP client FTP;
Concrete, sort module is analyzed in described identification, and preliminary identification analysis classification processing said data gathers the abnormal information in download module and the host data acquisition module.
Further, described Intelligent Processing Platform is divided into application layer and inner nuclear layer.
Concrete, described Intelligent Processing Platform is included in application layer: system diagnostics evaluation module, attack detection module, Malware killing module, Hole Detection are repaired that module, trace detection are removed module, analyzed the blocking-up defense module, high level diagnostics is repaired module, are estimated the Audit Report module, the process registration table drives monitoring module and the SSDT table detects and recovers module;
Described system diagnostics evaluation module and attack detection module, safe condition to described FTP client FTP carries out comprehensive diagnos assessment and detection, by scanning and aspect ratio pair, detection of malicious software, suspicious event and file, system's startup item, BHO(Browser Helper Object), disk space and garbage files etc., according to evaluation criteria evaluation system safe condition and grade, and take Corresponding Countermeasures and mechanism;
Described Malware killing module is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing to described FTP client FTP, specifically comprises catalogue file, Installed System Memory and system core self-starting item etc.;
Described Hole Detection is repaired module, leak and hidden danger to described FTP client FTP scans, detects, warning and download patches and reparation, the main information and the leak feature database that gather of utilizing compared identification, upgrade Sample Storehouse from security centres such as Microsofts, its leak patch is stored in registration table with knowledge base numbering form;
Described trace detection is removed module, detection and the removing of the anomalous event vestiges such as the virus that described FTP client FTP is occurred in network and attack;
Described analysis blocking-up defense module, the anomalous event of described FTP client FTP is carried out identification, analysis and blocking-up defence, this module is based on the key of the intelligent security defense system and method in high in the clouds, link with other module composite defenses by intelligent interaction, and by cloud computing, self study and the anomalous events such as the inference mechanism intelligence blocking-up new variant viral of defence and attack;
Described high level diagnostics is repaired module, anomalous event to described FTP client FTP is carried out deeper analysis, diagnosis and reparation, monitoring is also confirmed attack plane viral source, character, type, key item, means and feature, protection effect evaluation and audit trail situation etc., so that in time repairing and reinforcement is perfect, and by summary, feedback, self study with deep-cut root, renolation feature database, rule base and knowledge base;
Described evaluation Audit Report module forms the safety evaluation Audit Report to anomalous event and processing procedure;
Described process registration table drives monitoring module, by the update service function address, realize the key objects such as system process, registration table and driver load operation are carried out Real Time Monitoring with kernel level system service address table, before calling the anomalous event process, all the other modules monitor, identification and blocking-up operation; With
Described system service descriptor table detects and recovers module, and scanning detects described FTP client FTP service, distributes the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
Concrete, the described Intelligent Processing Platform stratum nucleare that also included: expert system, feature knowledge storehouse and monitoring rules storehouse, described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.Further, the described Intelligent Processing Platform stratum nucleare that also included: the process registration table drives monitoring kernel module and system service descriptor table (SSDT) and detects and recover kernel module, and driving, monitoring, the SSDT table that stresses kernel detects, system is recovered, the feature rule is with knowledge and inference mechanism and upgrade self study etc.
Further, except with corresponding feature database and described high in the clouds Intelligent treatment component interaction, also need network connection, application program, startup item, process, service and output report.
Further, the key that the present invention realizes is that function is integrated, application layer and the inner nuclear layer interlock of described Intelligent Processing Platform is mutual and collaborative, realize the integrated of automatic acquisition knowledge, study and reasoning, cloud computing and Symbol matching, solve knowledge acquisition, feature identification, analysis, monitoring and blocking-up.
Further, relend and help home server group response, buffer memory support and enterprises Cloud Server simultaneous techniques, namely can realize the intelligent security defense system and method based on high in the clouds.
Intelligent security defense system and method based on high in the clouds is a typical host-based network safety defense system, is deployed in FTP client FTP as shown in Figure 2.But adopt strategy and based on the access control rule of the acceptance action, FTP client FTP is carried out comprehensive detection, defence and maintenance.In order to realize autgmentability and durability, adopt that OO method is analyzed, design and modeling, application layer module, available VC++ exploitation, the kernel-driven module can be researched and developed with DDK2600.Download and feature is upgraded by automatically gathering from the cloud security cluster server, the Sample Storehouse data owner will be submitted to by the network user, the staff gathers, the data analytics server automatic analysis excavates and security centre of authoritative institution the mode such as shares and obtains.Be the safety of its tag file data, feature database can be encrypted distribution with aes algorithm.
The present invention has improved existing traditional network security defense technique, have and dynamically reach the Initiative Defense ability, fail to report the rate of false alarm height, be difficult to identify new virus and network attack, can not interlock and deficiency and the limitation such as composite defense, intelligent and interactivity be weak, and the defective that is difficult to the complicated virus of effectively defence and network attack.
Combination by said structure, the present invention is integrated cloud computing technology, network security defense technique and New Technologies in Artificial Intelligence, with the combination of the intellectual technologies such as cloud security technical advantage and core technology, HSPS technology and expert system, multi-level multimode Coupled motion, the mutual coordination, utilize a kind of new design philosophy to make up based on cloud intelligence HSPS and architecture, with multi-angle, comprehensive, structure has initiatively, comprehensive, composite defense integrated function, can carry out the new system of the multifunctional network monitoring and defense of solid, depth, dynamic protection to network.Integrate abnormal behaviour event-monitoring, detection, killing virus, blocking-up defensive attack, multiple-protection, realize virus and attack real time intelligent control, detect analyze and Prevention-Security integrated.The present invention both can carry out the real-time intelligent protection fast, also can remove virus and garbage files etc. and reduce consumption, and the dynamic and intelligent that has effectively improved whole network detects, distinguishes and block the performance of defence, had strengthened the usefulness of overall intelligence defence.
Foregoing description only is the description to preferred embodiment of the present invention, is not any restriction to the scope of the invention, and any change, modification that the those of ordinary skill in field of the present invention is done according to above-mentioned disclosure all belong to the protection range of claims.
Claims (11)
1. the intelligent security defense system based on high in the clouds is characterized in that, comprising:
High in the clouds Intelligent treatment assembly is used for identification and analyzes the abnormal information that a FTP client FTP sends to network;
Intelligent Processing Platform is used for the abnormal information of described high in the clouds Intelligent treatment assembly is carried out comprehensive maintenance;
System core function scheduler module is used for dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly.
2. the intelligent security defense system based on high in the clouds according to claim 1 is characterized in that, described high in the clouds Intelligent treatment assembly comprises:
The data acquisition download module is used for downloading the property data base of real-time update and FTP client FTP is sent to network anomalous event information, classification, filtration and analysis;
The host data acquisition module is for the malicious file, trojan horse feature database and the attack equal samples data that gather FTP client FTP;
Sort module is analyzed in identification, is used for preliminary identification and analyzes the abnormal information that the classification processing said data gathers download module and host data acquisition module.
3. the intelligent security defense system based on high in the clouds according to claim 2 is characterized in that described property data base comprises: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
4. the intelligent security defense system based on high in the clouds according to claim 1 is characterized in that, described Intelligent Processing Platform is included in application layer:
System diagnostics evaluation module and attack detection module are used for the safe condition of described FTP client FTP is carried out comprehensive diagnos assessment and detection;
Malware killing module is used for described FTP client FTP is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing;
Hole Detection repairs that module is used for that leak and hidden danger to described FTP client FTP scans, detects, warning and download patches and reparation;
Trace detection is removed detection and the removing that module is used for the anomalous event vestiges such as virus that described FTP client FTP is occurred at network and attack;
Analyzing the blocking-up defense module is used for the anomalous event of described FTP client FTP is carried out identification, analysis and blocking-up defence;
High level diagnostics is repaired module and is used for the anomalous event of described FTP client FTP is carried out deeper analysis, diagnosis and reparation
Estimating the Audit Report module is used for anomalous event and processing procedure are formed the safety evaluation Audit Report;
The process registration table drives that monitoring module is used for monitoring before all the other modules are called the anomalous event process, identification and blocking-up operation;
Detecting the recovery module with the system service descriptor table is used for the described FTP client FTP service of scanning detection, distributes the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
5. the intelligent security defense system based on high in the clouds according to claim 1, it is characterized in that, the described Intelligent Processing Platform stratum nucleare that also included: expert system, feature knowledge storehouse and monitoring rules storehouse, described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
6. the intelligent security defense method based on high in the clouds uses the intelligent security defense system based on high in the clouds as claimed in claim 1, it is characterized in that, comprising:
System core function scheduler module is dispatched described Intelligent Processing Platform alternately according to described high in the clouds Intelligent treatment assembly, and wherein, the Intelligent treatment assembly identification of described high in the clouds and analysis one FTP client FTP send to the abnormal information in the network; Described Intelligent Processing Platform is carried out comprehensive maintenance to the abnormal information in the Intelligent treatment assembly of described high in the clouds.
7. the intelligent security defense method based on high in the clouds according to claim 6 is characterized in that, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification;
Described data acquisition download module is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in the network;
Described host data acquisition module gathers malicious file, trojan horse feature database and the attack equal samples data of FTP client FTP;
The abnormal information in the preliminary identification analysis of sort module classification processing said data collection download module and the host data acquisition module is analyzed in described identification.
8. the intelligent security defense method based on high in the clouds according to claim 7, it is characterized in that, at the property data base of downloading real-time update with in the step of anomalous event information, classification, filtration and analysis in to network, described property data base comprises: comprehensive diagnostic feature database, trojan horse feature database, leak feature database and intrusion feature database.
9. the intelligent security defense method based on high in the clouds according to claim 6, it is characterized in that described Intelligent Processing Platform is included in application layer: system diagnostics evaluation module, attack detection module, Malware killing module, Hole Detection are repaired that module, trace detection are removed module, analyzed the blocking-up defense module, high level diagnostics is repaired module, are estimated the Audit Report module, the process registration table drives monitoring module and the SSDT table detects and recovers module;
Described system diagnostics evaluation module, attack detection module are carried out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is carried out rapid scanning, feature identification, the resident viruses such as wooden horse of removing to described FTP client FTP;
Described Hole Detection repair module to leak and the hidden danger of described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of the anomalous event vestiges such as virus that module occurs described FTP client FTP and attack in network;
Described analysis blocking-up defense module carries out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module the anomalous event of described FTP client FTP is carried out deeper analysis, diagnosis and reparation, and in described evaluation Audit Report module anomalous event and processing procedure is formed the safety evaluation Audit Report;
Described process registration table drives that monitoring module was monitored before all the other modules are called the anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects the scanning of recovery module and detects described FTP client FTP service, distributes the system service descriptor table with the original recovery system service descriptor table of described FTP client FTP.
10. the intelligent security defense method based on high in the clouds according to claim 6 is characterized in that, application layer and the inner nuclear layer interlock of described Intelligent Processing Platform is mutual and collaborative.
11. the intelligent security defense method based on high in the clouds according to claim 6 is characterized in that, described interlock comprises that to utilize home server group response, buffer memory support and enterprises Cloud Server synchronous.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100741589A CN103118036A (en) | 2013-03-07 | 2013-03-07 | Cloud end based intelligent security protection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100741589A CN103118036A (en) | 2013-03-07 | 2013-03-07 | Cloud end based intelligent security protection system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103118036A true CN103118036A (en) | 2013-05-22 |
Family
ID=48416310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100741589A Pending CN103118036A (en) | 2013-03-07 | 2013-03-07 | Cloud end based intelligent security protection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103118036A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428216A (en) * | 2013-08-12 | 2013-12-04 | 深圳市吉祥腾达科技有限公司 | Method and system for improving firewall performance |
| CN104392249A (en) * | 2014-11-10 | 2015-03-04 | 苏州乐聚一堂电子科技有限公司 | Personifying preference type interaction artificial intelligence expert system |
| CN104408520A (en) * | 2014-11-10 | 2015-03-11 | 苏州乐聚一堂电子科技有限公司 | Personification learning type interactive artificial intelligence expert system |
| CN105656843A (en) * | 2014-11-11 | 2016-06-08 | 腾讯数码(天津)有限公司 | Application layer protection method and apparatus based on verification and network equipment |
| CN105721478A (en) * | 2016-02-26 | 2016-06-29 | 浪潮通信信息系统有限公司 | Mobile application active safety protection method based on function injection |
| CN106357664A (en) * | 2016-09-30 | 2017-01-25 | 北京奇虎科技有限公司 | Vulnerability detection method and device |
| CN106570400A (en) * | 2016-10-11 | 2017-04-19 | 杭州安恒信息技术有限公司 | System and method for preventing attacks by self-learning in cloud environment |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN107493256A (en) * | 2016-06-13 | 2017-12-19 | 深圳市深信服电子科技有限公司 | Security incident defence method and device |
| CN107888601A (en) * | 2017-11-21 | 2018-04-06 | 国云科技股份有限公司 | A kind of cloud platform server Intelligent Measurement poisoning intrusion system and method |
| CN109284913A (en) * | 2018-09-07 | 2019-01-29 | 安徽恒科信息技术有限公司 | A kind of big data application management platform |
| CN110032869A (en) * | 2019-04-19 | 2019-07-19 | 湖南科技学院 | A kind of cloud computing protection early warning system based on big data |
| CN112615812A (en) * | 2020-11-19 | 2021-04-06 | 贵州电网有限责任公司 | Information network unified vulnerability multi-dimensional security information collection, analysis and management system |
| CN112905999A (en) * | 2021-03-01 | 2021-06-04 | 武汉未意信息技术有限公司 | Malicious website software vulnerability scanning security detection system |
| CN113141334A (en) * | 2020-01-19 | 2021-07-20 | 奇安信科技集团股份有限公司 | Data acquisition and analysis method and system based on network attack |
| CN113312201A (en) * | 2021-06-23 | 2021-08-27 | 深信服科技股份有限公司 | Abnormal process handling method and related device |
| CN113596044A (en) * | 2021-08-03 | 2021-11-02 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
| CN114726880A (en) * | 2022-04-12 | 2022-07-08 | 铜陵久装网络科技有限公司 | Information storage method based on cloud computing |
| CN118364459A (en) * | 2024-06-20 | 2024-07-19 | 环球数科集团有限公司 | AI-based intrusion kernel defense system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
| CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
| CN102664875A (en) * | 2012-03-31 | 2012-09-12 | 华中科技大学 | Malicious code type detection method based on cloud mode |
-
2013
- 2013-03-07 CN CN2013100741589A patent/CN103118036A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
| CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
| CN102664875A (en) * | 2012-03-31 | 2012-09-12 | 华中科技大学 | Malicious code type detection method based on cloud mode |
Non-Patent Citations (3)
| Title |
|---|
| 刘可: ""基于云的安全防御端系统研究与实现"", 《计算机安全(2011)》, no. 7, 15 July 2011 (2011-07-15) * |
| 胡伟俭: "浅谈云计算在反病毒软件中的应用", 《牡丹江教育学院学报(2009)》, no. 4, 30 April 2009 (2009-04-30), pages 101 - 102 * |
| 贾铁军: "基于云计算的智能NIPS的结构及特点", 《中国管理信息化》, vol. 13, no. 3, 28 February 2010 (2010-02-28), pages 112 - 114 * |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428216A (en) * | 2013-08-12 | 2013-12-04 | 深圳市吉祥腾达科技有限公司 | Method and system for improving firewall performance |
| CN103428216B (en) * | 2013-08-12 | 2016-12-28 | 深圳市吉祥腾达科技有限公司 | A kind of method and system improving fire wall performance |
| CN104392249A (en) * | 2014-11-10 | 2015-03-04 | 苏州乐聚一堂电子科技有限公司 | Personifying preference type interaction artificial intelligence expert system |
| CN104408520A (en) * | 2014-11-10 | 2015-03-11 | 苏州乐聚一堂电子科技有限公司 | Personification learning type interactive artificial intelligence expert system |
| CN105656843A (en) * | 2014-11-11 | 2016-06-08 | 腾讯数码(天津)有限公司 | Application layer protection method and apparatus based on verification and network equipment |
| CN105656843B (en) * | 2014-11-11 | 2020-07-24 | 腾讯数码(天津)有限公司 | Application layer protection method and device based on verification and network equipment |
| CN105721478A (en) * | 2016-02-26 | 2016-06-29 | 浪潮通信信息系统有限公司 | Mobile application active safety protection method based on function injection |
| CN107493256A (en) * | 2016-06-13 | 2017-12-19 | 深圳市深信服电子科技有限公司 | Security incident defence method and device |
| CN107493256B (en) * | 2016-06-13 | 2020-11-20 | 深信服科技股份有限公司 | Security event defense method and device |
| CN106357664B (en) * | 2016-09-30 | 2020-07-21 | 北京奇虎科技有限公司 | Vulnerability detection method and device |
| CN106357664A (en) * | 2016-09-30 | 2017-01-25 | 北京奇虎科技有限公司 | Vulnerability detection method and device |
| CN106570400A (en) * | 2016-10-11 | 2017-04-19 | 杭州安恒信息技术有限公司 | System and method for preventing attacks by self-learning in cloud environment |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN107888601A (en) * | 2017-11-21 | 2018-04-06 | 国云科技股份有限公司 | A kind of cloud platform server Intelligent Measurement poisoning intrusion system and method |
| CN109284913A (en) * | 2018-09-07 | 2019-01-29 | 安徽恒科信息技术有限公司 | A kind of big data application management platform |
| CN110032869A (en) * | 2019-04-19 | 2019-07-19 | 湖南科技学院 | A kind of cloud computing protection early warning system based on big data |
| CN110032869B (en) * | 2019-04-19 | 2022-08-09 | 湖南科技学院 | Cloud computing protection early warning system based on big data |
| CN113141334A (en) * | 2020-01-19 | 2021-07-20 | 奇安信科技集团股份有限公司 | Data acquisition and analysis method and system based on network attack |
| CN112615812A (en) * | 2020-11-19 | 2021-04-06 | 贵州电网有限责任公司 | Information network unified vulnerability multi-dimensional security information collection, analysis and management system |
| CN112905999A (en) * | 2021-03-01 | 2021-06-04 | 武汉未意信息技术有限公司 | Malicious website software vulnerability scanning security detection system |
| CN113312201A (en) * | 2021-06-23 | 2021-08-27 | 深信服科技股份有限公司 | Abnormal process handling method and related device |
| CN113596044A (en) * | 2021-08-03 | 2021-11-02 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
| CN113596044B (en) * | 2021-08-03 | 2023-04-25 | 北京恒安嘉新安全技术有限公司 | Network protection method and device, electronic equipment and storage medium |
| CN114726880A (en) * | 2022-04-12 | 2022-07-08 | 铜陵久装网络科技有限公司 | Information storage method based on cloud computing |
| CN114726880B (en) * | 2022-04-12 | 2024-04-26 | 于成龙 | Information storage method based on cloud computing |
| CN118364459A (en) * | 2024-06-20 | 2024-07-19 | 环球数科集团有限公司 | AI-based intrusion kernel defense system |
| CN118364459B (en) * | 2024-06-20 | 2024-08-23 | 环球数科集团有限公司 | AI-based intrusion kernel defense system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103118036A (en) | Cloud end based intelligent security protection system and method | |
| Manoharan et al. | Revolutionizing Cybersecurity: Unleashing the Power of Artificial Intelligence and Machine Learning for Next-Generation Threat Detection | |
| Wang et al. | A network gene-based framework for detecting advanced persistent threats | |
| CN113486351A (en) | Civil aviation air traffic control network safety detection early warning platform | |
| CN106790186A (en) | Multi-step attack detection method based on multi-source anomalous event association analysis | |
| CN102111420A (en) | Intelligent NIPS framework based on dynamic cloud/fire wall linkage | |
| CN104683394A (en) | Cloud computing platform database benchmark test system for new technology and method thereof | |
| CN103905459A (en) | Cloud-based intelligent security defense system and defense method | |
| CN110830287B (en) | Internet of things environment situation sensing method based on supervised learning | |
| Guarascio et al. | Boosting cyber-threat intelligence via collaborative intrusion detection | |
| CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
| CN110213226A (en) | Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN108965210A (en) | Safety test platform based on scene-type attacking and defending simulation | |
| CN107426159A (en) | APT based on big data analysis monitors defence method | |
| CN104683382A (en) | Benchmark testing system for cloud computing platform database of novel innovative algorithm | |
| Choksi et al. | Intrusion detection system using self organizing map: a survey | |
| CN104683378A (en) | Computing and debugging system for novel cloud computing service platform adopting new technology | |
| Zhong et al. | How to use experience in cyber analysis: An analytical reasoning support system | |
| Yan et al. | Research on key technologies of industrial internet data security | |
| Zhang et al. | Network security situation awareness technology based on multi-source heterogeneous data | |
| Xiao | Exploration of network information security technology and prevention in the digital age | |
| Gordon | Economic and national security effects of cyber attacks against small business communities | |
| Li et al. | Association analysis of cyber-attack attribution based on threat intelligence | |
| Bhardwaj et al. | Federated Learning for Getting the IoT Arrangement of Smart City Against Digital Threats |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130522 |