Outlet information privacy based on SDN network checks detection platform system and detection method
Technical field
The present invention relates to network security technology field, the outlet information privacy relating in particular to based on SDN network checks detection platform system and detection method.
Background technology
Along with the fast development of China's economic society, informationization is also in continuous development, and a business/organization inevitably need to contact with the Internet in daily office, mutually transmission of information.First this brought the significant challenge of safe and secret aspect to business/organization, need to prevent leakage security information that employee be not intended to/has a mind to, prevent that outside member from illegally obtaining the security information of business/organization; Interior employee needs controlled normally the carrying out of business/organization routine work that be beneficial to the consumption of site resource and internet behavior etc. in addition.
Outlet information privacy checks that detection platform exports and carries out unified censorship detection all mobile Internets of business/organization.Primary study is unified supervision to all mobile Internet abnormal behaviours, wooden horse behavior and the transmission information of business/organization the Internet, makes user find and dispose all kinds of events in the very first time.Examination is analyzed by the data of internet transmission, and examination is analyzed to the information of issuing on the Internet, can the abnormal network behavior of identification terminal, and can find behavior viral and that wooden horse is stolen data; Can carry out strict monitoring to the behavior of divulging a secret, obtain necessary information to trace responsible person concerned; Guarantee the safety of platform and data, prevent that secondary from divulging a secret.
For example, the patent of invention that application number is 201210435961.6 provides a kind of network computer information security detection method, comprises the following steps: network server end is associated with computer client; Setting network server end detects strategy; Determine that computer client detects strategy; File dynamic real-time monitor is reported to the police.The pattern that the present invention combines by active detecting and passive detection, carries out Macro or mass analysis by check result unification, and prompting computer client is processed accordingly.By the self-defined function of white name list containing sensitive words information of computer client, improve accuracy rate and the recall precision of censorship.The unified of censorship strategy by network server end set and issues, and realizes the warning of file dynamic real-time monitor, automatic inspection and the early warning mechanism of computer client, from technological means, improves the secret prevention awareness of employee, evades enterprise's risk of divulging a secret.
Application number is that 200310114937.3 patent of invention relates to leakage of information crime prevention system and its implementation under the cooperative working environment in network security technology field.Comprise: client and service end two parts, client is arranged on every computer that need to operate protected file, for carrying out protection operation; Service end is arranged on the independent computer in network, for execution monitoring with control the computer of client, management certificate and key, to user in client to protected file, client is connected by network with service end.Method comprises: the identity of authentication of users and authority; Carry out decryption oprerations; The file being opened is monitored constantly; To preserving content, do encryption, the content being kept at like this on disk is all the information of encrypting forever, has guaranteed that like this file is copied by any way to other places and all encrypts.Fundamentally solved the leakage of information problem under cooperative working environment, and various applied environments have all been done to consideration, availability is high.
Above-mentioned technology is in former network, network server end is associated with computer client, and then on this server, setting network server end detects strategy, determines that computer client detects strategy, to carry out the detection of information privacy; In addition file is dynamically monitored in real time.This technology is carried out censorship work in legacy network, with former operation system and be stored in consolidated network, has great potential safety hazard: easily cause secondary to divulge a secret, also the flow load in former network is caused to extra burden in addition.
In addition, the patent No. is that 200820192655.3 utility model relates to a kind of Intelligent multifunctional safety gateway, by linux kernel and at least two network interface cards, formed, its linux kernel interconnects with each network interface card respectively, be characterized in: linux kernel is also by interface and ip packet filter module, flow-control module, L7 and P2P module interconnect, internal task scheduler module respectively with linux kernel, ip packet filter module, flow-control module, L7 and P2P module interconnect, internal task scheduler module is also connected with user by an interactive interface module.The utility model integrates router, flow control, VPN and firewall functionality, IP-based flow control function, intelligent router feature, VPN dialup access server function and network firewall and NAT address translation feature can be provided, substitute costliness and the relatively single multiple private network device of function, not only stable and reliable for performance, and with low cost.This technology by all working piezometric to Intelligent multifunctional safety gateway, by all work, such as ip packet filter module, flow-control module, L7 and P2P module etc. all concentrates on an equipment and completes, and flow system flow and original operation system are also and exist in consolidated network in addition.
Summary of the invention
The present invention for the flow effect that solves the information privacy of prior art middle outlet and check that the fail safe of detection platform system is not high enough and produce shortcoming or the deficiency of legacy network efficiency, adopted a kind of outlet information privacy based on SDN network to check the scheme of detection platform system, thereby realized, strengthen outlet information privacy inspection detection platform security of system, alleviate business network flow burden.
Outlet information privacy based on SDN network checks detection platform system, and it consists of censorship detection module and controller cluster control module.
Its middle controller cluster control module is coordinated and controls the controller cluster in platform, and communicate with supporting the switch of SDN, it comprises state distribution/synchronization module, divide territory administration module, distributed storage management module, switch is shared control module, exchange interface communication module.
Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.
Censorship detection module is deployed in censorship and detects on server, daily concerning security matters examination module, internet behavior control module, suspicious terminal detection module, wooden horse detection module, platform operation management module, inherently safe assurance module and policy database, virus characteristic pattern base, feature rule base, consists of.
Wherein daily concerning security matters examination module is responsible for Email, file transfer, microblogging, blog, the examination of network forum; Internet behavior control module is responsible for the monitor audit to P2P delivery means such as HTTP, FTP, SMTP, POP3, Web Mail, QQ, MSN, community/forum/video/game, the electric donkey/sudden peal of thunder of BT/ etc.
Suspicious terminal detection module comprises domain name detection module, IP address detected module, SSL channel detecting module, uplink and downlink flow proportional detection module.
Wooden horse detection module detects extraordinary wooden horse domain name feature, extraordinary wooden horse IP address feature, extraordinary wooden horse data content feature.
Platform operation management module comprises Centralized management of policy module, retrieval analysis module, operation management module.
Inherently safe assurance module comprises sign and identification module, platform operations log pattern, security service module, clock synchronization module, safety certificate module.
Outlet information privacy based on SDN network checks the detection method of detection platform, the step of the method is as follows: after platform initialization completes, support the switch of SDN to forward entering the packet of switch according to the stream list item issuing, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, the stream list item that mates safe and secret threat, IP data packet head and a tcp data packet header data with alert bag of composition that the switch of support SDN extracts this packet send to controller, simultaneously by this data packet discarding, after controller receiving alarm information, notify censorship detection module to carry out associative operation, censorship detection module record security threatens daily record, and send notice to third party's fail-safe software control system, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, support the switch of SDN to copy this Packet Generation to controller, this packet is pressed into waiting list to wait for that issue stream table indicates and how to process simultaneously, controller is then further forwarded to censorship detection module, by censorship detection module, this packet is detected, as detected, find that this security data packet, without the controller of notice transmission information to be checked of divulging a secret, requires switch to send packet according to former target, as detected, find that these data are surrounded by security threat or the situation of divulging a secret, censorship detection module generates the stream list item of this type of packet and is distributed to relevant controller, the stream list item that controller is assigned to oneself is issued to the switch of this controller management, and the switch that notice sends information to be checked is pressed into the packet of waiting list by the stream list processing newly issuing, if packet does not all meet above situation, send as before packet.
The beneficial effect that technical solution of the present invention is brought:
Outlet information privacy inspection detection platform system based on SDN network is utilized SDN network technology, the flow separation relevant to censorship that outlet information privacy can be checked to detection platform generation is to another network, security threat and the flow load problem of possible systems such as " secondary are divulged a secret " have been solved, can promote greatly Internet exportation information privacy and check detection platform security of system, also alleviate business network flow burden simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the functional structure chart that the outlet information privacy based on SDN network checks detection platform system;
Fig. 2 is the segmentation flow diagram that the outlet information privacy based on SDN network checks detection platform system;
Fig. 3 is the network topological diagram that the outlet information privacy based on SDN network checks detection platform system;
Fig. 4 is that the outlet information privacy based on SDN network checks detection platform system initialization flow chart;
Fig. 5 is the detection method flow chart that the outlet information privacy based on SDN network checks detection platform.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Outlet information privacy based on SDN network checks that detection platform system can export and carry out unified censorship detection for all the Internets of business/organization, mobile Internet.Censorship detection module is collected relevant data flow and analyzes from the switch of support SDN by SDN controller, all abnormal behaviour, wooden horse behavior and transmission information in business/organization Intranet are unified to supervision, make user find and dispose all kinds of events in the very first time.Examination is analyzed by the data of internet transmission, examination is analyzed to the information of issuing on the Internet, can identify abnormal network behavior, and can find the behavior that virus and wooden horse are stolen data, can carry out strict monitoring to the behavior of divulging a secret, obtain necessary information to trace responsible person concerned, guarantee the safety of platform and data, prevent that secondary from divulging a secret.
The functional structure chart that is illustrated in figure 1 the outlet information privacy inspection detection platform system based on SDN network, it consists of censorship detection module and controller cluster control module.
Its middle controller cluster control module is coordinated and controls the controller cluster in platform, and communicate with supporting the switch of SDN, it comprises state distribution/synchronization module, divide territory administration module, distributed storage management module, switch is shared control module, exchange interface communication module.Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.Censorship detection module is deployed in censorship and detects on server, daily concerning security matters examination module, internet behavior control module, suspicious terminal detection module, wooden horse detection module, platform operation management module, this six large module of inherently safe assurance module and policy database, virus characteristic pattern base, these three databases of feature rule base, consists of.Wherein daily concerning security matters examination module is responsible for Email, file transfer, microblogging, blog, the examination of network forum; Internet behavior control module is responsible for the monitor audit to P2P delivery means such as HTTP, FTP, SMTP, POP3, Web Mail, QQ, MSN, community/forum/video/game, the electric donkey/sudden peal of thunder of BT/ etc.; Suspicious terminal detection module comprises domain name detection module, IP address detected module, SSL channel detecting module, uplink and downlink flow proportional detection module; Wooden horse detection module detects extraordinary wooden horse domain name feature, extraordinary wooden horse IP address feature, extraordinary wooden horse data content feature; Platform operation management module comprises Centralized management of policy module, retrieval analysis module, operation management module; Inherently safe assurance module comprises sign and identification module, platform operations log pattern, security service module, clock synchronization module, safety certificate module.
Outlet information privacy based on SDN network checks that detection platform system is based on SDN technology, and former network, outlet information privacy are checked to the two network detach of detection platform opens.The switch of censorship detection module and SDN controller cluster, support SDN is connected to form an independently network, in this network, carry out high level security control, outlet information privacy checks that the correlative flow of detection platform system and SDN control the network that flow shares same high level of security like this, guaranteed the fail safe of system, and platform has been dropped to minimum to the performance impact of former network.Business/organization related system platform continues to use original network, and legacy network flow is exported the impact that information privacy checks detection platform system hardly.Specifically as shown in Figure 2, solid line is partly former network traffics, and platform is not changed this; Flow shown in chain-dotted line is that SDN controls flow, and this is the flow of SDN controller and switch communication; Flow shown in thick dashed line is that censorship detects flow, and this partial discharge is the flow to be checked that the switch of support SDN is selected from former network traffics according to stream table, by stream table rule, from certain port of switch, sends to the network that SDN controls stream place.
Be illustrated in figure 3 the network topological diagram of the outlet information privacy inspection detection platform system based on SDN network.The network topology structure that in figure, solid line network is original undertaking/organization internal; Dotted line network is the network of SDN controller and the switch communication of supporting SDN " network and outlet information privacy check detection system " work.
The outlet information privacy inspection detection platform system initialization flow chart based on SDN network as shown in Figure 4.After outlet information privacy based on SDN network checks that detection platform system starts, censorship detection module tuning controller cluster, from switch, obtain network topology situation, divide the switch scope that each controller is controlled, then according to policy database, virus characteristic pattern base, these three databases of feature rule base, lay down a regulation and list stream list item, stream list item is dealt into respectively to relevant controller, the stream list item that controller is assigned to oneself is issued on the switch of this controller management, and so far plateform system initial work finishes.
Be illustrated in figure 5 the overhaul flow chart of the outlet information privacy inspection detection platform based on SDN network.After platform initialization completes, support the switch of SDN to forward entering the packet of switch according to the stream list item issuing, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, the stream list item that mates safe and secret threat, IP data packet head and a tcp data packet header data with alert bag of composition that the switch of support SDN extracts this packet send to controller, simultaneously by this data packet discarding, after controller receiving alarm information, notify censorship detection module to carry out associative operation, censorship detection module record security threatens daily record, and send notice etc. to third party's fail-safe software control system, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, support the switch of SDN to copy this Packet Generation to controller, this packet is pressed into waiting list to wait for that issue stream table indicates and how to process simultaneously, controller is then further forwarded to censorship detection module, by censorship detection module, this packet is detected, as detected, find that this security data packet is without the controller of notice transmission information to be checked of divulging a secret, require switch to send packet according to former target, as detected, find these data be surrounded by security threat or divulge a secret situation censorship detection module generate the stream list item of this type of packet and be distributed to relevant controller, the stream list item that controller is assigned to oneself is issued to the switch of this controller management, the switch that notice sends information to be checked is pressed into the packet of waiting list by the stream list processing newly issuing, if packet does not all meet above situation, send as before packet.
The outlet information privacy based on SDN the network above embodiment of the present invention being provided checks that detection platform system and detection method are described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.