CN103929336A - High speed data extraction and linear speed analysis method - Google Patents
High speed data extraction and linear speed analysis method Download PDFInfo
- Publication number
- CN103929336A CN103929336A CN201310017594.2A CN201310017594A CN103929336A CN 103929336 A CN103929336 A CN 103929336A CN 201310017594 A CN201310017594 A CN 201310017594A CN 103929336 A CN103929336 A CN 103929336A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- network
- linear speed
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a high speed data extraction and linear speed analysis method. The system comprises a probe module, a storer, a security policy module and an access control management module, wherein the probe module, the storer, the security policy module and the access control management module are embedded into a gigabit Ethernet tester. The high speed data extraction and linear speed analysis method overcomes the defect that data linear speed extraction and processing cannot be achieved in an existing high speed network and can be widely applied to the fields of data analysis, instruments and meters.
Description
Technical field
The present invention relates to a kind of high-speed data and extract and linear speed analytical method, especially a kind of high-speed data based on hand-hold type gigabit Ethernet tester extracts and linear speed analytical method.
Background technology
In the work that is people at network and life constantly bring many benefits, also constantly bring new worry to the network user.The network user constantly suffers network hacker and viral invasion.All-pervasive gateway, server or the online computer of threatening of hacker and virus.When illegal invasion and computer virus are sustained a great loss society, also wake people's awareness of safety up, accelerated the development of network security marketplace.
Network security relies on no longer merely single equipment and monotechnics and realizes and become industry common recognition.Particularly as the virus attack problem the most easily causing in network, and the moment be among illegal invasion and viral encirclement, safe condition is very passive, but lacks the instrument product for this class quick diagnosis and real-time analysis equipment in existing market.
Based on the above, be badly in need of a kind of effectively high-speed data and extract and linear speed information analysis method.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of network information high-speed data extraction and linear speed analytical method of identification fast.
For solving the problems of the technologies described above, the technical solution adopted in the present invention is: provide a kind of high-speed data to extract and linear speed analytical method, this system comprises the probe module, memory, security strategy module and the access administration module that are embedded in gigabit Ethernet handheld instrument instrument.Wherein, data flow in local network is in the time of probe module, part information is stored in memory, external reference management system is to the data analysis in memory and realize the monitoring to network operation state, probe module judges data according to the requirement of security strategy module, and executes control according to the cause for gossip of judged result opposite end.
The further improvement of technique scheme is: wherein external reference management system further comprises analysis engine module, information monitoring mechanism module, information log administration module and monitoring display module.The access checking of analysis engine module and authentication binding characteristic, form subscriber terminal equipment and user's binding function, realizes the trackability of the network information.Probe module comprises active and passive type mode of operation, and active mode is that all network informations of flowing through are scanned, and finds potential security threat, and the passive mode driving of transmission data Network Based is analyzed.
For solving the problems of the technologies described above, another technical scheme of the present invention is: provide a kind of high-speed data to extract and linear speed analytical method, comprise the following steps:
Step 1, local network data flow are through probe module, and security strategy module compares judgement and according to result, port controlled it;
Step 2, memory are preserved a part of data, and by analysis engine module, produce network analysis data, realize the monitoring to network operation state.
The invention has the beneficial effects as follows: because the present invention is by the monitoring to network operation state to the data analysis in memory realization of external reference management system, probe module judges data according to the requirement of security strategy module, and execute control according to the cause for gossip of judged result opposite end, this system is had on local area network (LAN) across three layers of exchange, the function of intrusion detection and the anti-three aspects: that kills the virus.
Brief description of the drawings
Fig. 1 is the structure chart of active probe virus protection system of the present invention.
1. probe modules in figure, 2. memory module, 3. security strategy module, 4. analysis engine module, 5. information control
Module 6. information log modules, 7. monitoring display module, 8. access information management, 9. system applies interface
Embodiment
High-speed data extraction of the present invention and linear speed analytical method are based on hand-hold type ethernet test platform, identify weak reality for current network information, high-speed data extraction of the present invention and linear speed analytical method can realize the safe practice of network information identification and access track.It is comprehensively integrated broadband access, security control and access track, has solved the problem that ethernet test instrument cann't be solved in the past.Especially be applicable to the occasions such as network on-line analysis, network field conduct.
As shown in Figure 1, high-speed data extraction of the present invention and linear speed analytical method are mainly by being embedded in probe module (1), memory (2), the security strategy module (3) (being mainly security strategy mechanism storehouse) in hand-hold type gigabit Ethernet tester and being arranged on the external reference management system (8) in information monitoring server, and external reference management system mainly comprises analysis engine module (4), information monitoring module (5) (being mainly information monitoring knowledge base), information log administration module (6) and monitoring display module (7).
Security strategy module (3) system of being mainly provides security strategy, comprises tactful preservation, renewal, interpolation.Analysis engine module (4) is mainly by checking network data information; in detection system, run counter to security strategy or jeopardize behavior or the activity of system safety; thereby the resource of protection information system is not subject to Denial of Service attack, prevent system data leakage, distort and destroy.Information monitoring module (5) is mainly to network traffics, user's running status dynamic surveillance.Information log administration module (6) mainly records in good time and inquires by classification Operation Log, system running log, fault log.Monitoring display module (7) is mainly monitored terminal use with real-time display mode.
When data flow in local area network (LAN) is passed through probe module (1), some key messages in data are stored in data storage (2) on the one hand, the information exchange of having preserved is crossed the analysis engine module (4) in information monitoring server, produce network analysis data, realize the monitoring to network operation state.On the other hand, probe module (1) compares judgement according to the strategy of security strategy module (3) to data, and require the port of information exchange/route to implement to control according to security strategy module (3), blocking-up or warning prompt have the port of virus or spam.
Probe module (1) mode of operation is divided into active mode and passive mode, active mode is that the user terminal on all Layer 2 switch below three-tier switch is scanned, to produce the extremely potential security threat of system of terminal use moving in network, as security breaches, back door port etc.Passive mode is exactly the driving of transmission data Network Based, do not send probe to network, but stream of packets in monitoring network is inferred the situation of network, monitor network with passive mode, collection comes from the statistics of all topologys, virtual circuit, application and agreement, has realized the each layer analysis of data link layer to application layer.
Analysis engine module (4) in information monitoring server is to realize the core of network traffics, user's running status dynamic surveillance.The data that probe module (1) gathers, by the processing of analysis engine module (4), produce corresponding form or graphic file, hold in time network operation situation and implement corresponding management strategy for network management personnel.Analysis engine module (4) can also be controlled moving (1) state sampling of probe module and gather user terminal screen picture, to realize the monitoring that the network user is used to state.
Access checking in analysis engine module (4) is combined with authentication, forms subscriber terminal equipment and user's binding function, has realized the trackability of the network information.Before connection device is verified, access to netwoks power is prohibited completely.After being verified, user can be provided the 3rd layer of filtration, rate limit and the 4th layer of filtration.
Advantage of the present invention is just the environment such as field, spatial limitation, can rapid extraction and analyze network carrying information, be beneficial to Quick-return and the reliability service of network.
Claims (10)
1. a high-speed data extracts and linear speed analytical method, it is characterized in that: this system comprises the probe module, memory, security strategy module and the access information management that are embedded in gigabit Ethernet tester, wherein, data flow in local network is in the time of probe module, part information is stored in memory, management system is to the data analysis in memory and realize the monitoring to network operation state, probe module judges data according to the requirement of security strategy module, and executes control according to the cause for gossip of judged result opposite end.
2. high-speed data as claimed in claim 1 extracts and linear speed analytical method, it is characterized in that: this access information management further comprises analysis engine module, information monitoring module, information log administration module and monitoring display module, wherein, data are after engine modules is analyzed by analysis, realize dynamic monitoring by information monitoring module, then via log management module and monitoring display module management or demonstration.
3. high-speed data as claimed in claim 2 extracts and linear speed analytical method, it is characterized in that: the access checking of this analysis engine module and remote user authentication system identity certification combination, form subscriber terminal equipment and user's binding function, realize the trackability of the network information.
4. high-speed data as claimed in claim 3 extracts and linear speed analytical method, it is characterized in that: this remote user authentication system be a kind of between network access server and shared certificate server the agreement of certified transmission, mandate and configuration information.
5. active probe virus protection system as claimed in claim 4, is characterized in that: this remote customer dialing authentication system is used UDP as its host-host protocol.
6. high-speed data as claimed in claim 5 extracts and linear speed analytical method, it is characterized in that: this remote customer dialing authentication system is responsible for transmitting the charge information between network access server and shared accounting server.
7. high-speed data as claimed in claim 3 extracts and linear speed analytical method, it is characterized in that: IEEE802.1x is a kind of link layer authentication mechanism agreement, and controlling access to netwoks port is the access of network connection point.
8. high-speed data as claimed in claim 7 extracts and linear speed analytical method, it is characterized in that: physical exchange port or logic port that this access to netwoks port is access point.
9. high-speed data as claimed in claim 1 extracts and linear speed analytical method, it is characterized in that: this probe module comprises active and passive type mode of operation, active mode is that the user terminal on all Layer 2 switch below three-tier switch is scanned, find potential security threat, the passive mode driving of transmission data Network Based is analyzed.
10. high-speed data extracts and a linear speed analytical method, it is characterized in that comprising the following steps:
Step 1, local network data flow are through probe module, and security strategy module compares judgement and according to result, port controlled it;
Step 2, memory are preserved a part of data, and by analysis engine module, produce network analysis data, realize the monitoring to network operation state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017594.2A CN103929336A (en) | 2013-01-16 | 2013-01-16 | High speed data extraction and linear speed analysis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017594.2A CN103929336A (en) | 2013-01-16 | 2013-01-16 | High speed data extraction and linear speed analysis method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103929336A true CN103929336A (en) | 2014-07-16 |
Family
ID=51147420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310017594.2A Pending CN103929336A (en) | 2013-01-16 | 2013-01-16 | High speed data extraction and linear speed analysis method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103929336A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022129A (en) * | 2016-05-17 | 2016-10-12 | 北京江民新科技术有限公司 | File data characteristic extraction method and device and virus characteristic detection system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040003284A1 (en) * | 2002-06-26 | 2004-01-01 | Microsoft Corporation | Network switches for detection and prevention of virus attacks |
| CN1905471A (en) * | 2005-07-28 | 2007-01-31 | 深圳市世纪大吉网络通讯有限公司 | Active virus detecting protecting system and protecting method thereof |
| CN101052020A (en) * | 2007-05-21 | 2007-10-10 | 中兴通讯股份有限公司 | Monitor method and system for automatically measuring executing process |
| CN101127638A (en) * | 2007-06-07 | 2008-02-20 | 飞塔信息科技(北京)有限公司 | Active virus automatic prevention and control system and method |
-
2013
- 2013-01-16 CN CN201310017594.2A patent/CN103929336A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040003284A1 (en) * | 2002-06-26 | 2004-01-01 | Microsoft Corporation | Network switches for detection and prevention of virus attacks |
| CN1905471A (en) * | 2005-07-28 | 2007-01-31 | 深圳市世纪大吉网络通讯有限公司 | Active virus detecting protecting system and protecting method thereof |
| CN101052020A (en) * | 2007-05-21 | 2007-10-10 | 中兴通讯股份有限公司 | Monitor method and system for automatically measuring executing process |
| CN101127638A (en) * | 2007-06-07 | 2008-02-20 | 飞塔信息科技(北京)有限公司 | Active virus automatic prevention and control system and method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022129A (en) * | 2016-05-17 | 2016-10-12 | 北京江民新科技术有限公司 | File data characteristic extraction method and device and virus characteristic detection system |
| CN106022129B (en) * | 2016-05-17 | 2019-02-15 | 北京江民新科技术有限公司 | Data characteristics extracting method, device and the virus characteristic detection system of file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Premaratne et al. | An intrusion detection system for IEC61850 automated substations | |
| CN111092869B (en) | Security management and control method for terminal access to office network and authentication server | |
| CN109660526A (en) | A kind of big data analysis method applied to information security field | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN106131023A (en) | A kind of Information Security Risk strength identifies system | |
| CN100435513C (en) | Method of linking network equipment and invading detection system | |
| JP6833672B2 (en) | How to detect attacks on the work environment connected to the communication network | |
| CN107347047A (en) | Attack guarding method and device | |
| CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
| CN107295010A (en) | A kind of enterprise network security management cloud service platform system and its implementation | |
| CN106685984A (en) | Network threat analysis system and method based on data pocket capture technology | |
| Gandhi et al. | Packet sniffer–a comparative study | |
| CN106878339A (en) | A kind of vulnerability scanning system and method based on internet-of-things terminal equipment | |
| Neu et al. | Lightweight IPS for port scan in OpenFlow SDN networks | |
| CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
| CN111131332A (en) | Network service interconnection and flow acquisition, analysis and recording system | |
| Toker et al. | Mitre ics attack simulation and detection on ethercat based drinking water system | |
| Ali et al. | Detection and prevention cyber-attacks for smart buildings via private cloud environment | |
| KR20150026345A (en) | Apparatus and method for creating whitelist with network traffic | |
| Araújo et al. | EICIDS-elastic and internal cloud-based detection system | |
| Yakin et al. | Security threats and service degradation detection in LoRaWAN networks | |
| Vokorokos et al. | Network security on the intrusion detection system level | |
| CN103929336A (en) | High speed data extraction and linear speed analysis method | |
| CN115801441A (en) | Safety protection system and method of train communication network | |
| Liu et al. | The dynamic honeypot design and implementation based on Honeyd |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| DD01 | Delivery of document by public notice |
Addressee: Yu Zhenhua Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Yu Zhenhua Document name: the First Notification of an Office Action |
|
| DD01 | Delivery of document by public notice |
Addressee: Yu Zhenhua Document name: Decision of Rejection |
|
| DD01 | Delivery of document by public notice | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140716 |
|
| RJ01 | Rejection of invention patent application after publication |