CN106209902A - A kind of network safety system being applied to intellectual property operation platform and detection method - Google Patents

A kind of network safety system being applied to intellectual property operation platform and detection method Download PDF

Info

Publication number
CN106209902A
CN106209902A CN201610626163.XA CN201610626163A CN106209902A CN 106209902 A CN106209902 A CN 106209902A CN 201610626163 A CN201610626163 A CN 201610626163A CN 106209902 A CN106209902 A CN 106209902A
Authority
CN
China
Prior art keywords
intrusion detection
event
fire wall
module
detection module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610626163.XA
Other languages
Chinese (zh)
Inventor
葛龙
张励
滕诣迪
张宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changshu Hi Tech Innovation Service Co Ltd
Original Assignee
Changshu Hi Tech Innovation Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changshu Hi Tech Innovation Service Co Ltd filed Critical Changshu Hi Tech Innovation Service Co Ltd
Priority to CN201610626163.XA priority Critical patent/CN106209902A/en
Publication of CN106209902A publication Critical patent/CN106209902A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)

Abstract

The invention provides a kind of network safety system being applied to intellectual property operation platform, including fire wall, event generator, intrusion detection module, event memory module and alarm module.Fire wall, event generator, intrusion detection module and alarm module are sequentially connected, and event stores module and is connected with intrusion detection module and fire wall.This system intercepts real-time packet in a network, it is carried out access based on security strategy control to analyze, utilizing event generator extract general introduction property event information from the IP packet intercepted and captured and send intrusion detection module to and carry out safety analysis, intrusion detection module uses the Intrusion Detection Technique based on the statistics event information to receiving to carry out detection and analyzes simultaneously.The present invention utilizes firewall technology both to achieve the acquisition to the network data needed for intrusion detection, solves again the problem that tradition intrusion detection can not carry out actively controlling;The result of network invasion monitoring also for fire wall Security Strategies provide foundation, improve the intellectual access control ability of fire wall.

Description

A kind of network safety system being applied to intellectual property operation platform and detection method
Technical field
The invention belongs to computer network security technology field, relate more specifically to a kind of network safety system and detection side Method.
Background technology
In the cybertimes got the upper hand of with information, the importance of information resources more highlights, owing to individual enterprise can obtain Or the information provided is all limited, thus Public information service platform arises at the historic moment, this type of platform mostly by government, enterprise, The multi-subjects such as colleges and universities, industry organization puts into, uses market mechanism running, open to the society, service medium-sized and small enterprises, research Exploitation industry general character and guardian technique, raising this area innovation ability.
Intellectual property operation platform is to improve Regional Innovation Capacity, it is achieved the important way that intellectual achievement effectively converts, more It is to advance intellectual property industry development, makes the inevitable requirement of cultural soft power.The foundation of intellectual property operation platform, no Can be only thought, wisdom entrance capital market provides possible, is to integrate market resource especially, and the Financing Mode of Innovation Industry is done Going out useful practice, the foundation of intellectual property operation platform is not only intellectual property both sides of supply and demand and has built a high efficient and flexible The public service platform of the transaction of intellectual property achievement, intellectual property investment and financing activity, intangible asset etc., is also intellectual property Manager payes attention to and promotes that the management of intellectual property transfer provides new approaches, promotes the industrialized development of intellectual property further, for Realize " Created in China " to do one's bit.
Intellectual property operation platform arranges information resources as a height, it is provided that the management platform of public service, logarithm Being proposed higher requirement according to the safe operation of safety and network, in structure, Prevention-Security measure to be carried out, locates in time Reason emergency case, it is ensured that network can safely and steadily run.
Intrusion detection is the method for the protection network security of main flow in recent years, and Intrusion Detection Technique is positive as one Safety protection technique, it is possible to flexibly for the characteristic of various network structures, actively monitoring computer network or system, and Can to external attack, internal attack and faulty operation carries out real-time guard, form effective security strategy, to computer Network or system play a part Initiative Defense, are computer security and the requisite ingredient of network security.
Intruding detection system is divided into two classes according to its detection Data Source: Host Intrusion Detection System system and based on net The intruding detection system of network.Host Intrusion Detection System system extracts data (such as system journal etc.) conduct from individual host The data source of Intrusion analysis, and based-wed CL extracts the network message number as Intrusion analysis from network According to source.As a rule Host Intrusion Detection System system can only detect individual host system, and Network Intrusion Detection System Multiple host computer systems of this network segment can be detected by system, multiple network invasion inspections being distributed in different segment Examining system can be with collaborative work to provide higher intrusion detection capability.
Network Intrusion Detection System obtains the mode intercepted based on bag that general employing is passive to IP packet, examines in time Measure attack, it is also difficult to take prevention real-time, effective or control measure.
Summary of the invention
Fire wall and Intrusion Detection Technique are combined by the present invention, solve tradition intrusion detection and can not carry out actively control 's
Problem.
A kind of network safety system being applied to intellectual property operation platform, including fire wall, event generator, intrusion detection mould Block, event memory module and alarm module.Fire wall, event generator, intrusion detection module and alarm module are sequentially connected, thing Part stores module and is connected with intrusion detection module and fire wall.
First the network data that fire wall is responsible for flowing into filters;
After event generator is responsible for the IP bag from fire wall is analyzed, is screened, it is converted into useful event information and sends to Intrusion detection module;
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, specifically comprises the following steps that
(1) information collecting event generator is added up;
(2) constantly describe storehouse with normal network conditions to compare in real time, judge whether to occur by intrusion detection function
Intrusion event, as occurred, then sending this event to event memory module, if not invading, then repeating step (1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, the intrusion detection function used in described detection method based on statistics is based on Naive-Bayes Algorithm.
Beneficial effect
(1) utilize firewall technology both to achieve the acquisition to the network data needed for intrusion detection, solve again tradition invasion The problem that detection can not carry out actively controlling, it is ensured that the information security of intellectual property operation platform;
(2) result of network invasion monitoring also for fire wall Security Strategies provide foundation, improve the intelligence of fire wall Access control ability.
Accompanying drawing explanation
Fig. 1 is the system structure schematic diagram of the present invention.
Fig. 2 is the detection method flow chart that the present invention uses.
Detailed description of the invention
As it is shown in figure 1, the network safety system of a kind of knowledge based property right operation platform, occur including fire wall, event Device, intrusion detection module, alarm module and event memory module.Fire wall, event generator, intrusion detection module and warning mould Block is sequentially connected, and event stores module and is connected with intrusion detection module and fire wall.
Fire wall uses packet filter firewall, and it decides whether to turn with security strategy according to the information of IP packet header Sending out this IP packet, security strategy is on filtering the correctness of behavior and efficiency impact is very big, for rule of simplification with improve efficiency, The filtering module of firewall system have employed based on connecting and the efficient packet filtering technique of hash algorithm, only receives Shen in system Please the Bao Shicai search rule collection of connection establishment, will refusal or the labelling write session table that allows, for common IP number According to Bao Ze by source IP address, source port, the IP address of target, destination interface hash algorithm rapid at connection status the exterior and the interior Be located by connecting probability, finds out corresponding action, thus improves the efficiency of packet filtering.
After event generator is responsible for the IP bag from fire wall carries out protocal analysis, screening, it is converted into useful event letter Breath sends intrusion detection module to.
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, as in figure 2 it is shown, specifically comprise the following steps that
(1) information collecting event generator is added up;
(2) statistic is compared with the threshold value of setting in intrusion detection function, as exceeded threshold value, then judge to there occurs invasion Event, sending this event to event memory module, if being not above threshold value, then judging not invade, and repeats step (1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, described intrusion detection function uses based on Naive-Bayes algorithm.This algorithm ratio is merely according to certain Individual system
The combinatorial operation of metering or multiple statistic is superior, because Naive-Bayes algorithm is to obtain each system by study Metering importance in intrusion detection, more intelligent than certain computing of fixing multiple statistics, it is more nearly network Concrete applied environment.
Detection based on statistics is whether to exceed predetermined threshold value by test statistics to identify Network Abnormal, therefore Selection to threshold value is extremely important, if threshold value is selected the lowest, then the probability reported by mistake is bigger, if threshold value is selected too high, It would be possible that the connection of some exceptions can be missed, currently preferred threshold value is 0.8.
In the present invention, fire wall and intrusion detection module are served as by two main frames respectively, use Fast Ethernet phase between them Even, fire wall main frame being inserted with 2 pieces of network interface cards, wherein 1 piece is operated under the mode of bridge, it is not necessary to any IP address, the most both may be used To increase the transparency of fire wall self, disguise and safety, simultaneously without the topology knot of concrete network of relocating during application Structure;Other one piece of network interface card has been responsible for and the communication function of intrusion detection main frame.

Claims (5)

1. the network safety system being applied to intellectual property operation platform, it is characterised in that: include that fire wall, event occur Device, intrusion detection module, event memory module and alarm module, fire wall, event generator, intrusion detection module and warning mould Block is sequentially connected, and event stores module and is connected with intrusion detection module and fire wall;
First the network data that fire wall is responsible for flowing into filters;
After event generator is responsible for the IP bag from fire wall is analyzed, is screened, it is converted into useful event information and sends to Intrusion detection module;
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
2. according to the network safety system described in claims 1, it is characterised in that: described fire wall is packet filter firewall.
3. the detection method of the network safety system being applied to described in claim 1, it is characterised in that following steps:
(1) information collecting event generator is added up;
(2) statistic is compared with the threshold value of setting in intrusion detection function, as exceeded threshold value, then judge to there occurs invasion Event, sending this event to event memory module, if being not above threshold value, then judging not invade, and repeats step (1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Detection method the most according to claim 3, it is characterised in that: described intrusion detection function is to use Naive- Bayes
Algorithm.
5. according to the detection method described in claim 3 or 4, it is characterised in that: described threshold value is preferably 0.8.
CN201610626163.XA 2016-08-03 2016-08-03 A kind of network safety system being applied to intellectual property operation platform and detection method Pending CN106209902A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610626163.XA CN106209902A (en) 2016-08-03 2016-08-03 A kind of network safety system being applied to intellectual property operation platform and detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610626163.XA CN106209902A (en) 2016-08-03 2016-08-03 A kind of network safety system being applied to intellectual property operation platform and detection method

Publications (1)

Publication Number Publication Date
CN106209902A true CN106209902A (en) 2016-12-07

Family

ID=57497028

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610626163.XA Pending CN106209902A (en) 2016-08-03 2016-08-03 A kind of network safety system being applied to intellectual property operation platform and detection method

Country Status (1)

Country Link
CN (1) CN106209902A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506547A (en) * 2016-12-23 2017-03-15 北京奇虎科技有限公司 Processing method, WAF, router and system for Denial of Service attack
CN108289088A (en) * 2017-01-09 2018-07-17 中国移动通信集团河北有限公司 Abnormal traffic detection system and method based on business model
CN108600216A (en) * 2018-04-19 2018-09-28 丙申南京网络技术有限公司 A kind of Network Intrusion Detection System
CN109582728A (en) * 2019-01-21 2019-04-05 捷乘(上海)网络科技有限公司 A kind of analysis of intellectual property and industrialization development platform
CN113206848A (en) * 2021-04-29 2021-08-03 福建奇点时空数字科技有限公司 SDN moving target defense implementation method based on self-evolution configuration
CN113538819A (en) * 2021-08-17 2021-10-22 南京智能易创科技有限公司 Intellectual property right infringement risk early warning management and control device and early warning method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384639A (en) * 2002-06-11 2002-12-11 华中科技大学 Distributed dynamic network security protecting system
CN103618730A (en) * 2013-12-04 2014-03-05 天津大学 Website DDOS attack defense system and method based on integral strategy
CN104660552A (en) * 2013-11-20 2015-05-27 南京理工高新技术发展有限公司 Wireless local area network (WLAN) intrusion detection system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384639A (en) * 2002-06-11 2002-12-11 华中科技大学 Distributed dynamic network security protecting system
CN104660552A (en) * 2013-11-20 2015-05-27 南京理工高新技术发展有限公司 Wireless local area network (WLAN) intrusion detection system
CN103618730A (en) * 2013-12-04 2014-03-05 天津大学 Website DDOS attack defense system and method based on integral strategy

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506547A (en) * 2016-12-23 2017-03-15 北京奇虎科技有限公司 Processing method, WAF, router and system for Denial of Service attack
CN106506547B (en) * 2016-12-23 2020-07-10 北京奇虎科技有限公司 Processing method, WAF, router and system for denial of service attack
CN108289088A (en) * 2017-01-09 2018-07-17 中国移动通信集团河北有限公司 Abnormal traffic detection system and method based on business model
CN108289088B (en) * 2017-01-09 2020-12-11 中国移动通信集团河北有限公司 Abnormal flow detection system and method based on business model
CN108600216A (en) * 2018-04-19 2018-09-28 丙申南京网络技术有限公司 A kind of Network Intrusion Detection System
CN109582728A (en) * 2019-01-21 2019-04-05 捷乘(上海)网络科技有限公司 A kind of analysis of intellectual property and industrialization development platform
CN113206848A (en) * 2021-04-29 2021-08-03 福建奇点时空数字科技有限公司 SDN moving target defense implementation method based on self-evolution configuration
CN113538819A (en) * 2021-08-17 2021-10-22 南京智能易创科技有限公司 Intellectual property right infringement risk early warning management and control device and early warning method thereof

Similar Documents

Publication Publication Date Title
CN106209902A (en) A kind of network safety system being applied to intellectual property operation platform and detection method
CN105959144A (en) Safety data acquisition and anomaly detection method and system facing industrial control network
CN101980506B (en) Flow characteristic analysis-based distributed intrusion detection method
CN103179105B (en) The intelligent trojan horse detection devices and methods therefor of behavioural characteristic in a kind of flow Network Based
CN103944915B (en) A kind of industrial control system threat detection defence installation, system and method
CN104486141B (en) A kind of network security situation prediction method that wrong report is adaptive
CN103067192B (en) A kind of analytical system of network traffics and method
CN103227798B (en) A kind of immunological network system
CN105471854B (en) A kind of adaptive boundary method for detecting abnormality based on multistage strategy
CN111556083B (en) Network attack physical side and information side collaborative source tracing device of power grid information physical system
CN103957203B (en) A kind of network security protection system
CN104202336A (en) DDoS (distributed denial of service) attach detection method based on information entropy
KS et al. An artificial neural network based intrusion detection system and classification of attacks
CN107493300A (en) Network security protection system
CN102447707B (en) DDoS (Distributed Denial of Service) detection and response method based on mapping request
CN113810362A (en) Safety risk detection and disposal system and method thereof
CN104601553A (en) Internet-of-things tampering invasion detection method in combination with abnormal monitoring
CN109150869A (en) A kind of exchanger information acquisition analysis system and method
CN202975775U (en) Security management platform
CN109462621A (en) Network safety protective method, device and electronic equipment
CN103686737B (en) Wireless sensor network intrusion tolerance method and system based on tree topology
CN100379201C (en) Distributed hacker tracking system in controllable computer network
Kumar et al. Intrusion detection system-false positive alert reduction technique
Zhao et al. Research of intrusion detection system based on neural networks
CN104580087A (en) Immune network system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20161207