CN106209902A - A kind of network safety system being applied to intellectual property operation platform and detection method - Google Patents
A kind of network safety system being applied to intellectual property operation platform and detection method Download PDFInfo
- Publication number
- CN106209902A CN106209902A CN201610626163.XA CN201610626163A CN106209902A CN 106209902 A CN106209902 A CN 106209902A CN 201610626163 A CN201610626163 A CN 201610626163A CN 106209902 A CN106209902 A CN 106209902A
- Authority
- CN
- China
- Prior art keywords
- intrusion detection
- event
- fire wall
- module
- detection module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention provides a kind of network safety system being applied to intellectual property operation platform, including fire wall, event generator, intrusion detection module, event memory module and alarm module.Fire wall, event generator, intrusion detection module and alarm module are sequentially connected, and event stores module and is connected with intrusion detection module and fire wall.This system intercepts real-time packet in a network, it is carried out access based on security strategy control to analyze, utilizing event generator extract general introduction property event information from the IP packet intercepted and captured and send intrusion detection module to and carry out safety analysis, intrusion detection module uses the Intrusion Detection Technique based on the statistics event information to receiving to carry out detection and analyzes simultaneously.The present invention utilizes firewall technology both to achieve the acquisition to the network data needed for intrusion detection, solves again the problem that tradition intrusion detection can not carry out actively controlling;The result of network invasion monitoring also for fire wall Security Strategies provide foundation, improve the intellectual access control ability of fire wall.
Description
Technical field
The invention belongs to computer network security technology field, relate more specifically to a kind of network safety system and detection side
Method.
Background technology
In the cybertimes got the upper hand of with information, the importance of information resources more highlights, owing to individual enterprise can obtain
Or the information provided is all limited, thus Public information service platform arises at the historic moment, this type of platform mostly by government, enterprise,
The multi-subjects such as colleges and universities, industry organization puts into, uses market mechanism running, open to the society, service medium-sized and small enterprises, research
Exploitation industry general character and guardian technique, raising this area innovation ability.
Intellectual property operation platform is to improve Regional Innovation Capacity, it is achieved the important way that intellectual achievement effectively converts, more
It is to advance intellectual property industry development, makes the inevitable requirement of cultural soft power.The foundation of intellectual property operation platform, no
Can be only thought, wisdom entrance capital market provides possible, is to integrate market resource especially, and the Financing Mode of Innovation Industry is done
Going out useful practice, the foundation of intellectual property operation platform is not only intellectual property both sides of supply and demand and has built a high efficient and flexible
The public service platform of the transaction of intellectual property achievement, intellectual property investment and financing activity, intangible asset etc., is also intellectual property
Manager payes attention to and promotes that the management of intellectual property transfer provides new approaches, promotes the industrialized development of intellectual property further, for
Realize " Created in China " to do one's bit.
Intellectual property operation platform arranges information resources as a height, it is provided that the management platform of public service, logarithm
Being proposed higher requirement according to the safe operation of safety and network, in structure, Prevention-Security measure to be carried out, locates in time
Reason emergency case, it is ensured that network can safely and steadily run.
Intrusion detection is the method for the protection network security of main flow in recent years, and Intrusion Detection Technique is positive as one
Safety protection technique, it is possible to flexibly for the characteristic of various network structures, actively monitoring computer network or system, and
Can to external attack, internal attack and faulty operation carries out real-time guard, form effective security strategy, to computer
Network or system play a part Initiative Defense, are computer security and the requisite ingredient of network security.
Intruding detection system is divided into two classes according to its detection Data Source: Host Intrusion Detection System system and based on net
The intruding detection system of network.Host Intrusion Detection System system extracts data (such as system journal etc.) conduct from individual host
The data source of Intrusion analysis, and based-wed CL extracts the network message number as Intrusion analysis from network
According to source.As a rule Host Intrusion Detection System system can only detect individual host system, and Network Intrusion Detection System
Multiple host computer systems of this network segment can be detected by system, multiple network invasion inspections being distributed in different segment
Examining system can be with collaborative work to provide higher intrusion detection capability.
Network Intrusion Detection System obtains the mode intercepted based on bag that general employing is passive to IP packet, examines in time
Measure attack, it is also difficult to take prevention real-time, effective or control measure.
Summary of the invention
Fire wall and Intrusion Detection Technique are combined by the present invention, solve tradition intrusion detection and can not carry out actively control
's
Problem.
A kind of network safety system being applied to intellectual property operation platform, including fire wall, event generator, intrusion detection mould
Block, event memory module and alarm module.Fire wall, event generator, intrusion detection module and alarm module are sequentially connected, thing
Part stores module and is connected with intrusion detection module and fire wall.
First the network data that fire wall is responsible for flowing into filters;
After event generator is responsible for the IP bag from fire wall is analyzed, is screened, it is converted into useful event information and sends to
Intrusion detection module;
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module
According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, specifically comprises the following steps that
(1) information collecting event generator is added up;
(2) constantly describe storehouse with normal network conditions to compare in real time, judge whether to occur by intrusion detection function
Intrusion event, as occurred, then sending this event to event memory module, if not invading, then repeating step
(1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall
Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, the intrusion detection function used in described detection method based on statistics is based on Naive-Bayes
Algorithm.
Beneficial effect
(1) utilize firewall technology both to achieve the acquisition to the network data needed for intrusion detection, solve again tradition invasion
The problem that detection can not carry out actively controlling, it is ensured that the information security of intellectual property operation platform;
(2) result of network invasion monitoring also for fire wall Security Strategies provide foundation, improve the intelligence of fire wall
Access control ability.
Accompanying drawing explanation
Fig. 1 is the system structure schematic diagram of the present invention.
Fig. 2 is the detection method flow chart that the present invention uses.
Detailed description of the invention
As it is shown in figure 1, the network safety system of a kind of knowledge based property right operation platform, occur including fire wall, event
Device, intrusion detection module, alarm module and event memory module.Fire wall, event generator, intrusion detection module and warning mould
Block is sequentially connected, and event stores module and is connected with intrusion detection module and fire wall.
Fire wall uses packet filter firewall, and it decides whether to turn with security strategy according to the information of IP packet header
Sending out this IP packet, security strategy is on filtering the correctness of behavior and efficiency impact is very big, for rule of simplification with improve efficiency,
The filtering module of firewall system have employed based on connecting and the efficient packet filtering technique of hash algorithm, only receives Shen in system
Please the Bao Shicai search rule collection of connection establishment, will refusal or the labelling write session table that allows, for common IP number
According to Bao Ze by source IP address, source port, the IP address of target, destination interface hash algorithm rapid at connection status the exterior and the interior
Be located by connecting probability, finds out corresponding action, thus improves the efficiency of packet filtering.
After event generator is responsible for the IP bag from fire wall carries out protocal analysis, screening, it is converted into useful event letter
Breath sends intrusion detection module to.
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module
According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, as in figure 2 it is shown, specifically comprise the following steps that
(1) information collecting event generator is added up;
(2) statistic is compared with the threshold value of setting in intrusion detection function, as exceeded threshold value, then judge to there occurs invasion
Event, sending this event to event memory module, if being not above threshold value, then judging not invade, and repeats step
(1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall
Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, described intrusion detection function uses based on Naive-Bayes algorithm.This algorithm ratio is merely according to certain
Individual system
The combinatorial operation of metering or multiple statistic is superior, because Naive-Bayes algorithm is to obtain each system by study
Metering importance in intrusion detection, more intelligent than certain computing of fixing multiple statistics, it is more nearly network
Concrete applied environment.
Detection based on statistics is whether to exceed predetermined threshold value by test statistics to identify Network Abnormal, therefore
Selection to threshold value is extremely important, if threshold value is selected the lowest, then the probability reported by mistake is bigger, if threshold value is selected too high,
It would be possible that the connection of some exceptions can be missed, currently preferred threshold value is 0.8.
In the present invention, fire wall and intrusion detection module are served as by two main frames respectively, use Fast Ethernet phase between them
Even, fire wall main frame being inserted with 2 pieces of network interface cards, wherein 1 piece is operated under the mode of bridge, it is not necessary to any IP address, the most both may be used
To increase the transparency of fire wall self, disguise and safety, simultaneously without the topology knot of concrete network of relocating during application
Structure;Other one piece of network interface card has been responsible for and the communication function of intrusion detection main frame.
Claims (5)
1. the network safety system being applied to intellectual property operation platform, it is characterised in that: include that fire wall, event occur
Device, intrusion detection module, event memory module and alarm module, fire wall, event generator, intrusion detection module and warning mould
Block is sequentially connected, and event stores module and is connected with intrusion detection module and fire wall;
First the network data that fire wall is responsible for flowing into filters;
After event generator is responsible for the IP bag from fire wall is analyzed, is screened, it is converted into useful event information and sends to
Intrusion detection module;
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection module
According to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
2. according to the network safety system described in claims 1, it is characterised in that: described fire wall is packet filter firewall.
3. the detection method of the network safety system being applied to described in claim 1, it is characterised in that following steps:
(1) information collecting event generator is added up;
(2) statistic is compared with the threshold value of setting in intrusion detection function, as exceeded threshold value, then judge to there occurs invasion
Event, sending this event to event memory module, if being not above threshold value, then judging not invade, and repeats step
(1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wall
Filtration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Detection method the most according to claim 3, it is characterised in that: described intrusion detection function is to use Naive-
Bayes
Algorithm.
5. according to the detection method described in claim 3 or 4, it is characterised in that: described threshold value is preferably 0.8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610626163.XA CN106209902A (en) | 2016-08-03 | 2016-08-03 | A kind of network safety system being applied to intellectual property operation platform and detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610626163.XA CN106209902A (en) | 2016-08-03 | 2016-08-03 | A kind of network safety system being applied to intellectual property operation platform and detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106209902A true CN106209902A (en) | 2016-12-07 |
Family
ID=57497028
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610626163.XA Pending CN106209902A (en) | 2016-08-03 | 2016-08-03 | A kind of network safety system being applied to intellectual property operation platform and detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209902A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106506547A (en) * | 2016-12-23 | 2017-03-15 | 北京奇虎科技有限公司 | Processing method, WAF, router and system for Denial of Service attack |
CN108289088A (en) * | 2017-01-09 | 2018-07-17 | 中国移动通信集团河北有限公司 | Abnormal traffic detection system and method based on business model |
CN108600216A (en) * | 2018-04-19 | 2018-09-28 | 丙申南京网络技术有限公司 | A kind of Network Intrusion Detection System |
CN109582728A (en) * | 2019-01-21 | 2019-04-05 | 捷乘(上海)网络科技有限公司 | A kind of analysis of intellectual property and industrialization development platform |
CN113206848A (en) * | 2021-04-29 | 2021-08-03 | 福建奇点时空数字科技有限公司 | SDN moving target defense implementation method based on self-evolution configuration |
CN113538819A (en) * | 2021-08-17 | 2021-10-22 | 南京智能易创科技有限公司 | Intellectual property right infringement risk early warning management and control device and early warning method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
CN103618730A (en) * | 2013-12-04 | 2014-03-05 | 天津大学 | Website DDOS attack defense system and method based on integral strategy |
CN104660552A (en) * | 2013-11-20 | 2015-05-27 | 南京理工高新技术发展有限公司 | Wireless local area network (WLAN) intrusion detection system |
-
2016
- 2016-08-03 CN CN201610626163.XA patent/CN106209902A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
CN104660552A (en) * | 2013-11-20 | 2015-05-27 | 南京理工高新技术发展有限公司 | Wireless local area network (WLAN) intrusion detection system |
CN103618730A (en) * | 2013-12-04 | 2014-03-05 | 天津大学 | Website DDOS attack defense system and method based on integral strategy |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106506547A (en) * | 2016-12-23 | 2017-03-15 | 北京奇虎科技有限公司 | Processing method, WAF, router and system for Denial of Service attack |
CN106506547B (en) * | 2016-12-23 | 2020-07-10 | 北京奇虎科技有限公司 | Processing method, WAF, router and system for denial of service attack |
CN108289088A (en) * | 2017-01-09 | 2018-07-17 | 中国移动通信集团河北有限公司 | Abnormal traffic detection system and method based on business model |
CN108289088B (en) * | 2017-01-09 | 2020-12-11 | 中国移动通信集团河北有限公司 | Abnormal flow detection system and method based on business model |
CN108600216A (en) * | 2018-04-19 | 2018-09-28 | 丙申南京网络技术有限公司 | A kind of Network Intrusion Detection System |
CN109582728A (en) * | 2019-01-21 | 2019-04-05 | 捷乘(上海)网络科技有限公司 | A kind of analysis of intellectual property and industrialization development platform |
CN113206848A (en) * | 2021-04-29 | 2021-08-03 | 福建奇点时空数字科技有限公司 | SDN moving target defense implementation method based on self-evolution configuration |
CN113538819A (en) * | 2021-08-17 | 2021-10-22 | 南京智能易创科技有限公司 | Intellectual property right infringement risk early warning management and control device and early warning method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
CN105959144A (en) | Safety data acquisition and anomaly detection method and system facing industrial control network | |
CN101980506B (en) | Flow characteristic analysis-based distributed intrusion detection method | |
CN103179105B (en) | The intelligent trojan horse detection devices and methods therefor of behavioural characteristic in a kind of flow Network Based | |
CN103944915B (en) | A kind of industrial control system threat detection defence installation, system and method | |
CN104486141B (en) | A kind of network security situation prediction method that wrong report is adaptive | |
CN103067192B (en) | A kind of analytical system of network traffics and method | |
CN103227798B (en) | A kind of immunological network system | |
CN105471854B (en) | A kind of adaptive boundary method for detecting abnormality based on multistage strategy | |
CN111556083B (en) | Network attack physical side and information side collaborative source tracing device of power grid information physical system | |
CN103957203B (en) | A kind of network security protection system | |
CN104202336A (en) | DDoS (distributed denial of service) attach detection method based on information entropy | |
KS et al. | An artificial neural network based intrusion detection system and classification of attacks | |
CN107493300A (en) | Network security protection system | |
CN102447707B (en) | DDoS (Distributed Denial of Service) detection and response method based on mapping request | |
CN113810362A (en) | Safety risk detection and disposal system and method thereof | |
CN104601553A (en) | Internet-of-things tampering invasion detection method in combination with abnormal monitoring | |
CN109150869A (en) | A kind of exchanger information acquisition analysis system and method | |
CN202975775U (en) | Security management platform | |
CN109462621A (en) | Network safety protective method, device and electronic equipment | |
CN103686737B (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
CN100379201C (en) | Distributed hacker tracking system in controllable computer network | |
Kumar et al. | Intrusion detection system-false positive alert reduction technique | |
Zhao et al. | Research of intrusion detection system based on neural networks | |
CN104580087A (en) | Immune network system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161207 |