CN108206828B - Dual-monitoring safety control method and system - Google Patents
Dual-monitoring safety control method and system Download PDFInfo
- Publication number
- CN108206828B CN108206828B CN201711457431.0A CN201711457431A CN108206828B CN 108206828 B CN108206828 B CN 108206828B CN 201711457431 A CN201711457431 A CN 201711457431A CN 108206828 B CN108206828 B CN 108206828B
- Authority
- CN
- China
- Prior art keywords
- data message
- central processing
- processing unit
- small
- switching unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a double-monitoring safety control method and a double-monitoring safety control system. The switching unit directly forwards basic data messages in a service network and copies suspicious data messages to the central processing unit; the central processing unit compares the data message with a local preset database, sends the data message which is not matched with the local preset database to the comprehensive flow analysis device, and issues an access control list to the switching unit for safety control; and the comprehensive flow analysis device receives the uploaded data message, compares the uploaded data message with a locally preset database, and issues a corresponding access control list to the switching unit for safety control. The invention carries out double monitoring on the flow passing through the small firewall device, is safe and reliable, and does not influence the communication of normal service flow even if the CPU of the small firewall device fails.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a dual-monitoring security control method and system.
Background
With the development of internet technology, networks have been extended to thousands of households, and network security is more and more important. Especially, servers in some networks have large access flow and are particularly vulnerable to attacks, so that the whole network is damaged.
In order to prevent attacks, in many large professional networks, for example, in a video surveillance network, a small firewall device is added at the front end of a surveillance service server to perform white list-based traffic filtering. Typically, only the registration channel is released initially, the terminal can perform normal registration, and after the server approves the registration, the small firewall device is notified to release the subsequent service data channel for the terminal.
However, the above-described scheme has the following problems: since the forwarding pressure of all traffic is borne by the CPU of the small firewall device, which is unstable, the small firewall device, if it fails, may easily cause channel breakdown, affecting the traffic.
Disclosure of Invention
The invention aims to provide a double-monitoring safety control method and a double-monitoring safety control system, which are used for solving the technical problems that the channel paralysis is easily caused by the instability of a CPU (Central processing Unit) and the service communication is influenced in the prior art.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a dual monitoring security control system for security control of a server in a service network, the dual monitoring security control system comprising a small firewall device provided in a front end of the server, and an integrated flow analysis device network-connected to the small firewall device, wherein:
the small firewall device comprises a switching unit and a central processing unit;
the switching unit receives the data message flowing through, identifies the type of the data message, directly forwards the basic data message in the service network to the connected server, and copies the non-basic data message as a suspicious data message to the central processing unit;
after receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit;
the comprehensive flow analysis device receives data messages uploaded by small and medium-sized firewall devices in a service network, compares the data messages with a local preset database, determines whether the data messages are legal, and issues a corresponding access control list to a switching unit through a central processing unit of the small firewall devices;
and the exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
After receiving the suspicious data message, the central processing unit of the invention can also send all the data message to the comprehensive flow analysis device.
The invention provides a comprehensive flow analysis device which receives data messages uploaded by all small firewall devices in a service network, compares the data messages with a local preset database to determine whether the data messages are legal or not, and issues a corresponding access control list to a switching unit through a central processing unit, wherein the comprehensive flow analysis device comprises:
when the data message is matched with a local preset database, determining that the data message is illegal, issuing an access control list to a switching unit through the central processing unit, and discarding the data message;
and when the data message is not matched with a locally preset database, determining that the data message is legal, and transmitting an access control list to the switching unit through the central processing unit to allow the data message to pass through.
The switching unit of the invention allows the corresponding suspicious data message to pass through when the suspicious data message can not be copied to the central processing unit.
When the integrated flow analysis device of the invention sends the corresponding access control list to the switching unit through the central processing unit of the small firewall device, the corresponding access control list is also synchronized to all other small firewall devices in the service network.
The invention also provides a double monitoring safety control method, which is used for carrying out safety control on a server in a service network, the service network further comprises a small firewall device arranged at the front end of the server and a comprehensive flow analysis device connected with the small firewall device through a network, the small firewall device comprises an exchange unit and a central processing unit, and the double monitoring safety control method comprises the following steps:
the switching unit receives the data message flowing through, identifies the type of the data message, directly forwards the basic data message in the service network to the connected server, and copies the non-basic data message as a suspicious data message to the central processing unit;
after receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit;
the comprehensive flow analysis device receives data messages uploaded by small and medium-sized firewall devices in a service network, compares the data messages with a local preset database, determines whether the data messages are legal, and issues a corresponding access control list to a switching unit through a central processing unit of the small firewall devices;
and the exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
According to the double-monitoring safety control method and system provided by the invention, the small firewall device is arranged at the front end of the server, the comprehensive flow analysis device is arranged in the service network, and the flow passing through the small firewall device is subjected to double monitoring, so that the double-monitoring safety control method and system are safe and reliable. The access control list generated by the comprehensive flow analysis device is synchronized to all small firewall devices in the network, so that the workload of re-detection and re-blocking of other firewalls is saved. Even if the CPU of the small firewall device fails, the communication of the normal traffic flow is not affected.
Drawings
Fig. 1 is a schematic diagram of a networking structure of a dual monitoring safety control system according to an embodiment of the present invention;
fig. 2 is a flow chart of a dual monitoring safety control method according to the present invention.
Detailed Description
The technical solutions of the present invention are further described in detail below with reference to the drawings and examples, which should not be construed as limiting the present invention.
The embodiment is a dual monitoring security control system, which is used for performing security control on a server in a service network. The service network is exemplified by a video monitoring network, as shown in fig. 1, the service network includes various servers, such as a video management server, a media management server, etc., and is shown by connecting a server 1 to a server n in the figure, and in order to perform security protection on the server, a corresponding small firewall device is added to the front end of the server, and the small firewall device 1 to the small firewall device n are respectively provided, and an integrated traffic analysis device is further provided in the service network.
The dual-monitoring security control system of the embodiment comprises a small firewall device arranged at the front end of a server and a comprehensive flow analysis device connected with the small firewall device through a network, wherein:
the small firewall device is deployed at the front end of the server, and all traffic going to the server flows through the small firewall device firstly. The small firewall device comprises a switching unit and a central processing unit, wherein the switching unit adopts a switching forwarding chip and mainly performs forwarding of flow and ACL access control, and the central processing unit adopts a CPU processor to analyze the flow.
Specifically, the switching unit receives the data packets flowing through, identifies the type of the data packets, and directly forwards the basic data packets in the service network to the connected server, while copying the non-basic data packets as suspicious data packets to the central processing unit.
For example, the traffic flowing through the small firewall device is forwarded by the all-pass switching unit as a default, and meanwhile, the switching unit can identify the type of the data message aiming at the flowing service data message, and if the data message is a basic data message, such as SIP, UDP, TCP, and the like, the data message is directly released; if the data packets are not the basic packets, the switching unit cannot confirm whether the data packets flowing through the switching unit are reliable, and copies the traffic to the central processing unit, that is, the mirroring technology (both the maverir chip and the BCM chip support the technology) commonly mentioned in the industry, and the central processing unit processes the suspicious data packet traffic unknown to the switching unit.
It should be noted that different service networks have different definitions of basic data packets, and in a video monitoring network, the basic service data packets are SIP, UDP, TCP, and the like, and these basic data packets may be identified by predefined definitions, which is not described herein again.
After receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit.
For example, after receiving a suspicious data packet from an image of a switch forwarding chip, a CPU reassembles the data packets into files (a file sent by a user is first fragmented into individual data packets when being transmitted in a network, and then reassembles the fragmented data into an original file when reaching a receiver), and then searches for a matched file in a locally preset database (e.g., a feature library and a virus library), where two results appear:
a. and if the matching file is found in the library, determining that the suspicious data message is an illegal data message, and not allowing the suspicious data message to enter the server. And the CPU issues an ACL rule to the exchange forwarding chip and discards the data message.
b. If no matching file is found in the library, the file is fragmented into data messages, and the data messages are continuously uploaded to the integrated traffic analysis device in the network, and the integrated traffic analysis device continuously identifies the suspicious file (because the internal cache and processing capacity of the small firewall are limited, files which cannot be identified and processed by the integrated traffic analysis device need to be forwarded to the integrated traffic analysis device for processing).
Therefore, the small firewall device of the embodiment can perform primary monitoring on the flow, filter partial harmful flow according to a local preset feature library or virus library, and transfer suspicious flow (or all suspicious flow) which cannot be processed to the comprehensive flow analysis device for further monitoring. If all the suspicious flows are transferred to the comprehensive flow analysis device for further monitoring, the suspicious flows can be further monitored for the second time, and the condition of misjudgment or missed judgment is avoided.
The integrated traffic analysis device in this embodiment receives a data packet uploaded by a small-sized firewall device in a service network, compares the data packet with a locally preset database, determines whether the data packet is legal, and issues a corresponding access control list to a switching unit through a central processing unit of the small-sized firewall device. The exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
Specifically, after receiving the data packet of the suspicious traffic hazard sent from the small firewall device, the integrated traffic analysis device re-synthesizes the data packet into a file, and then searches a local virus library and a local feature library, where there are also two results:
a. and if the matching file is found in the library, determining that the suspicious data message is an illegal data message, and not allowing the suspicious data message to enter the server. At this time, the integrated traffic analysis device issues an ACL rule to the originating firewall CPU of the suspicious harmful traffic, and discards the harmful data. The starting firewall CPU sends the ACL to the exchange forwarding chip, and finally filters the harmful data flow. Meanwhile, the comprehensive flow analysis device can synchronize ACL rules matched with the type of harmful data to all other firewalls in the network, so that the workload of retesting and reseating other firewalls is saved.
b. If no matching file is found in the library, the suspicious data message is determined to be legal, and the server is allowed to enter. At this time, the integrated traffic analysis device will issue an ACL rule to the originating firewall CPU of the suspicious harmful traffic, and allow the data packet to pass through. The starting firewall CPU sends the ACL to the exchange forwarding chip, and finally releases the data flow. Meanwhile, the comprehensive flow analysis device can synchronize the ACL rules matched with the data to all other firewalls in the network, so that the workload of retesting and reseating other firewalls is saved.
The central processing unit of the small firewall device receives and processes the instruction of the comprehensive flow analysis device, and issues an ACL rule to the exchange unit to perform secondary filtration on the harmful flow, so that the harmful flow is prevented before reaching the server, and the safety of the server is guaranteed.
It is easy to understand that the integrated traffic analyzer synchronizes the generated access control list ACL to all small firewall devices in the service network, for example, for suspicious data packets uploaded by the small firewall device 1, the ACL issued after being analyzed by the integrated traffic analyzer is also synchronized to other small firewall devices 2 to n. Therefore, even if a certain small firewall device does not have a preset database (a feature library or a virus library), the normal operation of the whole system is not prevented.
In this embodiment, while the dual monitoring is implemented, the switching unit allows the corresponding suspicious data packet to pass through when the suspicious data packet cannot be copied to the central processing unit.
Therefore, even if the central processing unit on the small firewall device is broken down by its own factors or other uncontrollable factors, the suspicious traffic of the switching forwarding chip passing through the small firewall device cannot be mirrored to the upper CPU, and in this case, the switching unit in this embodiment allows both the normal traffic and the suspicious traffic to enter the server of the service network, thereby ensuring that the basic traffic of the service system is not affected and the service network has higher stability.
It is easy to understand that when the CPU of the small firewall device cannot operate normally, the ACL set in the switching unit can still operate normally, so that most of the harmful traffic can still be blocked. However, the new type of hazardous traffic can be uploaded to the comprehensive traffic analysis device through other small firewall devices for analysis, and ACL is generated and issued to all small firewall devices in the network, so that after the CPU works normally, the issued ACL can be acquired to block the new type of hazardous traffic.
The technical scheme can realize the separate processing of the normal service flow and the suspicious service flow on the small firewall device, and if the CPU of the small firewall device is paralyzed, the forwarding of the normal service flow cannot be influenced. Meanwhile, the small firewall device conducts preliminary filtration on suspicious flow, meanwhile, the suspicious flow can be collected to the comprehensive flow analysis device, further flow monitoring is conducted, double monitoring of flow is achieved, and therefore safety protection of the server is reinforced.
As shown in fig. 2, this technical solution further provides an embodiment of a dual monitoring security control method, configured to perform security control on a server in a service network, where the service network further includes a small firewall device disposed at a front end of the server and an integrated traffic analysis device network-connected to the small firewall device, where the small firewall device includes an exchange unit and a central processing unit, and the dual monitoring security control method includes:
the switching unit receives the data message flowing through, identifies the type of the data message, directly forwards the basic data message in the service network to the connected server, and copies the non-basic data message as a suspicious data message to the central processing unit;
after receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit;
the comprehensive flow analysis device receives data messages uploaded by small and medium-sized firewall devices in a service network, compares the data messages with a local preset database, determines whether the data messages are legal, and issues a corresponding access control list to a switching unit through a central processing unit of the small firewall devices;
and the exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
In this embodiment, specific operation steps of each device have been described in detail in the foregoing system, and are not described herein again.
The above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and those skilled in the art can make various corresponding changes and modifications according to the present invention without departing from the spirit and the essence of the present invention, but these corresponding changes and modifications should fall within the protection scope of the appended claims.
Claims (8)
1. A dual monitoring security control system for performing security control on a server in a service network, comprising a small firewall device disposed at a front end of the server, and an integrated traffic analyzing device network-connected to the small firewall device, wherein:
the small firewall device comprises a switching unit and a central processing unit;
the switching unit receives the data message flowing through, identifies the type of the data message, directly forwards the basic data message in the service network to the connected server, and copies the non-basic data message as a suspicious data message to the central processing unit;
after receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit;
the comprehensive flow analysis device receives data messages uploaded by small and medium-sized firewall devices in a service network, compares the data messages with a local preset database to determine whether the data messages are legal or not, issues a corresponding access control list to a switching unit through a central processing unit of the small firewall devices, and synchronizes the corresponding access control list to all other small firewall devices in the service network;
and the exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
2. The dual-monitoring safety control system according to claim 1, wherein the central processing unit sends the data packet to the integrated traffic analyzing device after receiving the suspicious data packet.
3. The dual-monitoring security control system of claim 1, wherein the integrated traffic analysis device receives data packets uploaded by each small firewall device in the service network, compares the data packets with a locally preset database to determine whether the data packets are legal, and issues a corresponding access control list to the switching unit through the central processing unit, including:
when the data message is matched with a local preset database, determining that the data message is illegal, issuing an access control list to a switching unit through the central processing unit, and discarding the data message;
and when the data message is not matched with a locally preset database, determining that the data message is legal, and transmitting an access control list to the switching unit through the central processing unit to allow the data message to pass through.
4. The dual-monitoring security control system of claim 1, wherein the switching unit allows passage of a suspect data packet if the suspect data packet cannot be copied to the central processing unit.
5. A dual-monitoring security control method is used for performing security control on a server in a service network, and is characterized in that the service network further comprises a small firewall device arranged at the front end of the server and an integrated flow analysis device connected with the small firewall device through a network, the small firewall device comprises an exchange unit and a central processing unit, and the dual-monitoring security control method comprises the following steps:
the switching unit receives the data message flowing through, identifies the type of the data message, directly forwards the basic data message in the service network to the connected server, and copies the non-basic data message as a suspicious data message to the central processing unit;
after receiving the suspicious data message, the central processing unit compares the suspicious data message with a locally preset database, sends the data message which is not matched with the locally preset database to the comprehensive flow analysis device, issues an access control list to the switching unit, and informs the switching unit to discard the data message which is matched with the locally preset database of the central processing unit;
the comprehensive flow analysis device receives data messages uploaded by small and medium-sized firewall devices in a service network, compares the data messages with a local preset database to determine whether the data messages are legal or not, issues a corresponding access control list to a switching unit through a central processing unit of the small firewall devices, and synchronizes the corresponding access control list to all other small firewall devices in the service network;
and the exchange unit carries out safety control on the data message according to the access control list issued by the central processing unit.
6. The dual-monitoring safety control method according to claim 5, wherein the central processing unit sends the data packet to the integrated traffic analyzer after receiving the suspicious data packet.
7. The dual-monitoring security control method of claim 5, wherein the integrated traffic analysis device receives data packets uploaded by each small firewall device in the service network, compares the data packets with a locally preset database to determine whether the data packets are legal, and issues a corresponding access control list to the switching unit through the central processing unit, including:
when the data message is matched with a local preset database, determining that the data message is illegal, issuing an access control list to a switching unit through the central processing unit, and discarding the data message;
and when the data message is not matched with a locally preset database, determining that the data message is legal, and transmitting an access control list to the switching unit through the central processing unit to allow the data message to pass through.
8. The dual-monitoring security control method of claim 5, wherein the switching unit allows the corresponding suspicious data packets to pass through when the suspicious data packets cannot be copied to the central processing unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711457431.0A CN108206828B (en) | 2017-12-28 | 2017-12-28 | Dual-monitoring safety control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711457431.0A CN108206828B (en) | 2017-12-28 | 2017-12-28 | Dual-monitoring safety control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108206828A CN108206828A (en) | 2018-06-26 |
| CN108206828B true CN108206828B (en) | 2021-03-09 |
Family
ID=62606151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711457431.0A Active CN108206828B (en) | 2017-12-28 | 2017-12-28 | Dual-monitoring safety control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108206828B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110430213B (en) * | 2019-08-15 | 2022-02-01 | 北京奇艺世纪科技有限公司 | Service request processing method, device and system |
| CN112866114B (en) * | 2020-12-31 | 2022-12-13 | 锐捷网络股份有限公司 | Multicast message processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101056222A (en) * | 2007-05-17 | 2007-10-17 | 华为技术有限公司 | A deep message detection method, network device and system |
| CN101079799A (en) * | 2006-05-25 | 2007-11-28 | 李�浩 | A dynamic port control device based on hardware acceleration |
| CN102594623A (en) * | 2011-12-31 | 2012-07-18 | 成都市华为赛门铁克科技有限公司 | Data detection method and device for firewalls |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
-
2017
- 2017-12-28 CN CN201711457431.0A patent/CN108206828B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101079799A (en) * | 2006-05-25 | 2007-11-28 | 李�浩 | A dynamic port control device based on hardware acceleration |
| CN101056222A (en) * | 2007-05-17 | 2007-10-17 | 华为技术有限公司 | A deep message detection method, network device and system |
| CN102594623A (en) * | 2011-12-31 | 2012-07-18 | 成都市华为赛门铁克科技有限公司 | Data detection method and device for firewalls |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108206828A (en) | 2018-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10681079B2 (en) | Method for mitigation of cyber attacks on industrial control systems | |
| KR101424490B1 (en) | Reverse access detecting system and method based on latency | |
| CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
| US8149705B2 (en) | Packet communications unit | |
| US8341739B2 (en) | Managing network security | |
| KR101860395B1 (en) | Apparatus and method for detecting abnormal behavior of industrial control system based on whitelist for nonstandard protocol | |
| US7835348B2 (en) | Method and apparatus for dynamic anomaly-based updates to traffic selection policies in a switch | |
| EP1873992B1 (en) | Packet classification in a network security device | |
| US9130983B2 (en) | Apparatus and method for detecting abnormality sign in control system | |
| KR101812403B1 (en) | Mitigating System for DoS Attacks in SDN | |
| US20050182950A1 (en) | Network security system and method | |
| US20150341389A1 (en) | Log analyzing device, information processing method, and program | |
| KR20140088340A (en) | APPARATUS AND METHOD FOR PROCESSING DDoS IN A OPENFLOW SWITCH | |
| JP4774307B2 (en) | Unauthorized access monitoring device and packet relay device | |
| US10193890B2 (en) | Communication apparatus to manage whitelist information | |
| US20070022468A1 (en) | Packet transmission equipment and packet transmission system | |
| CN104115463A (en) | A streaming method and system for processing network metadata | |
| JP6599819B2 (en) | Packet relay device | |
| CN101136922A (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| TWI492090B (en) | System and method for guarding against dispersive blocking attacks | |
| JP6502902B2 (en) | Attack detection device, attack detection system and attack detection method | |
| CN108206828B (en) | Dual-monitoring safety control method and system | |
| KR20040057257A (en) | System and method for protecting from ddos, and storage media having program thereof | |
| JP2004328307A (en) | Attack defense system, attack defense control server, and attack defense method | |
| JP2006164038A (en) | Method for coping with dos attack or ddos attack, network device and analysis device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |