CN108322460A - A kind of operation system flow monitoring system - Google Patents
A kind of operation system flow monitoring system Download PDFInfo
- Publication number
- CN108322460A CN108322460A CN201810094797.4A CN201810094797A CN108322460A CN 108322460 A CN108322460 A CN 108322460A CN 201810094797 A CN201810094797 A CN 201810094797A CN 108322460 A CN108322460 A CN 108322460A
- Authority
- CN
- China
- Prior art keywords
- flow
- simulation
- module
- monitoring
- submodule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of operation system flow monitoring systems, the system comprises flow detection module, system control module, flow scheduling modules, the flow detection module is used to carry out microscope testing to the flow of all access service systems, to find with the abnormal flow for threatening operation system safety;The system control module is used for according to abnormal access information, the corresponding simulation system of dynamic generation, and completes the configuration of simulation system network;The flow scheduling module is for the abnormal flow detected to be dispatched in simulation system; complete corresponding attack detecting, evidence obtaining, protected working; a kind of operation system flow monitoring system provided through the invention; suspicious flowing of access can be scheduled, to the system for protecting practical execution business.
Description
Technical field
The present invention relates to network safety system field more particularly to a kind of operation system flow monitoring systems.
Background technology
Existing network security protection system often passively bears extraneous malicious attack and is on the defensive, for
Attacker and by attacker, each attack may caused by loss be not reciprocity, this also causes at the system attacked
In disadvantage status, and system can not obtain the relevant information of attacker while being attacked, anti-to carry out specific aim
Imperial, not reciprocity in this information also substantially increases the difficulty of defending against network flow attacking, therefore, it is necessary to establish a kind of industry
Business flow system flow monitors system, can induce attacker, and obtain attack information, targetedly prevent so as to take
Imperial measure.
Invention content
Mirror is with this, and invention mesh of the invention is to provide a kind of operation system flow monitoring system, more than at least solving
Problem.
A kind of operation system flow monitoring system, including flow detection module, system control module, flow scheduling module,
The flow detection module is used to carry out microscope testing to the flow of all access service systems, and business is threatened to find to carry
The abnormal flow of system safety;The system control module is used for according to abnormal access information, and dynamic generation is simulated accordingly is
System, and complete the configuration of simulation system network;The flow scheduling module is used to the abnormal flow detected being dispatched to simulation
In system, to complete corresponding attack detecting, evidence obtaining, protected working.
Further, the flowing of access of the operation system is monitored by Port detecting submodule, and number will be monitored
It is sent to the flow detection module according to by network.
Further, the system control module is additionally provided with system model database, system simulation submodule, analog network
Configure submodule, scheduling strategy generates submodule and simulation system monitoring submodule.
Further, the flow scheduling module includes software defined network controller and software defined network interchanger.
Further, the operation system flow monitoring system is deployed on the server of operation system.
Further, the realization of the operation system flow monitoring system, includes the following steps:
(1) flow monitoring system is disposed on the server of operation system;
(2) flow of access service system is monitored by Port detecting submodule, monitoring data are transferred to flow
The flow detection module of monitoring system;
(3) flow quantity detecting system is detected data on flows, judges whether flow is abnormal, if without exception, normally
Converting flow;If flow has exception, according to security threat to flow divided rank, and flow detection result is sent to
System control module;
(4) system control module calculates corresponding mould according to flow detection as a result, transfer system model database data
Quasi- system architecture, and simulation system is generated according to simulation system framework by system simulation submodule;
(5) analog network configuration module configures the network of simulation system;
(6) system control module generates flow scheduling strategy according to simulation system network configuration information, and is sent to flow
Scheduler module;
(7) flow scheduling module completes flow scheduling according to flow scheduling strategy.
Further, the flow detection result includes attack type, feature and level of security threat.
Further, after the completion of flow scheduling, system control module is by simulation system monitoring submodule to simulating industry
Business system is monitored, to complete detection, feature extraction and defense work to suspicious traffic attack.
Compared with prior art, the beneficial effects of the invention are as follows:
(1) by simulating one or more operation systems, one or more pregnable targets of appearance are provided to attacker, it is right
It is induced, and since these analog service systems do not have real value, so will not cause damages, while can be led to
Cross the relevant information that simulation system obtains attacker.
(2) simulation system that can be generated by flow monitoring system simulates network attack, to which research is each
Kind attack pattern, and further study and how to cope with these attack patterns, provide effective reference for the foundation of system of defense.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only the preferred embodiment of the present invention, for
For those of ordinary skill in the art, without having to pay creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is the flow monitoring system structural schematic diagram of the embodiment of the present invention 1.
Fig. 2 is the flow monitoring system implementation process schematic diagram of the embodiment of the present invention 2.
In figure, 1 is flow detection module, and 2 be system control module, and 3 be flow scheduling module, and 11 be Port detecting submodule
Block 21 is system model database, 22 is system simulation submodule, and 23 be analog network configuration submodule, and 24 be scheduling strategy
Submodule is generated, 25 be simulation system monitoring submodule, and 31 be software defined network controller, and 32 be that software defined network exchanges
Machine.
Specific implementation mode
The principle and features of the present invention will be described below with reference to the accompanying drawings, and cited embodiment is served only for explaining this hair
It is bright, it is not intended to limit the scope of the present invention.
Embodiment 1
The present invention provides a kind of operation system flow monitoring system, and the system comprises flow detection module 1, systems to control
Module 2 and flow scheduling module 3, it is specific as shown in Figure 1.
The flow detection module 1 is for being detected the flow of all access service systems.In the every of operation system
Port detecting submodule 11 can be arranged in a port, and the flow of all access service systems is transferred to institute by Port detecting submodule 11
Flow detection module 1 is stated, flow detection module 1 is detected flow and judges it with the presence or absence of threatening, to divide safety
Grade.If flow monitoring module 1 judges that flow is without exception, the flow is normally forwarded;If it is determined that there is exception in flow, then
Grade classification is carried out to the security threat degree of operation system according to flow, and identifies the attack type of flow, while will detection
As a result it is sent to the system control module 2.
The system control module 2 takes corresponding defensive measure for controlling flow monitoring system to security threat, can
According to the information of abnormal access, the corresponding simulation system of dynamic generation, and complete the configuration of simulation system network.System controls
Module 2 is equipped with system model database 21, system simulation submodule 22, analog network configuration submodule 23, scheduling strategy and generates
Submodule 24 and simulation system monitoring submodule 25.System control module 2 receives the flow detection of the transmission of flow detection module 1
As a result after, according to testing result, the corresponding system architecture model stored in system model database 21 is transferred, is simulated by system
Submodule 22 is created that corresponding analog service system.The analog network configuration submodule 23 is complete in analog service system creation
Cheng Hou configures the network of analog service system, while configuration information is sent to scheduling strategy and generates submodule 24.Mould
After the completion of quasi- operation system network configuration, scheduling strategy generates submodule 24 according to analog service grid configuration information, life
At corresponding flow scheduling strategy, and it is transmitted through the network to the flow scheduling module 3.The simulation system monitoring submodule
25 for monitoring the traffic behavior in analog service system, to complete the work such as corresponding attack detecting, feature extraction, defence.
The flow scheduling module 3 is for suspicious traffic to be dispatched in analog service system.Flow scheduling module 3 is set
There are software defined network controller 31 and software defined network interchanger 32.Software defined network controller 31 receives flow tune
After degree strategy, according to the corresponding flow matches rule of strategy generating, and it is issued to the software defined network interchanger 32, software
It defines the network switch 32 and suspicious traffic is dispatched to corresponding analog service system, complete the traffic control of abnormal flow.
Specifically, the flow monitoring system is deployed on the server of operation system, what flow quantity detecting system was created
Analog service system both may operate in server or computer, can also run in a virtual machine environment, two ways can
To exist simultaneously.Analog service system multiple can simultaneously be run, and quantity depends on the suspicious traffic feelings of access service system
Condition.It is insufficient in computer or number of servers, can have by running analog service system under virtual machine environment
Effect reduces the requirement to hardware quantity.
Embodiment 2
With reference to Fig. 2, a kind of realization of operation system flow monitoring system specifically includes following steps:
(1) flow monitoring system is disposed on the server of operation system;
(2) flow of access service system is monitored by Port detecting submodule, monitoring data are transferred to flow
The flow detection module of monitoring system;
(3) flow detection module is detected data on flows, judges whether flow is abnormal, if without exception, normally
Converting flow;If flow has exception, according to security threat to flow divided rank, and flow detection result is sent to
System control module;
(4) system control module calculates corresponding mould according to flow detection as a result, transfer system model database data
Quasi- system architecture, and simulation system is generated according to simulation system framework by system simulation submodule;
(5) analog network configuration module configures the network of simulation system;
(6) system control module generates flow scheduling strategy according to simulation system network configuration information, and is sent to flow
Scheduler module;
(7) flow scheduling module completes flow scheduling according to flow scheduling strategy.
Specifically, the flow detection result includes attack type, feature and level of security threat.
A kind of operation system flow monitoring system provided by the invention, can supervise the flow of access service system
It surveys, and corresponding analog service space is generated for suspicious traffic, induction suspicious traffic accesses, and is monitored to it,
Security Officer is helped to obtain attack information, to take specific aim measure, to ensure the information security of real operation system.Together
Shi Suoshu flow monitoring systems have the characteristic of high cohesion lower coupling, can be extended or reduce according to flowing of access, realize
The reasonable distribution of resource rationally utilizes.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of operation system flow monitoring system, which is characterized in that including flow detection module, system control module, flow
Scheduler module,
The flow detection module is used to carry out microscope testing to the flow of all access service systems, is threatened with finding to carry
The abnormal flow of operation system safety;
The system control module is used for according to abnormal access information, the corresponding simulation system of dynamic generation, and completes simulation system
The configuration of system network;
The flow scheduling module is for the abnormal flow detected to be dispatched in simulation system, to complete corresponding attack inspection
It surveys, collect evidence, protected working.
2. a kind of operation system flow monitoring system according to claim 1, which is characterized in that the operation system
Flowing of access is monitored by Port detecting submodule, and monitoring data are sent to the flow detection module by network.
3. a kind of operation system flow monitoring system according to claim 1, which is characterized in that the system control module
It is additionally provided with system model database, system simulation submodule, analog network configuration submodule, scheduling strategy and generates submodule and mould
Quasi- system monitoring submodule.
4. a kind of operation system flow monitoring system according to claim 1, which is characterized in that the flow scheduling module
Including software defined network controller and software defined network interchanger.
5. a kind of operation system flow monitoring system according to claim 1, which is characterized in that the operation system flow
System deployment is monitored on the server of operation system.
6. a kind of operation system flow monitoring system according to claim 1 or 2 or 3, which is characterized in that the business system
The realization of system flow monitoring system, includes the following steps:
(1) flow monitoring system is disposed on the server of operation system;
(2) flow of access service system is monitored by Port detecting submodule, monitoring data are transferred to flow monitoring
The flow detection module of system;
(3) flow quantity detecting system is detected data on flows, judges whether flow is abnormal, normal to forward if without exception
Flow;If flow has exception, according to security threat to flow divided rank, and flow detection result is sent to system
Control module;
(4) according to flow detection as a result, transferring system model database data, calculate corresponding simulation is system control module
System framework, and simulation system is generated according to simulation system framework by system simulation submodule;
(5) analog network configuration module configures the network of simulation system;
(6) system control module generates flow scheduling strategy according to simulation system network configuration information, and is sent to flow scheduling
Module;
(7) flow scheduling module completes flow scheduling according to flow scheduling strategy.
7. a kind of operation system flow monitoring system according to claim 6, which is characterized in that the flow detection result
Including attack type, feature and level of security threat.
8. according to a kind of operation system flow monitoring system according to claim 6, which is characterized in that complete in flow scheduling
Cheng Hou, system control module are monitored analog service system by simulation system monitoring submodule, to complete to suspicious flow
Measure detection, feature extraction and the defense work of attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810094797.4A CN108322460B (en) | 2018-01-31 | 2018-01-31 | Business system flow monitoring system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810094797.4A CN108322460B (en) | 2018-01-31 | 2018-01-31 | Business system flow monitoring system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108322460A true CN108322460A (en) | 2018-07-24 |
CN108322460B CN108322460B (en) | 2020-09-01 |
Family
ID=62888688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810094797.4A Active CN108322460B (en) | 2018-01-31 | 2018-01-31 | Business system flow monitoring system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108322460B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113794774A (en) * | 2021-09-15 | 2021-12-14 | 厦门畅合赢文化传媒有限公司 | Flow monitoring system based on new network audio-visual media |
CN115632882A (en) * | 2022-12-15 | 2023-01-20 | 北京市大数据中心 | Illegal network attack detection method, computer device and medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006135903A2 (en) * | 2005-06-13 | 2006-12-21 | Ashar Aziz | Heuristic based capture with replay to virtual machine |
CN104660582A (en) * | 2014-12-17 | 2015-05-27 | 南京晓庄学院 | Network architecture of software definition of DDoS identification, protection and path optimization |
CN105007282A (en) * | 2015-08-10 | 2015-10-28 | 济南大学 | Malicious software network behavior detection method specific to network service provider and system thereof |
CN106357622A (en) * | 2016-08-29 | 2017-01-25 | 北京工业大学 | Network anomaly flow detection and defense system based on SDN (software defined networking) |
CN107222451A (en) * | 2016-03-22 | 2017-09-29 | 中兴通讯股份有限公司 | data flow monitoring method and device |
CN104506507B (en) * | 2014-12-15 | 2017-10-10 | 蓝盾信息安全技术股份有限公司 | A kind of sweet net safety protective system and method for SDN |
-
2018
- 2018-01-31 CN CN201810094797.4A patent/CN108322460B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006135903A2 (en) * | 2005-06-13 | 2006-12-21 | Ashar Aziz | Heuristic based capture with replay to virtual machine |
CN104506507B (en) * | 2014-12-15 | 2017-10-10 | 蓝盾信息安全技术股份有限公司 | A kind of sweet net safety protective system and method for SDN |
CN104660582A (en) * | 2014-12-17 | 2015-05-27 | 南京晓庄学院 | Network architecture of software definition of DDoS identification, protection and path optimization |
CN105007282A (en) * | 2015-08-10 | 2015-10-28 | 济南大学 | Malicious software network behavior detection method specific to network service provider and system thereof |
CN107222451A (en) * | 2016-03-22 | 2017-09-29 | 中兴通讯股份有限公司 | data flow monitoring method and device |
CN106357622A (en) * | 2016-08-29 | 2017-01-25 | 北京工业大学 | Network anomaly flow detection and defense system based on SDN (software defined networking) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113794774A (en) * | 2021-09-15 | 2021-12-14 | 厦门畅合赢文化传媒有限公司 | Flow monitoring system based on new network audio-visual media |
CN115632882A (en) * | 2022-12-15 | 2023-01-20 | 北京市大数据中心 | Illegal network attack detection method, computer device and medium |
CN115632882B (en) * | 2022-12-15 | 2023-05-23 | 北京市大数据中心 | Illegal network attack detection method, computer equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN108322460B (en) | 2020-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105681338B (en) | Vulnerability exploit probability of success computational methods and network security risk management method | |
CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
CN208227074U (en) | Electric power monitoring system network security monitors terminal | |
Islam et al. | Exploiting a thermal side channel for power attacks in multi-tenant data centers | |
CN106462137B (en) | System and method for ensureing industrial control system | |
CN107370756A (en) | A kind of sweet net means of defence and system | |
CN106411937A (en) | Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof | |
CN103561011A (en) | Method and system for preventing blind DDoS attacks on SDN controllers | |
CN107483484A (en) | One kind attack protection drilling method and device | |
CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
CN103902885A (en) | Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system | |
CN104468504B (en) | Virtualize the monitoring method and system of network dynamic information safety | |
Kuo et al. | SFaaS: Keeping an eye on IoT fusion environment with security fusion as a service | |
CN108322460A (en) | A kind of operation system flow monitoring system | |
Uemura et al. | Availability analysis of an intrusion tolerant distributed server system with preventive maintenance | |
CN109981686A (en) | A kind of network security situational awareness method and system based on circulation confrontation | |
CN115550078B (en) | Method and system for fusing scheduling and response of dynamic resource pool | |
CN109327471A (en) | A kind of loophole discovery and verifying implementation method of meeting an urgent need | |
Mendonça et al. | Performability analysis of services in a software-defined networking adopting time-based moving target defense mechanisms | |
Kochedykov et al. | The mathematical model of cyber attacks on the critical information system | |
CN106302412A (en) | A kind of intelligent checking system for the test of information system crushing resistance and detection method | |
Wang et al. | Deducing cascading failures caused by cyberattacks based on attack gains and cost principle in cyber-physical power systems | |
Qi et al. | An aware-scheduling security architecture with priority-equal multi-controller for SDN | |
Bawany et al. | Application layer DDoS attack defense framework for smart city using SDN | |
Acarali et al. | Modelling DoS attacks & interoperability in the smart grid |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |