CN108632274A - A kind of monitoring client of local network safety management system - Google Patents

A kind of monitoring client of local network safety management system Download PDF

Info

Publication number
CN108632274A
CN108632274A CN201810426190.1A CN201810426190A CN108632274A CN 108632274 A CN108632274 A CN 108632274A CN 201810426190 A CN201810426190 A CN 201810426190A CN 108632274 A CN108632274 A CN 108632274A
Authority
CN
China
Prior art keywords
module
monitoring
detection
client
monitoring client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810426190.1A
Other languages
Chinese (zh)
Inventor
曾丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Jiuding Zhiyuan Intellectual Property Operation Co Ltd
Original Assignee
Sichuan Jiuding Zhiyuan Intellectual Property Operation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Jiuding Zhiyuan Intellectual Property Operation Co Ltd filed Critical Sichuan Jiuding Zhiyuan Intellectual Property Operation Co Ltd
Priority to CN201810426190.1A priority Critical patent/CN108632274A/en
Publication of CN108632274A publication Critical patent/CN108632274A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of monitoring client of local network safety management system, local network safety management system includes:Client, monitoring client and management end;Monitoring client includes:Monitoring client data transmission module, external connection detection module, detection of activity module, file system detection module and peripheral hardware monitoring module;Wherein, the monitoring report of generation for receiving the client-side information obtained, and is sent to management end by monitoring client data transmission module;Monitoring client data transmission module is connected separately with external connection detection module, detection of activity module, file system detection module and peripheral hardware monitoring module.File system detection module uses accurate file matching algorithm:The present invention is improved on the basis of traditional AC multi-pattern matching algorithms, statistical function is added in automatic machine, statistical result and the threshold value of setting are matched, this document is just set as sensitive document when more than threshold value, is avoided because of system erroneous judgement caused by AC multi-pattern matching algorithm inaccuracy.

Description

A kind of monitoring client of local network safety management system
The present invention is application No. is 201610172784.5, and the applying date is on 03 23rd, 2016, entitled:It is a kind of The divisional application of local network safety management system
Technical field
The present invention relates to technical field of network security, more particularly to a kind of monitoring client of local network safety management system.
Background technology
Lift network security, people just will recognize that viral subversive and hacker attack naturally, and actually this is not so.Convention security is defendd Theory is often confined to the defence of gateway rank, network boundary (fire wall, vulnerability scanning, anti-virus, IDS) etc., important Safety devices substantially concentrate at computer room or Web portal, under the monitor closely of these equipment, the peace from network-external Complete threaten greatly reduces.On the contrary, the security threat of the computer client from network internal is numerous safety managers The problem of generally reflecting.
For domestic network manager, existing network safety prevention means are emphasized mostly to from external master Dynamic attack is prevented, and is detected and is handled, and is authorized internal host and more trusted.But statistics show it is quite a lot of Security incident be as caused by the intentional or unintentional operation of Intranet user.To protect the safety of Intranet, some units are by Intranet It is physically isolated with outer net, or by inside by unified gateway accessing outer net, and fire wall, IPS, IDS is set up in gateway Equal safety monitoring equipments.Although all kinds of safety measures as noted above are obtained for realization, numerous managers still head Ache the frequent generation in the leakage of a state or party secret or other all kinds of intranet security events, this has just absolutely proved the complexity that intranet security is safeguarded Property.
Existing Intranet safety management system is primarily present following shortcoming:
Sensitive document matching algorithm is inaccurate:Existing sensitive document detecting system is all based on greatly the calculation of AC multi-mode matchings Method is made, and the algorithm is although efficient, but in the large-scale document of processing, inevitably can much be asked because of the inaccurate appearance of algorithm Topic.
Invention content
In consideration of it, the present invention provides a kind of monitoring client of local network safety management system, can avoid because of AC multimodes System erroneous judgement caused by formula matching algorithm inaccuracy.
The technical solution adopted by the present invention is as follows:
A kind of monitoring client of local network safety management system, the local network safety management system include:Client, monitoring End and management end;The monitoring client includes:Monitoring client data transmission module, external connection detection module, detection of activity module, file System detectio module and peripheral hardware monitoring module;
Wherein, the monitoring client data transmission module, the client-side information for receiving acquisition, and by the monitoring report of generation It accuses and gives management end;The monitoring client data transmission module is examined with external connection detection module, detection of activity module, file system It surveys module and peripheral hardware monitoring module is connected separately;
Whether the external connection detection module has client illegal connection outer net for detecting in LAN;
The detection of activity module, the activity for detecting client host in LAN obtain the net of LAN Network topological diagram and client host information;
The file system detection module, is detected for the file in local area network, will detect comprising in sensitivity Hold and the fileinfo of invalid information generates monitoring report and is sent to management end through monitoring client data transmission module;
The peripheral hardware monitoring module, for detect in LAN client host whether illegal connection peripheral equipment;
The method of the file system detection module, the detection sensitive word of use includes the following steps:
Step 1:One database is set in detection module, in the database typing sensitivity vocabulary, it is sensitive as detection The matching database of word;
Step 2:Detection document is considered as a scheme-tree and handles, for the scheme-tree set an automatic machine M (Q, N, g, f, D, F);Q illustrates that the number of nodes for the scheme-tree that the document generates, N indicate the sensitive word in matching database;G tables Show the first transfer function, when the sensitive word in the root node and database in matching is inconsistent, without shifting, if one It causes, is then shifted;F indicates the second transfer function, when in the matching process, when vocabulary and inconsistent sensitive word in node, It is shifted;D is statistical function, is counted to the sensitive word in document;F is early warning function, is counted on as statistical function D When sensitive word is more than given threshold, then the document is considered as sensitive documents, sends information to management end and carry out file process.
Using above technical scheme, present invention produces following advantageous effects:
Accurate file matching algorithm:The present invention is improved on the basis of traditional AC multi-pattern matching algorithms, Statistical function is added in automatic machine, statistical result and the threshold value of setting are matched, just by this document when more than threshold value It is set as sensitive document, is avoided because of system erroneous judgement caused by AC multi-pattern matching algorithm inaccuracy.
Description of the drawings
Fig. 1 is the structure of the local network safety management system of the monitoring client of the local network safety management system comprising the present invention Schematic diagram.
Specific implementation mode
All features disclosed in this specification or disclosed all methods or in the process the step of, in addition to mutually exclusive Feature and/or step other than, can combine in any way.
Any feature disclosed in this specification (including any accessory claim, abstract), unless specifically stated, It is replaced by other equivalent or with similar purpose alternative features.That is, unless specifically stated, each feature is a series of An example in equivalent or similar characteristics.
The present invention protects a kind of monitoring client of local network safety management system, the local network safety management system to include: Client, monitoring client and management end;The monitoring client includes:Monitoring client data transmission module, external connection detection module, activity inspection Survey module, file system detection module and peripheral hardware monitoring module;
Wherein, the monitoring client data transmission module, the client-side information for receiving acquisition, and by the monitoring report of generation It accuses and gives management end;The monitoring client data transmission module is examined with external connection detection module, detection of activity module, file system It surveys module and peripheral hardware monitoring module is connected separately;
Whether the external connection detection module has client illegal connection outer net for detecting in LAN;
The detection of activity module, the activity for detecting client host in LAN obtain the net of LAN Network topological diagram and client host information;
The file system detection module, is detected for the file in local area network, will detect comprising in sensitivity Hold and the fileinfo of invalid information generates monitoring report and is sent to management end through monitoring client data transmission module;
The peripheral hardware monitoring module, for detect in LAN client host whether illegal connection peripheral equipment;
The method of the file system detection module, the detection sensitive word of use includes the following steps:
Step 1:One database is set in detection module, in the database typing sensitivity vocabulary, it is sensitive as detection The matching database of word;
Step 2:Detection document is considered as a scheme-tree and handles, for the scheme-tree set an automatic machine M (Q, N, g, f, D, F);Q illustrates that the number of nodes for the scheme-tree that the document generates, N indicate the sensitive word in matching database;G tables Show the first transfer function, when the sensitive word in the root node and database in matching is inconsistent, without shifting, if one It causes, is then shifted;F indicates the second transfer function, when in the matching process, when vocabulary and inconsistent sensitive word in node, It is shifted;D is statistical function, is counted to the sensitive word in document;F is early warning function, is counted on as statistical function D When sensitive word is more than given threshold, then the document is considered as sensitive documents, sends information to management end and carry out file process.
A kind of local network safety management system of the monitoring client comprising the present invention, system knot are provided in the embodiment of the present invention Structure is as shown in Figure 1:
A kind of local network safety management system, which is characterized in that the system comprises:Client, monitoring client and management end;
The client is the personal terminal in LAN;The monitoring client, for monitoring the safety in LAN, it Including:Monitoring client data transmission module, external connection detection module, detection of activity module, file system detection module, information search Module, isolation module and peripheral hardware monitoring module;The management end, the monitoring report control office for being sended over according to monitoring client The access rights and connection status of client in the net of domain, it includes:Management end data transmission module, discriminatory analysis module and control Module.
The monitoring client data transmission module is sent out for receiving the client-side information obtained, and by the monitoring report of generation Give management end;It distinguishes with external connection detection module, detection of activity module, file system detection module and peripheral hardware monitoring module Signal connects the external connection detection module, whether has client illegal connection outer net for detecting in LAN;
The detection of activity module, the activity for detecting client host in LAN obtain the net of LAN Network topological diagram and client host information;
The file system detection module, is detected for the file in local area network, will detect comprising in sensitivity Hold and the fileinfo of invalid information generates monitoring report and is sent to management end through monitoring client data transmission module;
The peripheral hardware monitoring module, for detect in LAN client host with whether illegal connection peripheral equipment.
Monitoring report is sent to by the management end data transmission module for receiving the monitoring report from monitoring client Discriminatory analysis module;
The discriminatory analysis module will determine that result is sent to control module for judging whether monitoring report is accurate;
The control module, for according to judging result, controlling the access rights and connection status of client host.
The external connection detection module, including:Monitoring module and alarm module;The detection method used is including following step Suddenly:
1, monitoring module is set to Intranet, monitoring module can be detected periodically to client host transmission data and be wrapped;
If certain host illegal connection 2, in a local network outer net, the detection packet can induce host to visit the data It surveys packet and is forwarded to the alarm module being set in outer net;
3, alarm module receives the data packet forwarded, then detects the host of illegal connection outer net.
The detection of activity module, the detection method used is includes the following steps:
1, detection of activity module sends detection data packet to client host at regular intervals, including:Normal data Packet and abnormal data packet;
2, client host is received after abnormal data packet can generally screen and is abandoned, and receiving normal data packet can send One receipt.
3, activity detection module judges the activity of host according to client host to the reaction of detection data packet.
The method of the file system detection module, the detection sensitive word of use includes the following steps:
1, one database is set in detection module, in the database typing sensitivity vocabulary, as detection sensitive word Matching database;
2, detection document is considered as a scheme-tree and handled, for the scheme-tree set an automatic machine M (Q, N, g, F, D, F);Q illustrates that the number of nodes for the scheme-tree that the document generates, N indicate the sensitive word in matching database;G indicates the One transfer function, when the sensitive word in the root node and database in matching is inconsistent, without transfer, if unanimously, It is shifted;F indicates the second transfer function, when in the matching process, when vocabulary and inconsistent sensitive word in node, is turned It moves;D is statistical function, is counted to the sensitive word in document;F is early warning function, when the sensitive word that statistical function D is counted on When more than given threshold, then the document is considered as sensitive documents, sends information to management end and carry out file process.
The peripheral hardware monitoring module, the monitoring method of use include the following steps:
1, local peripheral hardware monitoring programme is installed on the client host in LAN;
2, the peripheral hardware monitoring programme can obtain the related letter of the peripheral apparatus when client host is connected to peripheral apparatus Breath, and send information to peripheral hardware monitoring module;
3, peripheral hardware monitoring module can analyze the information, will permit in the peripheral apparatus information and monitoring module database Perhaps facility information is matched, if matching is consistent, which can use the peripheral apparatus, if matching is inconsistent, Then the host cannot connect the peripheral apparatus go forward side by side enforcement use.
The encryption method that the encrypting module uses includes the following steps:
1, the information of respective file is divided into two parts, respectively:File attribute information and file content;
2, above-mentioned two part is encrypted using different Encryption Algorithm;For file content, using following encryption Algorithm is encrypted:
First, each character in file is converted into 16 system character strings;Then 16 system character strings are converted to 10 System character string;
Two unequal prime number P and Q are taken at random, calculate M=P*Q;Wherein the length of M is exactly the length of key;
3, the Euler's function of M is calculated:
Random selection one integer E, E need to meetAndIt can be divided exactly by E;
Calculate E forMould inverse function;
Finally, M and ed are packaged into public key, M and E is packaged into private key.
4, it for file attribute information, is then encrypted using conventional DES algorithms.
The invention is not limited in specific implementation modes above-mentioned.The present invention, which expands to, any in the present specification to be disclosed New feature or any new combination, and disclose any new method or process the step of or any new combination.

Claims (1)

1. a kind of monitoring client of local network safety management system, which is characterized in that the local network safety management system includes:Visitor Family end, monitoring client and management end;The monitoring client includes:Monitoring client data transmission module, external connection detection module, detection of activity Module, file system detection module and peripheral hardware monitoring module;
Wherein, the monitoring client data transmission module is sent out for receiving the client-side information obtained, and by the monitoring report of generation Give management end;The monitoring client data transmission module detects mould with external connection detection module, detection of activity module, file system Block and peripheral hardware monitoring module are connected separately;
Whether the external connection detection module has client illegal connection outer net for detecting in LAN;
The detection of activity module, the activity for detecting client host in LAN, the network for obtaining LAN are opened up Flutter figure and client host information;
The file system detection module, is detected for the file in local area network, will detect comprising sensitive content and The fileinfo of invalid information generates monitoring report and is sent to management end through monitoring client data transmission module;
The peripheral hardware monitoring module, for detect in LAN client host whether illegal connection peripheral equipment;
The method of the file system detection module, the detection sensitive word of use includes the following steps:
Step 1:One database is set in detection module, in the database typing sensitivity vocabulary, as detection sensitive word Matching database;
Step 2:Detection document is considered as a scheme-tree and handles, for the scheme-tree set an automatic machine M (Q, N, g, F, D, F);Q illustrates that the number of nodes for the scheme-tree that the document generates, N indicate the sensitive word in matching database;G indicates the One transfer function, when the sensitive word in the root node and database in matching is inconsistent, without transfer, if unanimously, It is shifted;F indicates the second transfer function, when in the matching process, when vocabulary and inconsistent sensitive word in node, is turned It moves;D is statistical function, is counted to the sensitive word in document;F is early warning function, when the sensitive word that statistical function D is counted on When more than given threshold, then the document is considered as sensitive documents, sends information to management end and carry out file process.
CN201810426190.1A 2016-03-23 2016-03-23 A kind of monitoring client of local network safety management system Withdrawn CN108632274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810426190.1A CN108632274A (en) 2016-03-23 2016-03-23 A kind of monitoring client of local network safety management system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610172784.5A CN105610874B (en) 2016-03-23 2016-03-23 A kind of local network safety management system
CN201810426190.1A CN108632274A (en) 2016-03-23 2016-03-23 A kind of monitoring client of local network safety management system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201610172784.5A Division CN105610874B (en) 2016-03-23 2016-03-23 A kind of local network safety management system

Publications (1)

Publication Number Publication Date
CN108632274A true CN108632274A (en) 2018-10-09

Family

ID=55990411

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201810426190.1A Withdrawn CN108632274A (en) 2016-03-23 2016-03-23 A kind of monitoring client of local network safety management system
CN201610172784.5A Active CN105610874B (en) 2016-03-23 2016-03-23 A kind of local network safety management system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201610172784.5A Active CN105610874B (en) 2016-03-23 2016-03-23 A kind of local network safety management system

Country Status (1)

Country Link
CN (2) CN108632274A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545642A (en) * 2023-01-07 2023-08-04 杭州融至兴科技有限公司 Terminal monitoring management system for specific environment

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106570400B (en) * 2016-10-11 2019-03-15 杭州安恒信息技术股份有限公司 Pass through the system and method for self study attack protection under a kind of cloud environment
CN106603507A (en) * 2016-11-29 2017-04-26 哈尔滨安天科技股份有限公司 Method and system for automatically completing network security self checking
CN106921738A (en) * 2017-03-01 2017-07-04 深圳春沐源农业科技有限公司 A kind of apparatus control method and device
CN107426015A (en) * 2017-06-02 2017-12-01 四川铭扬通信科技有限公司 A kind of network equipment cloud management system and method
CN107294798A (en) * 2017-08-24 2017-10-24 苏州宏璟创业投资发展有限公司 A kind of local network safety management system
CN108200016A (en) * 2017-12-19 2018-06-22 重庆亚凡科技有限公司 Question-type picture verifies terminal
CN110971622A (en) * 2020-03-04 2020-04-07 信联科技(南京)有限公司 Bidirectional access method and system between public network application system and intranet application system
CN113111348A (en) * 2021-04-06 2021-07-13 深圳市四海众联网络科技有限公司 Local area network safety management system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101188557B (en) * 2007-12-07 2010-12-08 杭州华三通信技术有限公司 Method, client, server and system for managing user network access behavior
CN201491036U (en) * 2009-09-14 2010-05-26 北京鼎普科技股份有限公司 Host monitoring and auditing system
CN201479143U (en) * 2009-09-17 2010-05-19 北京鼎普科技股份有限公司 Intranet safety management system
CN102006186B (en) * 2010-11-16 2012-10-17 暨南大学 System for monitoring illegal external connection of intranet equipment and method thereof
CN102014141B (en) * 2010-12-30 2013-02-06 电子科技大学 Method for realizing security of network terminal equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545642A (en) * 2023-01-07 2023-08-04 杭州融至兴科技有限公司 Terminal monitoring management system for specific environment
CN116545642B (en) * 2023-01-07 2024-05-14 杭州融至兴科技有限公司 Terminal monitoring management system for specific environment

Also Published As

Publication number Publication date
CN105610874B (en) 2018-06-22
CN105610874A (en) 2016-05-25

Similar Documents

Publication Publication Date Title
CN105610874B (en) A kind of local network safety management system
US11916944B2 (en) Network anomaly detection and profiling
Bai et al. Intrusion detection systems: technology and development
Chakraborty Intrusion detection system and intrusion prevention system: A comparative study
Garitano et al. A review of SCADA anomaly detection systems
EP1995929A2 (en) Distributed system for the detection of eThreats
Pecchia et al. Identifying compromised users in shared computing infrastructures: A data-driven bayesian network approach
Maske et al. Advanced anomaly intrusion detection technique for host based system using system call patterns
CN107659584A (en) A kind of food processing factory's network security management system
Beigh et al. Intrusion detection and prevention system: issues and challenges
Balakrishnan et al. An analysis on Keylogger Attack and Detection based on Machine Learning
Uyyala Multilevel Authentication System Using Hierarchical Intrusion Detection Architecture For Online Banking
Dau et al. A survey of tools and techniques for web attack detection
Mithu et al. Secure industrial control system with intrusion detection
Maslan et al. DDoS detection on network protocol using cosine similarity and N-Gram+ Method
JP2005284523A (en) System, method and program for illegal intrusion detection
CN207612279U (en) A kind of food processing factory's network security management system
Javeed et al. Artificial intelligence (AI)-based intrusion detection system for IoT-enabled networks: A state-of-the-art survey
Malek et al. User Behaviour based Intrusion Detection System Overview
Hsiao et al. Detecting stepping‐stone intrusion using association rule mining
Kulkarni et al. Human agent knowledge transfer applied to web security
Baniasadi et al. A fuzzy description logic model for Intrusion Detection Systems
Benabderrahmane et al. Enhancing Security in Healthcare IoT Systems: Mitigating Threats and Protecting Patient Data
Ahmad et al. Hybrid intrusion detection method to increase anomaly detection by using data mining techniques
Meng et al. Traffic Analysis Based Misbehavior Detection at Application Platform Layer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20181009