CN108833425A - A kind of network safety system and method based on big data - Google Patents

A kind of network safety system and method based on big data Download PDF

Info

Publication number
CN108833425A
CN108833425A CN201810670233.0A CN201810670233A CN108833425A CN 108833425 A CN108833425 A CN 108833425A CN 201810670233 A CN201810670233 A CN 201810670233A CN 108833425 A CN108833425 A CN 108833425A
Authority
CN
China
Prior art keywords
module
network
message
security
control center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810670233.0A
Other languages
Chinese (zh)
Inventor
胡志锋
李卫升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiujiang Vocational and Technical College
Original Assignee
Jiujiang Vocational and Technical College
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiujiang Vocational and Technical College filed Critical Jiujiang Vocational and Technical College
Priority to CN201810670233.0A priority Critical patent/CN108833425A/en
Publication of CN108833425A publication Critical patent/CN108833425A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses a kind of network safety systems and method based on big data of technical field of network security, including Data Packet Seize processing module, wireless communication module, message processing module, message generating module, top control module, on-line condition monitoring module, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication module and system encryption module, the Data Packet Seize function that the present invention is provided according to network connection monitoring, it can integrate Host Intrusion Detection System at the terminal, the technologies such as security audit and viral diagnosis, in security control center, after the link information for integrating all controlled terminals, Network Intrusion Detection System and security audit can be implemented, it is provided comprehensively for terminal, completely, lasting safeguard protection.

Description

A kind of network safety system and method based on big data
Technical field
The invention discloses a kind of network safety system and method based on big data, specially network security technology are led Domain.
Background technique
With the development of network technology, traditional local area network structure drawback more fragile there is internet security, enterprise The safety of industry network, stability, multi-functional and rapidity have become the problem of company manager pays close attention to the most.Internet The information sharing that with raw opening, interactivity and the dispersing characteristic having the mankind is longed for, flexibly and quickly etc. demands obtain To satisfaction.With deep and internet the rapid development of IT application process, the work of people, studying and living mode are being sent out Raw huge change.In face of the severe situation of information security, existing network safety system is in prediction, reaction, prevention and recovery There are the links of many weaknesses in terms of ability.
Existing network security defensive measure, such as firewall, IDS, encryption technology, shared feature are exactly to refuse type Defence policies, i.e., according to it is existing it is fixed needs to specify a series of access measure, do not meet specified security strategy with regard to denied access, The rule for not meeting firewall into the data of firewall such as, then do not allow and pass through, no code key stream can not just pass through normal channels The data decrypted.The defense mechanism of this method is although powerful, however, it was found that it is inadequate with the ability of prevention, it cannot be exact The target of attack or means of invader are known or predict, for this purpose, we have proposed a kind of network safety systems based on big data And method comes into operation, to solve the above problems.
Summary of the invention
The purpose of the present invention is to provide a kind of network safety system and method based on big data, to solve above-mentioned background The problem of being proposed in technology.
To achieve the above object, the present invention provides the following technical solutions:A kind of network safety system based on big data, packet Include Data Packet Seize processing module, wireless communication module, message processing module, message generating module, top control module, presence Monitoring modular, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication mould Block and system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, uses NDIS HOOK technology in core layer Carry out network data packet capturing, and the control and filtering being connected to the network according to strategy file, and with the radio communication mold Block is electrically bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, utilizes system service Device monitors the instruction of security control center, when the message generating module is called, actively initiates the connection to security control center After transmit relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes, And decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends number to security control center at regular intervals in network idle Such as unreachable for judging whether security control center is reachable according to packet, then there is local offline logs text in corresponding warning message In part;The firewall configuration module is realized under all distributed fire walls, intrusion detection strategy request and strategy using PBNS2 Function is sent out, is detected for network message;Whether the process monitoring module is permitted for the running process of periodic detection Perhaps, if not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the exception for network system Behavior is detected, and finds unknown attack mode;The host log monitoring module is for monitoring client host log simultaneously Obtain its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the master control Module real-time calling;
The system encryption module is used for the integrality of verify data and the encryption of user, computer and digital signature, And it is integrated into application program or network service.
Preferably, the Data Packet Seize processing module includes Data Packet Seize module, rule match module and clearance/resistance Disconnected module.
Preferably, the message of message generating module construction include message sink certification, processing result, process list, The message logging that resource information and off-line state generate further includes the message that controlled terminal is actively uploaded to center.
Preferably, intrusion detection plug-in unit built in the dynamic analysis module, is added by system manager, and dynamic for network Historical statistics mode is established in state behavior.
Preferably, tactful communication interface COPS built in the top control module, and integrated security policy database and detected rule library.
Preferably, a kind of network security method based on big data, the detailed process of this method are as follows:The data packet is cut Processing module is obtained using Winsock 2SPI technology, network data packet capturing is carried out using NDIS HOOK technology in core layer, and The control and filtering being connected to the network according to strategy file, it is logical by the wireless communication module and the message processing module Letter, the information received is decrypted, recombinates, decodes, and decoded result is sent in the top control module, described total The instruction of module response security control center, and the corresponding comprising modules in scheduling system are controlled, at message generating module It after reason, is issued in the wireless communication module, realizes that all distributions are anti-using PBNS2 by the firewall configuration module Wall with flues, intrusion detection strategy request and policy distribution function, are detected for network message.
Compared with prior art, the beneficial effects of the invention are as follows:The data packet that the present invention is provided according to network connection monitoring Function is intercepted and captured, can integrate the technologies such as Host Intrusion Detection System, security audit and viral diagnosis at the terminal, in safety control Center processed, after the link information for integrating all controlled terminals, it is possible to implement Network Intrusion Detection System and security audit lead to Cross these safe practices and means, can in real-time detection network intrusion behavior or maloperation, or examine in the subsequent safety that carries out Meter, while can also provide comprehensive, complete, lasting safety according to network security situation adjust automatically security strategy for terminal and protect Shield.
Detailed description of the invention
Fig. 1 is present system functional block diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution:A kind of network safety system based on big data, including number According to packet capturing processing module, wireless communication module, message processing module, message generating module, top control module, on-line condition monitoring Module, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication module with And system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, uses NDIS HOOK technology in core layer Carry out network data packet capturing, and the control and filtering being connected to the network according to strategy file, and with the radio communication mold Block is electrically bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, utilizes system service Device monitors the instruction of security control center, when the message generating module is called, actively initiates the connection to security control center After transmit relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes, And decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends number to security control center at regular intervals in network idle Such as unreachable for judging whether security control center is reachable according to packet, then there is local offline logs text in corresponding warning message In part;The firewall configuration module is realized under all distributed fire walls, intrusion detection strategy request and strategy using PBNS2 Function is sent out, is detected for network message;Whether the process monitoring module is permitted for the running process of periodic detection Perhaps, if not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the exception for network system Behavior is detected, and finds unknown attack mode;The host log monitoring module is for monitoring client host log simultaneously Obtain its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the master control Module real-time calling;
The system encryption module is used for the integrality of verify data and the encryption of user, computer and digital signature, And it is integrated into application program or network service.
Wherein, the Data Packet Seize processing module includes Data Packet Seize module, rule match module and clearance/blocking Module, the message of message generating module construction include message sink certification, processing result, process list, resource information with And the message logging that off-line state generates, it further include the message that controlled terminal is actively uploaded to center, the dynamic analysis module Built-in intrusion detection plug-in unit, is added by system manager, and establishes historical statistics mode, the master control for network dynamic behavior Tactful communication interface COPS built in module, and integrated security policy database and detected rule library.
The present invention also provides a kind of network security method based on big data, the detailed process of this method is as follows:It is described Data Packet Seize processing module utilizes Winsock 2SPI technology, carries out network data using NDIS HOOK technology in core layer Packet capturing, and the control and filtering being connected to the network according to strategy file, pass through the wireless communication module and the message Processing module communication, the information received is decrypted, recombinates, decodes, and decoded result is sent to the master control mould In block, the instruction of the top control module response security control center, and the corresponding comprising modules in scheduling system, pass through message It after generation module processing, is issued in the wireless communication module, institute is realized using PBNS2 by the firewall configuration module It is distributed formula firewall, intrusion detection strategy request and policy distribution function, is detected for network message.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding And modification, the scope of the present invention is defined by the appended.

Claims (6)

1. a kind of network safety system based on big data, it is characterised in that:Including Data Packet Seize processing module, wireless communication Module, message processing module, message generating module, top control module, on-line condition monitoring module, firewall configuration module, process Monitoring module, dynamic analysis module, host log monitoring module, authentication module and system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, carries out net using NDISHOOK technology in core layer Network Data Packet Seize, and the control and filtering being connected to the network according to strategy file, and it is electrical with the wireless communication module It is bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, is supervised using system server The instruction for listening security control center passes after actively initiating the connection to security control center when the message generating module is called Send relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes, and will Decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends data to security control center at regular intervals in network idle Packet, such as unreachable for judging whether security control center is reachable, then there is local offline logs file in corresponding warning message In;The firewall configuration module realizes all distributed fire walls, intrusion detection strategy request and policy distribution using PBNS2 Function is detected for network message;Whether the process monitoring module is allowed to for the running process of periodic detection, If not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the abnormal behaviour for network system It is detected, finds unknown attack mode;The host log monitoring module is for monitoring client host log and obtaining Its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the top control module Real-time calling;
The system encryption module is for the integrality of verify data and the encryption of user, computer and digital signature, union In being serviced to application program or network.
2. a kind of network safety system based on big data according to claim 1, it is characterised in that:The data packet is cut Obtaining processing module includes Data Packet Seize module, rule match module and clearance/blocking module.
3. a kind of network safety system based on big data according to claim 1, it is characterised in that:The message generates The message of module construction includes disappearing for message sink certification, processing result, process list, resource information and off-line state generation Log is ceased, further includes the message that controlled terminal is actively uploaded to center.
4. a kind of network safety system based on big data according to claim 1, it is characterised in that:The dynamic analysis Intrusion detection plug-in unit built in module, is added by system manager, and establishes historical statistics mode for network dynamic behavior.
5. a kind of network safety system based on big data according to claim 1, it is characterised in that:The top control module Built-in strategy communication interface COPS, and integrated security policy database and detected rule library.
6. a kind of network security method based on big data, it is characterised in that:The detailed process of this method is as follows:The data packet It intercepts and captures processing module and utilizes Winsock 2SPI technology, network data packet capturing is carried out using NDISHOOK technology in core layer, And the control and filtering being connected to the network according to strategy file, pass through the wireless communication module and the message processing module Communication, the information received is decrypted, recombinates, decodes, and decoded result is sent in the top control module, described Top control module responds the instruction of security control center, and the corresponding comprising modules in scheduling system, passes through message generating module It after processing, is issued in the wireless communication module, all distributions is realized using PBNS2 by the firewall configuration module Firewall, intrusion detection strategy request and policy distribution function, are detected for network message.
CN201810670233.0A 2018-06-26 2018-06-26 A kind of network safety system and method based on big data Pending CN108833425A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810670233.0A CN108833425A (en) 2018-06-26 2018-06-26 A kind of network safety system and method based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810670233.0A CN108833425A (en) 2018-06-26 2018-06-26 A kind of network safety system and method based on big data

Publications (1)

Publication Number Publication Date
CN108833425A true CN108833425A (en) 2018-11-16

Family

ID=64138594

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810670233.0A Pending CN108833425A (en) 2018-06-26 2018-06-26 A kind of network safety system and method based on big data

Country Status (1)

Country Link
CN (1) CN108833425A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753796A (en) * 2018-12-07 2019-05-14 广东技术师范学院天河学院 A kind of big data computer network security protective device and application method
CN109995762A (en) * 2019-03-07 2019-07-09 北京华安普特网络科技有限公司 A kind of network security management device
CN111049853A (en) * 2019-12-24 2020-04-21 南通理工学院 Security authentication system based on computer network
CN112995141A (en) * 2021-02-04 2021-06-18 浙江睿朗信息科技有限公司 Intrusion detection method and Internet of things terminal with intrusion detection function
CN117032008A (en) * 2023-07-06 2023-11-10 双龙软创(深圳)科技有限公司 Remote monitoring method and system for ocean deepwater jacket

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674313A (en) * 2009-10-15 2010-03-17 杭州华三通信技术有限公司 SIP registration method for server to actively inform user switching, system and device thereof
CN102026199A (en) * 2010-12-03 2011-04-20 中兴通讯股份有限公司 WiMAX system as well as device and method for defending DDoS attack
CN202004790U (en) * 2011-03-18 2011-10-05 蓝盾信息安全技术股份有限公司 Network security detection and monitoring auditing system
CN103036961A (en) * 2012-12-07 2013-04-10 蓝盾信息安全技术股份有限公司 Distributed collection and storage method of journal
CN103118387A (en) * 2012-12-17 2013-05-22 上海寰创通信科技股份有限公司 Lightweight access point (AP) redundancy access control method of active standby mode
WO2014032596A1 (en) * 2012-09-03 2014-03-06 Tencent Technology (Shenzhen) Company Limited Systems and methods for enhancement of single sign-on protection
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674313A (en) * 2009-10-15 2010-03-17 杭州华三通信技术有限公司 SIP registration method for server to actively inform user switching, system and device thereof
CN102026199A (en) * 2010-12-03 2011-04-20 中兴通讯股份有限公司 WiMAX system as well as device and method for defending DDoS attack
CN202004790U (en) * 2011-03-18 2011-10-05 蓝盾信息安全技术股份有限公司 Network security detection and monitoring auditing system
WO2014032596A1 (en) * 2012-09-03 2014-03-06 Tencent Technology (Shenzhen) Company Limited Systems and methods for enhancement of single sign-on protection
CN103036961A (en) * 2012-12-07 2013-04-10 蓝盾信息安全技术股份有限公司 Distributed collection and storage method of journal
CN103118387A (en) * 2012-12-17 2013-05-22 上海寰创通信科技股份有限公司 Lightweight access point (AP) redundancy access control method of active standby mode
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨维永: ""基于策略的网络安全系统"", 《计算机与现代化》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109753796A (en) * 2018-12-07 2019-05-14 广东技术师范学院天河学院 A kind of big data computer network security protective device and application method
CN109995762A (en) * 2019-03-07 2019-07-09 北京华安普特网络科技有限公司 A kind of network security management device
CN111049853A (en) * 2019-12-24 2020-04-21 南通理工学院 Security authentication system based on computer network
CN112995141A (en) * 2021-02-04 2021-06-18 浙江睿朗信息科技有限公司 Intrusion detection method and Internet of things terminal with intrusion detection function
CN117032008A (en) * 2023-07-06 2023-11-10 双龙软创(深圳)科技有限公司 Remote monitoring method and system for ocean deepwater jacket
CN117032008B (en) * 2023-07-06 2024-03-19 双龙软创(深圳)科技有限公司 Remote monitoring method and system for ocean deepwater jacket

Similar Documents

Publication Publication Date Title
CN108833425A (en) A kind of network safety system and method based on big data
WO2021063068A1 (en) Operation and maintenance control and operation and maintenance analysis method and apparatus, system, and storage medium
CN109729180A (en) Entirety is intelligence community platform
KR100351306B1 (en) Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof
CN110958262A (en) Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
US20040093520A1 (en) Firewall system combined with embedded hardware and general-purpose computer
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
KR20160006915A (en) The Management Method and Apparatus for the Internet of Things
US8341735B2 (en) Method and arrangement for automatically controlling access between a computer and a communication network
Khujamatov et al. Modern methods of testing and information security problems in IoT
EP3210120B1 (en) Tunneled monitoring service and methods
CN115314286A (en) Safety guarantee system
CN110049015B (en) Network security situation awareness system
CN103618613A (en) Network access control system
CN114124450A (en) Network security system and method for remote storage battery capacity checking
CN106534110B (en) Trinity transformer substation secondary system safety protection system framework system
KR101871406B1 (en) Method for securiting control system using whitelist and system for the same
CN116668078A (en) Internet intrusion security defense system
KR20130033161A (en) Intrusion detection system for cloud computing service
KR102444922B1 (en) Apparatus of controlling intelligent access for security situation recognition in smart grid
KR20120000942A (en) Bot-infected host detection apparatus and method based on blacklist access statistics
CN106603624B (en) Data mining system and implementation method thereof
KR20040049714A (en) System for a security using internet and method thereof
CN113972992B (en) Access method and device for SDP controller and computer storage medium
CN113206852A (en) Safety protection method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116

RJ01 Rejection of invention patent application after publication