CN109450893A - A kind of network protection software approach and system based on linux kernel - Google Patents
A kind of network protection software approach and system based on linux kernel Download PDFInfo
- Publication number
- CN109450893A CN109450893A CN201811307466.0A CN201811307466A CN109450893A CN 109450893 A CN109450893 A CN 109450893A CN 201811307466 A CN201811307466 A CN 201811307466A CN 109450893 A CN109450893 A CN 109450893A
- Authority
- CN
- China
- Prior art keywords
- module
- data packet
- rule
- monitoring
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 claims abstract description 62
- 238000001914 filtration Methods 0.000 claims abstract description 30
- 230000002159 abnormal effect Effects 0.000 claims description 39
- 230000006870 function Effects 0.000 claims description 19
- 238000001514 detection method Methods 0.000 claims description 13
- 230000000903 blocking effect Effects 0.000 claims description 9
- 230000006399 behavior Effects 0.000 claims description 6
- 230000000007 visual effect Effects 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 abstract description 9
- 230000007812 deficiency Effects 0.000 abstract description 4
- 239000004575 stone Substances 0.000 abstract description 2
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000000034 method Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 230000001681 protective effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses a kind of network protection software approach and system based on linux kernel, system includes: kernel module, for being screened, being captured to data packet, filtered, blocked;Monitoring module, it is responsible for being monitored network, analyzing, handling, the network packet of inner nuclear layer is received by certain rule, and analyze the agreement, content, flow of data packet, pass through contrast characteristic library, determine data packet application type, it is normal whether, find potential security risk early and adopt an effective measure;Feature database storage has a large amount of sample data, provides data characteristics comparing function for analysis module, is the foundation stone of analysis;Control module, which is responsible for other modules are managed and controls, of the invention is designed to both of which for protectiving scheme, simple filtration protection and feature identification protection, breach Linux traditional network securing software has a single function problem, increase regular self refresh, feature identification function, the deficiency of applied analysis, the network security of general warranty linux system are compensated for simultaneously.
Description
Technical field
The present invention relates to a kind of network protection software approach and system based on linux kernel, belongs to network security technology
Field.
Background technique
Linux network protection software has very much, is all based on linux kernel exploitation, mainly packet filtering function greatly, greatly
Cause step be first to define filtering rule, then kernel can according to rule carry out Packet Filtering, once can network structure variation,
Need to readjust rule, and for the network structure that frequently changes, adjusting rule very can expend the time.Except this it
Outside, although limiting the access of certain port in rule, the possibility attacked can be undoubtedly significantly greatly increased in open port.
Most of medium-sized and small enterprises can be soft using open source software scheme, such as iptables, a kind of Linux firewall of open source
Part is typical Linux packet filter firewall software.Iptables is operated in operating system nucleus, is operated very simple.
It is developed based on netfilter frame, realizes protective action by the filtration treatment to network packet.iptables
The rule chain of filtering includes 5 kinds: input chain, output chain, forward chain, prerouting chain, postrouting chain, often
Operation on the different mount points of the corresponding netfilter of the processing of kind rule chain.Rule chain includes rule entries, rule entries by
IP address, port, movement composition.When system sends and receivees data packet, iptables can check rule corresponding to data packet
Then chain can be handled, usually packet loss and receipts if being matched to the entry in rule chain according to the content of rule entries
Package operation.
But iptables can only carry out the filtration treatment of data packet to default rule, although Packet Filtering technology rises
Arrived certain protective action, but network structure itself be it is complicated, changeable, the function of iptables is to cover comprehensively
's.
Summary of the invention
The technical problem to be solved by the present invention is to overcome the deficiencies of existing technologies, a kind of regular self refresh is provided and is wrapped
The network protection software approach of feature identification is included.
In order to solve the above technical problems, the invention adopts the following technical scheme.
The present invention provides a kind of network protection software approach based on linux kernel, comprising the following steps:
Start command is sent to kernel module according to rule predetermined after the rule of control module reading definition;Specifically
Include:
Control module receive rule selection protection mode be simple filtration protection and/or feature identification protection then to
Kernel module sends simple filtration protection start command and/or feature identification protection start command;
It, will if belonging to permission rule if kernel module receives monitoring data packet after simple filtration protection start command
Clearance passes through;If belonging to block rule, blocked;
After if kernel module receives feature identification protection start command, according to rule capture reception predetermined and hair
The data packet sent delivers a packet to the monitoring module of user's space layer;
Feature library module is set in user's space layer, the feature library module is for storing sample characteristics data, for monitoring
Module provides data characteristics comparing function;
Monitoring module receive after data packet with the Characteristic Contrast in feature library module, it is first determined the application of the data packet
Type, if application type belongs to block rule, monitoring module can be sent to kernel module blocks notice to prevent the number
According to the flow direction of packet;Then whether detection data packet is abnormal, equally sends to kernel module if abnormal and notice is blocked to prevent
The data packet flows to and the IP of abnormal data packet is added in block rule and control module is notified to execute new rule;
The blocking that kernel module receives monitoring module decides whether the flow direction for allowing and blocking the data packet after notifying;
Further, monitoring module, which detects, is sent to control module for abnormal data packet after abnormal data packet, controls mould
Block saves abnormal data packet in a storage module.
Further, monitoring module record monitors log and monitoring log is sent to control module, and control module will be different
Regular data packet saves in memory module.
Further, rule is saved in memory module after the rule of control module reading definition.
Further, the rule of definition includes the entry of configuration information and rule.
Further, setting display module is for providing visual interface operation and showing attacking and defending behavior and flow letter
Breath.
On the other hand, the present invention provides a kind of network protection software systems based on linux kernel,
Include:
Control module, for read definition rule after according to it is predetermined rule to kernel module send starting life
It enables;It specifically includes:
Control module receive rule selection protection mode be simple filtration protection and/or feature identification protection then to
Kernel module sends simple filtration protection start command and/or feature identification protection start command;
Kernel module, if belonging to permission rule for monitoring data packet after receiving simple filtration protection start command,
Clearance is passed through;If belonging to block rule, blocked;
The kernel module is caught after being also used to receive feature identification protection start command according to rule predetermined
The data packet sended and received is obtained, the monitoring module of user's space layer is delivered a packet to;
The kernel module decides whether to allow and block the data after being also used to receive the blocking notice of monitoring module
The flow direction of packet.
Feature library module, setting is in user's space layer, and the feature library module is for storing sample characteristics data, for monitoring
Module provides data characteristics comparing function;
Monitoring module, for receive after data packet with the Characteristic Contrast in feature library module, it is first determined the data packet
Application type, if application type belongs to block rule, monitoring module can be sent to kernel module blocks notice hinder
The only flow direction of the data packet;Then whether detection data packet is abnormal, equally sends to kernel module if abnormal and blocks notice
To prevent the flow direction of the data packet and the IP of abnormal data packet be added in block rule and control module is notified to execute new rule.
Memory module, the memory module are the set of database and file storage, for saving configuration information, regular item
Mesh, monitoring log and abnormal data packet.
Preferably, further includes:
Display module, for providing visual interface operation and showing attacking and defending behavior and flow information.
It is further preferred that
Monitoring module is also used to detect after abnormal data packet abnormal data packet being sent to control module, control module
Abnormal data packet is saved in a storage module;
Monitoring module is also used to the monitoring log of monitoring module record and monitoring log is sent to control module.
It is asked advantageous effects of the invention: the present invention breaches having a single function for Linux traditional network securing software
Topic, increases regular self refresh, feature identification function, while compensating for the deficiency of applied analysis, general warranty linux system
Network security.
Detailed description of the invention
Fig. 1 is specific embodiment of the invention system framework embodiment;
Fig. 2 is linux kernel space schematic diagram;
Fig. 3 is the feature identification protection flow chart of the specific embodiment of the invention.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.Following embodiment is only used for clearly illustrating the present invention
Technical solution, and not intended to limit the protection scope of the present invention.
Specific embodiment provides a kind of network protection software systems based on linux kernel referring to Fig. 1, comprising:
Control module, for being sent out according to rule predetermined to kernel module after the Rule Information according to the definition of reading
Send start command;The Rule Information include network pre-selection protection mode, the protection mode include simple filtration protection and
Feature identification protection;It specifically includes:
Control module receive rule selection protection mode be simple filtration protection and/or feature identification protection then to
Kernel module sends simple filtration protection start command and/or feature identification protection start command;
Kernel module, if belonging to permission rule for monitoring data packet after receiving simple filtration protection start command,
Clearance is passed through;If belonging to block rule, blocked;
The kernel module is caught after being also used to receive feature identification protection start command according to rule predetermined
The data packet sended and received is obtained, the monitoring module of user's space layer is delivered a packet to;
The kernel module decides whether to allow and block the data after being also used to receive the blocking notice of monitoring module
The flow direction of packet.
Feature library module, setting is in user's space layer, and the feature library module is for storing sample characteristics data, for monitoring
Module provides data characteristics comparing function;
Monitoring module, for receive after data packet with the Characteristic Contrast in feature library module, it is first determined the data packet
Application type, if application type belongs to block rule, monitoring module can be sent to kernel module blocks notice hinder
The only flow direction of the data packet;Then whether detection data packet is abnormal, equally sends to kernel module if abnormal and blocks notice
To prevent the flow direction of the data packet and the IP of abnormal data packet be added in block rule and control module is notified to execute new rule.
Memory module, the memory module are the set of database and file storage, for saving configuration information, regular item
Mesh, monitoring log and abnormal data packet.
Display module, for providing visual interface operation and showing attacking and defending behavior and flow information;By showing mould
The visual interface operation definition rule information of block, the Rule Information can be read by control module.
It is further described below:
The embodiment of Fig. 1 is realized using software technology, follows modularized design;As shown in Figure 1, being made of six parts: interior
Core module, monitoring module, feature library module, control module, display module, memory module.
Kernel module realizes that netfilter is the network mistake of Linux kernel based on linux kernel netfilter frame
Filter frame, all network packets of operating system can all flow to netfilter and be handled, as shown in Figure 1, in total including 5
A workflow: PRE_ROUTING, POST_ROUTING, FORWARD, LOCAL_IN, LOCAL_OUT.Each workflow is infused
Volume has hook function, and corresponding hook function, the core function registration of network protection can be called when data packet passes through workflow
In netfilter workflow, so as to be screened, captured to data packet, filtered, blocked.
Monitoring module operates in user's space layer, is responsible for being monitored network, analyzing, handling, it can be by certain rule
The network packet of reception inner nuclear layer is gone, and the agreement, content, flow of analyzing data packet determine data by contrast characteristic library
The application type of packet, it is normal whether, find potential security risk early and adopt an effective measure.
Feature database operates in user's space layer, and storage has a large amount of sample data, provides data characteristics pair for analysis module
It is the foundation stone of analysis than function.
Control module operates in user's space layer, is responsible for that other modules are managed and are controlled.Such as definition rule.
Display module uses B/S framework, provides visual interface operation, and the information such as attacking and defending behavior, flow are shown
Come.
Memory module be database and file storage set, for save configuration information, rule entries, monitoring log,
Abnormal data packet.Wherein display module and memory module are optional modules, for more optimized system function,
Traditional packet filtering rules have generally comprised agreement, IP address, port, movement, and the technical program expands on this basis
The support to applied analysis, including application type, anomaly data detection, flexible configuration are opened up.
Referring to fig. 2, netfilter is a generic structure in linux core to linux kernel framework, it provides a series of
" table " (tables), each table is made of several " chains " (chains), and can be by one or several rule in every chain
(rule) it forms.It is to be understood that netfilter is the container of table, table is the container of chain, and chain is the container of rule.
The table of system default is " filter ", contains 3 chains of INPUT, FORWARD and OUTPUT in the table.It is each
There can be one or several rule in chain, each rule is all defined such that " if data packet head meets such item
Part handles this data packet like this ".When a data packet reaches a chain, system will be examined since the first rule
It looks into, sees whether meet condition defined in the rule, if it is satisfied, the processing of the method according to defined in the rule is somebody's turn to do by system
Data packet;Next rule is continued checking if being unsatisfactory for;Finally, if data packet does not meet any rules and regulations in the chain
Then, system will handle the data packet according to the chain tactful (policy) predetermined.
Another embodiment provides for a kind of network protection software approach based on linux kernel, including,
Protectiving scheme of the invention is designed to both of which, simple filtration protection and feature identification protection.Both of which can
To be used alone or be used in mixed way, the selection of mode depends on the rule being specifically defined, therefore includes fixed when definition rule
The prevention policies to be used of justice are simple filtration protection or feature identification protection.
Protect rule defining process
1) pass through the operation interface definition rule of display module;
2) control module is saved in memory module after receiving the rule of boundary's display module, and to kernel module and monitoring
Module sends notice, runs by the rule newly defined.
Simple filtration protection is consistent with traditional packet filtering principle, and kernel module detection data packet is regular if it is permission is belonged to
, clearance is passed through;If it is block rule is belonged to, can be blocked.Traditional packet filtering rules have generally comprised agreement, IP
Address, port, movement, the technical program extend the support to applied analysis, including application type, abnormal number on this basis
According to detection, flexible configuration.
Feature identification protection is realized based on the depth detection technology of the feature database in feature library module, workflow
Figure is as shown in Figure 3.
1) data packet that kernel module is sended and received according to rule capture predetermined, it delivers a packet to use
The monitoring module in family space, and wait result to be analyzed;
2) monitoring module receive data packet can immediately with feature database compare, determine the data packet application type and whether
It is abnormal;Here 2 safety detections are had, application type is first detected, if application type belongs to block rule, are monitored
Module can send to kernel module and block notice, prevent the flow direction of the data packet;Followed by whether detection data packet is abnormal, if
It is exception, then equally carrying out blocking operation.Application type rule detection is only passed through and anomaly data detection is only normally
Data packet, monitoring module can to kernel module send allow to notify.
3) after kernel module receives the notice of monitoring module, decide whether the flow direction for allowing or blocking the data packet.
4) monitoring module is notified that control module, control module can store abnormal data packet after detecting abnormal data packet
Into memory module.
While monitoring module monitors abnormal data Bao Houhui and according to circumstances updates rule, such as some IP Xiang Yitai
Linux machine sends abnormal data packet, and monitoring module can block the data packet after detecting the situation immediately, and the IP is added
In block rule.
The present invention utilizes the overall network protective capacities of linux kernel netfilter frame lifter linux system, belongs to
The conception of oneself original creation should be protected.The present invention breaches the problem that has a single function of Linux traditional network securing software, increases
Regular self refresh, feature identification function, while the deficiency of applied analysis is compensated for, the network peace of general warranty linux system
Entirely.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The embodiment of the present invention is described in conjunction with attached drawing above, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of network protection software approach based on linux kernel, characterized in that include:
Start command, specific packet are sent to kernel module according to rule predetermined after the rule of control module reading definition
It includes:
The protection mode for the rule selection that control module receives is simple filtration protection and/or feature identification protection then to kernel
Module sends simple filtration protection start command and/or feature identification protection start command;
If monitoring data packet will let pass if belonging to permission rule after kernel module receives simple filtration protection start command
Pass through;If belonging to block rule, blocked;
If being sended and received after kernel module receives feature identification protection start command according to rule capture predetermined
Data packet delivers a packet to the monitoring module of user's space layer;
Feature library module is set in user's space layer, the feature library module is monitoring module for storing sample characteristics data
Data characteristics comparing function is provided;
Monitoring module receive after data packet with the Characteristic Contrast in feature library module, it is first determined the application class of the data packet
Type, if application type belongs to block rule, monitoring module can be sent to kernel module blocks notice to prevent the data
The flow direction of packet;Then whether detection data packet is abnormal, equally sends to kernel module if abnormal and notice is blocked to prevent this
Data packet flows to and the IP of abnormal data packet is added in block rule and control module is notified to execute new rule;
The blocking that kernel module receives monitoring module decides whether the flow direction for allowing and blocking the data packet after notifying.
2. network protection software approach according to claim 1, characterized in that
Monitoring module, which detects, is sent to control module for abnormal data packet after abnormal data packet, and control module is by abnormal data packet
It saves in a storage module.
3. network protection software approach according to claim 1, characterized in that
Monitoring log is simultaneously sent to control module by the monitoring log of monitoring module record, and control module deposits abnormal data packet
It stores up in module.
4. network protection software approach according to claim 1, characterized in that
Rule is saved in memory module after the rule of control module reading definition.
5. network protection software approach according to claim 1, characterized in that
The rule of definition includes the entry of configuration information and rule.
6. network protection software approach according to claim 1, characterized in that further include setting display module for providing
Visual interface operation simultaneously shows attacking and defending behavior and flow information.
7. a kind of network protection software systems based on linux kernel characterized by comprising
Control module, for read definition rule after according to it is predetermined rule to kernel module send start command;Tool
Body includes:
The protection mode for the rule selection that control module receives is simple filtration protection and/or feature identification protection then to kernel
Module sends simple filtration protection start command and/or feature identification protection start command;
Kernel module will be put if belonging to permission rule for monitoring data packet after receiving simple filtration protection start command
Row passes through;If belonging to block rule, blocked;
The kernel module connects after being also used to receive feature identification protection start command according to rule capture predetermined
The data packet received and sent, delivers a packet to the monitoring module of user's space layer;
The kernel module decides whether to allow and block the data packet after being also used to receive the blocking notice of monitoring module
Flow direction;
Feature library module, setting, for storing sample characteristics data, are monitoring module in user's space layer, the feature library module
Data characteristics comparing function is provided;
Monitoring module, for receive after data packet with the Characteristic Contrast in feature library module, it is first determined the data packet is answered
With type, if application type belongs to block rule, monitoring module can be sent to kernel module blocks notice to prevent this
The flow direction of data packet;Then whether detection data packet is abnormal, equally sends to kernel module if abnormal and notice is blocked to hinder
Only the flow direction of the data packet and the IP of abnormal data packet is added in block rule and control module is notified to execute new rule;
Memory module, for saving configuration information, rule entries, monitoring log and abnormal data packet.
8. network protection software systems according to claim 7, characterized in that it further include display module, it can for providing
Depending on the interface operation changed and show attacking and defending behavior and flow information.
9. network protection software systems according to claim 7, characterized in that
The memory module is the set of database and file storage.
10. network protection software systems according to claim 7, characterized in that
The monitoring module is also used to detect after abnormal data packet abnormal data packet being sent to control module, control module
Abnormal data packet is saved in a storage module;
The monitoring module is also used to the monitoring log of monitoring module record and monitoring log is sent to control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811307466.0A CN109450893B (en) | 2018-11-05 | 2018-11-05 | Network protection software method and system based on linux kernel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811307466.0A CN109450893B (en) | 2018-11-05 | 2018-11-05 | Network protection software method and system based on linux kernel |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109450893A true CN109450893A (en) | 2019-03-08 |
| CN109450893B CN109450893B (en) | 2021-03-16 |
Family
ID=65550549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811307466.0A Active CN109450893B (en) | 2018-11-05 | 2018-11-05 | Network protection software method and system based on linux kernel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450893B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865971A (en) * | 2020-07-17 | 2020-10-30 | 成都三零凯天通信实业有限公司 | Kubernetes service container security detection method based on sidecar scheme |
| CN113489737A (en) * | 2021-07-14 | 2021-10-08 | 芯河半导体科技(无锡)有限公司 | Netfilter-based packet filter implementation method |
| CN114640515A (en) * | 2022-03-09 | 2022-06-17 | 京东科技信息技术有限公司 | Data processing method and device based on flow blocking and related equipment |
| CN114866332A (en) * | 2022-06-08 | 2022-08-05 | 上海百功半导体有限公司 | Lightweight intrusion detection system and method for optical communication equipment |
| US11716352B2 (en) * | 2020-06-16 | 2023-08-01 | Cisco Technology, Inc. | Application protectability schemes for enterprise applications |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013063791A1 (en) * | 2011-11-04 | 2013-05-10 | Qualcomm Atheros, Inc. | Nat/firewall accelerator |
| CN107566359A (en) * | 2017-08-25 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of intelligent fire-proofing wall system and means of defence |
-
2018
- 2018-11-05 CN CN201811307466.0A patent/CN109450893B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013063791A1 (en) * | 2011-11-04 | 2013-05-10 | Qualcomm Atheros, Inc. | Nat/firewall accelerator |
| CN107566359A (en) * | 2017-08-25 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of intelligent fire-proofing wall system and means of defence |
Non-Patent Citations (1)
| Title |
|---|
| 刘云: "Linux下基于Netfilter的包过滤算法", 《计算机工程》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11716352B2 (en) * | 2020-06-16 | 2023-08-01 | Cisco Technology, Inc. | Application protectability schemes for enterprise applications |
| CN111865971A (en) * | 2020-07-17 | 2020-10-30 | 成都三零凯天通信实业有限公司 | Kubernetes service container security detection method based on sidecar scheme |
| CN113489737A (en) * | 2021-07-14 | 2021-10-08 | 芯河半导体科技(无锡)有限公司 | Netfilter-based packet filter implementation method |
| CN114640515A (en) * | 2022-03-09 | 2022-06-17 | 京东科技信息技术有限公司 | Data processing method and device based on flow blocking and related equipment |
| CN114866332A (en) * | 2022-06-08 | 2022-08-05 | 上海百功半导体有限公司 | Lightweight intrusion detection system and method for optical communication equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109450893B (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109450893A (en) | A kind of network protection software approach and system based on linux kernel | |
| CN113661693B (en) | Detecting sensitive data exposure via log | |
| US7673137B2 (en) | System and method for the managed security control of processes on a computer system | |
| JP4629332B2 (en) | Status reference monitor | |
| CN108683652A (en) | A kind of method and device of the processing attack of Behavior-based control permission | |
| CN107851155A (en) | For the system and method across multiple software entitys tracking malicious act | |
| CN1588889A (en) | Abnormal detection method for user access activity in attached net storage device | |
| WO2007067549A2 (en) | Method and system for real time detection of threats in high volume data streams | |
| CN110351277A (en) | Electric power monitoring system security protection alarm method | |
| KR20080047261A (en) | Anomaly malicious code detection method using process behavior prediction technique | |
| CN107423623A (en) | Method for detecting virus and system are extorted in a kind of Behavior-based control analysis | |
| CN107733878A (en) | A kind of safety device of industrial control system | |
| CN110012000B (en) | Command detection method and device, computer equipment and storage medium | |
| JP2003288282A (en) | Unauthorized access prevention program | |
| CN106385413A (en) | Intruding message flow processing method and device | |
| CN106250764A (en) | A kind of terminal control system | |
| WO2020027956A1 (en) | Listen mode for application operation whitelisting mechanisms | |
| JP2005107726A (en) | Security management device, security management method and security management program | |
| Thompson et al. | Network intrusion detection cognitive task analysis: Textual and visual tool usage and recommendations | |
| Lock | Five steps to beating ransomware's five-minute warning | |
| Nallaperumal | CyberSecurity Analytics to Combat Cyber Crimes | |
| CN106909838A (en) | A kind of method and device of hooking system service call | |
| Davis et al. | Resident security system for government/industry owned computers | |
| CN107341400A (en) | Software detecting method, device and electronic equipment | |
| CN112988327A (en) | Container safety management method and system based on cloud edge cooperation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 210014 Building C, Building 3, No. 5 Baixia High-tech Park, No. 5 Yongzhi Road, Qinhuai District, Nanjing City, Jiangsu Province Applicant after: NANJING UNARY INFORMATION TECHNOLOGY Co.,Ltd. Address before: 210014 Building C, Building 3, No. 5 Baixia High-tech Park, No. 5 Yongzhi Road, Qinhuai District, Nanjing City, Jiangsu Province Applicant before: NANJING UNARY INFORMATION TECHNOLOGY Inc.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Building 1, 6th Floor, Changfeng Building, No.14 Xinghuo Road, Research and Innovation Park, Jiangbei New District, Nanjing City, Jiangsu Province, 210000 Patentee after: Aerospace One System (Jiangsu) Information Technology Co.,Ltd. Address before: 210014 Building C, Building 3, No. 5 Baixia High-tech Park, No. 5 Yongzhi Road, Qinhuai District, Nanjing City, Jiangsu Province Patentee before: NANJING UNARY INFORMATION TECHNOLOGY Co.,Ltd. |