CN110365709B - Device for sensing unknown network attack behavior based on upstream probe - Google Patents

Device for sensing unknown network attack behavior based on upstream probe Download PDF

Info

Publication number
CN110365709B
CN110365709B CN201910731937.9A CN201910731937A CN110365709B CN 110365709 B CN110365709 B CN 110365709B CN 201910731937 A CN201910731937 A CN 201910731937A CN 110365709 B CN110365709 B CN 110365709B
Authority
CN
China
Prior art keywords
module
probe
data
signal
self
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910731937.9A
Other languages
Chinese (zh)
Other versions
CN110365709A (en
Inventor
邓欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yong'an Online Technology Co ltd
Original Assignee
Shenzhen Yong'an Online Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yong'an Online Technology Co ltd filed Critical Shenzhen Yong'an Online Technology Co ltd
Priority to CN201910731937.9A priority Critical patent/CN110365709B/en
Publication of CN110365709A publication Critical patent/CN110365709A/en
Application granted granted Critical
Publication of CN110365709B publication Critical patent/CN110365709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a device for sensing unknown network attack behaviors based on an upstream probe, and relates to the technical field of network security, in particular to an equipment signal source, a network probe system, a PM management server, an intelligent analysis system and a monitoring terminal. This device based on unknown network attack action of upstream probe perception processes data through the monitor terminal, when discovering the invasion signal, in time assigns the instruction to forcing the execution unit, makes and closes corresponding signal channel among the signal break-make control unit and closes to the purpose that the signal was located to be thoroughly cut off at the source has been realized.

Description

Device for sensing unknown network attack behavior based on upstream probe
Technical Field
The invention relates to the technical field of network security, in particular to a device for sensing unknown network attack behaviors based on an upstream probe.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected, and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, the network service is not interrupted, and modern methods for maintaining the network security include methods for applying a network probe.
The network probe is also called an internet probe, the network probe for intercepting the network data packet is called the internet probe, and the data packet capturing, filtering and analyzing can be realized on the internet probe, so the network probe can be used as an important tool for maintaining the network security.
The existing network attack prevention device is difficult to realize pre-control, namely when a suspicious attack signal source is input, direct cutting and blocking can not be carried out at the source in time, and each execution unit of the system is almost not provided with a self-checking function, so that the system of the device is not stable enough, and huge data operation and processing can not be supported.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a device for sensing unknown network attack behaviors based on an upstream probe, which solves the problems in the background art.
In order to achieve the purpose, the invention is realized by the following technical scheme: a device for sensing unknown network attack behaviors based on an upstream probe comprises an equipment signal source, a network probe system, a PM management server, an intelligent analysis system and a monitoring terminal, wherein the output end of the equipment signal source is electrically connected with a signal on-off control unit, an output end of the signal on-off control unit is electrically connected with an encryption channel, the output end of the encryption channel is electrically connected with the network probe system, the output end of the network probe system is respectively and electrically connected with the PM management server and the intelligent analysis system through leads, the output end of the PM management server is interactively and electrically connected with a management service database, the output end of the intelligent analysis system is interactively and electrically connected with an intelligent analysis database, the output ends of the PM management server and the intelligent analysis system are electrically connected with the monitoring terminal in a combining manner, and an output end of the monitoring terminal is electrically connected with a decryption transcoding unit, the decryption transcoding unit is electrically connected with the other input end of the encryption channel through a wire, the other input end of the monitoring terminal is electrically connected with the forced execution unit, and the forced execution unit is electrically connected with the other output end of the signal on-off control unit through a wire.
Optionally, a plurality of groups of signal channels are arranged in the signal on-off control unit, and each signal channel in the signal on-off control unit corresponds to each signal source output in the equipment signal source one by one.
Optionally, the network probe system includes a probe element, a control module, a user authentication module, an upgrade module, and a data storage module, and the probe element, the control module, the user authentication module, the upgrade module, and the data storage module are all electrically connected in parallel through a wire.
Optionally, the probe unit includes an anti-virus probe and an intrusion detection probe, and the anti-virus probe and the intrusion detection probe are electrically connected in parallel through a wire.
Optionally, the upgrade module includes a self-checking module, a bug fixing module and a network serial port, and a parallel circuit is formed among the self-checking module, the bug fixing module and the network serial port through wires.
Optionally, the PM management server includes a probe configuration module, a monitoring and diagnosing module, and a data analyzing module, and the probe configuration module, the monitoring and diagnosing module, and the data analyzing module are electrically connected in parallel through a wire.
Optionally, the probe configuration module and the monitoring and diagnosing module are connected in parallel by a wire and then are connected to the input end of the management service database, and the management service database is electrically connected to the input end of the data analyzing module by a wire.
Optionally, the intelligent analysis system includes a test analysis module, a protocol decoding module, a filtering module, and an intelligent processing module, and the test analysis module, the protocol decoding module, the filtering module, and the intelligent processing module form a parallel loop through wires.
Optionally, the test analysis module, the protocol decoding module and the filtering module are electrically connected in parallel and then are connected to the input end of the intelligent analysis database.
Optionally, the intelligent processing module includes a probe abnormity alarm module, an information input abnormity alarm module and a self-checking self-defence module, and the probe abnormity alarm module and the information input abnormity alarm module are respectively electrically connected with the self-checking self-defence module through wires.
The invention provides a device for sensing unknown network attack behaviors based on an upstream probe, which has the following beneficial effects:
1. this device based on unknown network aggression of upstream probe perception, handle data through the monitor terminal, when discovering the intrusion signal, in time assign the instruction to forcing the execution unit, make and close corresponding signal channel among the signal break-make control unit and close, thereby realized the purpose that the signal is located thoroughly to be cut off in the source, avoid the intrusion signal to continue to import, have certain prejudgement effect to the network aggression, in the device, all be equipped with the defense mechanism among network probe system and the intelligent analysis system, can carry out the self-checking, thereby with little and big, realize the overall stability of system.
2. According to the device for sensing unknown network attack behaviors based on the upstream probe, multiple groups of signal channels in the signal on-off control unit support the passing of multiple groups of signal sources, and then the channels are respectively controlled, so that whether different signal sources are input or not can be effectively controlled, the effect of cutting off signals from the source is achieved, the channels are encrypted, the purpose of providing encryption protection for signal input is achieved, and the signals are prevented from being stolen or attacked by a network in the conveying process.
3. The device for sensing unknown network attack behaviors based on the upstream probe enriches the functions of a network probe system by integrating the network probe system, so that the network probe system is in a complete state, a probe unit can monitor virus attack and intrusion, a self-checking module is arranged in an upgrading module, the system state of the network probe system can be self-checked, and a vulnerability repairing module is used for repairing system vulnerabilities and can set automatic downloading patch package repairing vulnerabilities.
4. The device for sensing unknown network attack behaviors based on the upstream probe realizes real-time monitoring and historical data analysis through a monitoring and diagnosing module and a data analyzing module in a PM management server, the probe configuration module and the monitoring and diagnosing module input obtained information into a management service database for storage, and the management service database provides historical data for the data analyzing module for analysis.
5. The device for sensing unknown network attack behaviors based on the upstream probe is characterized in that data are subjected to professional analysis and processing through an intelligent analysis system, suspicious intrusion signals are screened out, a self-checking feedback mechanism is arranged in the intelligent analysis system, a probe abnormity alarm module is combined with a self-checking self-defense module to detect and diagnose whether the probe is abnormal or not, an information input abnormity alarm module is also combined with the self-checking self-defense module to detect whether the information enters a test analysis module or not and remind personnel of paying attention by alarming, and a reaction mechanism is sound.
Drawings
FIG. 1 is a schematic diagram of the overall architecture of the system of the present invention;
FIG. 2 is a schematic diagram of a network probe system according to the present invention;
FIG. 3 is a schematic diagram of a PM management server system architecture according to the present invention;
FIG. 4 is a schematic diagram of an intelligent analysis system architecture according to the present invention;
FIG. 5 is a schematic diagram of the working process of the intelligent analysis system of the present invention.
In the figure: 1. a device signal source; 2. a signal on-off control unit; 3. encrypting the channel; 4. a network probe system; 5. a probe element; 6. a management and control module; 7. a user authentication module; 8. an upgrade module; 9. a data storage module; 10. an anti-viral probe; 11. an intrusion detection probe; 12. a self-checking module; 13. a vulnerability repair module; 14. a network serial port; 15. a PM management server; 16. managing a service database; 17. a probe configuration module; 18. a monitoring and diagnostic module; 19. a data analysis module; 20. an intelligent analysis system; 21. an intelligent analysis database; 22. a test analysis module; 23. a protocol decoding module; 24. a filtration module; 25. an intelligent processing module; 26. a probe abnormity alarm module; 27. the information input abnormity alarm module; 28. a self-checking self-defending module; 29. a monitoring terminal; 30. a decryption transcoding unit; 31. and a forced execution unit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1 to 5, the present invention provides a technical solution: an apparatus for sensing unknown network attack behavior based on an upstream probe comprises an equipment signal source 1, a network probe system 4, a PM management server 15, an intelligent analysis system 20 and a monitoring terminal 29, wherein the output end of the equipment signal source 1 is electrically connected with a signal on-off control unit 2, an output end of the signal on-off control unit 2 is electrically connected with an encryption channel 3, a plurality of groups of signal channels are arranged in the signal on-off control unit 2, and each signal channel in the signal on-off control unit 2 corresponds to each signal source output in the equipment signal source 1 one by one, and the multiple groups of signal channels support that each channel is respectively controlled by multiple groups of signal sources, so that whether different signal sources are input or not can be effectively controlled, the effect of cutting off signals from the source is further achieved, and the setting of the encryption channel 3 aims to provide encryption protection for signal input and avoid the signals from being stolen or attacked by a network in the transmission process;
the output end of the encryption channel 3 is electrically connected with a network probe system 4, the network probe system 4 comprises a probe element 5, a control module 6, a user authentication module 7, an upgrade module 8 and a data storage module 9, the probe element 5, the control module 6, the user authentication module 7, the upgrade module 8 and the data storage module 9 are all electrically connected in parallel through a lead, the probe element 5 (used for intercepting network data packets), the control module 6 (used for receiving probe data, storing and analyzing the data and generating files such as logs and reports) are arranged in the network probe system 4, the user authentication module 7 (used for user login and permission release), the upgrade module 8 (used for system upgrade of the network probe system 4) and the data storage module 9 (used for storage of various data of the system), and the functions of the network probe system 4 are enriched by means of the arrangement of the modules, the network probe system 4 is in a complete state, the probe unit 5 comprises an antivirus probe 10 and an intrusion detection probe 11, the antivirus probe 10 and the intrusion detection probe 11 are electrically connected in parallel through a wire, the probe unit 5 monitors virus attacks through the antivirus probe 10 and monitors intrusions through the intrusion detection probe 11, the monitoring range of the network probe system 4 is further expanded, the upgrading module 8 comprises a self-checking module 12, a bug repairing module 13 and a network serial port 14, a parallel self-checking circuit is formed among the self-checking module 12, the bug repairing module 13 and the network serial port 14 through wires, the upgrading module 8 is internally provided with the self-checking module 12, the system state of the network probe system 4 can be self-checked, the bug repairing module 13 is used for repairing system bugs and can set automatic downloading patch packet repairing bugs, the network serial port 14 is used for networking operation of the upgrading module 8, so that the upgrading module 8 can upgrade successfully or download patch packets to repair bugs successfully;
the output end of the network probe system 4 is respectively electrically connected with a PM management server 15 and an intelligent analysis system 20 through leads, the output end of the PM management server 15 is interactively and electrically connected with a management service database 16, the PM management server 15 comprises a probe configuration module 17, a monitoring and diagnosis module 18 and a data analysis module 19, the probe configuration module 17, the monitoring and diagnosis module 18 and the data analysis module 19 are electrically connected in parallel through leads, the probe configuration module 17 is used for carrying out comprehensive parameter configuration on the antivirus probe 10 and the intrusion detection probe 11, the monitoring and diagnosis module 18 is used for monitoring and fault diagnosis of flow and data, the data analysis module 19 is used for analyzing data, real-time monitoring and historical data analysis are realized by the monitoring and diagnosis module 18 and the data analysis module 19, the probe configuration module 17 and the monitoring and diagnosis module 18 are connected in parallel through leads and then are connected to the input end of the management service database 16, the management service database 16 is electrically connected with the input end of the data analysis module 19 through a lead, the probe configuration module 17 and the monitoring and diagnosis module 18 input the obtained information into the management service database 16 for storage, and the management service database 16 provides historical data for the data analysis module 19 for analysis;
the output end of the intelligent analysis system 20 is interactively and electrically connected with an intelligent analysis database 21, the intelligent analysis system 20 comprises a test analysis module 22, a protocol decoding module 23, a filtering module 24 and an intelligent processing module 25, a parallel loop is formed among the test analysis module 22, the protocol decoding module 23, the filtering module 24 and the intelligent processing module 25 through conducting wires, the intelligent analysis system 20 obtains data packet information or original data packets for storage and recording through a probe unit 5, the data is analyzed and processed through the test analysis module 22, the protocol decoding module 23 and the filtering module 24, the test analysis module 22, the protocol decoding module 23 and the filtering module 24 are electrically connected in parallel and then are connected to the input end of the intelligent analysis database 21, and the test analysis module 22, the protocol decoding module 23 and the filtering module 24 respectively input the obtained information into the intelligent analysis database 21 for storage, the intelligent processing module 25 comprises a probe abnormity alarm module 26, an information input abnormity alarm module 27 and a self-checking self-defense module 28, the probe abnormity alarm module 26 and the information input abnormity alarm module 27 are respectively electrically connected with the self-checking self-defense module 28 through leads, the probe abnormity alarm module 26 is combined with the self-checking self-defense module 28 to detect and diagnose whether the probe is abnormal (probe input abnormity, reading abnormity, connection abnormity and the like), the information input abnormity alarm module 27 is also combined with the self-checking self-defense module 28 to detect and diagnose whether the information is abnormal (data connection abnormity, data pause or delay abnormity and the like) when the information enters the test analysis module 22, the warning is used for reminding people of paying attention, the reaction mechanism is sound, and the self-checking self-defense module 28 is used for enabling the intelligent analysis system 20 to have certain self-repairing and self-defending functions;
the output ends of the PM management server 15 and the intelligent analysis system 20 are electrically connected with a monitoring terminal 29 in a combining way, the output end of the monitoring terminal 29 is electrically connected with a decryption transcoding unit 30, the decryption transcoding unit 30 is electrically connected with the other input end of the encryption channel 3 through a lead, the other input end of the monitoring terminal 29 is electrically connected with a forced execution unit 31, the forced execution unit 31 is electrically connected with the other output end of the signal on-off control unit 2 through a lead, the monitoring terminal 29 integrates the data returned by the PM management server 15 and the intelligent analysis system 20 and processes the data, when an intrusion signal is found, a forced execution instruction is issued to the forced execution unit 31 in time to close the corresponding signal channel in the signal on-off control unit 2, thereby realizing the purpose that the signal is completely cut off at the source and avoiding the intrusion signal from being continuously input, the method has a certain prejudgment effect, and the monitoring terminal 29 can easily acquire the information of each signal channel by using the decryption transcoding unit 30.
In summary, in the apparatus for sensing unknown network attack behavior based on the upstream probe, firstly, signals are input into the signal on-off control unit 2 from the equipment signal source 1, the signals pass through the signal channel of the signal on-off control unit 2 and are respectively encrypted by the encryption channel 3, the encrypted information can be obtained by the monitoring terminal 29 through the decryption transcoding unit 30, meanwhile, the encrypted information is input into the network probe system 4, the input information is intercepted by the antivirus probe 10 and the intrusion detection probe 11 in the probe unit 5, the information and the intercepted data are respectively input into the PM management server 15 and the intelligent analysis system 20, the PM management server 15 performs real-time monitoring and historical data analysis on the information, the intelligent analysis system 20 performs professional analysis processing on the data to screen suspicious intrusion signals, the PM management server 15 and the intelligent analysis system 20 input the respectively processed data into the monitoring terminal 29, the monitoring terminal 29 judges whether an intrusion signal exists, and when the intrusion signal is found, a forced execution instruction is issued to the forced execution unit 31 in time to close a corresponding signal channel in the closing signal on-off control unit 2, so that the purpose that the signal is completely cut off at the source is realized, and the intrusion signal is prevented from being continuously input;
a set of feedback mechanism is provided in the intelligent analysis system 20, and the operation process of the feedback mechanism is as follows: the information is input into an intelligent processing module 25 in the intelligent analysis system 20, and is firstly diagnosed by a probe abnormity alarm module 26, the probe abnormity alarm module 26 judges whether the probe is abnormal, if the probe is abnormal, the abnormal information is subjected to alarm processing, the fault is checked by the combined self-checking self-defence module 28, if the probe is normal, the information is continuously input into an information input abnormity alarm module 27 for judging whether the information input is abnormal, if the information input is abnormal, the alarm is given, the fault is checked by the combined self-checking self-defence module 28, and if the information input is normal, the data is input into the test analysis module 22 for professional analysis.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (10)

1. The utility model provides a device based on unknown network attack action of upstream probe perception, includes equipment signal source (1), network probe system (4), PM management server (15), intelligent analysis system (20) and monitor terminal (29), its characterized in that: the output end of the equipment signal source (1) is electrically connected with a signal on-off control unit (2), the upper output end of the signal on-off control unit (2) is electrically connected with an encryption channel (3), the encryption channel (3) is used for encrypting signals, the output end of the encryption channel (3) is electrically connected with a network probe system (4), the output end of the network probe system (4) is respectively and electrically connected with a PM management server (15) and an intelligent analysis system (20) through leads, the output end of the PM management server (15) is interactively and electrically connected with a management service database (16), the output end of the intelligent analysis system (20) is interactively and electrically connected with an intelligent analysis database (21), and the output ends of the PM management server (15) and the intelligent analysis system (20) are electrically and jointly connected with a monitoring terminal (29), an output end of the monitoring terminal (29) is electrically connected with a decryption transcoding unit (30), the decryption transcoding unit (30) is electrically connected with another input end of the encryption channel (3) through a lead, the monitoring terminal (29) integrates data returned by the PM management server (15) and the intelligent analysis system (20), another input end of the monitoring terminal (29) is electrically connected with a forced execution unit (31), the forced execution unit (31) is electrically connected with another output end of the signal on-off control unit (2) through a lead, signals are input into the signal on-off control unit (2) from the equipment signal source (1) in a channel-by-channel manner, the signals pass through the signal channel of the signal on-off control unit (2) and are respectively encrypted by the encryption channel (3), the encrypted information can be acquired by the monitoring terminal (29) through the decryption transcoding unit (30), and the encrypted information is input into the network probe system (4), an antivirus probe (10) and an intrusion detection probe (11) in a probe unit (5) intercept input information, the information and intercepted data are respectively input into a PM management server (15) and an intelligent analysis system (20), the PM management server (15) carries out real-time monitoring and historical data analysis on the information, the intelligent analysis system (20) carries out professional analysis processing on the data and discriminates suspicious intrusion signals, the PM management server (15) and the intelligent analysis system (20) input the respectively processed data into a monitoring terminal (29), the monitoring terminal (29) judges whether the intrusion signals exist or not, and when the intrusion signals are found, a forced execution instruction is issued to a forced execution unit (31) in time to close corresponding signal channels in a closed signal on-off control unit (2), so that the purpose that the signals are completely cut off at the source is realized, avoiding the intrusion signal from being input continuously; a set of feedback mechanism is arranged in the intelligent analysis system (20), and the operation process of the feedback mechanism is as follows: information is input into an intelligent processing module (25) in an intelligent analysis system (20), the probe abnormity warning module (26) diagnoses the probe abnormity warning module (26) firstly, whether the probe is abnormal is judged by the probe abnormity warning module (26), if the probe is abnormal, the abnormal information is warned, troubleshooting is carried out on the abnormal information and the self-checking self-defence module (28) in parallel, if the probe is normal, the information is continuously input into the information input abnormity warning module (27) to judge whether the information is abnormal, if the information is abnormal, warning is carried out, troubleshooting is carried out on the self-checking self-defence module (28) in parallel, and if the information is normal, data is input into the test analysis module (22) to be subjected to professional analysis.
2. The device for sensing unknown cyber-attack behaviors based on the upstream probe according to claim 1, wherein: a plurality of groups of signal channels are arranged in the signal on-off control unit (2), and each signal channel in the signal on-off control unit (2) corresponds to each signal source output in the equipment signal source (1) one by one.
3. The device for sensing unknown cyber-attack behaviors based on the upstream probe according to claim 1, wherein: the network probe system (4) comprises a probe element (5), a management and control module (6), a user authentication module (7), an upgrading module (8) and a data storage module (9), the probe element (5), the management and control module (6), the user authentication module (7), the upgrading module (8) and the data storage module (9) are all electrically connected in parallel through a wire, the probe element (5) is used for intercepting a network data packet, the management and control module (6) is used for receiving probe data, storing and analyzing the data, generating a log and a report file, the user authentication module (7) is used for user login and authority transfer, the upgrading module (8) is used for system upgrading of the network probe system (4), and the data storage module (9) is used for storing system data.
4. The device of claim 3, wherein the upstream probe senses unknown cyber-attack behaviors based on the unknown cyber-attack behaviors, and the upstream probe senses the unknown cyber-attack behaviors based on the unknown cyber-attack behaviors and includes: probe unit (5) are including anti-virus probe (10) and intrusion detection probe (11), and through wire electric property parallel connection between anti-virus probe (10) and intrusion detection probe (11), anti-virus probe (10) are used for intercepting the virus and attack, and intrusion detection probe (11) are used for intercepting the invasion.
5. The device of claim 3, wherein the upstream probe senses unknown cyber-attack behaviors based on the unknown cyber-attack behaviors, and the upstream probe senses the unknown cyber-attack behaviors based on the unknown cyber-attack behaviors and includes: the upgrade module (8) comprises a self-checking module (12), a bug fixing module (13) and a network serial port (14), a parallel circuit is formed among the self-checking module (12), the bug fixing module (13) and the network serial port (14) through wires, the self-checking module (12) can perform self-checking on the system state of the network probe system (4), the bug fixing module (13) is used for fixing system bugs and setting automatic downloading patch package fixing bugs, and the network serial port (14) is used for networking operation of the upgrade module (8).
6. The device for sensing unknown cyber-attack behaviors based on the upstream probe according to claim 1, wherein: the PM management server (15) comprises a probe configuration module (17), a monitoring and diagnosis module (18) and a data analysis module (19), the probe configuration module (17), the monitoring and diagnosis module (18) and the data analysis module (19) are electrically connected in parallel through a lead, the probe configuration module (17) is used for carrying out comprehensive parameter configuration on the antivirus probe (10) and the intrusion detection probe (11), the monitoring and diagnosis module (18) is used for monitoring and fault diagnosis of flow and data, and the data analysis module (19) is used for analyzing the data.
7. The apparatus of claim 6, wherein the upstream probe senses unknown cyber-attack behavior based on the upstream probe, and the upstream probe senses unknown cyber-attack behavior based on the unknown cyber-attack behavior sensed by the upstream probe, and the upstream probe senses unknown cyber-attack behavior based on the unknown cyber-attack behavior sensed by the upstream probe: the probe configuration module (17) and the monitoring and diagnosis module (18) are connected in parallel through a lead and then are connected to the input end of the management service database (16), and the management service database (16) is electrically connected with the input end of the data analysis module (19) through a lead.
8. The device for sensing unknown cyber-attack behaviors based on the upstream probe according to claim 1, wherein: the intelligent analysis system (20) comprises a test analysis module (22), a protocol decoding module (23), a filtering module (24) and an intelligent processing module (25), a parallel loop is formed among the test analysis module (22), the protocol decoding module (23), the filtering module (24) and the intelligent processing module (25) through wires, the test analysis module (22), the protocol decoding module (23) and the filtering module (24) are used for analyzing and processing data, and the test analysis module (22), the protocol decoding module (23) and the filtering module (24) input obtained information into an intelligent analysis database (21) for storage.
9. The apparatus according to claim 8, wherein the upstream probe senses unknown cyber-attack behavior based on the upstream probe, and the apparatus further comprises: the test analysis module (22), the protocol decoding module (23) and the filtering module (24) are electrically connected in parallel and then are connected to the input end of the intelligent analysis database (21).
10. The apparatus according to claim 8, wherein the upstream probe senses unknown cyber-attack behavior based on the upstream probe, and the apparatus further comprises: the intelligent processing module (25) comprises a probe abnormity alarm module (26), an information input abnormity alarm module (27) and a self-checking module (28), the probe abnormity alarm module (26) and the information input abnormity alarm module (27) are respectively electrically connected with the self-checking module (28) through leads, the probe abnormity alarm module (26) is combined with the self-checking module (28) to detect and diagnose whether the probe is abnormal or not, the information input abnormity alarm module (27) is also combined with the self-checking module (28) to detect and diagnose whether the information is abnormal or not when entering the test analysis module (22) and remind people of paying attention by alarming, the reaction mechanism is sound, and the intelligent analysis system (20) has self-repairing and self-checking functions by the self-checking module (28).
CN201910731937.9A 2019-08-09 2019-08-09 Device for sensing unknown network attack behavior based on upstream probe Active CN110365709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910731937.9A CN110365709B (en) 2019-08-09 2019-08-09 Device for sensing unknown network attack behavior based on upstream probe

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910731937.9A CN110365709B (en) 2019-08-09 2019-08-09 Device for sensing unknown network attack behavior based on upstream probe

Publications (2)

Publication Number Publication Date
CN110365709A CN110365709A (en) 2019-10-22
CN110365709B true CN110365709B (en) 2021-07-20

Family

ID=68223507

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910731937.9A Active CN110365709B (en) 2019-08-09 2019-08-09 Device for sensing unknown network attack behavior based on upstream probe

Country Status (1)

Country Link
CN (1) CN110365709B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933099A (en) * 2019-12-09 2020-03-27 南京蓝升信息科技有限公司 Network safety data intelligent analysis system based on network probe
CN111509863B (en) * 2020-05-26 2022-03-04 广东电网有限责任公司 Mobile substation monitoring alarm system and method
CN114826662B (en) * 2022-03-18 2024-02-06 深圳开源互联网安全技术有限公司 Custom rule protection method, device, equipment and readable storage medium
CN114528602B (en) * 2022-04-22 2022-07-12 广州万协通信息技术有限公司 Security chip operation method and device based on attack detection behavior

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104145500A (en) * 2011-12-14 2014-11-12 埃克提克斯有限责任公司 Method and systems for maintaining or optimizing a mobile phone network
CN107566350A (en) * 2017-08-15 2018-01-09 深信服科技股份有限公司 Security configuration vulnerability monitoring method, apparatus and computer-readable recording medium
CN107995162A (en) * 2017-10-27 2018-05-04 深信服科技股份有限公司 Network security sensory perceptual system, method and readable storage medium storing program for executing
CN108600236A (en) * 2018-04-28 2018-09-28 张红彬 Video surveillance network intelligent information safety integrated management system
CN109302408A (en) * 2018-10-31 2019-02-01 西安交通大学 A kind of network security situation evaluating method
CN109525597A (en) * 2018-12-26 2019-03-26 安徽网华信息科技有限公司 It is a kind of can remote assistance operation network security emergency disposal system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9686156B2 (en) * 2014-05-10 2017-06-20 Cyberrock Inc. Network flow monitoring
US9614861B2 (en) * 2015-08-26 2017-04-04 Microsoft Technology Licensing, Llc Monitoring the life cycle of a computer network connection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104145500A (en) * 2011-12-14 2014-11-12 埃克提克斯有限责任公司 Method and systems for maintaining or optimizing a mobile phone network
CN107566350A (en) * 2017-08-15 2018-01-09 深信服科技股份有限公司 Security configuration vulnerability monitoring method, apparatus and computer-readable recording medium
CN107995162A (en) * 2017-10-27 2018-05-04 深信服科技股份有限公司 Network security sensory perceptual system, method and readable storage medium storing program for executing
CN108600236A (en) * 2018-04-28 2018-09-28 张红彬 Video surveillance network intelligent information safety integrated management system
CN109302408A (en) * 2018-10-31 2019-02-01 西安交通大学 A kind of network security situation evaluating method
CN109525597A (en) * 2018-12-26 2019-03-26 安徽网华信息科技有限公司 It is a kind of can remote assistance operation network security emergency disposal system

Also Published As

Publication number Publication date
CN110365709A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN110365709B (en) Device for sensing unknown network attack behavior based on upstream probe
US10931635B2 (en) Host behavior and network analytics based automotive secure gateway
US8418247B2 (en) Intrusion detection method and system
US20040117658A1 (en) Security monitoring and intrusion detection system
US11080392B2 (en) Method for systematic collection and analysis of forensic data in a unified communications system deployed in a cloud environment
Mukhopadhyay et al. A comparative study of related technologies of intrusion detection & prevention systems
Jackson Intrusion detection system (IDS) product survey
CN113839935B (en) Network situation awareness method, device and system
Pradhan et al. Intrusion detection system (IDS) and their types
CN111212035A (en) Host computer defect confirming and automatic repairing method and system based on same
CN116827675A (en) Network information security analysis system
CN111193738A (en) Intrusion detection method of industrial control system
CN112787985B (en) Vulnerability processing method, management equipment and gateway equipment
CN110049015B (en) Network security situation awareness system
CN113794590B (en) Method, device and system for processing network security situation awareness information
CN114006722B (en) Situation awareness verification method, device and system for detecting threat
CN114301796B (en) Verification method, device and system for prediction situation awareness
Resmi et al. Intrusion detection system techniques and tools: A survey
Wu et al. Study of intrusion detection systems (IDSs) in network security
CN112839031A (en) Industrial control network security protection system and method
CN111541644A (en) Illegal IP scanning prevention technology realized based on dynamic host configuration protocol
Anand et al. Network intrusion detection and prevention
CN114006720B (en) Network security situation awareness method, device and system
Madrid et al. Functionality, reliability and adaptability improvements to the OSSIM information security console
CN117439785A (en) Safety evidence obtaining method and system for vehicle end intrusion

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant