CN111371807B - Security system based on access layer, construction method thereof, terminal and storage medium - Google Patents
Security system based on access layer, construction method thereof, terminal and storage medium Download PDFInfo
- Publication number
- CN111371807B CN111371807B CN202010213926.4A CN202010213926A CN111371807B CN 111371807 B CN111371807 B CN 111371807B CN 202010213926 A CN202010213926 A CN 202010213926A CN 111371807 B CN111371807 B CN 111371807B
- Authority
- CN
- China
- Prior art keywords
- defense
- information
- host
- defense equipment
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a security system based on an access layer and a construction method thereof, wherein the system comprises defense equipment, a central control unit and a security module, wherein the defense equipment is arranged on the access layer and is directly connected with a host, so that the information collection, behavior analysis and abnormity detection of the access host are realized, and the information collection, behavior analysis and abnormity detection are fed back to the central control unit of the defense equipment; the defense equipment integrated controller is deployed in a reachable safety area of the defense equipment and carries out information stream transmission with the defense equipment by adopting an encrypted private protocol; and after the running state and the safety situation of the intranet are evaluated according to the feedback of the defense equipment, dynamically adjusting the strategy of the defense equipment to form a closed-loop intranet defense system. The access layer defense device can replace the original access layer device, the strategy configuration of intranet defense is refined to each access host, and the defense device centralized controller performs dynamic strategy adjustment on the defense device, so that the capability of the intranet for resisting unknown risks is effectively improved.
Description
Technical Field
The invention belongs to the field of network security, and particularly relates to a security system based on an access layer, a construction method thereof, a terminal and a storage medium.
Background
With the wide popularization of computer network information technology, especially the local area network technology is widely applied to various fields such as governments, enterprises, universities and the like, and relates to aspects of production and life. The attack inside the local area network collects information such as network topology, system fingerprints and the like of the intranet continuously and irregularly, known and unknown software and hardware bugs and backdoors inside the local area network are mastered, and the attack gradually penetrates into an intranet host or application, so that the security of the intranet faces serious threats.
Most of the existing network defense equipment is deployed in an access layer and is directly connected with a host to form a protection barrier, so that the blocking of unsafe factors of a computer is realized. The existing intranet threat analysis is only used for analyzing the overall security form of the intranet, and diversified strategy control aiming at each device based on the security situation of the whole intranet cannot be achieved, so that the network security problem from the inside of the local area network cannot be effectively guaranteed or timely processed.
Disclosure of Invention
In order to solve the above problems, it is necessary to provide an access stratum based security system and a method for constructing the same.
In a first aspect, the present invention provides an access stratum-based security system, including:
the defense device is deployed on the access layer and is directly connected with the host, so that information collection, behavior analysis and abnormal detection of the access host are realized, and the information is fed back to the defense device integrated controller;
the defense equipment integrated controller is deployed in a reachable safety area of the defense equipment and carries out information stream transmission with the defense equipment by adopting an encrypted private protocol; and after the running state and the safety situation of the intranet are evaluated according to the feedback of the defense equipment, dynamically adjusting the strategy of the defense equipment to form a closed-loop intranet defense system.
Based on the above, the defense equipment comprises a host information detection module, a deep packet detection and statistics module, a sentinel node module, a host strategy information base module and a communication module; the host information detection module is used for collecting host information of new online equipment accessed to the defense equipment and reporting the host information to the defense equipment centralized controller after the collection is finished; the system comprises a deep packet detection and statistics module, a sentinel node module, a central defense device controller and a data processing module, wherein the deep packet detection and statistics module is used for analyzing and counting the flow of an access host in real time on a data surface of the defense device, transmitting abnormal flow to the sentinel node module, and periodically and synchronously transmitting analysis and statistical information to a control surface of the defense device and uploading the analysis and statistical information to the central defense device controller; the sentinel node module is used for processing abnormal flow, synchronizing abnormal information to the defense equipment integrated controller in real time and carrying out dynamic transformation according to strategy information returned by the defense equipment integrated controller; the host strategy information base module is used for storing strategy information of the access host issued by the defense equipment centralized controller and synchronizing the strategy information to a forwarded data plane in real time; and the communication module transmits information flow between the defense equipment and the defense equipment centralized controller by adopting an asymmetric encryption mode.
Based on the above, the host information includes the operating system type, the development service, the port information, and the system information related to the device bridging virtual machine.
Based on the above, the sentinel node module is further configured to disguise the intranet host by using an unused IP address in the intranet, and send a spoofing message.
Based on the above, the defense equipment integrated controller comprises a host risk evaluation module and an internal network situation analysis module; the host risk evaluation module is used for carrying out safety risk evaluation on the new online host according to the current state of the network and generating strategy control corresponding to the host; and the intranet situation analysis module is used for carrying out big data analysis on the intranet information, generating strategy control aiming at the intranet real-time state information and sending the strategy control to the defense equipment.
Based on the above, the policy control is to generate a forwarding rule table for the host according to the security risk assessment result.
Based on the above, the defense device centralized controller further includes a defense device management module, configured to show the current state of each defense device, and manually issue policy information of the defense device.
The second aspect of the present invention provides a method for constructing a security system based on an access stratum, the method comprising: deploying defense equipment on a boundary between an internal network and an external network or between a private network and a public network, carrying out information collection, behavior analysis and abnormal detection on an access host, and feeding back to a defense equipment integrated controller;
and deploying a defense equipment integrated controller in a security region where the defense equipment can reach, wherein the defense equipment integrated controller adopts an encrypted private protocol to transmit information flow with the defense equipment, and after the running state and the security situation of the intranet are evaluated according to the feedback of the defense equipment, dynamically adjusting the strategy of the defense equipment to form a closed-loop intranet defense system.
A third aspect of the present invention provides a terminal, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method for constructing the access stratum based security system when executing the computer program.
A fourth aspect of the present invention proposes a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of constructing an access stratum based security system.
Compared with the prior art, the access layer defense device has outstanding substantive characteristics and remarkable progress, and particularly, the access layer defense device can replace the original access layer device, realize that the strategy configuration of intranet defense is refined to each access host, and realize information collection, behavior analysis, abnormality detection and the like of the access hosts. The defense equipment centralized controller can complete safety assessment of an access host, the running state of an intranet, safety situation and the like according to data transmitted by the defense equipment, carries out big data analysis according to real-time information of the whole intranet, and carries out dynamic strategy adjustment on the defense equipment, so that a closed-loop intranet defense system is formed, the operation and maintenance cost of intranet defense can be remarkably reduced, and the capability of the intranet for resisting unknown risks is effectively improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a deployment scenario diagram of the system of the present invention.
Fig. 2 is a functional block diagram of the system of the present invention.
FIG. 3 is a flow chart of the operation of the system of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
As shown in fig. 1-3, the present embodiment provides an access stratum-based security system, which includes:
the defense device is deployed on the access layer and is directly connected with the host, so that information collection, behavior analysis and abnormal detection of the access host are realized, and the information is fed back to the defense device integrated controller;
the defense equipment integrated controller is deployed in a reachable safety area of the defense equipment and carries out information stream transmission with the defense equipment by adopting an encrypted private protocol; and after the running state and the safety situation of the intranet are evaluated according to the feedback of the defense equipment, dynamically adjusting the strategy of the defense equipment to form a closed-loop intranet defense system.
Defense device
The system comprises a host information detection module, a deep packet detection and statistics module, a sentinel node module, a host strategy information base module and a communication module;
the host information detection module is used for collecting host information such as the operating system type, development service and port information of new online equipment accessed to the defense equipment and relevant system information of the equipment bridging virtual machine, and reporting the host information to the defense equipment centralized controller after the collection is finished.
The deep packet detection and statistics module is used for analyzing and counting the flow of the access host in real time on the data surface of the defense equipment so as to dynamically sense the running state, safety risk information and the like of each access host, transmitting abnormal flow to the sentinel node module, and periodically and synchronously transmitting the analysis and statistics information to the control surface of the defense equipment and uploading the analysis and statistics information to the defense equipment centralized controller.
The sentinel node module is used for processing abnormal flow and disguising an intranet host by using an unused IP address in the intranet, wherein the disguising host simulates different operating systems and opens a specific port or service to sense detection scanning from the intranet or the extranet and send a deception message to achieve the purpose of disguising. The module synchronizes the abnormal information to the defense equipment integrated controller in real time, and dynamically transforms according to strategy information returned by the defense equipment integrated controller, so that attackers are further puzzled. In other embodiments, the disguised content may further include information such as host survival, service simulation, operating system fingerprint, protocol fingerprint, etc., and in combination with a periodic transformation manner, an intranet topology is formed.
And the host policy information base module is used for storing the policy information of the access host issued by the defense equipment centralized controller and synchronizing the policy information to the forwarded data plane in real time.
The communication module transmits information flow between the defense equipment and the defense equipment integrated controller in an asymmetric encryption mode; when the defense equipment is on-line for the first time, a symmetric encryption key for communication is negotiated in an asymmetric encryption mode, and the key is changed by negotiation regularly, so that the safety of information flow is ensured.
Defense equipment centralized controller
The system comprises a host risk evaluation module and an internal network situation analysis module;
the host risk evaluation module is used for evaluating the security risk of the new online host according to the current state of the network after the defense device finishes the collection of the information of the new online host and generating the strategy control of the corresponding host; therefore, the strategy control is refined to each access host, and the performance loss of the defense equipment is reduced. The strategy control mainly comprises the step of generating a forwarding rule table aiming at the host according to a security risk evaluation result. For example, when it is detected that a port of the host, which is susceptible to the LesoSovirus, is opened, the host does not need to be accessed for any operation, and the defense device intelligently discards the corresponding message, thereby achieving the purpose of defense.
The intranet situation analysis module generates strategy control aiming at a single host when the access host is on line, and defense equipment can transmit information of the access host in real time in the running process of the equipment.
And the defense equipment management module is used for displaying the current state of each defense equipment and manually issuing strategy information of the defense equipment, so that the management and the enhancement of the safety of the access host are realized according to the real-time state or the safety situation.
The operation flow of this embodiment:
when a host which is newly on-line is accessed into the defense equipment, the physical UP of a port of the defense equipment detects that the host is on-line, a control plane actively detects host information and uploads the host information to a centralized controller of the defense equipment, and a data plane discards all communication flow of the host;
the defense equipment integrated controller receives the information of the new online host, generates strategy information aiming at the host by combining the safety situation of the intranet and sends the strategy information to the defense equipment;
the control surface of the defense device receives the strategy control information and synchronizes the strategy control information to the data surface, the data surface forwards the flow of the host according to the strategy information, and the control surface starts the dynamic sentinel;
the data side of the defense equipment starts the flow data analysis and statistics of the access host, the analysis and statistics data are synchronously sent to the control side of the defense equipment, and abnormal flow is sent to the dynamic sentinel;
the abnormal flow processing comprises disguising an intranet host by using an unused IP address in an intranet and sending a deception message; and synchronizing the abnormal information to the defense equipment integrated controller in real time, and carrying out dynamic transformation according to strategy information returned by the defense equipment integrated controller.
Flow data analysis and statistics are periodically uploaded to the defense equipment integrated controller, and sentinel node information is uploaded to the defense equipment integrated controller in real time;
and the defense equipment centralized controller makes policy adjustment according to the uploaded information and by combining the situation of the intranet, and sends the policy adjustment to the defense equipment.
In this embodiment, the defense device adopts the idea of separating the control plane from the data plane, so that the main hardware performance of the defense device is used for forwarding data; the information collection of the access host is considered while the forwarding performance is not influenced, and the time-consuming or performance-influencing parts are uniformly transmitted to the defense equipment centralized controller for analysis and processing.
Example 2
The embodiment provides a method for constructing a security system based on an access stratum, which comprises the following steps: deploying defense equipment on a boundary between an internal network and an external network or between a private network and a public network, carrying out information collection, behavior analysis and abnormal detection on an access host, and feeding back to a defense equipment integrated controller;
and deploying a defense equipment integrated controller in a security region where the defense equipment can reach, wherein the defense equipment integrated controller adopts an encrypted private protocol to transmit information flow with the defense equipment, and after the running state and the security situation of the intranet are evaluated according to the feedback of the defense equipment, dynamically adjusting the strategy of the defense equipment to form a closed-loop intranet defense system.
It should be noted that, for convenience and brevity of description, the specific implementation process of the above-described method for constructing a security system based on an access stratum may refer to the implementation processes of the systems described in fig. 1 to 3, and is not described herein again.
Example 3
The present embodiment provides a terminal, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method for constructing the access stratum based security system when executing the computer program.
The memory stores a computer program that is executable on the processor. The processor implements the steps in the embodiment of the method for constructing the security system based on the access stratum when executing the computer program. Alternatively, the processor implements the functions of the units in the security system embodiment based on the access stratum when executing the computer program.
Example 4
The present embodiments provide a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of constructing an access stratum based security system.
The present embodiment provides a computer program product, which when running on a terminal device, causes the terminal device to implement the steps of the method for constructing an access stratum-based security system in the foregoing embodiments.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal and method may be implemented in other ways. For example, the above-described device/terminal embodiments are merely illustrative, and for example, the division of the above-described modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated module may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow in the method of the embodiments described above may be implemented by a computer program, which may be stored in a computer-readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. The computer program includes computer program code, and the computer program code may be in a source code form, an object code form, an executable file or some intermediate form.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (9)
1. An access stratum based security system, comprising:
the defense device is deployed on the access layer and is directly connected with the host, so that information collection, behavior analysis and abnormal detection of the access host are realized, and the information is fed back to the defense device integrated controller;
the defense equipment integrated controller is deployed in a reachable safety area of the defense equipment and carries out information stream transmission with the defense equipment by adopting an encrypted private protocol; according to the feedback of the defense equipment, after the running state and the safety situation of the intranet are evaluated, the defense equipment is subjected to dynamic strategy adjustment to form a closed-loop intranet defense system;
the defense equipment comprises a host information detection module, a deep packet detection and statistics module, a sentinel node module, a host strategy information base module and a communication module;
the host information detection module is used for collecting host information of new online equipment accessed to the defense equipment and reporting the host information to the defense equipment centralized controller after the collection is finished;
the system comprises a deep packet detection and statistics module, a sentinel node module, a central defense device controller and a data processing module, wherein the deep packet detection and statistics module is used for analyzing and counting the flow of an access host in real time on a data surface of the defense device, transmitting abnormal flow to the sentinel node module, and periodically and synchronously transmitting analysis and statistical information to a control surface of the defense device and uploading the analysis and statistical information to the central defense device controller;
the sentinel node module is used for processing abnormal flow, synchronizing abnormal information to the defense equipment integrated controller in real time and carrying out dynamic transformation according to strategy information returned by the defense equipment integrated controller;
the host strategy information base module is used for storing strategy information of the access host issued by the defense equipment centralized controller and synchronizing the strategy information to a forwarded data plane in real time;
and the communication module transmits information flow between the defense equipment and the defense equipment centralized controller by adopting an asymmetric encryption mode.
2. An access stratum based security system as claimed in claim 1, wherein: the host information includes operating system type, development service, port information, and system information related to the device bridging virtual machine.
3. An access stratum based security system as claimed in claim 1, wherein: the sentinel node module is also used for disguising the intranet host by using the unused IP address in the intranet and sending a deception message.
4. An access stratum based security system as claimed in claim 1, wherein: the defense equipment integrated controller comprises a host risk evaluation module and an internal network situation analysis module;
the host risk evaluation module is used for carrying out safety risk evaluation on the new online host according to the current state of the network and generating strategy control corresponding to the host;
and the intranet situation analysis module is used for carrying out big data analysis on the intranet information, generating strategy control aiming at the intranet real-time state information and sending the strategy control to the defense equipment.
5. An access stratum based security system as claimed in claim 4, wherein: and the strategy control is to generate a forwarding rule table aiming at the host according to the safety risk evaluation result.
6. An access stratum based security system as claimed in claim 4, wherein: the defense equipment centralized controller also comprises a defense equipment management module which is used for displaying the current state of each defense equipment and manually issuing the strategy information of the defense equipment.
7. A method for constructing a security system based on an access stratum is characterized by comprising the following steps: deploying defense equipment on a boundary between an internal network and an external network or between a private network and a public network, carrying out information collection, behavior analysis and abnormal detection on an access host, and feeding back to a defense equipment integrated controller;
deploying a defense equipment integrated controller in a security region where defense equipment can reach, wherein the defense equipment integrated controller transmits information flow with the defense equipment by adopting an encrypted private protocol, and performs dynamic strategy adjustment on the defense equipment after evaluating the operation state and security situation of an intranet according to the feedback of the defense equipment to form a closed-loop intranet defense system;
the defense equipment comprises a host information detection module, a deep packet detection and statistics module, a sentinel node module, a host strategy information base module and a communication module;
the host information detection module is used for collecting host information of new online equipment accessed to the defense equipment and reporting the host information to the defense equipment centralized controller after the collection is finished;
the system comprises a deep packet detection and statistics module, a sentinel node module, a central defense device controller and a data processing module, wherein the deep packet detection and statistics module is used for analyzing and counting the flow of an access host in real time on a data surface of the defense device, transmitting abnormal flow to the sentinel node module, and periodically and synchronously transmitting analysis and statistical information to a control surface of the defense device and uploading the analysis and statistical information to the central defense device controller;
the sentinel node module is used for processing abnormal flow, synchronizing abnormal information to the defense equipment integrated controller in real time and carrying out dynamic transformation according to strategy information returned by the defense equipment integrated controller;
the host strategy information base module is used for storing strategy information of the access host issued by the defense equipment centralized controller and synchronizing the strategy information to a forwarded data plane in real time;
and the communication module transmits information flow between the defense equipment and the defense equipment centralized controller by adopting an asymmetric encryption mode.
8. A terminal comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, characterized in that: the processor, when executing the computer program, realizes the steps of the method of claim 7.
9. A computer readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the method of claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010213926.4A CN111371807B (en) | 2020-03-24 | 2020-03-24 | Security system based on access layer, construction method thereof, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010213926.4A CN111371807B (en) | 2020-03-24 | 2020-03-24 | Security system based on access layer, construction method thereof, terminal and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111371807A CN111371807A (en) | 2020-07-03 |
| CN111371807B true CN111371807B (en) | 2022-02-25 |
Family
ID=71209118
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010213926.4A Active CN111371807B (en) | 2020-03-24 | 2020-03-24 | Security system based on access layer, construction method thereof, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111371807B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111866995B (en) * | 2020-07-26 | 2021-01-19 | 广云物联网科技(广州)有限公司 | WeChat applet-based intelligent device network distribution method and system |
| CN114760126B (en) * | 2022-04-08 | 2023-09-19 | 沈阳化工大学 | Industrial control network flow real-time intrusion detection method |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100486180C (en) * | 2007-03-16 | 2009-05-06 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
| CN101938459A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | CRNET (China Railcom Net) sSafe cooperative defense system for whole course communication network |
| US8713633B2 (en) * | 2012-07-13 | 2014-04-29 | Sophos Limited | Security access protection for user data stored in a cloud computing facility |
| US9729558B2 (en) * | 2014-02-21 | 2017-08-08 | The Regents Of The University Of Michigan | Network maliciousness susceptibility analysis and rating |
| CN105577685A (en) * | 2016-01-25 | 2016-05-11 | 浙江海洋学院 | Intrusion detection independent analysis method and system in cloud calculation environment |
| CN106411562B (en) * | 2016-06-17 | 2021-10-29 | 全球能源互联网研究院 | Electric power information network safety linkage defense method and system |
| EP3373544A1 (en) * | 2017-03-07 | 2018-09-12 | ABB Schweiz AG | Automatic communication network system hardening |
| CN108111542A (en) * | 2018-01-30 | 2018-06-01 | 深圳大学 | Internet of Things ddos attack defence method, device, equipment and medium based on SDN |
-
2020
- 2020-03-24 CN CN202010213926.4A patent/CN111371807B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111371807A (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9923909B2 (en) | System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment | |
| CN104871484B (en) | The system and method for network firewall for the endpoint hardware auxiliary in security context | |
| US20170257339A1 (en) | Logical / physical address state lifecycle management | |
| EP3149582B1 (en) | Method and apparatus for a scoring service for security threat management | |
| Gupta et al. | Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks | |
| CA2955066C (en) | Method and system for providing a virtual asset perimeter | |
| CN104767752A (en) | Distributed network isolating system and method | |
| CN101771702B (en) | Method and system for defending distributed denial of service attack in point-to-point network | |
| CN101355459B (en) | Method for monitoring network based on credible protocol | |
| Vijayakumaran et al. | A reliable next generation cyber security architecture for industrial internet of things environment | |
| CN111371807B (en) | Security system based on access layer, construction method thereof, terminal and storage medium | |
| CN103684922A (en) | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method | |
| CN109587156A (en) | Abnormal network access connection identification and blocking-up method, system, medium and equipment | |
| CN115150208B (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| Huang et al. | An authentication scheme to defend against UDP DrDoS attacks in 5G networks | |
| Bavani et al. | Statistical approach based detection of distributed denial of service attack in a software defined network | |
| CN102546522A (en) | Intranet security system and implementation method thereof | |
| Toosarvandani et al. | The risk assessment and treatment approach in order to provide LAN security based on ISMS standard | |
| Wang et al. | Distributed denial of service attack defence simulation based on honeynet technology | |
| US8819285B1 (en) | System and method for managing network communications | |
| Nair et al. | Security attacks in internet of things | |
| CN108322460B (en) | Business system flow monitoring system | |
| CN109981549A (en) | A kind of security protection system, method and medium | |
| Qin et al. | Computer network security protection system based on genetic algorithm | |
| Chennam et al. | An Overview of Cyber Physical System (CPS) Security, Threats, and Solutions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |