CN115086012A - Network security defense system based on video cloud command system - Google Patents
Network security defense system based on video cloud command system Download PDFInfo
- Publication number
- CN115086012A CN115086012A CN202210662904.5A CN202210662904A CN115086012A CN 115086012 A CN115086012 A CN 115086012A CN 202210662904 A CN202210662904 A CN 202210662904A CN 115086012 A CN115086012 A CN 115086012A
- Authority
- CN
- China
- Prior art keywords
- module
- instruction
- monitoring
- attack
- output end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 102
- 238000004458 analytical method Methods 0.000 claims description 23
- 241000700605 Viruses Species 0.000 claims description 17
- 238000001514 detection method Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000012550 audit Methods 0.000 claims 4
- 230000008447 perception Effects 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security defense system based on a video cloud command system, which comprises a command terminal, a monitoring system, a situation perception system, a network boundary protection system and a learning system, wherein the output end of the command terminal is electrically connected with the monitoring system, the output end of the monitoring system is electrically connected with a router module, and the output end of the router module is fixedly connected with the situation perception system. Therefore, the monitoring system can learn conveniently, and the range of primary defense can be improved.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security defense system based on a video cloud command system.
Background
The network security protection is a network security technology, and aims to solve the technical means of how to effectively perform intervention control and how to ensure the security of data transmission, and mainly comprises a physical security analysis technology, a network structure security analysis technology, a system security analysis technology, a management security analysis technology and other security services and security mechanism strategies.
The invention content is as follows:
the invention aims to solve the problems in the prior art by providing a network security defense system based on a video cloud command system.
In order to solve the above problems, the present invention provides a technical solution:
a network security defense system based on a video cloud command system comprises a command terminal, a monitoring system, a situation sensing system, a network boundary protection system and a learning system, wherein the output end of the command terminal is electrically connected with the monitoring system, the output end of the monitoring system is electrically connected with a router module, the output end of the router module is fixedly connected with the situation sensing system, the output end of the situation sensing system is fixedly connected with a switch module, the output end of the switch module is fixedly connected with a flow recording module, the output end of the flow recording module is fixedly connected with a flow comparison module, the output end of the flow comparison module is fixedly connected with the network boundary protection system, and the output end of the network boundary protection system is fixedly connected with the learning system; the command terminal is used for sending command instructions to the monitoring system through a plurality of channels; the monitoring system is used for detecting the IP address of the instruction and performing primary safety detection; the router module is used for sending the primary detection instruction to the situation awareness system; the situation awareness system is used for predicting the attack situation of the instruction and intercepting the external network attack; the switch module is used for transmitting the target instruction to a corresponding queue according to a preset routing rule; the network boundary protection system is used for verifying the authenticity of the instruction and intercepting the intranet attack; the learning system is used for storing various modes of encountering attacks.
Preferably, the monitoring system comprises a security authentication module, an IP monitoring module and a flow monitoring module, wherein an output end of the security authentication module is electrically connected with an input end of the IP monitoring module, and an output end of the IP monitoring module is electrically connected with an input end of the flow monitoring module; the safety authentication module is used for preexamining the safety of the instruction; the IP monitoring module is used for monitoring the IP address of the command terminal sent by the command; the flow monitoring module is used for recording the flow sent by the instruction.
Preferably, the situation awareness system comprises an instruction acquisition module, a threat analysis module, an attack monitoring module, an IDS monitoring module and an instruction statistics module, wherein an output end of the instruction acquisition module is electrically connected with an input end of the threat analysis module, an output end of the threat analysis module is electrically connected with an input end of the attack monitoring module, an output end of the attack monitoring module is electrically connected with an input end of the IDS monitoring module, and an output end of the IDS monitoring module is electrically connected with an input end of the instruction statistics module.
Preferably, the instruction acquisition module is configured to acquire an instruction message sent by the router module, and send the message to the threat analysis module; the threat analysis module is used for judging the threat information of the instruction and sending the non-threat instruction to the attack monitoring module; the attack monitoring module is used for monitoring the attack information of the instruction and sending the instruction without attack threat to the IDS monitoring module; the IDS monitoring module is used for intercepting the attack of the external network; the instruction counting module is used for counting and recording the transmitted instructions and generating a data packet.
Preferably, the flow recording module is used for recording the flow of the instruction on the switch module; the flow comparison module is used for comparing the instruction flow information at the flow recording module and the flow monitoring module.
As preferred, network boundary protection system includes flow mirror image module, IPS module, instruction scanning module, true and false judgement module, judges and examines the module and judges and examine the module, the output of flow mirror image module and the speed fixed connection of IPS module, the output of IPS module and the input fixed connection of instruction scanning module, the output of instruction scanning module and the input fixed connection of true and false judgement module, the output of true and false judgement module and the input fixed connection who judges to examine the module, the output of judgement examining the module and the input fixed connection of instruction execution module.
Preferably, the traffic mirroring module is configured to mirror instruction traffic data on the switch module to the IPS module; the IPS module is used for isolating the information attached to the internal network attack on the instruction and sending the instruction without the attack information to the instruction scanning module; the instruction scanning module is used for scanning the instruction information and sending the scanning result to the authenticity judging module; the authenticity judgment module is used for judging the authenticity of the instruction and sending a judgment result to the judgment and verification module; the judging and auditing module is used for reviewing the judging result and sending the command without error to the command executing module; the instruction execution module is used for executing instruction information.
Preferably, the output end of the flow comparison module is electrically connected with the input end of the learning system, the output end of the situation awareness system is electrically connected with the input end of the learning system, and the output end of the learning system is electrically connected with the input end of the monitoring system.
Preferably, the learning system includes an attack storage unit, a virus storage unit and a protocol storage unit, wherein an output end of the attack storage unit is electrically connected to an input end of the virus storage unit, and an output end of the virus storage unit is electrically connected to an input end of the protocol storage unit.
Preferably, the attack storage unit is used for recording and storing attack modes from multiple channels; the virus storage unit is used for storing viruses from multiple channels; the protocol storage unit is used for storing the multi-channel protocol attack mode.
The invention has the beneficial effects that: through the monitoring system who sets up, can monitor instruction safety and delivery channel to reach the function of elementary defense, can predict the attack situation of instruction through situation perception system, and intercept the attack of foreign network, can carry out the true and false verification to the instruction through network boundary protection system, and intercept the attack of internal network, thereby the secure transmission effect of network has been improved, can save the mode of attack through learning system, thereby make things convenient for monitoring system to learn, can improve the scope of elementary defense.
Description of the drawings:
for ease of illustration, the invention is described in detail by the following detailed description and the accompanying drawings.
FIG. 1 is an overall process topology of the present invention;
FIG. 2 is a topology diagram of a monitoring system process of the present invention;
FIG. 3 is a topology diagram of the process of the situational awareness system of the present invention;
FIG. 4 is a flowchart topology of the learning system of the present invention.
The specific implementation mode is as follows:
as shown in fig. 1 to 4, the following technical solutions are adopted in the present embodiment:
example (b):
a network security defense system based on a video cloud command system comprises a command terminal, a monitoring system, a situation sensing system, a network boundary protection system and a learning system, wherein the output end of the command terminal is electrically connected with the monitoring system, the output end of the monitoring system is electrically connected with a router module, the output end of the router module is fixedly connected with the situation sensing system, the output end of the situation sensing system is fixedly connected with a switch module, the output end of the switch module is fixedly connected with a flow recording module, the output end of the flow recording module is fixedly connected with a flow comparison module, the output end of the flow comparison module is fixedly connected with the network boundary protection system, and the output end of the network boundary protection system is fixedly connected with the learning system;
the command terminal is used for sending command instructions to the monitoring system through a plurality of channels; the monitoring system is used for detecting the IP address of the instruction, performing primary safety detection and directly eliminating the instruction containing the attack information at the source so as to avoid subsequent work flow; the router module is used for sending the primary detection instruction to the situation awareness system; the situation awareness system is used for predicting attack situations of the instructions, intercepting the attack of the extranet and predicting the instructions outside the extranet so as to prevent the instructions containing attack information from entering the intranet; the switch module is used for transmitting the target instruction to a corresponding queue according to a preset routing rule; the network boundary protection system is used for verifying the authenticity of the instruction and intercepting the attack of the internal network, so that the instruction can be judged, the safety of the internal network can be defended, and the stability of the system is ensured; the learning system is used for storing various modes suffering from attacks, and storing the attack modes, so that the monitoring system can learn conveniently, and the range of primary defense can be improved.
The monitoring system comprises a safety authentication module, an IP monitoring module and a flow monitoring module, wherein the output end of the safety authentication module is electrically connected with the input end of the IP monitoring module, and the output end of the IP monitoring module is electrically connected with the input end of the flow monitoring module; the safety authentication module is used for preexamining the safety of the instruction; the IP monitoring module is used for monitoring the IP address of the command terminal sent by the command; the flow monitoring module is used for recording the flow sent by the instruction, and can lock the terminal sent by the instruction by pre-examining the instruction and inquiring the IP address, so that the further processing is carried out, and the instruction flow can be monitored.
The situation awareness system comprises an instruction acquisition module, a threat analysis module, an attack monitoring module, an IDS monitoring module and an instruction statistics module, wherein the output end of the instruction acquisition module is electrically connected with the input end of the threat analysis module, the output end of the threat analysis module is electrically connected with the input end of the attack monitoring module, the output end of the attack monitoring module is electrically connected with the input end of the IDS monitoring module, and the output end of the IDS monitoring module is electrically connected with the input end of the instruction statistics module.
The instruction acquisition module is used for acquiring an instruction message sent by the router module and sending the message to the threat analysis module; the threat analysis module is used for judging the threat information of the instruction and sending the non-threat instruction to the attack monitoring module; the attack monitoring module is used for monitoring the attack information of the instruction and sending the instruction without attack threat to the IDS monitoring module; the IDS monitoring module is used for intercepting the attack of the external network; the instruction counting module is used for counting and recording the transmitted instructions and generating a data packet.
The flow recording module is used for recording the flow of the instruction on the switch module; the flow comparison module is used for comparing the instruction flow information at the flow recording module and the flow monitoring module.
The network boundary protection system comprises a flow mirror image module, an IPS module, an instruction scanning module, an authenticity judging module, a judging and auditing module and a judging and auditing module, wherein the output end of the flow mirror image module is fixedly connected with the speed of the IPS module, the output end of the IPS module is fixedly connected with the input end of the instruction scanning module, the output end of the instruction scanning module is fixedly connected with the input end of the authenticity judging module, the output end of the authenticity judging module is fixedly connected with the input end of the judging and auditing module, and the output end of the judging and auditing module is fixedly connected with the input end of the instruction executing module.
The flow mirroring module is used for mirroring the instruction flow data on the switch module to the IPS module; the IPS module is used for isolating the information attached to the internal network attack on the instruction and sending the instruction without the attack information to the instruction scanning module; the instruction scanning module is used for scanning the instruction information and sending the scanning result to the authenticity judging module; the authenticity judgment module is used for judging the authenticity of the instruction and sending a judgment result to the judgment and verification module; the judging and auditing module is used for reviewing the judging result and sending the command without error to the command executing module; the instruction execution module is used for executing instruction information.
The output end of the flow comparison module is electrically connected with the input end of the learning system, the output end of the situation perception system is electrically connected with the input end of the learning system, and the output end of the learning system is electrically connected with the input end of the monitoring system, so that the learning system can receive attack information on multiple channels and supply the attack information to the monitoring system for learning, and primary judgment capability of the monitoring system is improved.
The learning system comprises an attack storage unit, a virus storage unit and a protocol storage unit, wherein the output end of the attack storage unit is electrically connected with the input end of the virus storage unit, and the output end of the virus storage unit is electrically connected with the input end of the protocol storage unit.
The attack storage unit is used for recording and storing attack modes from multiple channels; the virus storage unit is used for storing viruses from multiple channels; the protocol storage unit is used for storing the multi-channel protocol attack mode.
Specifically, the command terminal sends the command to the monitoring system, the security of the command is pre-checked through the security authentication module at the moment, if the command contains attack information, the sending is finished, the IP address of the command terminal which sends the command is tracked through the IP monitoring module, if the command does not contain the attack information, the flow which sends the command is recorded through the flow monitoring module, the command is sent to the situation perception system through the router module, the command acquisition module can acquire the command message sent by the router module at the moment, and judge whether the command contains the threat information through the threat analysis module, if the command contains the threat information, the sending is finished, if the command does not contain the threat information, the command is sent to the attack monitoring module, whether the command contains the attack information is judged through the attack monitoring module, if the command contains the attack information, the sending is finished, and if the command does not contain the attack information, the command is sent to the IDS monitoring module, the IDS monitoring module can intercept the attack of the external network, the instruction counting module counts and records the sent instruction and generates a data packet, the exchanger module transmits the target instruction to a corresponding queue according to a preset routing rule, the flow recording module records the flow of the instruction on the exchanger module, the flow comparison module compares whether the instruction flow information at the flow recording module is consistent with that at the flow monitoring module, if the instruction is inconsistent, the sending is finished, if the instruction is consistent, the flow mirror module mirrors the instruction flow data on the exchanger module to the IPS module, the IPS module isolates the information of the internal network attack attached to the instruction and sends the instruction without the attack information to the instruction scanning module, the instruction scanning module scans the instruction information and sends the scanning result to the authenticity judging module, the authenticity of the instruction is judged through the authenticity judging module, if the instruction is judged to be counterfeit, the sending is finished, if the instruction is judged to be authentic, the judgment result is sent to the judging and auditing module, the judging and auditing module is used for rechecking the judgment result, and the rechecking-free instruction is sent to the instruction executing module, so that the instruction information can be executed through the instruction executing module, and the attack modes from the security authentication module, the threat analysis module, the attack monitoring module, the flow comparison module, the authenticity judging module and the judging and auditing module can be recorded and stored through the attack storage unit; the virus storage unit can store the viruses from the security authentication module, the threat analysis module, the attack monitoring module, the flow comparison module, the authenticity judgment module and the judgment and verification module; the protocol attack mode of the security authentication module, the threat analysis module, the attack monitoring module, the flow comparison module, the authenticity judgment module and the judgment and verification module can be stored through the protocol storage unit.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A network security defense system based on a video cloud command system is characterized by comprising a command terminal, a monitoring system, a situation sensing system, a network boundary protection system and a learning system, wherein the output end of the command terminal is electrically connected with the monitoring system, the output end of the monitoring system is electrically connected with a router module, the output end of the router module is fixedly connected with the situation sensing system, the output end of the situation sensing system is fixedly connected with a switch module, the output end of the switch module is fixedly connected with a flow recording module, the output end of the flow recording module is fixedly connected with a flow comparison module, the output end of the flow comparison module is fixedly connected with the network boundary protection system, and the output end of the network boundary protection system is fixedly connected with the learning system; the command terminal is used for sending command instructions to the monitoring system through a plurality of channels; the monitoring system is used for detecting the IP address of the instruction and performing primary safety detection; the router module is used for sending the primary detection instruction to the situation awareness system; the situation awareness system is used for predicting the attack situation of the instruction and intercepting the external network attack; the switch module is used for transmitting the target instruction to a corresponding queue according to a preset routing rule; the network boundary protection system is used for verifying the authenticity of the instruction and intercepting the intranet attack; the learning system is used for storing various modes which are attacked.
2. The network security defense system based on the video cloud command system as claimed in claim 1, wherein the monitoring system comprises a security authentication module, an IP monitoring module and a flow monitoring module, an output end of the security authentication module is electrically connected with an input end of the IP monitoring module, and an output end of the IP monitoring module is electrically connected with an input end of the flow monitoring module; the safety authentication module is used for preexamining the safety of the instruction; the IP monitoring module is used for monitoring the IP address of the command terminal sent by the command; the flow monitoring module is used for recording the flow sent by the instruction.
3. The system of claim 1, wherein the situation awareness system comprises a command acquisition module, a threat analysis module, an attack monitoring module, an IDS monitoring module, and a command statistics module, wherein an output of the command acquisition module is electrically connected to an input of the threat analysis module, an output of the threat analysis module is electrically connected to an input of the attack monitoring module, an output of the attack monitoring module is electrically connected to an input of the IDS monitoring module, and an output of the IDS monitoring module is electrically connected to an input of the command statistics module.
4. The network security defense system based on the video cloud command system as claimed in claim 3, wherein the instruction obtaining module is configured to obtain an instruction message sent by the router module, and send the message to the threat analysis module; the threat analysis module is used for judging the threat information of the instruction and sending the non-threat instruction to the attack monitoring module; the attack monitoring module is used for monitoring the attack information of the instruction and sending the instruction without attack threat to the IDS monitoring module; the IDS monitoring module is used for intercepting the attack of the external network; the instruction counting module is used for counting and recording the transmitted instructions and generating a data packet.
5. The system according to claim 1, wherein the traffic recording module is configured to record traffic of the instruction on the switch module; the flow comparison module is used for comparing the instruction flow information at the flow recording module and the flow monitoring module.
6. The network security defense system based on the video cloud command system as claimed in claim 1, wherein the network boundary protection system comprises a flow mirroring module, an IPS module, an instruction scanning module, an authenticity judging module, a judgment and audit module and a judgment and audit module, an output end of the flow mirroring module is fixedly connected with an input end of the IPS module, an output end of the IPS module is fixedly connected with an input end of the instruction scanning module, an output end of the instruction scanning module is fixedly connected with an input end of the authenticity judging module, an output end of the authenticity judging module is fixedly connected with an input end of the judgment and audit module, and an output end of the judgment and audit module is fixedly connected with an input end of the instruction executing module.
7. The system according to claim 6, wherein the traffic mirroring module is configured to mirror the instruction traffic data on the switch module to the IPS module; the IPS module is used for isolating the information attached to the internal network attack on the instruction and sending the instruction without the attack information to the instruction scanning module; the instruction scanning module is used for scanning the instruction information and sending the scanning result to the authenticity judging module; the authenticity judgment module is used for judging the authenticity of the instruction and sending a judgment result to the judgment and verification module; the judging and auditing module is used for reviewing the judging result and sending the command without error to the command executing module; the instruction execution module is used for executing instruction information.
8. The system of claim 1, wherein an output of the flow comparison module is electrically connected to an input of a learning system, an output of the situation awareness system is electrically connected to an input of the learning system, and an output of the learning system is electrically connected to an input of a monitoring system.
9. The system of claim 1, wherein the learning system comprises an attack storage unit, a virus storage unit and a protocol storage unit, an output of the attack storage unit is electrically connected to an input of the virus storage unit, and an output of the virus storage unit is electrically connected to an input of the protocol storage unit.
10. The system according to claim 9, wherein the attack storage unit is configured to record and store attack modes from multiple channels; the virus storage unit is used for storing viruses from multiple channels; the protocol storage unit is used for storing the multi-channel protocol attack mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662904.5A CN115086012A (en) | 2022-06-13 | 2022-06-13 | Network security defense system based on video cloud command system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210662904.5A CN115086012A (en) | 2022-06-13 | 2022-06-13 | Network security defense system based on video cloud command system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115086012A true CN115086012A (en) | 2022-09-20 |
Family
ID=83250518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210662904.5A Pending CN115086012A (en) | 2022-06-13 | 2022-06-13 | Network security defense system based on video cloud command system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086012A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006071985A2 (en) * | 2004-12-29 | 2006-07-06 | Alert Logic, Inc. | Threat scoring system and method for intrusion detection security networks |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| CN106850551A (en) * | 2016-12-12 | 2017-06-13 | 长春理工大学 | Network security risk evaluation and Autonomous Defense system |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
| US20200067974A1 (en) * | 2018-08-25 | 2020-02-27 | Mcafee, Llc | Cooperative mitigation of distributed denial of service attacks originating in local networks |
-
2022
- 2022-06-13 CN CN202210662904.5A patent/CN115086012A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006071985A2 (en) * | 2004-12-29 | 2006-07-06 | Alert Logic, Inc. | Threat scoring system and method for intrusion detection security networks |
| CN106850551A (en) * | 2016-12-12 | 2017-06-13 | 长春理工大学 | Network security risk evaluation and Autonomous Defense system |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| CN107196910A (en) * | 2017-04-18 | 2017-09-22 | 国网山东省电力公司电力科学研究院 | Threat early warning monitoring system, method and the deployment framework analyzed based on big data |
| US20200067974A1 (en) * | 2018-08-25 | 2020-02-27 | Mcafee, Llc | Cooperative mitigation of distributed denial of service attacks originating in local networks |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8918875B2 (en) | System and method for ARP anti-spoofing security | |
| CN109587179B (en) | SSH (Single sign indicating) protocol behavior pattern recognition and alarm method based on bypass network full flow | |
| US8341739B2 (en) | Managing network security | |
| WO2021139643A1 (en) | Method and apparatus for detecting encrypted network attack traffic, and electronic device | |
| US7440406B2 (en) | Apparatus for displaying network status | |
| US20070248084A1 (en) | Symmetric connection detection | |
| CN114567463B (en) | Industrial network information safety monitoring and protecting system | |
| KR101219796B1 (en) | Apparatus and Method for protecting DDoS | |
| CN112260899A (en) | Network monitoring method and device based on MMU (memory management unit) | |
| Ma et al. | A design of firewall based on feedback of intrusion detection system in cloud environment | |
| KR20110033018A (en) | Collaborative protection method and apparatus for distributed denial of service | |
| CN115086012A (en) | Network security defense system based on video cloud command system | |
| Dressler et al. | Attack detection using cooperating autonomous detection systems (CATS) | |
| CN114172881B (en) | Network security verification method, device and system based on prediction | |
| CN113377051B (en) | Network safety protection equipment based on FPGA | |
| KR100862321B1 (en) | Method and apparatus for detecting and blocking network attack without attack signature | |
| CN112134845A (en) | Rejection service system | |
| KR20110040152A (en) | Method for reverse tracking of attaker packet and system for the same | |
| WO2023109587A1 (en) | Denial-of-service attack defense method and apparatus, and readable storage medium | |
| CN114465746B (en) | Network attack control method and system | |
| CN116915503B (en) | Illegal external connection detection method and device, storage medium and electronic equipment | |
| CN118353722B (en) | Network attack interception method, computer device and computer readable storage medium | |
| CN116319048A (en) | Method for reducing false alarm rate of IDPS | |
| CN116319016A (en) | Cloud-based host security detection method and device | |
| Zhang et al. | An Intelligent Defense Method for IPv6 Networks Based on Deep Neural Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |