CN116781380A - Campus network security risk terminal interception traceability system - Google Patents
Campus network security risk terminal interception traceability system Download PDFInfo
- Publication number
- CN116781380A CN116781380A CN202310847001.9A CN202310847001A CN116781380A CN 116781380 A CN116781380 A CN 116781380A CN 202310847001 A CN202310847001 A CN 202310847001A CN 116781380 A CN116781380 A CN 116781380A
- Authority
- CN
- China
- Prior art keywords
- terminal
- interception
- security
- network
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 241000700605 Viruses Species 0.000 claims abstract description 20
- 238000007405 data analysis Methods 0.000 claims abstract description 17
- 238000004458 analytical method Methods 0.000 claims abstract description 15
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000001514 detection method Methods 0.000 claims abstract description 8
- 238000007726 management method Methods 0.000 claims description 43
- 230000006870 function Effects 0.000 claims description 35
- 238000012550 audit Methods 0.000 claims description 15
- 230000006399 behavior Effects 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 12
- 230000009471 action Effects 0.000 claims description 8
- 230000007123 defense Effects 0.000 claims description 8
- 230000009545 invasion Effects 0.000 claims description 6
- 238000013439 planning Methods 0.000 claims description 6
- 230000002265 prevention Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 230000000903 blocking effect Effects 0.000 claims description 3
- 230000010354 integration Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 239000013589 supplement Substances 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 2
- 208000015181 infectious disease Diseases 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 8
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Abstract
The invention relates to the technical field of campus network safety protection, and discloses a campus network safety risk terminal interception traceability system, which comprises the following modules, an export recognition interception system, a user request interception prompting system and a back-end data analysis management system; and (3) an outlet identification interception system: the exit boundary safety equipment is used for protection, and a background analysis management system can conveniently and rapidly transmit data with the safety equipment; user prompt interception prompting system: the method is used for informing the terminal user that the virus is suspected to be infected and timely searching and killing the virus; and the back-end data analysis management system comprises the following components: the method is used for carrying out data statistics on the intercepted times of the malicious requests, and can check risk terminal information on line through a background analysis management system by network security management personnel, so that quick positioning is realized, the malicious terminals can be actively intercepted in real time, and a security prompt page can be jumped when any webpage is opened by the risk terminals, so that a terminal user can quickly know security risks, and terminal security detection and virus checking and killing are carried out.
Description
Technical Field
The invention relates to the technical field of campus network safety protection, in particular to a campus network safety risk terminal interception traceability system.
Background
With the development of information transformation, especially with the rapid development of IoT internet of things, IPv6 and other technologies, the security challenges faced by campus internal networks are increasingly serious. Trojan horse virus is representative of intranet threat under new situation, and large-scale explosion of Trojan horse virus just indicates that intranet security is a blind spot of information construction of the current campus network, traditional firewalls, WAFs and the like are mostly used for protecting the external boundary of the network, and security defense means of the internal network exit boundary are generally insufficient.
The system is developed and built for enhancing the longitudinal security defense capability of the campus network, preventing the virus Trojan horse from spreading transversely on the campus network, realizing the identification and positioning of the risk host, building the network boundary protection wall, building the internal terminal security fence and improving the security protection capability of the campus network terminal in all directions.
Disclosure of Invention
The invention provides a campus network security risk terminal interception traceability system, which aims to solve the problems set forth in the background technology.
The invention provides the following technical scheme: a campus network security risk terminal interception traceability system, which comprises the following modules,
and (3) an outlet identification interception system: the user request interception prompting system and the back-end data analysis management system;
and (3) an outlet identification interception system: the exit boundary safety equipment is used for protection, and a background analysis management system can conveniently and rapidly transmit data with the safety equipment;
user prompt interception prompting system: the method is used for informing the terminal user that the virus is suspected to be infected and timely searching and killing the virus;
and the back-end data analysis management system comprises the following components: the system is used for carrying out data statistics on the intercepted times of the malicious request so as to redirect the malicious request to a user interception prompting system.
As a preferred technical scheme of the invention, the outlet identification interception system comprises a flow identification function, a black-and-white list function and an API interface function, wherein the flow identification function is a key link of network monitoring, the network is monitored firstly, otherwise, the monitoring is not carried out, the flow is an important carrier for transmitting data in the network, only the flow is identified, different monitoring strategies can be adopted according to different flows, or the flow is rejected, or optimized, or marked, priority classification is carried out, and the like, and all the requirements are that the flow is identified firstly.
As a preferable technical scheme of the invention, the black-and-white list function can carry out access control setting on specific websites or IP, improves the safety and reduces the false alarm rate, and the black-and-white list function is divided into a website black-and-white list, an IPv4 black-and-white list and an IPv6 black-and-white list, and 100 black-and-white list records are supported by default, so that a user can set and use the black-and-white list according to needs.
As a preferable technical scheme of the invention, the API interface function can realize data exchange and sharing between different platforms and applications, expand and customize the application function, improve the efficiency and automation and realize integration and cooperation.
As a preferred technical scheme of the invention, the exit recognition interception system is mainly realized by exit security equipment, a botnet security defense function in the equipment is used, a risk address library is automatically updated periodically or malicious websites and IP are added in a customized mode, botnet defense is configured and started in a campus network exit security domain, when a campus network terminal requests an Internet address, if the request content contains risk information, reset connection is intercepted by the exit security equipment, and relevant threat log information is recorded in an equipment log center for a background management system to read and analyze.
As a preferred technical scheme of the invention, the exit recognition interception system comprises a firewall, an IPS (in-plane switching), a log audit system, a database audit system and vulnerability scanning, wherein the firewall is used for isolating network boundaries and controlling data interaction in a network, and has the main functions of preventing security threats such as illegal access behaviors and malicious attack behaviors of an external network to an internal network in a typical network environment, and the most basic function of the firewall is policy control inflow and outflow IP and port, nat and port mapping.
As a preferable technical scheme of the invention, the gateway type security device for defending the actions such as attack and invasion in the network is a supplement to the firewall in the security function, can detect and control the data more deeply than the firewall, further improves the prevention level of the network on threats such as invasion attack, and is essentially an enhanced invasion action library, and defends automatically after detection.
According to the preferred technical scheme, the log audit system collects log and audit information generated by all software and hardware devices on a storage network, stores the log and audit information according to strategies, provides basis for evidence collection after the fact, gathers, analyzes and alarms the collected information, digs security problems, provides various reports, helps an administrator to better master network conditions, and can help users to conduct planning prevention before the fact, real-time monitoring in the fact, compliance reports after the fact, accident tracking and tracing, strengthen internal and external network behavior supervision through analyzing, analyzing and recording and reporting network behaviors such as database operation and the like of internal personnel, wherein the vulnerability scanning is used for finding vulnerabilities existing in various corners of the network system, a switch router, a server, a PC (personal computer), an application system and the like, and helps to repair the vulnerabilities.
As a preferred technical scheme of the invention, the user prompt interception prompting system is used for intercepting all external requests of a certain terminal when the terminal is defined as a risk terminal, redirecting the HTTP request, redirecting the page mainly comprises prompting information, informing the terminal user that the terminal user is suspected to infect the computer virus, searching and killing in time, displaying the content of the terminal malicious request, releasing the blocking time, viewing prompting information when the risk terminal user opens a webpage and jumps to the prompting page, sending read information to a background management system, marking that the user has received notification information, and facilitating security management personnel to screen out the risk terminal which is not managed by people in the background for timely processing.
As a preferred technical scheme of the invention, the back-end data analysis management system comprises a back-end management server, wherein the back-end data analysis management system comprises a back-end management server, a planning task is configured in the back-end management server, a script program acquires threat log information through an API interface of an export security device at regular time, a program reads the log, a terminal with the interception times reaching a system definition threshold is defined as a risk terminal through data analysis statistics, an IP address corresponding to the terminal is imported into a specific address group through a security device API interface, the terminal in the address group is limited to communicate with an external network, and meanwhile, when the terminal opens HTTP service, the system redirects to a user interception prompting system so as to inform a terminal user of timely carrying out security detection and virus scanning and killing, and security manager can check all current risk terminal information in a back-end control interface: the method comprises the steps that risk terminal IP addresses, current authentication users, interception time, deblocking time, malicious request content, malicious levels, whether terminal users receive notification and other information can be achieved, management staff can rapidly locate specific positions of the risk terminals through the terminal IP and the authentication information to achieve rapid processing, the management staff can temporarily deblock the terminals in the background, the terminals needing to be released can be temporarily added into a white list, or a certain IP can be manually blacked, at the moment, the terminals corresponding to the IP are intercepted at export security equipment and cannot communicate with the Internet, a background analysis system is mainly used for collecting security log threat information, analyzing and counting the types and the request times of the IP malicious requests, the risk levels are automatically recorded to be 1 level when the terminal requests reach a system definition threshold, after the terminal requests are pulled by export security equipment for 1 hour, the system can automatically release user requests, when the number of the malicious requests of the terminal reaches the threshold again, the blacking time is increased, the user interception prompt system and the background analysis management system mainly use of PHP as a PHP cross-service code, and PHP has a very strong operation source when PHP is developed by a PHP; the management center obtains the log analysis of the safety equipment and uses PHP and Shell program development, log information is automatically read at regular time through the safety equipment interface, shell is a program written in C language, and a user can access the kernel service of the operating system through Shell, and Shell is a command language and a programming language.
The invention has the following beneficial effects:
1. according to the campus network security risk terminal interception traceability system, network security management personnel can check risk terminal information on line through a background analysis management system, quick positioning is achieved, malicious terminals can be actively intercepted in real time, and a security prompt page can be jumped when any webpage is opened by the risk terminals, so that a terminal user can quickly know security risks, and terminal security detection and virus checking and killing are conducted.
2. When the campus network terminal requests an Internet address, if the request content contains risk information, the campus network security risk terminal intercepts and resets the connection by the export security equipment, and records relevant threat log information in the equipment log center for the background management system to read and analyze.
3. According to the campus network security risk terminal interception traceability system, when the number of malicious requests of the terminal reaches a threshold again, the risk level is accumulated, the blackout time is increased, and the terminal security risk terminal interception traceability system is mainly used for supervising a terminal user to timely check and kill viruses so as not to influence normal use.
4. The campus network security risk terminal intercepts the traceability system, when a risk terminal user opens a webpage and jumps to a prompt page, reminding information can be checked, meanwhile, read information can be sent to a background management system, the background can mark that the user has received the notification information, and security management personnel can conveniently screen out unmanned risk terminals in the background and process the unmanned risk terminals in time.
Drawings
FIG. 1 is a schematic diagram of the overall flow structure of the present invention;
fig. 2 is a schematic diagram of a flow structure of a risk terminal interception traceability system according to the present invention;
FIG. 3 is a schematic diagram of the flow structure of the exit recognition interception system of the present invention;
FIG. 4 is a schematic diagram of the internal structure of the outlet identification interception system of the present invention;
FIG. 5 is a schematic diagram of a flow structure of a situation awareness platform according to the present invention;
FIG. 6 is a schematic diagram of a flow structure of a back-end data analysis management system according to the present invention;
FIG. 7 is a schematic flow diagram of a user request interception prompting system;
fig. 8 is a schematic flow structure diagram of a risk end user according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-8, a campus network security risk terminal interception traceability system includes the following modules,
and (3) an outlet identification interception system: the user request interception prompting system and the back-end data analysis management system;
and (3) an outlet identification interception system: the exit boundary safety equipment is used for protection, and a background analysis management system can conveniently and rapidly transmit data with the safety equipment;
user prompt interception prompting system: the method is used for informing the terminal user that the virus is suspected to be infected and timely searching and killing the virus;
and the back-end data analysis management system comprises the following components: the system is used for carrying out data statistics on the intercepted times of the malicious request so as to redirect the malicious request to a user interception prompting system.
In a preferred embodiment, the outlet identification interception system includes a flow identification function, a black-and-white list function and an API interface function, where the flow identification function is a key link of network monitoring, the network is first identified, otherwise, the monitoring is not performed, the flow is an important carrier for transmitting data in the network, only the flow is identified, different monitoring strategies can be adopted according to different flows, or the flow is rejected, optimized, or marked, and priority classification is performed, and all the requirements of the operations are first identified.
In a preferred embodiment, the black-and-white list function can perform access control setting on a specific website or IP, improve security, reduce false alarm rate, and divide the black-and-white list function into a website black-and-white list, an IPv4 black-and-white list and an IPv6 black-and-white list, and all support adding 100 black-and-white list records by default, so that a user can set up and use according to needs.
In a preferred embodiment, the API interface functions enable exchange and sharing of data between different platforms and applications, expanding and customizing application functions, improving efficiency and automation, and enabling integration and collaboration.
In a preferred embodiment, the export recognition interception system is mainly implemented by an export security device, and uses a botnet security defense function in the device to automatically update a risk address library periodically or add a malicious website and an IP in a customized manner, and configures and opens the botnet defense in a campus network export security domain, when a campus network terminal requests an internet address, if the request content contains risk information, the export security device intercepts reset connection, and records relevant threat log information in a device log center for reading and analyzing by a background management system.
In a preferred embodiment, the exit recognition interception system comprises a firewall, an IPS, a log audit system, a database audit system and vulnerability scanning, wherein the firewall is used for isolating network boundaries and controlling data interaction in a network, the main function of the firewall in a typical network environment is to prevent security threats such as illegal access behaviors and malicious attack behaviors of an external network to an internal network, and the most basic function of the firewall is policy control inflow and outflow IP and port, nat and port mapping.
In a preferred embodiment, the gateway type security device used by the IPS for defending actions such as attack and intrusion in the network is a supplement to the firewall in terms of security function, and can detect and control data deeper than the firewall, so as to further improve the level of protection of the network against threats such as intrusion attack, which is essentially to enhance the intrusion behavior library, and defend automatically after detection.
In a preferred embodiment, the log audit system collects and stores log and audit information generated by all software and hardware devices on a storage network, stores the log and audit information according to strategies, provides basis for evidence collection after the fact, gathers, analyzes and alarms the collected information, digs security problems, provides various reports, helps an administrator to better master network conditions, and can help users to conduct planning prevention before the fact, real-time monitoring in the fact, compliance reports after the fact and tracing sources of accidents through analyzing, recording and reporting network behaviors such as database operations and operation and maintenance operations of internal staff, so that vulnerability scanning is used for finding vulnerabilities existing in all corners of the network system, switch routers, servers, PCs, application systems and the like, and helps repair the vulnerabilities.
In a preferred embodiment, when a certain terminal is defined as a risk terminal, the exit security device intercepts all external requests of the terminal, redirects the HTTP request, and the redirect page mainly includes prompt information to inform the terminal user that the terminal user is suspected to be infected with a computer virus, inquires and kills the terminal in time, displays content of the terminal malicious request, and releases the blocking time.
In a preferred embodiment, the back-end data analysis management system includes collecting security log threat information and analyzing and counting IP malicious request types and request times, the back-end data analysis management system includes a background management server, a planning task is configured in the background management server, a script program periodically acquires threat log information through an API interface of an export security device, a program reads the log, and at the same time, defines a terminal with malicious request intercepted times reaching a system definition threshold as a risk terminal through data analysis and counting, and imports a specific address group corresponding to an IP address of the terminal through the security device API interface, the terminal in the address group is limited to communicate with an external network, and meanwhile, when the terminal opens an HTTP service, the system redirects to a user interception prompting system so as to inform a terminal user of timely security detection and virus scanning and killing, and security manager can check all current risk terminal information in a background control interface: the method comprises the steps that risk terminal IP addresses, current authentication users, interception time, deblocking time, malicious request content, malicious levels, whether terminal users receive notification and other information can be achieved, management staff can rapidly locate specific positions of the risk terminals through the terminal IP and the authentication information to achieve rapid processing, the management staff can temporarily deblock the terminals in the background, the terminals needing to be released can be temporarily added into a white list, or a certain IP can be manually blacked, at the moment, the terminals corresponding to the IP are intercepted at export security equipment and cannot communicate with the Internet, a background analysis system is mainly used for collecting security log threat information, analyzing and counting the types and the request times of the IP malicious requests, the risk levels are automatically recorded to be 1 level when the terminal requests reach a system definition threshold, after the terminal requests are pulled by export security equipment for 1 hour, the system can automatically release user requests, when the number of the malicious requests of the terminal reaches the threshold again, the blacking time is increased, the user interception prompt system and the background analysis management system mainly use of PHP as a PHP cross-service code, and PHP has a very strong operation source when PHP is developed by a PHP; the management center obtains the log analysis of the safety equipment and uses PHP and Shell program development, log information is automatically read at regular time through the safety equipment interface, shell is a program written in C language, and a user can access the kernel service of the operating system through Shell, and Shell is a command language and a programming language.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A campus network security risk terminal interception traceability system is characterized in that: comprising the following modules, wherein the modules are arranged in a row,
and (3) an outlet identification interception system: the user request interception prompting system and the back-end data analysis management system;
and (3) an outlet identification interception system: the exit boundary safety equipment is used for protection, and a background analysis management system can conveniently and rapidly transmit data with the safety equipment;
user prompt interception prompting system: the method is used for informing the terminal user that the virus is suspected to be infected and timely searching and killing the virus;
and the back-end data analysis management system comprises the following components: the system is used for carrying out data statistics on the intercepted times of the malicious request so as to redirect the malicious request to a user interception prompting system.
2. The campus network security risk terminal interception traceability system according to claim 1, wherein: the outlet identification interception system comprises a flow identification function, a black-and-white list function and an API interface function, wherein the flow identification function is a key link of network monitoring, the network is firstly identified to monitor, otherwise, the monitoring is not carried out, the flow is an important carrier for transmitting data in the network, only the flow is identified, different monitoring strategies can be adopted according to different flows, or the flow is rejected, or optimized, or marked, priority classification and the like are carried out, and all the requirements of all the tasks are firstly identified.
3. The campus network security risk terminal interception traceability system according to claim 2, wherein: the black-and-white list function can carry out access control setting on a specific website or IP, improves the safety and reduces the false alarm rate, is divided into a website black-and-white list, an IPv4 black-and-white list and an IPv6 black-and-white list, and is capable of supporting adding 100 black-and-white list records by default, and can be set by a user according to the needs.
4. The campus network security risk terminal interception traceability system according to claim 2, wherein: the API interface function can realize the exchange and sharing of data between different platforms and applications, expand and customize the application function, improve the efficiency and automation and realize integration and cooperation.
5. The campus network security risk terminal interception traceability system according to claim 1, wherein: the exit recognition interception system is mainly realized by exit security equipment, a risk address library is automatically updated periodically or malicious websites and IP are added in a self-defined mode by using the security defense function of the botnet in the equipment, the botnet defense is configured and started in the campus network exit security domain, when the campus network terminal requests an Internet address, if the request content contains risk information, the exit security equipment intercepts reset connection, and relevant threat log information is recorded in a device log center for reading and analyzing by a background management system.
6. The campus network security risk terminal interception traceability system according to claim 1, wherein: the exit recognition interception system comprises a firewall, an IPS, a log audit system, a database audit system and vulnerability scanning, wherein the firewall is used for isolating network boundaries and controlling data interaction in a network, the main function in a typical network environment is to prevent security threats such as illegal access behaviors and malicious attack behaviors of an external network to an internal network, and the most basic function of the firewall is policy control inflow and outflow IP and port, nat and port mapping.
7. The campus network security risk terminal interception traceability system according to claim 6, wherein: the gateway type security device for preventing attacks, invasion and other actions in the network is a supplement to the firewall in terms of security function, can detect and control data deeper than the firewall, further improves the prevention level of the network on threats such as invasion attack and the like, and is essentially an enhanced invasion action library, and the security is automatically performed after detection.
8. The campus network security risk terminal interception traceability system according to claim 6, wherein: the log audit system collects and stores log and audit information generated by all software and hardware devices on a storage network, stores the information according to a strategy, provides basis for evidence collection after the fact, gathers, analyzes and alarms the collected information, digs safety problems, provides various reports, helps an administrator to better master network conditions, and can help a user to conduct planning prevention before the fact, real-time monitoring in the fact, compliance report after the fact and tracing and supervision of the network behaviors after the fact through analyzing, recording and reporting network behaviors such as database operations and operation and maintenance operations of personnel in the database audit system, so that the vulnerability scanning is used for finding vulnerabilities existing in corners of the network system, switch routers, servers, PCs, application systems and the like, and assists in repairing.
9. The campus network security risk terminal interception traceability system according to claim 1, wherein: the user prompt interception prompting system is used for intercepting all external requests of a certain terminal when the terminal is defined as a risk terminal, redirecting the HTTP request, wherein the redirecting page mainly comprises prompting information, informing a terminal user of suspected infection of computer viruses, timely searching and killing, displaying contents of the terminal malicious requests, and releasing blocking time, when the risk terminal user opens a webpage and jumps to the prompting page, prompting information is checked, meanwhile, read information is sent to a background management system, the background is used for marking that the user has received notification information, security management personnel can conveniently screen out unmanned risk terminals in the background, and timely processing is carried out.
10. The campus network security risk terminal interception traceability system according to claim 1, wherein: the back-end data analysis management system comprises a background management server, a planning task is configured in the background management server, a script program regularly acquires threat log information through an API interface of an exit security device, a terminal with the intercepted number of malicious requests reaching a system definition threshold is defined as a risk terminal through data analysis statistics when the program reads the log, an IP address corresponding to the terminal is imported into a specific address group through the API interface of the security device, the terminal in the address group is limited to communicate with an external network, meanwhile, when the terminal opens HTTP service, the system redirects to a user interception prompt system so as to inform a terminal user of timely carrying out security detection and virus scanning and killing, and security manager can check the information of all current risk terminals in a background control interface: the method comprises the steps that risk terminal IP addresses, current authentication users, interception time, deblocking time, malicious request content, malicious levels, whether terminal users receive notification and other information can be achieved, management staff can rapidly locate specific positions of the risk terminals through the terminal IP and the authentication information to achieve rapid processing, the management staff can temporarily deblock the terminals in the background, the terminals needing to be released can be temporarily added into a white list, or a certain IP can be manually blacked, at the moment, the terminals corresponding to the IP are intercepted at export security equipment and cannot communicate with the Internet, a background analysis system is mainly used for collecting security log threat information, analyzing and counting the types and the request times of the IP malicious requests, the risk levels are automatically recorded to be 1 level when the terminal requests reach a system definition threshold, after the terminal requests are pulled by export security equipment for 1 hour, the system can automatically release user requests, when the number of the malicious requests of the terminal reaches the threshold again, the blacking time is increased, the user interception prompt system and the background analysis management system mainly use of PHP as a PHP cross-service code, and PHP has a very strong operation source when PHP is developed by a PHP; the management center obtains the log analysis of the safety equipment and uses PHP and Shell program development, log information is automatically read at regular time through the safety equipment interface, shell is a program written in C language, and a user can access the kernel service of the operating system through Shell, and Shell is a command language and a programming language.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310847001.9A CN116781380A (en) | 2023-07-11 | 2023-07-11 | Campus network security risk terminal interception traceability system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310847001.9A CN116781380A (en) | 2023-07-11 | 2023-07-11 | Campus network security risk terminal interception traceability system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116781380A true CN116781380A (en) | 2023-09-19 |
Family
ID=88006385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310847001.9A Withdrawn CN116781380A (en) | 2023-07-11 | 2023-07-11 | Campus network security risk terminal interception traceability system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781380A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117424766A (en) * | 2023-12-19 | 2024-01-19 | 国能大渡河大数据服务有限公司 | Threat behavior detection system and method based on trusted measurement |
-
2023
- 2023-07-11 CN CN202310847001.9A patent/CN116781380A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117424766A (en) * | 2023-12-19 | 2024-01-19 | 国能大渡河大数据服务有限公司 | Threat behavior detection system and method based on trusted measurement |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6894003B2 (en) | Defense against APT attacks | |
| CN112637220B (en) | Industrial control system safety protection method and device | |
| US9769204B2 (en) | Distributed system for Bot detection | |
| CN113422779B (en) | Active security defense system based on centralized management and control | |
| KR101768079B1 (en) | System and method for improvement invasion detection | |
| CN116781380A (en) | Campus network security risk terminal interception traceability system | |
| Sumanth et al. | Raspberry Pi based intrusion detection system using k-means clustering algorithm | |
| Basholli et al. | Possibility of protection against unauthorized interference in telecommunication systems | |
| Thu | Integrated intrusion detection and prevention system with honeypot on cloud computing environment | |
| KR101767591B1 (en) | System and method for improvement invasion detection | |
| CN112671781A (en) | RASP-based firewall system | |
| Araújo et al. | EICIDS-elastic and internal cloud-based detection system | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| Li-Juan | Honeypot-based defense system research and design | |
| KR20120000942A (en) | Bot-infected host detection apparatus and method based on blacklist access statistics | |
| CN113971288A (en) | Big data technology-based smart campus security management and control platform | |
| Wu et al. | Study of intrusion detection systems (IDSs) in network security | |
| Huang et al. | Design and implementation of a distributed early warning system combined with intrusion detection system and honeypot | |
| Fanfara et al. | Autonomous hybrid honeypot as the future of distributed computer systems security | |
| Mayorga et al. | Honeypot network configuration through cyberattack patterns | |
| Ramakrishnan et al. | Pandora: An IOT Based Intrusion Detection Honeypot with Real-time Monitoring | |
| Sandhu et al. | A study of the novel approaches used in intrusion detection and prevention systems | |
| KR20200054495A (en) | Method for security operation service and apparatus therefor | |
| Rizvi et al. | A review on intrusion detection system | |
| Kaur et al. | Intrusion detection system using honeypots and swarm intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230919 |
|
| WW01 | Invention patent application withdrawn after publication |