CN1917514A - Method for building globle network safety system in tracing to the source in each sub domain - Google Patents
Method for building globle network safety system in tracing to the source in each sub domain Download PDFInfo
- Publication number
- CN1917514A CN1917514A CN 200610011219 CN200610011219A CN1917514A CN 1917514 A CN1917514 A CN 1917514A CN 200610011219 CN200610011219 CN 200610011219 CN 200610011219 A CN200610011219 A CN 200610011219A CN 1917514 A CN1917514 A CN 1917514A
- Authority
- CN
- China
- Prior art keywords
- security
- source
- tracing
- control point
- territory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 13
- 238000007689 inspection Methods 0.000 claims abstract description 6
- 230000004044 response Effects 0.000 claims abstract description 4
- 238000010276 construction Methods 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 10
- 238000011217 control strategy Methods 0.000 claims description 8
- 238000001914 filtration Methods 0.000 claims description 6
- 235000021472 generally recognized as safe Nutrition 0.000 claims description 6
- 238000002955 isolation Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 230000002155 anti-virotic effect Effects 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 abstract 1
- 230000002950 deficient Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 239000002131 composite material Substances 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The method comprises: partitioning off a network security area from internet; forming a virtual security network by using the network security area; the other portion of the internet forms the non-virtual security network area; according to the source of data stream entering the security area, using different security access strategies; supervising the security state of nodes, and releasing a source-tracing notice for the attack data stream; the security control point makes security inspection for nodes according to the source-tracing notice; according to the result of inspection, deciding if the source-tracing is succeeded; if yes, then sending a response message for successfully completing the source-tracing; if not, the security control point sending the source-tracing notice adopts the relevant security measure.
Description
Technical field
The present invention relates to a kind of computer internet global network security architecture based on ICP/IP protocol, particularly a kind of based on minute territory formula global network security architecture of tracing to the source.
Background technology
The appearance of internet has changed traditional work with extensive use, has communicated by letter, commercial affairs and security concepts.And simultaneously, also because of the opening of its resource, the fail safe of internet becomes one and has challenging problem.
Traditional network safety prevention mainly is by at the network boundary point fire compartment wall security tools such as (FW) being set, the Intranet and the outer net of needs defence being kept apart.As shown in Figure 1, this sealing, isolated defence framework exist a lot of defectives and deficiency, it not only can't prevent the attack from network internal, also can't effectively defend application layer attack from outer net, in this sense, there are inside and outside two safe black holes in traditional security protection framework.In order to solve the safety problem of Intranet, equipment vendors such as Cisco unite and have proposed a series of accesses, control criterion, it guarantees that by introduce modes such as safety rectification service, security strategy control in Intranet each terminal all meets network security policy before the granting terminal right to access.
The solution that these manufacturers propose has solved the security threat problem of part from Intranet to a certain extent, but still be difficult to defence for novel attack from operation layer, the external security black hole of the Internet still exists, too strict simultaneously safe admittance restriction might hinder the deployment of the Internet new business, its frequent authentication safeguards and causes security overhead to increase greatly that user's authority, privacy, freedom are also suffered serious destruction.
Particularly for the internet of having crossed over different administrations border, supervision control between the heterogeneous networks zone is owing to many-sided reason restriction such as technology, interests, region, be difficult to form unified standard, these solutions realize Safe Architecture For eNet seamlessly transit and the territory between the security control supervision time have bigger difficult point and a defective.
Summary of the invention
The objective of the invention is in order to overcome the attack that existing network safety prevention system is difficult to defend operation layer, realize Safe Architecture For eNet seamlessly transit and the territory between the security control supervision time have bigger difficult point and defective, a kind of safe, network security system efficiently is provided.
To achieve these goals, the invention provides the trace to the source construction method of formula global network security system of a kind of minute territory, comprising:
1), the Internet is marked off the network security territory, in each network security territory, is provided with security control point;
2), the virtual secure web area is formed in the described network security territory in the Internet, remainder in the Internet is non-virtual secure web area, in the virtual secure web area, press the disposal ability of security control point and dispose function, security control point is divided into core security control point and gras generally recognized as safe control point;
3), the security control point in each described network security territory detects the flow that enters the present networks security domain, if this flow is from the virtual secure web area, then adopt the less secure access access strategy of processing expenditure, and, then use the secure access access strategy of maltilevel security mechanism to flow from non-virtual secure web area;
4), the security control point in each described network security territory is monitored the safe condition of each node in the territory by multitude of different ways such as client feedback, port monitorings, when detecting external attack stream or doubtful attack stream, the source of convection current is judged, if should flow from the virtual secure net, the security control dot generation advertised information of tracing to the source then, and process core security control point is forwarded to the affiliated security control point in stream source, if stream then shields this attack stream from non-virtual secure net;
5), receive tracing to the source during advertised information when the security control point of stream under the source from other security control points, the node that the advertised information of tracing to the source is pointed is carried out strict security strategy inspection, if this node can determine or be doubtful to be the attack source, then this node is taked corresponding safety measure, simultaneously, send the response message of the success of tracing to the source to the security control point that sends the advertised information of tracing to the source, if this node is judged to be the proper network behavior by its place security control point, then send the failure information of tracing to the source to the security control point that sends the advertised information of tracing to the source;
6), after the security control point that sends the advertised information of tracing to the source is received the failure information of tracing to the source, the security strategy of formulating according to self, whether decision detects this locality to attack stream or doubtful attack stream and shields isolation.
In the technique scheme, in described step 1), the control that can conduct interviews to the arbitrary node in the network security territory of described security control point; Can carry out check and analysis to the safe condition of arbitrary node; Can carry out basic access and control strategy to the node that inserts security domain; The control and the management that can walk abreast simultaneously to all nodes; Wherein, described basic access and control strategy comprise the loading anti-virus software, eliminate the system safety leak.
In the technique scheme, in described step 1), following principle is followed in described network security territory when dividing:
There is a unified security strategy control centre, represent with P, have identical safe access control strategy, represent with C, the territory interior nodes has identical or close demand for security, represent with R, the territory interior nodes has more closely the mutual trust relation, represents selected maximum network zone under the condition that satisfies moderate management complexity M with T, be configured to a minimal network security domain, its formalized description is:
Domain=Max{P∩C∩R∩T∩M}。
In the technique scheme, in described step 2) in, described core security control point is responsible for to be set up believable third party between the described gras generally recognized as safe control point and authenticates connection, and functions such as the information analysis of tracing to the source, forwarding are provided.
In the technique scheme, in described step 3), the less secure access access strategy of described processing expenditure comprises simple firewall filtering mechanism or directly lets pass that the secure access access strategy of described maltilevel security mechanism comprises that firewall filtering, flow rate mode detect, application layer analysis.
In the technique scheme, in described step 5), described security strategy comprises patch loading, port isolation, quarantine analysis.
The branch territory of adopting the present invention the to propose formula global network safety system of tracing to the source, can provide for the Prevention-Security of the Internet distinct secure border and reasonably security domain divide means.It has taken into account safety and efficiency, and the application layer attack protection that the mode of tracing to the source initiatively can provide conventional architectures to accomplish is effective defence framework that a kind of thorough solution DDoS class is attacked.The present invention uses Virtual LAN Technique to carry out the structure of virtual secure net, can make the overall arrangement for the extensibility support that provides good for carrying out the transition to of scheme, is a very promising security solution advocating the future network framework of Collaborative Control, global safety.
Description of drawings
Fig. 1 is the configuration diagram of existing network safety prevention system;
Fig. 2 is the trace to the source flow chart of construction method of formula global network safety system of of the present invention minute territory;
The flow chart that Fig. 3 sets up for the network security territory;
Fig. 4 is of the present invention minute territory formula global network safety system Organization Chart in one embodiment of tracing to the source.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is further illustrated.
As shown in Figure 2, the trace to the source construction method of formula global network safety system of of the present invention minute territory specifically may further comprise the steps:
Step 10, whole the Internet is divided into a plurality of network securitys territory, in each network security territory, security control point is arranged all.
Described security control point has following function at least: control can conduct interviews to the arbitrary node in the network security territory; Can carry out check and analysis to the safe condition of arbitrary node; Can carry out basic access and control strategy to the node that inserts security domain, as require to load anti-virus software, elimination system safety leak etc.; The control and the management that can walk abreast simultaneously to all nodes.
Following principle is followed in described network security territory when dividing:
There is a unified security strategy control centre, represent with P, have identical safe access control strategy, represent with C, the territory interior nodes has identical or close demand for security, represent with R, the territory interior nodes has more closely the mutual trust relation, represents selected maximum network zone under the condition that satisfies moderate management complexity M with T, be configured to a minimal network security domain, its formalized description is:
Domain=Max{P∩C∩R∩T∩M}。
All-network security domain in step 20, the Internet is formed the virtual secure web area, forms non-virtual secure web area except other parts in network security territory in the Internet.The logic connected mode that security control point in the virtual secure net takes tree-like+network structure hierarchy type to mix.In the virtual secure web area, press the disposal ability of security control point and dispose function, security control point is divided into core security control point and gras generally recognized as safe control point.The core security control point can be responsible for to be set up believable third party and authenticates connection between the gras generally recognized as safe control point, functions such as the information analysis of tracing to the source, forwarding are provided simultaneously.
Security control point in step 30, each network security territory detects the flow that enters security domain, if this flow is from the virtual secure territory, then adopt the less secure access access strategy of processing expenditure, as simple firewall filtering mechanism or directly clearance, and to the flow from non-virtual secure territory, then use maltilevel security mechanism to guarantee the fail safe of security domain, described maltilevel security mechanism comprises firewall filtering, flow rate mode detection, application layer analysis etc.
Security control point in step 40, each network security territory is monitored the safe condition of each node in the territory by multitude of different ways such as client feedback, port monitorings, in case detect external attack stream or doubtful attack stream, the source of convection current is judged, if should flow from the virtual secure net, the instant advertised information of tracing to the source that generates in control point, and be forwarded to the affiliated security control point in this stream source through the core security control point, if it then shields this attack stream from non-virtual secure net.
Step 50, receive tracing to the source during advertised information when the security control point of stream under the source from other security control points, by agreement the advertised information of tracing to the source node pointed is carried out strict security strategy inspection, if this node can determine or be doubtful to be the attack source, then this node is taked corresponding safety measure, as patch loading, port isolation, quarantine analysis etc.Simultaneously, send the response message of the success of tracing to the source to the security control point that sends the advertised information of tracing to the source.If this node is judged to be the proper network behavior by its place security control point, then send the failure information of tracing to the source to the security control point that sends the advertised information of tracing to the source.
Step 60, after the security control point that sends the advertised information of tracing to the source is received the failure information of tracing to the source, the security strategy of formulating according to self, whether decision detects this locality to attack stream or doubtful attack stream and shields isolation.
Method provided by the invention requires the network domains of each subordinate different tissues, mechanism to follow some basic safe composite defenses agreements, and according to whether deferring to these agreements the network node attribute is classified.For the network node of deferring to basic security composite defense agreement, can trace to the source and indirect control ability owing to have each other, thereby can give looser security strategy at the inlet of security domain, and the flow that the network node of not deferring to this agreement is sent, inlet can be provided with multiple detection, analyzes and filter, and guarantees the fail safe in the network domains.
Below in conjunction with accompanying drawing and specific embodiment of the present invention minute territory formula global network safety system of tracing to the source is described.
Fig. 4 shows two network security territory A, B, and the end host/server A 1, the B1 that adhere to A, B separately, A1, B1 switch A 2, the B2 difference access network by supporting 802.1x port authentication agreement.The structure of its security domain is finished by flow process shown in Figure 3, A0, B0 are the security control point of security domain A, B, and they are some abstract points that comprise functions such as aaa server, AV protection server, dns server, fault restoration server, visited policy server, access control center.
It inserts authority extended authentication (EAP) protocol testing of the terminal that security control point inserts request by 802.1x, simultaneously by remote customer dialing authentication system (Radius) agreement, see through access point, whether detection accesses terminal meets basic safety access requirement, as whether having loaded bogusware, whether having accomplished fluently leak patch etc.To not meeting the system of safety check, directly with its security server group who is forwarded to security control point, fill these security breaches automatically, whole flow process is as shown in Figure 7.
Security control point A0, B0 set up trusted relationships each other or by the third party by authentication protocols such as identify label agreement (Host Identity Protocol: hereinafter to be referred as HIP), IPSec, and each network security territory distributes a unique security domain number to identify.
Each the IP bag that sends from the network security territory by the HIP agreement, is being stamped the security domain sign between the HIP of IP layer and application layer layer.The inlet of each security domain decides corresponding access measure according to the security domain sign.
In this example, suppose that A0, B0 belong to virtual secure net node, have trusting relationship each other, then A0 takes lower safe access measure to the flow of B1.
If when B1 attempts to attack to A1, as long as detected by other monitoring equipments in the safety system of A1 self or the port monitoring system of access point A2 or the security domain, they all will be by corresponding protocol (as EAP, Radius) etc. to security control point A0 transmission attack source information.Identity and the place security domain of the B1 that A0 will provide according to the HIP layer, send comprise contents such as B1 identity, attack information the announcement frame of tracing to the source to B0.
B0 sends warning message to B1 after receiving the announcement of tracing to the source that A0 sends, and sees through access point B2 simultaneously B1 is carried out strict targetedly safe condition inspection and the attack type analysis of the layer that gets deeply involved in business.If B1 has attack really, B0 will carry out safe quarantine measures to it, and correct after its behavior by automatic or manual mode and to network again, send simultaneously and trace to the source successful information to A0.If through above step, B0 can not judge that still B1 is attack source or doubtful attack source, then return the failure information of tracing to the source and give A0.
The A0 that receives the failure information of tracing to the source can reformulate the safety measure that shields or ignore according to self strategy to B1.
Claims (6)
1, a kind of minute territory construction method of formula global network security system of tracing to the source comprises:
1), the Internet is marked off the network security territory, in each network security territory, is provided with security control point;
2), the virtual secure web area is formed in the described network security territory in the Internet, remainder in the Internet is non-virtual secure web area, in the virtual secure web area, press the disposal ability of security control point and dispose function, security control point is divided into core security control point and gras generally recognized as safe control point;
3), the security control point in each described network security territory detects the flow that enters the present networks security domain, if this flow is from the virtual secure web area, then adopt the less secure access access strategy of processing expenditure, and, then use the secure access access strategy of maltilevel security mechanism to flow from non-virtual secure web area;
4), the security control point in each described network security territory is monitored the safe condition of each node in the territory by multitude of different ways such as client feedback, port monitorings, when detecting external attack stream or doubtful attack stream, the source of convection current is judged, if should flow from the virtual secure net, the security control dot generation advertised information of tracing to the source then, and process core security control point is forwarded to the affiliated security control point in stream source, if stream then shields this attack stream from non-virtual secure net;
5), receive tracing to the source during advertised information when the security control point of stream under the source from other security control points, the node that the advertised information of tracing to the source is pointed is carried out strict security strategy inspection, if this node can determine or be doubtful to be the attack source, then this node is taked corresponding safety measure, simultaneously, send the response message of the success of tracing to the source to the security control point that sends the advertised information of tracing to the source, if this node is judged to be the proper network behavior by its place security control point, then send the failure information of tracing to the source to the security control point that sends the advertised information of tracing to the source;
6), after the security control point that sends the advertised information of tracing to the source is received the failure information of tracing to the source, the security strategy of formulating according to self, whether decision detects this locality to attack stream or doubtful attack stream and shields isolation.
2, according to claim 1 minute territory construction method of formula global network security system of tracing to the source is characterized in that, in described step 1), and the control that can conduct interviews to the arbitrary node in the network security territory of described security control point; Can carry out check and analysis to the safe condition of arbitrary node; Can carry out basic access and control strategy to the node that inserts security domain; The control and the management that can walk abreast simultaneously to all nodes; Wherein, described basic access and control strategy comprise the loading anti-virus software, eliminate the system safety leak.
3, according to claim 1 minute territory construction method of formula global network security system of tracing to the source is characterized in that in described step 1), following principle is followed in described network security territory when dividing:
There is a unified security strategy control centre, represent with P, have identical safe access control strategy, represent with C, the territory interior nodes has identical or close demand for security, represent with R, the territory interior nodes has more closely the mutual trust relation, represents selected maximum network zone under the condition that satisfies moderate management complexity M with T, be configured to a minimal network security domain, its formalized description is:
Domain=Max{P∩C∩R∩T∩M}。
4, according to claim 1 minute territory construction method of formula global network security system of tracing to the source, it is characterized in that, in described step 2) in, described core security control point is responsible for to be set up believable third party between the described gras generally recognized as safe control point and authenticates connection, and functions such as the information analysis of tracing to the source, forwarding are provided.
5, according to claim 1 minute territory construction method of formula global network security system of tracing to the source, it is characterized in that, in described step 3), the less secure access access strategy of described processing expenditure comprises simple firewall filtering mechanism or directly lets pass that the secure access access strategy of described maltilevel security mechanism comprises that firewall filtering, flow rate mode detect, application layer analysis.
6, according to claim 1 minute territory construction method of formula global network security system of tracing to the source is characterized in that in described step 5), described security strategy comprises patch loading, port isolation, quarantine analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100112197A CN100563249C (en) | 2006-01-18 | 2006-01-18 | The trace to the source construction method of formula global network security system of a kind of minute territory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100112197A CN100563249C (en) | 2006-01-18 | 2006-01-18 | The trace to the source construction method of formula global network security system of a kind of minute territory |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1917514A true CN1917514A (en) | 2007-02-21 |
| CN100563249C CN100563249C (en) | 2009-11-25 |
Family
ID=37738409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100112197A Expired - Fee Related CN100563249C (en) | 2006-01-18 | 2006-01-18 | The trace to the source construction method of formula global network security system of a kind of minute territory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100563249C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
| CN102497382A (en) * | 2011-12-26 | 2012-06-13 | 苏州风采信息技术有限公司 | Method of security confidentiality strategy |
| CN101729569B (en) * | 2009-12-22 | 2013-04-17 | 成都市华为赛门铁克科技有限公司 | Distributed Denial of Service (DDOS) attack protection method, device and system |
| CN103139165A (en) * | 2011-11-30 | 2013-06-05 | 中国民航大学 | Entity impersonation attack penetration testing method aiming at aircraft communication addressing and reporting system (ACARS) data chain |
| US9088607B2 (en) | 2009-12-28 | 2015-07-21 | Huawei Digital Technologies (Cheng Du) Co., Limited | Method, device, and system for network attack protection |
| CN105592016A (en) * | 2014-10-29 | 2016-05-18 | 国家电网公司 | Virtual machine protection device of power information system in cloud environment |
| CN106209808A (en) * | 2016-07-01 | 2016-12-07 | 中国联合网络通信有限公司重庆市分公司 | A kind of encapsulation management and control safety protecting method of information system group |
| CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
| CN113839929A (en) * | 2021-09-06 | 2021-12-24 | 深圳Tcl新技术有限公司 | Information security improving method and device, electronic equipment and storage medium |
| CN115622809A (en) * | 2022-12-14 | 2023-01-17 | 浙江中电远为科技有限公司 | Internal and external network safety isolation system for application scene of secret cabinet |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7024686B2 (en) * | 2000-05-15 | 2006-04-04 | Hewlett-Packard Development Company, L.P. | Secure network and method of establishing communication amongst network devices that have restricted network connectivity |
| CN1310526A (en) * | 2001-04-06 | 2001-08-29 | 北京网警创新信息安全技术有限公司 | Illegal network activity intercepting, monitoring, tracing, evidence collecting and emergency reacting system and method |
| CN1180359C (en) * | 2001-08-01 | 2004-12-15 | 苏毅 | Control method of network connection and separation |
| CN1553624A (en) * | 2003-12-19 | 2004-12-08 | 上海交通大学 | Method based on active network returning technology against refuse service attack |
-
2006
- 2006-01-18 CN CNB2006100112197A patent/CN100563249C/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729569B (en) * | 2009-12-22 | 2013-04-17 | 成都市华为赛门铁克科技有限公司 | Distributed Denial of Service (DDOS) attack protection method, device and system |
| US9088607B2 (en) | 2009-12-28 | 2015-07-21 | Huawei Digital Technologies (Cheng Du) Co., Limited | Method, device, and system for network attack protection |
| CN102281295B (en) * | 2011-08-06 | 2015-01-21 | 黑龙江大学 | Method for easing distributed denial of service attacks |
| CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
| CN103139165A (en) * | 2011-11-30 | 2013-06-05 | 中国民航大学 | Entity impersonation attack penetration testing method aiming at aircraft communication addressing and reporting system (ACARS) data chain |
| CN102497382A (en) * | 2011-12-26 | 2012-06-13 | 苏州风采信息技术有限公司 | Method of security confidentiality strategy |
| CN105592016A (en) * | 2014-10-29 | 2016-05-18 | 国家电网公司 | Virtual machine protection device of power information system in cloud environment |
| CN105592016B (en) * | 2014-10-29 | 2019-04-30 | 国家电网公司 | The protective device of virtual machine under a kind of cloud environment of power information system |
| CN106209808B (en) * | 2016-07-01 | 2019-05-03 | 中国联合网络通信有限公司重庆市分公司 | A kind of encapsulation control safety protecting method of information system group |
| CN106209808A (en) * | 2016-07-01 | 2016-12-07 | 中国联合网络通信有限公司重庆市分公司 | A kind of encapsulation management and control safety protecting method of information system group |
| CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
| CN108156079B (en) * | 2017-12-29 | 2021-08-13 | 深信服科技股份有限公司 | Data packet forwarding system and method based on cloud service platform |
| CN113839929A (en) * | 2021-09-06 | 2021-12-24 | 深圳Tcl新技术有限公司 | Information security improving method and device, electronic equipment and storage medium |
| CN113839929B (en) * | 2021-09-06 | 2024-01-19 | 深圳Tcl新技术有限公司 | Information security improvement method and device, electronic equipment and storage medium |
| CN115622809A (en) * | 2022-12-14 | 2023-01-17 | 浙江中电远为科技有限公司 | Internal and external network safety isolation system for application scene of secret cabinet |
| CN115622809B (en) * | 2022-12-14 | 2023-03-03 | 浙江中电远为科技有限公司 | Internal and external network safety isolation system for application scene of secret cabinet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100563249C (en) | 2009-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1917514A (en) | Method for building globle network safety system in tracing to the source in each sub domain | |
| US7757285B2 (en) | Intrusion detection and prevention system | |
| Ellis et al. | A behavioral approach to worm detection | |
| US8020211B2 (en) | Network security system having a device profiler communicatively coupled to a traffic monitor | |
| Qiu et al. | Detecting bogus BGP route information: Going beyond prefix hijacking | |
| US20050108415A1 (en) | System and method for traffic analysis | |
| US20040193943A1 (en) | Multiparameter network fault detection system using probabilistic and aggregation analysis | |
| US20040078592A1 (en) | System and method for deploying honeypot systems in a network | |
| Gonzalez et al. | A trust-based approach against IP-spoofing attacks | |
| Chang et al. | Deciduous: Decentralized source identification for network-based intrusions | |
| CN109327426A (en) | A kind of firewall attack defense method | |
| WO2003065186A1 (en) | Network monitoring system | |
| KR20110070189A (en) | Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation | |
| CA2545753A1 (en) | Method and apparatus for identifying and disabling worms in communication networks | |
| KR20010095337A (en) | Firewall system combined with embeded hardware and general-purpose computer | |
| Cuppens et al. | Handling stateful firewall anomalies | |
| US7596808B1 (en) | Zero hop algorithm for network threat identification and mitigation | |
| KR100523483B1 (en) | The system and method of malicious traffic detection and response in network | |
| CN111641639B (en) | IPv6 network safety protection system | |
| Yu et al. | An adaptive approach to network resilience: Evolving challenge detection and mitigation | |
| Ismail et al. | Malicious cluster head detection mechanism in wireless sensor networks | |
| Meena et al. | HyPASS: Design of hybrid-SDN prevention of attacks of source spoofing with host discovery and address validation | |
| Al-Shareeda et al. | Sadetection: Security mechanisms to detect slaac attack in ipv6 link-local network | |
| KR20020075319A (en) | Intelligent Security Engine and Intelligent and Integrated Security System Employing the Same | |
| Bouzida et al. | Detecting and reacting against distributed denial of service attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: G-CLOUD TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: INSTITUTE OF COMPUTING TECHNOLOGY, CHINESE ACADEMY OF SCIENCES Effective date: 20130123 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 523808 DONGGUAN, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130123 Address after: 523808 Guangdong province Dongguan City Songshan Lake Science and Technology Industrial Park Building No. 14 Keyuan pine Patentee after: G-CLOUD TECHNOLOGY Co.,Ltd. Address before: 100080 Haidian District, Zhongguancun Academy of Sciences, South Road, No. 6, No. Patentee before: Institute of Computing Technology, Chinese Academy of Sciences |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20151130 Address after: 028021, the Inner Mongolia Autonomous Region, Tongliao Tongliao economic and Technological Development Zone, the former building of the former armed police Patentee after: Inner Mongolia state cloud Technology Co.,Ltd. Address before: 523808 Guangdong province Dongguan City Songshan Lake Science and Technology Industrial Park Building No. 14 Keyuan pine Patentee before: G-CLOUD TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20200106 Address after: 523808 19th Floor, Cloud Computing Center, Chinese Academy of Sciences, No. 1 Kehui Road, Songshan Lake Hi-tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: G-CLOUD TECHNOLOGY Co.,Ltd. Address before: 028021, the Inner Mongolia Autonomous Region, Tongliao Tongliao economic and Technological Development Zone, the former building of the former armed police Patentee before: Inner Mongolia state cloud Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091125 |