CN1949720A - Distributed network invasion detecting system - Google Patents
Distributed network invasion detecting system Download PDFInfo
- Publication number
- CN1949720A CN1949720A CN 200610037594 CN200610037594A CN1949720A CN 1949720 A CN1949720 A CN 1949720A CN 200610037594 CN200610037594 CN 200610037594 CN 200610037594 A CN200610037594 A CN 200610037594A CN 1949720 A CN1949720 A CN 1949720A
- Authority
- CN
- China
- Prior art keywords
- data
- information
- invasion
- analysis engine
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000009545 invasion Effects 0.000 title claims abstract description 47
- 238000004458 analytical method Methods 0.000 claims abstract description 79
- 238000004891 communication Methods 0.000 claims abstract description 22
- 230000015654 memory Effects 0.000 claims abstract description 10
- 238000013480 data collection Methods 0.000 claims abstract description 8
- 238000011282 treatment Methods 0.000 claims abstract description 5
- 238000001514 detection method Methods 0.000 claims description 42
- 238000005516 engineering process Methods 0.000 claims description 13
- 238000000034 method Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 8
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 claims description 6
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 230000006399 behavior Effects 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 5
- 238000012360 testing method Methods 0.000 claims description 5
- 210000004556 brain Anatomy 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000011835 investigation Methods 0.000 claims description 3
- 238000012958 reprocessing Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 9
- 230000000875 corresponding effect Effects 0.000 description 5
- 238000007405 data analysis Methods 0.000 description 4
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005352 clarification Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012916 structural analysis Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a distributed network invasion detecting system, adopting a layered structure comprising data collection layer, communication layer, analysis layer and control layer, where the data collection layer is composed of data collector and mainly takes charge of capturing data packets in local network and makes different formatting treatments according to different types of data packets; the communication layer is composed of communication device and mainly takes charge of transmitting control information or data information inside IDS systems or between IDS systems, and is a communication bridge between various parts; the analysis layer mainly comprises analysis engine, log set and memories, and mainly takes charge of determining network data packet invasion, and then writes analysis results into the log set according to the requirements; the control layer is composed of control center, and takes charge of managing and configuring various parts in the system, and can also start or stop operating of some part. And the system can adopt a central system structure and detect large scale network invasion and has good distributivity and extensibility.
Description
Technical field
The invention belongs to the network safety guard technology field, be specifically related to a kind of distributed network invasion detecting system.
Background technology
Current broad application of Internet greatly facilitates people's work and life, but the security threat that network faced, people's normal life is interfered, network security defensive measure in the past mainly is to adopt firewall technology, but fire compartment wall also has the limitation of himself, it can not detect the attack of automatic network inside, so Intrusion Detection Technique has constituted the another road network security gate after fire compartment wall.
Existing security mechanism can make protected computer and network not by rogue attacks and person's use without permission by access control; if an abuse of power person may obtain unwarranted visit yet these visit measures are leaked or are bypassed, thereby cause being taken a bath by attacking system.Therefore, can not all rely on access control mechanisms to take precautions against the invasion activity or in all cases from the attack of inside, nearly all safety system all is fragile to internal staff's abuse of power behavior, and the record of the audit vestige almost is the only resource that detects the abuse of authorized user.
Intruding detection system is analyzed by the information that the some key nodes in computer network or the computer system are collected, and whether therefrom find has behavior of violating security strategy and the sign of being attacked, make response then in network or the system.The core of network invasion monitoring is data analysis, and it is judged that system is whether unusual or is attacked.Intruding detection system in the past all is based on the data processing mechanism of center type, because network size is little, communication speed is slow, therefore can accomplish the real-time processing of information.Along with widening and the development of various distributed network technology of the development of express network, network range, distributed attack means is increasing, existing simple Host Based or based on network intrusion detection means are almost powerless to the detection of these attack patterns, therefore are necessary that a check and analysis process also is made as distributed.The working method of DIDS is newer, the data that it detects are come the packet in the automatic network, adopt the method for Distributed Detection, centralized management, detect the data flow of its place network segment, safety management strategy, the rule of response formulated according to security management center wait the analyzing and testing network data, send security event information to security management center simultaneously.
Intrusion detection is the reasonable supplement of fire compartment wall, and help system tackles network attack, has expanded system manager's safety management ability, has improved the integrality of information security foundation structure.Intrusion detection is the second road safety gate after fire compartment wall, can detect network under the situation that does not influence network performance, thereby provide external attack, internals attack, the real-time guard of misoperation.Intruding detection system detects the invasion activity according to network packet and protocal analysis.System can obtain the packet relevant with security incident from network according to certain rule, pass to the analysis engine module then and carry out the safety analysis judgement, invasion analysis engine module will be according to the packet that receives, and analyze in conjunction with the network security database, analysis result is passed to management/configuration module, the major function of management configuration module is other each modules configured work of management, and with the result of analysis engine with effective and efficient manner informing network keeper.
The intrusion detection core technology has experienced the three generations so far: first generation technology is host log analysis, pattern matching; Second generation technology appears at the mid-90 in last century, and technological break-through comprises the clarification in certain roles and the cooperation of network packet intercepting and capturing, mainframe network data and Audit data analysis, based on network intruding detection system and Host Based intruding detection system; Before and after third generation technology appears at 2000, representational breakthrough protocols having analysis, abnormal behavior analysis.The appearance of protocal analysis has greatly reduced amount of calculation, has reduced rate of false alarm.The ability of third generation intruding detection system identification unknown attack has then been given in the appearance of abnormal behavior analytical technology.
At present, international top intruding detection system is mainly based on the mode discovery technology.1991, the researcher of University of California Davis just proposed the notion of DIDS, had provided a kind of architecture of DIDS.This kind architecture will combine based on main frame and based on network intruding detection system in the past.
Summary of the invention
The object of the invention provides a kind of distributed network invasion detecting system, and this system is the center type architectural framework, can detect the large scale network invasion, and have good distributivity and extensibility.
The technical solution adopted in the present invention is as follows: a kind of distributed network invasion detecting system, and this system adopts hierarchy, is divided into four layers of data collection layers, communication layers, communication layers, key-course; Described data collection layer is made of data acquisition unit, main is responsible for intercepting and capturing the packet of Home Network in disconnected, and does different formats according to packet dissimilar and handle; Described communication layers is made of communicator, mainly is responsible for communicating control information or data message between IDS internal system or IDS system, is the bridge of communicating by letter between each parts; Described analysis layer mainly is made of analysis engine, daily record collection and memory, and main being responsible for judged the invasion of network packet, as required analysis result write the daily record collection then; Described key-course is made of control centre, be in charge of with configuration-system in each parts, also can start or stop the operation of certain parts.
Described analysis engine is to be used for judging whether the big mesencephalic centre of invading, the feature database of in store various invasion modes in the memory, and the information that analysis engine need call in the feature database when carrying out characteristic matching compares.
Described data acquisition unit is responsible for intercepting and capturing the raw data packets in the network, the information of collecting is passed to analysis engine carry out safe judgement, can from the information of collecting, excavate out possible invasion or other sensitive information, then the data passes in the packet be done aftertreatment to analysis engine; By analyzing the information in ether packet header, TCP, UDP and the IP packet header, select the user's interest packet, carry out the data interpretation of application corresponding layer protocol level then, initial data is converted into the incident of corresponding formatization, pass to analysis engine by communication component and be further analyzed; If in interpretation process, find to have segmented message, then they being given the message reformer handles, also can pass through the mutual exchange message of communication component between each data acquisition unit, when certain movable other data acquisition unit of then notifying when suspicious of certain data acquisition unit, after the follow-up data collector is analyzed, also can send suspicious notice, when finally on confidence levels, surpassing preset threshold, send warning to master control system and responding system to adjacent data acquisition unit; After if certain data acquisition unit is received suspicious notice, will promote level of suspicion, if do not receive suspicious notice, will return to normal condition gradually.
Comprise event generator in the described data acquisition unit, described event generator carries out initial analysis and filtration to the data of collecting, and can reduce the data volume that needs system handles, improves the processing speed of system.
Described communicator is responsible for exchanging required separately information between the different intrusion detecting unit or exchange relevant information separately between different IDS, communicator is finished the function of carrying out exchange message with other parts by SOCKET mechanism, simultaneously, communication component passes through exchange message, the task of detecting invasion is reasonably shared to each detecting unit, promoted the operational efficiency of entire I DS.
Described analysis engine is the brain of whole intruding detection system, to the initial data of catching, system information, the suspicious information that other intruding detection system provides is unified to analyze and handle, analysis engine has preliminary treatment, the function of classification and reprocessing, the building method of described analysis engine is at first to want Collection Events information, after receiving the format event information that transmits from data acquisition unit, judge by intrusion detection method whether invasion takes place, because analysis engine and storage system are to utilize unified interface swap data, so have a plurality of analysis engines among the IDS, the detection method that each analysis engine adopts is also not necessarily identical, even also can use several detection methods simultaneously in the same analysis engine, the detection method that identical The data is different is analyzed, then separately testing result is compared, can improve the accuracy of detection.
Described daily record collection is responsible for the thing that register system took place, the interested incident of user is all noted, this will help the user intrusion event will be done further investigation and analysis, can analyze the invasion technology that the invador takes on the one hand, also can grasp invador's behavior trace on the other hand.
Described responding system is responsible for the intrusion alarm information that the receiving and analyzing engine is sent, and takes appropriate measures then to stop the invador to proceed the invasion activity.
Described control centre is the interface of IDS and user interactions, by its keeper can manage with configuration-system in each parts, the ruuning situation of each parts among the inquiry IDS.
The characteristics of system of the present invention are as follows:
1. it has a framework that unification is complete, makes whole system have the advantages that modularization, layering are handled, are convenient to merge.We can be easy to after with system modular system is added or deletes certain parts, also are convenient to the repeated use of parts simultaneously, thereby have strengthened the extended capability of system.Also strengthen simultaneously the integral body of system is held ability; Moreover we use for reference the mode that the layering of ICP/IP protocol is handled, and set up some intermediate layers, and what make upper and lower layer calls transparence mutually; We make each module can merge engineering of composition easily as far as possible at last.This just has relatively high expectations to the independence of each module.
2. adopt the center type architectural framework, be beneficial to detect the large scale network invasion.And, then adopt host-guest architecture to solve this problem for the shortcoming that the center type architecture may be brought.Control system can be controlled accurately to each parts.Each parts is an independent entity in system.Component management also comprise parts interpolation, deletion and startup, stop certain parts etc.Control system provides a view about the whole system operation conditions to the user, and the function of controlling inquiry log.Analysis engine is responsible for the analysis of intrusion event on monitored main frame, and message is sent to the higher level's control system of oneself.Whole intruding detection system is by the unified control of a central control system.All information is after central control system is handled judgement, according to circumstances produce different warning messages, if central control system paralysis, from can the bear the responsibility important task of central control system of control system, so not only can guarantee the normal operation of entire I DS system, also can improve the fail safe of system self.
3. the opening that has taken into full account system during the design analysis engine architecture can be added any analytical method in system, also can apply to various analysis in the system simultaneously.Analysis engine and storage system are to utilize unified interface swap data, so have a plurality of analysis engines among the IDS, the detection method that each analysis engine adopts is also not necessarily identical, even in the same analysis engine, also can use several detection methods simultaneously, the detection method that identical The data is different is analyzed, then separately testing result is compared, can improve accuracy in detection.Dynamically adding data analysis function is to realize by adding new data analysis function.For the analytical method that has had, can in the invasion property data base, add new invasion feature, with the detectability of the existing pattern matching analytical method of competing.
Description of drawings
Fig. 1 is the structural representation of system of the present invention;
Fig. 2 is the hierarchical chart of system;
Fig. 3 is the operational flow diagram of system;
Fig. 4 is principal and subordinate's control structure system flow chart.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
As shown in Figure 1, 2, aspect system global structure, this patent is divided into following four levels with reference to the layering that is adopted in the ICP/IP protocol with system.Hierarchy is easy to management.The system manager only needs to carry out on a machine at any time if will manage intruding detection system, and each level is:
1) data collection layer: data collection layer is made of data acquisition unit 1.Its mainly be responsible for to intercept and capture the packet of Home Network in disconnected, and does different formats according to packet dissimilar and handle.
2) communication layers: communication layers is made of communicator 2.Mainly being responsible for communicating control information or data message between IDS internal system or IDS system, is the bridge of communicating by letter between each parts.
3) analysis layer: analysis layer mainly is made of analysis engine 5, daily record collection 3 and memory 4.It mainly is responsible for the invasion of network packet is judged, as required analysis result is write daily record collection 3 then.Analysis engine 5 is to judge whether the big mesencephalic centre of invading, the feature database of in store various invasion modes in the memory 4, and the information that analysis engine 5 need call in the feature database when carrying out characteristic matching compares.
4) key-course: key-course is made of control centre 7.Each parts in management and the configuration-system also can start or stop the operation of certain parts.
Native system adopts the multithreading processing mode, service data collector purpose is in order to improve the speed of analysis engine on main thread, it has adopted a plurality of coupling threads to carry out different matching treatment simultaneously: if there is control information to produce, then have one independently to control thread and be responsible for controlled function, system's operational process as shown in Figure 3.At first, the IDS system carries out some necessary initial configuration, then the logic chained list in the rule base is called in internal memory, judged whether control information then, if have then corresponding control information carried out in control information handle, otherwise carrying out network packet catches, and then judge whether the network packet packet header that captures is legal, as do not conform to rule and get back to a last judgement and see if there is control information, otherwise legal packet formatd handle and mate with the rule in the rule base, if do not match, then turn back to control information equally and judge, otherwise the packet of coupling is handled and the rule that will be correlated with is write into the daily record collection accordingly with regulation linked.
Fig. 4 is an application example of the present invention, and it is the another characteristic part of this patent that control system adopts master/slave structure.Entire I DS system is controlled by a central controller systematic unity.All information according to circumstances produces different warning messages after central control system is handled judgement.If central control system paralysis from can the bear the responsibility important task of central control system of control system, so not only can guarantee the normal operation of entire I DS system, also can improve the security performance of system self, its operational process is as shown in Figure 4.The control system operational process is: at first, central control system can will be passed to all subordinate's parts in the zone from the information of control system.Then, subordinate's parts and central control system are carried out normal communication.When central control system went wrong, it delivered signal to all subordinate's parts with transmission, and subordinate's parts receive and cut off earlier behind the signal and being connected of central control system, and then with set up new being connected from control system.After connecting, control the operation of whole system from the status that control system will replace central control system.When central control system all parts in giving the zone are sent out and are delivered signal, will with communicate from control system, some state informations are sent to from control system, when central control system was resumed work, its course of work was opposite with said process.
Claims (9)
1, a kind of distributed network invasion detecting system, this system adopts hierarchy, it is characterized in that this system is divided into four layers of data collection layers, communication layers, communication layers, key-course; Described data collection layer is made of data acquisition unit, main is responsible for intercepting and capturing the packet of Home Network in disconnected, and does different formats according to packet dissimilar and handle; Described communication layers is made of communicator, mainly is responsible for communicating control information or data message between IDS internal system or IDS system, is the bridge of communicating by letter between each parts; Described analysis layer mainly is made of analysis engine, daily record collection and memory, and main being responsible for judged the invasion of network packet, as required analysis result write the daily record collection then; Described key-course is made of control centre, be in charge of with configuration-system in each parts, also can start or stop the operation of certain parts.
2, distributed network invasion detecting system according to claim 1, it is characterized in that described analysis engine is to be used for judging whether the big mesencephalic centre of invading, the feature database of in store various invasion modes in the memory, the information that analysis engine need call in the feature database when carrying out characteristic matching compares.
3, distributed network invasion detecting system according to claim 1, it is characterized in that described data acquisition unit is responsible for intercepting and capturing the raw data packets in the network, the information of collecting is passed to analysis engine carry out safe judgement, can from the information of collecting, excavate out possible invasion or other sensitive information, then the data passes in the packet be done aftertreatment to analysis engine; By analyzing the information in ether packet header, TCP, UDP and the IP packet header, select the user's interest packet, carry out the data interpretation of application corresponding layer protocol level then, initial data is converted into the incident of corresponding formatization, pass to analysis engine by communication component and be further analyzed; If in interpretation process, find to have segmented message, then they being given the message reformer handles, also can pass through the mutual exchange message of communication component between each data acquisition unit, when certain movable other data acquisition unit of then notifying when suspicious of certain data acquisition unit, after the follow-up data collector is analyzed, also can send suspicious notice, when finally on confidence levels, surpassing preset threshold, send warning to master control system and responding system to adjacent data acquisition unit; After if certain data acquisition unit is received suspicious notice, will promote level of suspicion, if do not receive suspicious notice, will return to normal condition gradually.
4, distributed network invasion detecting system according to claim 3, it is characterized in that comprising event generator in the described data acquisition unit, described event generator carries out initial analysis and filtration to the data of collecting, can reduce the data volume that needs system handles, improve the processing speed of system.
5, distributed network invasion detecting system according to claim 1, it is characterized in that described communicator is responsible in the required separately information of exchange between the different intrusion detecting unit or exchanges relevant information separately between different IDS, communicator is finished the function of carrying out exchange message with other parts by SOCKET mechanism, simultaneously, communication component passes through exchange message, the task of detecting invasion is reasonably shared to each detecting unit, promoted the operational efficiency of entire I DS.
6, distributed network invasion detecting system according to claim 1, it is characterized in that described analysis engine is the brain of whole intruding detection system, to the initial data of catching, system information, the suspicious information that other intruding detection system provides is unified to analyze and handle, analysis engine has preliminary treatment, the function of classification and reprocessing, the building method of described analysis engine is at first to want Collection Events information, after receiving the format event information that transmits from data acquisition unit, judge by intrusion detection method whether invasion takes place, because analysis engine and storage system are to utilize unified interface swap data, so have a plurality of analysis engines among the IDS, the detection method that each analysis engine adopts is also not necessarily identical, even also can use several detection methods simultaneously in the same analysis engine, the detection method that identical The data is different is analyzed, then separately testing result is compared, can improve the accuracy of detection.
7, distributed network invasion detecting system according to claim 1, it is characterized in that described daily record collection is responsible for the thing that register system took place, the interested incident of user is all noted, this will help the user intrusion event will be done further investigation and analysis, can analyze the invasion technology that the invador takes on the one hand, also can grasp invador's behavior trace on the other hand.
8, distributed network invasion detecting system according to claim 1 is characterized in that described responding system is responsible for the intrusion alarm information that the receiving and analyzing engine is sent, and takes appropriate measures then to stop the invador to proceed the invasion activity.
9, distributed network invasion detecting system according to claim 1 is characterized in that described control centre is the interface of IDS and user interactions, by its keeper can manage with configuration-system in each parts, the ruuning situation of each parts among the inquiry IDS.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610037594 CN1949720A (en) | 2006-09-08 | 2006-09-08 | Distributed network invasion detecting system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610037594 CN1949720A (en) | 2006-09-08 | 2006-09-08 | Distributed network invasion detecting system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1949720A true CN1949720A (en) | 2007-04-18 |
Family
ID=38019111
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610037594 Pending CN1949720A (en) | 2006-09-08 | 2006-09-08 | Distributed network invasion detecting system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1949720A (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115010B (en) * | 2007-09-04 | 2010-06-02 | 杭州华三通信技术有限公司 | Method for extending security system, security system and security processing equipment |
CN103748988B (en) * | 2009-06-12 | 2010-10-06 | 北京理工大学 | A kind of attack detection method based on fuzzy uncertainty reasoning |
CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
CN101534213B (en) * | 2009-04-09 | 2011-02-02 | 成都市华为赛门铁克科技有限公司 | Acquisition method of log and log server |
CN101420419B (en) * | 2008-10-27 | 2011-05-18 | 吉林大学 | Adaptive high-speed network flow layered sampling and collecting method |
CN101350745B (en) * | 2008-08-15 | 2011-08-03 | 北京启明星辰信息技术股份有限公司 | Intrude detection method and device |
CN101562534B (en) * | 2009-05-26 | 2011-12-14 | 中山大学 | Network behavior analytic system |
CN103384241A (en) * | 2012-12-21 | 2013-11-06 | 北京安天电子设备有限公司 | Distributed analysis method and system for security event data |
CN104333534A (en) * | 2014-09-18 | 2015-02-04 | 南京邮电大学 | DoS detection system of 6LoWPAN sensing network |
CN105812200A (en) * | 2014-12-31 | 2016-07-27 | 中国移动通信集团公司 | Abnormal behavior detection method and device |
CN106850645A (en) * | 2017-02-18 | 2017-06-13 | 许昌学院 | A kind of system and method for detecting invalid access to computer network |
CN107819837A (en) * | 2017-10-31 | 2018-03-20 | 南京优速网络科技有限公司 | A kind of method and log cache analysis system for lifting buffer service quality |
CN107921981A (en) * | 2015-06-30 | 2018-04-17 | 莱尔德技术股份有限公司 | The monitoring and control of distributed machines |
CN109067555A (en) * | 2018-07-25 | 2018-12-21 | 安徽三实信息技术服务有限公司 | A kind of WLAN wireless network data encryption system and its encryption method |
CN111181914A (en) * | 2019-09-29 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Method, device and system for monitoring internal data security of local area network and server |
-
2006
- 2006-09-08 CN CN 200610037594 patent/CN1949720A/en active Pending
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115010B (en) * | 2007-09-04 | 2010-06-02 | 杭州华三通信技术有限公司 | Method for extending security system, security system and security processing equipment |
US8713663B2 (en) | 2007-09-04 | 2014-04-29 | Hangzhou H3C Technologies Co., Ltd. | Method for using extended security system, extended security system and devices |
CN101350745B (en) * | 2008-08-15 | 2011-08-03 | 北京启明星辰信息技术股份有限公司 | Intrude detection method and device |
CN101420419B (en) * | 2008-10-27 | 2011-05-18 | 吉林大学 | Adaptive high-speed network flow layered sampling and collecting method |
CN101534213B (en) * | 2009-04-09 | 2011-02-02 | 成都市华为赛门铁克科技有限公司 | Acquisition method of log and log server |
CN101562534B (en) * | 2009-05-26 | 2011-12-14 | 中山大学 | Network behavior analytic system |
CN103748988B (en) * | 2009-06-12 | 2010-10-06 | 北京理工大学 | A kind of attack detection method based on fuzzy uncertainty reasoning |
CN103748989B (en) * | 2009-07-14 | 2010-10-06 | 北京理工大学 | A kind of many granularities of matrix form network security threats method for situation assessment |
CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
CN101938460B (en) * | 2010-06-22 | 2014-04-09 | 北京中兴网安科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
CN103384241B (en) * | 2012-12-21 | 2016-07-13 | 北京安天电子设备有限公司 | A kind of distribution analysis method towards security event data and system |
CN103384241A (en) * | 2012-12-21 | 2013-11-06 | 北京安天电子设备有限公司 | Distributed analysis method and system for security event data |
CN104333534A (en) * | 2014-09-18 | 2015-02-04 | 南京邮电大学 | DoS detection system of 6LoWPAN sensing network |
CN105812200A (en) * | 2014-12-31 | 2016-07-27 | 中国移动通信集团公司 | Abnormal behavior detection method and device |
CN107921981A (en) * | 2015-06-30 | 2018-04-17 | 莱尔德技术股份有限公司 | The monitoring and control of distributed machines |
US10516737B2 (en) | 2015-06-30 | 2019-12-24 | Control Solutions Enterprises, Inc. | Monitoring and controlling of distributed machines |
CN107921981B (en) * | 2015-06-30 | 2020-05-01 | 莱尔德技术股份有限公司 | Method and network for managing a plurality of distributed machines |
US10805400B2 (en) | 2015-06-30 | 2020-10-13 | Cattron North America, Inc. | Monitoring and controlling of distributed machines |
CN106850645A (en) * | 2017-02-18 | 2017-06-13 | 许昌学院 | A kind of system and method for detecting invalid access to computer network |
CN107819837A (en) * | 2017-10-31 | 2018-03-20 | 南京优速网络科技有限公司 | A kind of method and log cache analysis system for lifting buffer service quality |
CN109067555A (en) * | 2018-07-25 | 2018-12-21 | 安徽三实信息技术服务有限公司 | A kind of WLAN wireless network data encryption system and its encryption method |
CN111181914A (en) * | 2019-09-29 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Method, device and system for monitoring internal data security of local area network and server |
CN111181914B (en) * | 2019-09-29 | 2022-08-02 | 腾讯云计算(北京)有限责任公司 | Method, device and system for monitoring internal data security of local area network and server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1949720A (en) | Distributed network invasion detecting system | |
CN100386993C (en) | Network invading event risk evaluating method and system | |
CN109861995A (en) | A kind of safe big data intelligent analysis method of cyberspace, computer-readable medium | |
CN109885562A (en) | A kind of big data intelligent analysis system based on cyberspace safety | |
CN104753936B (en) | OPC security gateway systems | |
CN106371986A (en) | Log treatment operation and maintenance monitoring system | |
CN101557327A (en) | Intrusion detection method based on support vector machine (SVM) | |
Lan et al. | A framework for network security situation awareness based on knowledge discovery | |
CN100362803C (en) | Network safety warning system based on cluster and relavance | |
CN103036886A (en) | Industrial controlling network safety protecting method | |
CN102111420A (en) | Intelligent NIPS framework based on dynamic cloud/fire wall linkage | |
CN110213226A (en) | Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor | |
CN103716203A (en) | Networked control system intrusion detection method and system based on ontology model | |
Zhang et al. | Intrusion detection in SCADA systems by traffic periodicity and telemetry analysis | |
CN115883236A (en) | Power grid intelligent terminal cooperative attack monitoring system | |
CN111327601A (en) | Abnormal data response method, system, device, computer equipment and storage medium | |
CN112416872A (en) | Cloud platform log management system based on big data | |
CN115378711A (en) | Industrial control network intrusion detection method and system | |
CN114091033A (en) | Full-life-cycle-oriented data security anomaly detection method and system | |
CN101867571A (en) | Intelligent network intrusion defensive system based on collaboration of a plurality of mobile agents | |
CN113971288A (en) | Big data technology-based smart campus security management and control platform | |
CN1175351C (en) | Automatic SOLARIS process protecting system | |
CN113132370A (en) | Universal integrated safety pipe center system | |
KR20010085056A (en) | Apparatus and Method for managing software-network security based on shadowing mechanism | |
Liao et al. | Research on network intrusion detection method based on deep learning algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |