CN209913856U - Network data security analysis auxiliary assembly based on ZYNQ - Google Patents
Network data security analysis auxiliary assembly based on ZYNQ Download PDFInfo
- Publication number
- CN209913856U CN209913856U CN201920601364.3U CN201920601364U CN209913856U CN 209913856 U CN209913856 U CN 209913856U CN 201920601364 U CN201920601364 U CN 201920601364U CN 209913856 U CN209913856 U CN 209913856U
- Authority
- CN
- China
- Prior art keywords
- module
- gigabit ethernet
- data
- network
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses a network data security analysis auxiliary assembly based on ZYNQ. The equipment adopts a modular integrated structure and comprises a gigabit Ethernet interface module, a data analysis control core module, an ARMA9 processing unit, a PCIE data interface conversion module, an external network output control module, a safety analysis reconstruction module, a storage module, a display screen module, a clock module and a power supply module. The utility model discloses possess safety filter, flow data statistics, agreement agent analysis's function. The user can solve the problem that the prior network security equipment can not give consideration to high speed, safety and high efficiency, and the processing high speed, safety and high efficiency of network topology are improved.
Description
Technical Field
The utility model relates to a network protocol uninstallation, network communication, network information safety and heterogeneous processing technology field are applicable to enterprise core network security data analysis and data security server system, especially a network data security analysis auxiliary assembly based on ZYNQ.
Background
The speed of network communication is rapidly developing in the modern times, and the flow of network data is greatly increased from hundreds of megabytes, gigabytes to tens of millions. However, since the network protocol does not consider the security problem in the early stage of setting, the network information security policy becomes a problem which must be solved in network communication today. Most of the popular network security software is based on an application layer, network attacks on the bottom layer are easy to break, and the system software has a plurality of unknown vulnerabilities, so that the security performance of the system software is greatly reduced; most of the current network security special equipment is based on a processor architecture, has higher time delay, occupies larger processor resources, and greatly reduces the network performance under the high-speed network environment.
SUMMERY OF THE UTILITY MODEL
The utility model discloses the purpose is not enough and the network data safety analysis auxiliary assembly based on ZYNQ that provides to prior art, the utility model discloses a with the integrated structure of modularization, by ten gigabit Ethernet extranet input interface module, data analysis control core module, ARMA9 processing unit, display screen module, PCIE data interface conversion module, ten gigabit Ethernet extranet output module, extranet output control module, safe analytic reconstruction module, storage module, ten gigabit Ethernet intranet input interface module, ten gigabit Ethernet intranet output interface module clock module and power module constitute. The utility model discloses possess safety filter, flow data statistics, agreement agent analysis's function. When the system is used for safety filtering, the ARMA9 processing unit and the display screen module receive user configuration information, the user configuration information is configured to the safety analysis reconstruction module through the data analysis control core module, the received data of the external network is subjected to safety filtering, and the data is input into the network topology of the internal network through the ten-gigabit Ethernet internal network output interface module; when the data analysis control core module is used for traffic data statistics, the data analysis control core module receives external network data input from the gigabit Ethernet external network input interface module, analyzes underlying protocols of the data such as TCP, UDP, IP, ARP and the like, counts data such as instantaneous traffic, accumulated traffic and the like, transmits the obtained statistical information to the ARMA9 processing unit, and drives the display screen module to feed back to a user through the ARMA9 processing unit. When the protocol agent analysis module is used for protocol agent analysis, the data analysis control core module receives external network data input from the ten-gigabit Ethernet external network input interface module, the security analysis and reconstruction module is driven and controlled to unload the basic protocol to the network number, unloaded bare data is transmitted to the host through the storage module and the PCIE interface module, and the host analyzes the data.
Realize the utility model discloses the concrete technical scheme of purpose is:
a network data security analysis auxiliary device based on ZYNQ is characterized by comprising a gigabit Ethernet external network input interface module, a data analysis control core module, an ARMA9 processing unit, a PCIE data interface conversion module, a gigabit Ethernet external network output module, an external network output control module, a security analysis reconstruction module, a storage module, a gigabit Ethernet internal network input interface module, a display screen module, a gigabit Ethernet internal network output interface module, a clock module and a power module;
the gigabit Ethernet external network input interface module is respectively connected with the data analysis control core module, the security analysis reconstruction module, the clock module and the power module;
the data analysis control core module is respectively connected with the ARMA9 processing unit, the external network output control module, the security analysis reconstruction module, the clock module and the power module;
the ARMA9 processing unit is respectively connected with the data analysis control core module, the clock module and the power module;
the PCIE data interface conversion module is respectively connected with the storage module, the clock module and the power supply module;
the gigabit Ethernet external network output module is respectively connected with the external network output control module, the gigabit Ethernet internal network input interface module, the clock module and the power module;
the external network output control module is respectively connected with the gigabit Ethernet external network output module, the data analysis control core module, the security analysis reconstruction module, the clock module and the power module;
the security analysis reconstruction module is respectively connected with the gigabit Ethernet extranet input interface module, the gigabit Ethernet intranet output interface module, the extranet output control module, the storage module, the clock module and the power module;
the storage module is respectively connected with the security analysis reconstruction module, the PCIE data interface conversion module, the clock module and the power module;
the gigabit Ethernet intranet input interface module is respectively connected with the extranet output control module, the clock module and the power supply module;
the gigabit Ethernet intranet output interface module is respectively connected with the security analysis reconstruction module, the clock module and the power supply module.
The display screen module is respectively connected with the ARMA9 processing unit, the clock module and the power supply module.
Wherein:
the gigabit Ethernet external network input interface module is formed by connecting a gigabit Ethernet optical port with a gigabit Ethernet PHY core.
The data analysis control core module is composed of a data packet detection module, a network flow statistic module and a core control module.
The PCIE data interface conversion module is formed by connecting a PCIE data control module with a PCIE data receiving engine and a PCIE data sending engine.
The gigabit Ethernet external network output module is formed by connecting a gigabit Ethernet optical port with a gigabit Ethernet PHY core.
The safety analysis reconstruction module is composed of a protocol analysis reconstruction module and a safety filtering module.
The gigabit Ethernet intranet input interface module is formed by connecting a gigabit Ethernet optical port with a gigabit Ethernet PHY core.
The gigabit Ethernet intranet output interface module is formed by connecting a gigabit Ethernet optical port with a gigabit Ethernet PHY core.
The beneficial effects of the utility model
The utility model provides a based on heterogeneous structure (special logic circuit and treater) network data safety analysis auxiliary assembly, help the PC to carry out network safety data analysis. The security filtering interception is carried out on hardware, the unloading work of a bottom layer protocol is carried out, and the unloaded data is sent to a PC (personal computer) end for processing and analysis, so that the resource occupancy rate of the data analyzed by the PC processor is reduced, the security and the high speed of the network data are ensured, and the current network situation is well dealt with.
At present, most enterprise servers suffer from numerous network attacks, the network security of the data servers can be greatly enhanced by using the device, the high speed of data transmission is ensured, and the efficiency of network data analysis can be greatly improved based on the device.
Drawings
FIG. 1 is a reference diagram of the utility model in use;
FIG. 2 is a schematic structural view of the present invention;
fig. 3 is a schematic view of the operation process of the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings and embodiments.
Examples
The utility model discloses the during operation needs a computer as main data analyzer, the utility model discloses insert as supplementary analytical equipment on the PCIE of this computer to be located between intranet and the outer net, the effect of performance safety isolation, as shown in figure 1.
The utility model discloses a work flow:
the network data security isolation workflow is shown in figure 2. The security configuration information comprises an IP address, a MAC address, a port address, a TCP protocol, a UDP protocol and the like which allow network data packets to pass through, the security configuration information is input through the display screen module 15, the display screen module 15 transmits the information to the ARMA9 processing unit 3 for preprocessing the configuration information, the configuration information is input into the core control module 23 through the DMA, the serial data of the DMA is converted into parallel and serial data through the module 23, the parallel and serial data are converted into a parallel register to be provided to the security filtering module 72, and the module 72 plays a role in filtering. The external network data is accessed into the device through the gigabit Ethernet optical port 13, the gigabit Ethernet PHY core 14 is input to convert into 64-bit AXI Stream data, the data Stream enters the security filtering module 72 for data security filtering, the AXI Stream is output to the gigabit Ethernet PHY core 14, the gigabit Ethernet PHY core 14 converts into gigabit optical port data, and the gigabit Ethernet optical port 13 is accessed into the internal network.
The network protocol agent workflow is shown in figure 2. If the protocol agent reply function external network data Stream is selected to be input from the gigabit ethernet optical port 13, the gigabit ethernet PHY core 14 shapes the gigabit network data Stream into a 64-bit AXIStream input data packet detection module 21, the packet header information is detected in the packet detection module 21 and then sent to the core control module 23, the core control module 23 controls the protocol analysis reconstruction module 71 to perform protocol response operations (TCP, ICMP, ARP, etc.) according to the detection result, the generated response data Stream is output to the gigabit ethernet PHY core 14 through the external network output control module 6 in a polling manner, and the gigabit ethernet PHY core 14 converts the 64-bit AXI Stream into a gigabit optical port data Stream and outputs the gigabit optical port 13 to the external network.
If the protocol agent reply function is not selected, the reply data of the protocol can access the internal gigabit data through the gigabit ethernet optical port 13, is converted into 64-bit AXI Stream data through the gigabit ethernet PHY core 14, is output to the gigabit ethernet PHY core 14 through the external network output control module 6 in a polling manner, is converted into a gigabit network data Stream through the gigabit ethernet PHY core 14, and is output through the gigabit ethernet optical port 13.
The protocol analysis reconstruction module 71 strips the bare data of the 64-bit AXIStream network data Stream input to the protocol analysis reconstruction module 71 according to the control information generated by the core control module 23, inputs the stripped data into the storage module 8 for data bit width conversion into a 128-bit AXI Stream data Stream, inputs the data into the PCIE data control module 41, the PCIE data control module 41 controls the PCIE data sending engine 43 to send the bare data to the PCIE according to the PCIE tlp protocol, and receives the response control information through the PCIE data receiving engine 42. Bare data transmitted to PCIE may be subject to data security analysis.
Data flow statistics workflow, as shown in figure 2. An extranet network data Stream is input from a gigabit ethernet optical port 13, the gigabit ethernet PHY reshapes the gigabit ethernet network data Stream into a 64-bit AXI Stream and inputs the Stream into a packet detection module 21, the packet detection module 21 detects packet header information and then sends the detected packet header information and data Stream to a network traffic statistics module 22, the network traffic statistics module 22 counts out relevant information of the network data Stream including network throughput rate, TCP connection number, UDP transmission number, corresponding IP address communication number and the like according to the result detected by the packet detection module 21 and the data Stream, and transmits the relevant information to an ARMA9 processing unit 3, and the ARMA9 processing unit 3 drives a display screen module 15 to display the relevant statistical information.
The utility model discloses a working process is as shown in figure 3, and is giving equipment power-on, and the computer is started after, detects normal back, through display screen configuration safety filter and protocol uninstallation configuration information, including IP \ MAC \ PORT address configuration, TCP/UDP/ICMP/ARP protocol pass through and whether protocol agent's configuration. Then open the computer, because the utility model discloses uninstalling network data associated protocol, arbitrary data analysis procedure can directly carry out analysis processes to data, begins to carry out the analysis of network data flow. After the network data analysis through a period, can be according to the host computer to the network data analysis result with the utility model discloses the network information of statistics, through the display screen, the adjustment configuration to reach network link's high speed nature and security.
The utility model discloses utilize hardware logic circuit's high-speed, parallel and safe characteristics, the nimble and the high efficiency that the cooperation treater was handled have realized the fast-speed passing through of ten thousand million network data's safety to can the efficient analysis and processing data. The method can solve the problem that the prior network security equipment cannot give consideration to high speed, safety and high efficiency, and improve the processing high speed, safety and high efficiency of network topology. The utility model discloses can regard as the application that enterprise server network data security analysis keeps apart.
Claims (8)
1. A network data security analysis auxiliary device based on ZYNQ is characterized by comprising a gigabit Ethernet external network input interface module (1), a data analysis control core module (2), an ARMA9 processing unit (3), a PCIE data interface conversion module (4), a gigabit Ethernet external network output module (5), an external network output control module (6), a security analysis reconstruction module (7), a storage module (8), a gigabit Ethernet internal network input interface module (9), a gigabit Ethernet internal network output interface module (10), a display screen module (15), a clock module (11) and a power supply module (12);
the gigabit Ethernet external network input interface module (1) is respectively connected with the data analysis control core module (2), the security analysis reconstruction module (7), the clock module (11) and the power module (12);
the data analysis control core module (2) is respectively connected with the ARMA9 processing unit (3), the external network output control module (6), the security analysis reconstruction module (7), the clock module (11) and the power module (12);
the ARMA9 processing unit (3) is respectively connected with the data analysis control core module (2), the display screen module (15), the clock module (11) and the power module (12);
the PCIE data interface conversion module (4) is respectively connected with the storage module (8), the clock module (11) and the power module (12);
the gigabit Ethernet external network output module (5) is respectively connected with the external network output control module (6), the gigabit Ethernet internal network input interface module (9), the clock module (11) and the power module (12);
the external network output control module (6) is respectively connected with the gigabit Ethernet external network output module (5), the data analysis control core module (2), the security analysis reconstruction module (7), the clock module (11) and the power module (12);
the security analysis reconstruction module (7) is respectively connected with a gigabit Ethernet external network input interface module (1), a gigabit Ethernet internal network output interface module (10), an external network output control module (6), a storage module (8), a clock module (11) and a power module (12);
the storage module (8) is respectively connected with the security analysis reconstruction module (7), the PCIE data interface conversion module (4), the clock module (11) and the power module (12);
the gigabit Ethernet intranet input interface module (9) is respectively connected with the extranet output control module (6), the clock module (11) and the power module (12);
the gigabit Ethernet intranet output interface module (10) is respectively connected with the security analysis reconstruction module (7), the clock module (11) and the power module (12);
the display screen module (15) is respectively connected with the ARMA9 processing unit (3), the clock module (11) and the power supply module (12).
2. The auxiliary device for network data security analysis according to claim 1, wherein the gigabit ethernet extranet input interface module (1) is formed by connecting a gigabit ethernet optical port (13) with a gigabit ethernet PHY core (14).
3. The network data security analysis device according to claim 1, wherein the data analysis control core module (2) is formed by connecting a data packet detection module (21) with a network traffic statistic module (22) and a core control module (23).
4. The device according to claim 1, wherein the PCIE data interface conversion module (4) is configured by a PCIE data control module (41) connected to a PCIE data receiving engine (42) and a PCIE data sending engine (43).
5. The network data security analysis device according to claim 1, wherein the gigabit ethernet extranet output module (5) is formed by connecting a gigabit ethernet optical port (13) with a gigabit ethernet PHY core (14).
6. The network data security analysis device according to claim 1, wherein the security resolution reconstruction module (7) is composed of a protocol resolution reconstruction module (71) and a security filter module (72).
7. The network data security analysis device according to claim 1, wherein the gigabit ethernet intranet input interface module (9) is formed by connecting a gigabit ethernet optical port (13) with a gigabit ethernet PHY core (14).
8. The network data security analysis device according to claim 1, wherein the gigabit ethernet intranet output interface module (10) is formed by connecting a gigabit ethernet optical port (13) with a gigabit ethernet PHY core (14).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920601364.3U CN209913856U (en) | 2019-04-28 | 2019-04-28 | Network data security analysis auxiliary assembly based on ZYNQ |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201920601364.3U CN209913856U (en) | 2019-04-28 | 2019-04-28 | Network data security analysis auxiliary assembly based on ZYNQ |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN209913856U true CN209913856U (en) | 2020-01-07 |
Family
ID=69046110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201920601364.3U Active CN209913856U (en) | 2019-04-28 | 2019-04-28 | Network data security analysis auxiliary assembly based on ZYNQ |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN209913856U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110061999A (en) * | 2019-04-28 | 2019-07-26 | 华东师范大学 | A kind of network data security analysis ancillary equipment based on ZYNQ |
-
2019
- 2019-04-28 CN CN201920601364.3U patent/CN209913856U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110061999A (en) * | 2019-04-28 | 2019-07-26 | 华东师范大学 | A kind of network data security analysis ancillary equipment based on ZYNQ |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8065722B2 (en) | Semantically-aware network intrusion signature generator | |
| US9838289B2 (en) | Security network processor system and method | |
| CN110061999A (en) | A kind of network data security analysis ancillary equipment based on ZYNQ | |
| CN102710424A (en) | Gigabit/10-gigabit multifunctional network card and implementation method for same | |
| US7565580B2 (en) | Method and system for testing network device logic | |
| CN209913856U (en) | Network data security analysis auxiliary assembly based on ZYNQ | |
| US20140123288A1 (en) | Network intrusion detection apparatus and method using perl compatible regular expressions-based pattern matching technique | |
| CN110673201B (en) | Low-power-consumption wired seismograph based on single-chip FPGA and high-speed ad hoc network method thereof | |
| Shuai et al. | Performance optimization of Snort based on DPDK and Hyperscan | |
| CN110798345A (en) | Network flow monitoring and analyzing equipment based on ZYNQ | |
| CN115567260A (en) | Network security detection processing method based on FPGA | |
| CN113377051B (en) | Network safety protection equipment based on FPGA | |
| CN111131267A (en) | Ethernet self-adaption method, device and system based on FPGA | |
| CN210780842U (en) | Network flow monitoring and analyzing equipment based on ZYNQ | |
| Martinek et al. | Netcope: Platform for rapid development of network applications | |
| CN113094762B (en) | Data processing method and device and signature verification server | |
| CN105929794B (en) | A kind of industrial network extended method of plug and play | |
| CN115174802A (en) | Image acquisition card and image acquisition method | |
| CN101364895B (en) | High performance wideband Internet behavior real-time analysis and management system | |
| CN1347062A (en) | Gigabit IP network card | |
| Uchida | Hardware-based TCP processor for Gigabit Ethernet | |
| Ficara et al. | A cooperative PC/Network-Processor architecture for multi gigabit traffic analysis | |
| KR20040079515A (en) | An embedded board for intrusion detection system and an intrusion detection system comprising said embedded board | |
| CN112565186B (en) | Distributed industrial control honey net flow acquisition system and method based on buffer pool | |
| CN114189568B (en) | Method and system for rapidly processing UDP (user Datagram protocol) data packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |