CN211352228U - Data network edge intrusion detection system - Google Patents
Data network edge intrusion detection system Download PDFInfo
- Publication number
- CN211352228U CN211352228U CN201922271928.4U CN201922271928U CN211352228U CN 211352228 U CN211352228 U CN 211352228U CN 201922271928 U CN201922271928 U CN 201922271928U CN 211352228 U CN211352228 U CN 211352228U
- Authority
- CN
- China
- Prior art keywords
- main control
- control module
- network
- intrusion detection
- data network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model discloses a data network edge intrusion detection system, data network edge intrusion detection system includes network flow probe, host system and display, wherein, host system includes memory, IO chip and treater; the network flow probe is connected with the main control module; the main control module is also connected with the display; the memory, the IO chip and the processor are arranged on the main control module and are sequentially connected. The embodiment of the utility model provides an in, data network edge intrusion detection system has improved the efficiency that intrusion equipment detected, can detect and send the warning at the equipment access first.
Description
Technical Field
The utility model relates to a data network intrusion detection's technical field especially relates to a data network edge intrusion detection system.
Background
In the current important information systems of various industries, aiming at the intrusion prevention of network security, most of the current systems prevent the intrusion by deploying IDS or IPS equipment; the existing data network intrusion equipment detection has the basic flow that the data network node flow is checked, and then the flow analysis is carried out to obtain the detection result; generally, a core router or a switch is selected to output port flow mirror images to a corresponding acquisition machine for acquisition, and then some abnormal flow information in the flow is obtained through message detection, so as to locate a source IP address. The main defects of deploying intrusion prevention detection products in the network are as follows: the defense detection behavior is centralized on the upper layer flow, the detection and the defense are not carried out on the flow in the edge layer switch, and the unauthorized intrusion equipment which enters the switch once cannot be recorded and tracked; and the arp table of the edge switch has limited storage time, so that records exceeding the survival time cannot be inquired, and the difficulty in tracking the intrusion equipment is increased.
SUMMERY OF THE UTILITY MODEL
An object of the utility model is to overcome prior art not enough, the utility model provides a data network edge intrusion detection system, the equipment that can access edge network switch carries out the record, detects data network edge switch invasion.
In order to solve the above problems, the present invention provides a data network edge intrusion detection system, which includes a network flow probe, a main control module and a display, wherein the main control module includes a memory, an IO chip and a processor;
the network flow probe is connected with the main control module; the main control module is also connected with the display; the memory, the IO chip and the processor are arranged on the main control module and are sequentially connected.
In an optional embodiment, the network traffic probe adopts a TP-LINK TF-3239DL 10/100M adaptive PCI network card.
In an alternative embodiment, the memory is Western Digital HC310 memory.
In an alternative embodiment, the IO chip is an INTEL H310 chip.
In an alternative embodiment, the processor employs CELERON G4900.
In AN alternative embodiment, the display is AN Ammet AN-320W01D display.
The embodiment of the utility model provides an in, a data network edge intrusion detection system can overcome the characteristics of data network edge switch intrusion detection difficulty, carries out the record to the equipment that inserts this edge switch once. The system improves the efficiency of detecting the intrusion device, can detect and send out an alarm at the beginning of the access of the device, and makes up the vulnerability of bypassing the behavior of the flow monitoring system by the transverse intrusion of the edge switch.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a data network edge intrusion detection system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a data network edge intrusion detection system according to an embodiment of the present invention.
Referring to fig. 1, a data network edge intrusion detection system includes a network traffic probe, a main control module and a display, where the main control module includes a memory, an IO chip and a processor; the network flow probe is connected with the main control module; the main control module is also connected with the display; the memory, the IO chip and the processor are arranged on the main control module and are sequentially connected.
Specifically, the network traffic probe is used for acquiring a data traffic packet of the edge network switch; the main control module is used for reading and analyzing a source address in the data traffic packet; the display is used for displaying the illegally accessed equipment mac and the IP address in the source address and sending out an alarm indication.
In specific implementation, the network traffic probe is accessed to the edge network switch to be tested, and is positioned in the same vlan with the working network of the edge network switch to collect all traffic data packets; after the flow data packet is sent into a memory, storing the collected flow data packet in a pcap format; the IO chip analyzes the stored data packet to obtain packet header message content and two-layer protocol message content; the processor analyzes the packet header message content and the two-layer protocol message content, counts and outputs according to requirements after classification, and gives an alarm when a defined illegal value is detected and displays the value in a display.
In the specific implementation of the present invention, the network traffic probe employs TP-LINK TF-3239DL 10/100M adaptive PCI network card. Specifically, the network traffic probe is further connected to an edge network switch, and is configured to collect a data traffic packet of the edge network switch. It should be noted that the network traffic probe and the working network of the edge network switch are in the same vlan.
In the embodiment of the present invention, the memory is a Western Digital HC310 memory. Specifically, the memory is used for storing the data traffic packet of the edge network switch acquired by the network traffic probe based on the pcap format;
in the embodiment of the present invention, the IO chip is an INTEL H310 chip. Specifically, the IO chip is configured to read and analyze header data of a data traffic packet of the edge network switch and data of a two-layer protocol acquired by the network traffic probe, and obtain header packet content and two-layer protocol packet content.
In a specific embodiment of the present invention, the processor is a CELERON G4900. Specifically, the processor is configured to classify and count the packet header packet content and the two-layer protocol packet content, and output the packet header packet content and the two-layer protocol packet content as needed.
In the specific implementation of the present invention, the display is AN anmantel AN-320W01D display. Specifically, the display is configured to display the content of the processor, and when a defined illegal value is detected, an alarm prompt message is provided.
The embodiment of the utility model provides an in, a data network edge intrusion detection system can overcome the characteristics of data network edge switch intrusion detection difficulty, carries out the record to the equipment that inserts this edge switch once. The system improves the efficiency of detecting the intrusion device, can detect and send out an alarm at the beginning of the access of the device, and makes up the vulnerability of bypassing the behavior of the flow monitoring system by the transverse intrusion of the edge switch.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above detailed description is made on a data network edge intrusion detection system provided by the embodiment of the present invention, and the specific examples are adopted herein to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for the general technical personnel in the field, according to the idea of the present invention, there are changes in the specific implementation and application scope, to sum up, the content of the present specification should not be understood as the limitation of the present invention.
Claims (6)
1. The data network edge intrusion detection system is characterized by comprising a network flow probe, a main control module and a display, wherein the main control module comprises a memory, an IO chip and a processor;
the network flow probe is connected with the main control module; the main control module is also connected with the display; the memory, the IO chip and the processor are arranged on the main control module and are sequentially connected.
2. The system of claim 1, wherein the network traffic probe employs a TP-LINK TF-3239DL 10/100M adaptive PCI network card.
3. The system of claim 1, wherein the memory is Western Digital HC310 memory.
4. The system according to claim 1, wherein the IO chip is an INTEL H310 chip.
5. The system of claim 4, wherein the processor employs CELERON G4900.
6. The system of claim 4, wherein the display is AN Anmet AN-320W01D display.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201922271928.4U CN211352228U (en) | 2019-12-17 | 2019-12-17 | Data network edge intrusion detection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201922271928.4U CN211352228U (en) | 2019-12-17 | 2019-12-17 | Data network edge intrusion detection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN211352228U true CN211352228U (en) | 2020-08-25 |
Family
ID=72099401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201922271928.4U Expired - Fee Related CN211352228U (en) | 2019-12-17 | 2019-12-17 | Data network edge intrusion detection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN211352228U (en) |
-
2019
- 2019-12-17 CN CN201922271928.4U patent/CN211352228U/en not_active Expired - Fee Related
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111935170B (en) | Network abnormal flow detection method, device and equipment | |
US20100262873A1 (en) | Apparatus and method for dividing and displaying ip address | |
KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
CN101309179B (en) | Real-time flux abnormity detection method on basis of host activity and communication pattern analysis | |
CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
CN105844832A (en) | Item monitoring and evidence obtaining system and method based on RFID and cameras | |
KR20060028601A (en) | Apparatus for detecting abnormality of traffic in network and method thereof | |
CN107690051A (en) | One kind alarm video recording method and device | |
CN104660552A (en) | Wireless local area network (WLAN) intrusion detection system | |
CN110798427A (en) | Anomaly detection method, device and equipment in network security defense | |
CN110750785A (en) | Detection method and device for scanning behavior of host port | |
CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
CN108259426A (en) | A kind of ddos attack detection method and equipment | |
CN107948199A (en) | A kind of method and device being used for quickly detecting to terminal shared access | |
CN105099762B (en) | A kind of self checking method and self-checking system of system O&M function | |
CN112565300A (en) | Industry-based cloud hacker attack identification and blocking method, system, device and medium | |
CN111526109B (en) | Method and device for automatically detecting running state of web threat recognition defense system | |
CN105843916A (en) | Sensitive data detection method and equipment based on file merging | |
CN107493258A (en) | A kind of intruding detection system based on network security | |
CN211352228U (en) | Data network edge intrusion detection system | |
KR101488271B1 (en) | Apparatus and method for ids false positive detection | |
CN107613462A (en) | Data analysing method, device and electronic equipment | |
KR100432168B1 (en) | Multiple Intrusion Detection Objects in Security Gateway System for Network Intrusion Detection | |
KR101384618B1 (en) | A system for analyzing dangerous situation using node analysis | |
CN115567258A (en) | Network security situation awareness method, system, electronic device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200825 Termination date: 20201217 |
|
CF01 | Termination of patent right due to non-payment of annual fee |