CN103905459A - Cloud-based intelligent security defense system and defense method - Google Patents
Cloud-based intelligent security defense system and defense method Download PDFInfo
- Publication number
- CN103905459A CN103905459A CN201410148428.0A CN201410148428A CN103905459A CN 103905459 A CN103905459 A CN 103905459A CN 201410148428 A CN201410148428 A CN 201410148428A CN 103905459 A CN103905459 A CN 103905459A
- Authority
- CN
- China
- Prior art keywords
- module
- ftp
- intelligent
- clouds
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Monitoring And Testing Of Nuclear Reactors (AREA)
Abstract
The invention provides a cloud-based intelligent security defense system and defense method. Intelligent processing platforms are mutually dispatched through a system core function dispatching module according to a cloud-based intelligent processing assembly, the network security defense system capable of detecting, monitoring, checking, killing, blocking, auditing and recovering abnormal information is formed, the dynamic intelligent detection, identification and blocking and defense performance of the whole network is effectively improved, and the overall intelligent defense performance is improved.
Description
Technical field
The present invention relates to information security of computer network technical field, particularly a kind of intelligent security defense system and defence method based on high in the clouds.
Background technology
Cloud security (Cloud Security) is development and the network security application model of cloud computing; it is a kind of Security Architecture of the whole network defence; with intelligent client, concentrating type service end and three levels of open platform, the safe and highly efficient operation of protecting network system effectively.Existing intrusion prevention system (Intrusion Prevention System based on cloud security, IPS) integrated and merged cloud wall with flues and intruding detection system (Intrusion Detection System, IDS) technology, can provide the defence of profound dynamic active safety efficiently for whole local area network (LAN), belong to network intrusion prevention system (Network Intrusion Protection System, NIPS).
Existing network security defense technique, substantially be all to adopt traditional firewall technology, Network Intrusion Detection System (Intrusion Detection System, IDS) and network security defense technique, be faced with following network security problem: 1, virus and assault.High in the clouds provides continuous service for diverse network user, and some safety problems appear in virus and assault and link node often, will badly influence information resourse security and social stability etc.2, privacy is divulged a secret and unauthorized access.Ecommerce and Net silver, E-Government, mailbox or account etc., easily stolen and leak by inner lawless people or unauthorized person, and to network, normal operation has serious consequences.3, cross-platform safety problem.Hacker's utilisation system leak, long-range data, manipulation user computer or the mobile phone etc. stolen of mobile phone wooden horse.Particularly mobile cross-platform Prevention-Security, has become weakest link.The existing problem of above-mentioned network security, has seriously affected safety and the social stability of network system, has seriously hindered extensive use and the normal operation of computer network, and Internet resources and users' information security are had to very large security risk and hidden danger.
To sum up, deficiency and the limitation of known legacy network Prevention-Security technology: the one, a little less than dynamic security ability.Basic by traditional firewall with to the defence of equipment static configuration, be difficult to reply and get more and more and the advanced dynamic attacks of technological means.The 2nd, can not carry out Initiative Defense.Traditional firewall and IDS can only tackle various attack passively, and can not initiatively block.The 3rd, be difficult to identify new virus or network attack.Rely on the detection technique based on feature database, make cyber-defence lag behind all the time network attack.The 4th, a little less than detection and defence capability, fail to report rate of false alarm high.Particularly in the various data transmission procedures of catenet, various numerous and diverse virus or the network attack of appearance.The 5th, can not link and overall coordination defence, intelligent and interactivity is poor.
Summary of the invention
The object of the present invention is to provide a kind of intelligent security defense system and defence method based on high in the clouds, to improve the not enough and shortcoming of existing traditional network security defense technique.
For solving the problems of the technologies described above, the invention provides a kind of intelligent security defense system and defence method based on high in the clouds, the described intelligent security defense system based on high in the clouds comprises: high in the clouds Intelligent treatment assembly, Intelligent Processing Platform and system core function scheduler module; Wherein,
Described high in the clouds Intelligent treatment assembly sends to the abnormal information of network for identification and analysis one FTP client FTP;
Described Intelligent Processing Platform is for carrying out comprehensive maintenance to the abnormal information of described high in the clouds Intelligent treatment assembly;
Described system core function scheduler module is for carrying out dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly.
Optionally, in the described intelligent security defense system based on high in the clouds, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification; Wherein,
Described data acquisition download module is for downloading the property data base of real-time update and FTP client FTP being sent to network anomalous event information, classification, filtration and analysis;
Described host data acquisition module is used for the sample data of the malicious file, virus characteristic storehouse and the attack that gather FTP client FTP;
The abnormal information of sort module for preliminary identification analysis classification processing said data collection download module and host data acquisition module analyzed in described identification.
Optionally, in the described intelligent security defense system based on high in the clouds, described property data base comprises: diagnostic characteristic storehouse, virus characteristic storehouse, leak feature database and intrusion feature database.
Optionally, in the described intelligent security defense system based on high in the clouds, described Intelligent Processing Platform comprises that the system diagnostics evaluation module, system attack detection module, Malware killing module, Hole Detection reparation module, trace detection removing module, analysis blocking-up defense module, high level diagnostics reparation module, evaluation Audit Report module, process registration table driving monitoring module and the detection of system service descriptor table that are arranged on application layer recover module; Wherein,
Described system diagnostics evaluation module and system attack detection module, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module for leak and hidden danger to described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module and is evaluated Audit Report module for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP.
Described process registration table drive monitoring module for monitoring before all the other modules are called anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects and recovers module for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
Optionally, in the described intelligent security defense system based on high in the clouds, described Intelligent Processing Platform also comprises the expert system, feature knowledge storehouse and the monitoring rules storehouse that are arranged on inner nuclear layer; Wherein,
Described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
The present invention also provides a kind of intelligent security defense method based on high in the clouds, uses the intelligent security defense system based on high in the clouds described above; Wherein, described system core function scheduler module carries out dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly; The Intelligent treatment assembly identification of described high in the clouds and analysis one FTP client FTP send to the abnormal information in network; Described Intelligent Processing Platform is carried out comprehensive maintenance to the abnormal information in the Intelligent treatment assembly of described high in the clouds.
Optionally, in the intelligent security defense method based on high in the clouds, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification; Wherein,
Described data acquisition download module is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in network;
Described host data acquisition module gathers the sample data of malicious file, virus characteristic storehouse and the attack of FTP client FTP;
Described identification is analyzed the preliminary identification of sort module and is analyzed the abnormal information in classification processing said data collection download module and host data acquisition module.
Optionally, in the intelligent security defense method based on high in the clouds, at the property data base of download real-time update with in the step of anomalous event information, classification, filtration and analysis in to network, described property data base comprises: diagnostic characteristic storehouse, virus characteristic storehouse, leak feature database and intrusion feature database.
Optionally, in the intelligent security defense method based on high in the clouds, described Intelligent Processing Platform comprises that the system diagnostics evaluation module, system attack detection module, Malware killing module, Hole Detection reparation module, trace detection removing module, analysis blocking-up defense module, high level diagnostics reparation module, evaluation Audit Report module, process registration table driving monitoring module and the detection of system service descriptor table that are arranged on application layer recover module;
Described system diagnostics evaluation module and system attack detection module, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module for leak and hidden danger to described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module and is evaluated Audit Report module for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP;
Described process registration table drive monitoring module for monitoring before all the other modules are called anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects and recovers module for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
Optionally, in the intelligent security defense method based on high in the clouds, described Intelligent Processing Platform also comprises the expert system, feature knowledge storehouse and the monitoring rules storehouse that are arranged on inner nuclear layer; Wherein,
Described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
Optionally, in the intelligent security defense method based on high in the clouds, by mutual and collaborative to the application layer of described Intelligent Processing Platform and inner nuclear layer interlock.
Optionally, in the intelligent security defense method based on high in the clouds, described interlock comprises that to utilize home server group response, buffer memory support and enterprises Cloud Server synchronous.
A kind of intelligent security defense system and defence method based on high in the clouds provided by the present invention, there is following beneficial effect: carry out dispatching alternately described Intelligent Processing Platform by system core function scheduler module according to described high in the clouds Intelligent treatment assembly, form one to abnormal information detect, the network security system of monitoring, killing, blocking-up, defence, audit and restore funcitons module, effectively improve the performance of dynamic and intelligent detection, identification and the blocking-up defence of whole network, strengthened the usefulness of overall intelligence defence.
Accompanying drawing explanation
Fig. 1 is the intelligent security defense system based on high in the clouds of the embodiment of the present invention and the structural representation of defence method;
Fig. 2 is the structural representation that the intelligent security defense system based on high in the clouds of the embodiment of the present invention and defence method are deployed in FTP client FTP.
In Fig. 1 to Fig. 2,
10-high in the clouds Intelligent treatment assembly; 11-data acquisition download module; 12-host data acquisition module; Sort module is analyzed in 13-identification; 20-Intelligent Processing Platform; 201-system diagnostics evaluation module; 202-system attack detection module; 203-Malware killing module; 204-Hole Detection is repaired module; 205-trace detection is removed module; 206-analyzes blocking-up defense module; 207-high level diagnostics is repaired module; 208-evaluates Audit Report module; 209-process registration table drives monitoring module; 210-system service descriptor table detects and recovers module; 211-expert system; 212-feature knowledge storehouse; 213-and monitoring rules storehouse; 30-system core function scheduler module; 40-property data base; 41-diagnostic characteristic storehouse; 42-virus characteristic storehouse; 43-leak feature database; 44-intrusion feature database.
Embodiment
The encapsulating carrier plate and the manufacture method thereof that the present invention are proposed below in conjunction with the drawings and specific embodiments are described in further detail.According to the following describes and claims, advantages and features of the invention will be clearer.It should be noted that, accompanying drawing all adopts very the form of simplifying and all uses non-ratio accurately, only in order to convenient, the object of the aid illustration embodiment of the present invention lucidly.
Network security has become one of the 21 century world's ten big hot topic problems, has caused social extensive concern.Along with the fast development of informatization and IT technology, the application of computer networking technology more extensively and profoundly, network security problem constantly occurs, cause the importance of network security technology more outstanding, network security has become the focus that various countries pay close attention to, the information and the asset risk that are not only related to user, be also related to national security and social stability, become the frontier of popular research and demand for talent.Network security is a system engineering, has become the vital task of networking.Not only be related to national economy, also closely related with national security.Network security defense technique is the key technology that " putting prevention first " guarantees network security, is badly in need of very much the new cloud security technology of research and development.
Please refer to Fig. 1 and Fig. 2, the intelligent security defense system based on high in the clouds that Fig. 1 is the embodiment of the present invention and the structural representation of defence method; Fig. 2 is the structural representation that the intelligent security defense system based on high in the clouds of the embodiment of the present invention and defence method are deployed in FTP client FTP.As shown in Figure 1, the described intelligent security defense system based on high in the clouds comprises: high in the clouds Intelligent treatment assembly 10, Intelligent Processing Platform 20 and system core function scheduler module 30; Wherein, described high in the clouds Intelligent treatment assembly 10 sends to the abnormal information of network for identification and analysis one FTP client FTP; Described Intelligent Processing Platform 20 is for carrying out comprehensive maintenance to the abnormal information of described high in the clouds Intelligent treatment assembly 10; Described system core function scheduler module 30 is for carrying out dispatching alternately described Intelligent Processing Platform 20 according to described high in the clouds Intelligent treatment assembly 10.
Preferably, described high in the clouds Intelligent treatment assembly 10 comprises: sort module 13 is analyzed in data acquisition download module 11, host data acquisition module 12 and identification; Wherein,
Described data acquisition download module 11 is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in network;
Described host data acquisition module 12 gathers the sample data of malicious file, virus characteristic storehouse and the attack of FTP client FTP;
Described identification is analyzed the preliminary identification of sort module 13 and is analyzed the abnormal information in classification processing said data collection download module 11 and host data acquisition module 12.
Preferably, described property data base 40 comprises: diagnostic characteristic storehouse 41, virus characteristic storehouse 42, leak feature database 43 and intrusion feature database 44.
Preferably, described Intelligent Processing Platform 20 comprise that the system diagnostics evaluation module 201, system attack detection module 202, Malware killing module 203, Hole Detection that are arranged on application layer are repaired that module 204, trace detection are removed module 205, analyzed blocking-up defense module 206, high level diagnostics is repaired module 207, evaluated Audit Report module 208, process registration table drives monitoring module 209 and system service descriptor table detect recover module 210(be SSDT table detect recover module); Wherein,
Described system diagnostics evaluation module 201 and system attack detection module 202, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module 203 is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module 204 for the leak to described FTP client FTP and hidden danger scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module 205 for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module 206 is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module 207 and is evaluated Audit Report module 208 for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module 208 is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP;
Described process registration table drives that monitoring module 209 is monitored for before calling anomalous event process in all the other modules, identification and blocking-up operation;
Described system service descriptor table detects and recovers module 210 for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
Preferably, described Intelligent Processing Platform 20 also comprises the expert system 211, feature knowledge storehouse 212 and the monitoring rules storehouse 213 that are arranged on inner nuclear layer; Wherein,
Described expert system 211 is according to described feature knowledge storehouse 212 and monitoring rules storehouse 213 automatic acquisition knowledge, feature identification, analysis and monitoring.
The present invention also provides a kind of intelligent security defense method based on high in the clouds, and the described intelligent security defense method based on high in the clouds comprises: use the intelligent security defense system based on high in the clouds as above; Wherein, described system core function scheduler module 30 carries out dispatching alternately described Intelligent Processing Platform 20 according to described high in the clouds Intelligent treatment assembly 10; Intelligent treatment assembly 10 identifications of described high in the clouds and analysis one FTP client FTP send to the abnormal information in network; Described Intelligent Processing Platform 20 is carried out comprehensive maintenance to the abnormal information in described high in the clouds Intelligent treatment assembly 10.
Preferably, described high in the clouds Intelligent treatment assembly 10 comprises: sort module 13 is analyzed in data acquisition download module 11, host data acquisition module 12 and identification; Wherein,
Described data acquisition download module 11 is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in network;
Described host data acquisition module 12 gathers the sample data of malicious file, virus characteristic storehouse and the attack of FTP client FTP;
Described identification is analyzed the preliminary identification of sort module 13 and is analyzed the abnormal information in classification processing said data collection download module 11 and host data acquisition module 12.
Preferably, at the property data base 40 of download real-time update with in the step of anomalous event information, classification, filtration and analysis in to network, described property data base 40 comprises: diagnostic characteristic storehouse 41, virus characteristic storehouse 42, leak feature database 43 and intrusion feature database 44.
Preferably, described Intelligent Processing Platform 20 comprise that the system diagnostics evaluation module 201, system attack detection module 202, Malware killing module 203, Hole Detection that are arranged on application layer are repaired that module 204, trace detection are removed module 205, analyzed blocking-up defense module 206, high level diagnostics is repaired module 207, evaluated Audit Report module 208, process registration table drives monitoring module 209 and system service descriptor table detect recover module 210(be SSDT table detect recover module);
Described system diagnostics evaluation module 201 and system attack detection module 202, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module 203 is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module 204 for the leak to described FTP client FTP and hidden danger scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module 205 for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module 206 is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module 207 and is evaluated Audit Report module 208 for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module 208 is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP.
Described process registration table drives that monitoring module 209 is monitored for before calling anomalous event process in all the other modules, identification and blocking-up operation;
Described system service descriptor table detects and recovers module 210 for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
Preferably, described Intelligent Processing Platform 20 also comprises the expert system 211, feature knowledge storehouse 212 and the monitoring rules storehouse 213 that are arranged on inner nuclear layer; Wherein,
Described expert system 211 is according to described feature knowledge storehouse 212 and monitoring rules 213 storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
Preferably, by mutual and collaborative to the application layer of described Intelligent Processing Platform 20 and inner nuclear layer interlock.Further, the key that the present invention realizes is that function is integrated, by mutual and collaborative to the application layer of described Intelligent Processing Platform 20 and inner nuclear layer interlock, realize the integrated of automatic acquisition knowledge, study and reasoning, cloud computing and Symbol matching, solve knowledge acquisition, feature identification, analysis, monitoring and blocking-up.
Further, except mutual with corresponding feature database and described high in the clouds Intelligent treatment assembly 1, also need network connection, application program, startup item, process, service and output report.
Preferably, described interlock comprises that to utilize home server group response, buffer memory support and enterprises Cloud Server synchronous.
The present invention has improved existing traditional network security defense technique, there is dynamic and Initiative Defense ability, fail to report rate of false alarm high, be difficult to identify new virus and network attack, can not interlock and deficiency and the limitation such as composite defense, intelligent and interactivity be weak, and be difficult to the defect of the complicated virus of effectively defence and network attack.
To sum up, in the intelligent security defense system and defence method based on high in the clouds provided by the present invention, carry out dispatching alternately described Intelligent Processing Platform by system core function scheduler module according to described high in the clouds Intelligent treatment assembly, form one to abnormal information detect, the network security system of monitoring, killing, blocking-up, defence, audit and restore funcitons module, effectively improve the performance of dynamic and intelligent detection, identification and the blocking-up defence of whole network, strengthened the usefulness of overall intelligence defence.
Foregoing description is only the description to preferred embodiment of the present invention, the not any restriction to the scope of the invention, and any change, modification that the those of ordinary skill in field of the present invention does according to above-mentioned disclosure, all belong to the protection range of claims.
Claims (12)
1. the intelligent security defense system based on high in the clouds, is characterized in that, comprising: high in the clouds Intelligent treatment assembly, Intelligent Processing Platform and system core function scheduler module; Wherein,
Described high in the clouds Intelligent treatment assembly sends to the abnormal information of network for identification and analysis one FTP client FTP;
Described Intelligent Processing Platform is for carrying out comprehensive maintenance to the abnormal information of described high in the clouds Intelligent treatment assembly;
Described system core function scheduler module is for carrying out dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly.
2. the intelligent security defense system based on high in the clouds according to claim 1, is characterized in that, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification; Wherein,
Described data acquisition download module is for downloading the property data base of real-time update and FTP client FTP being sent to network anomalous event information, classification, filtration and analysis;
Described host data acquisition module is used for the sample data of the malicious file, virus characteristic storehouse and the attack that gather FTP client FTP;
The abnormal information of sort module for preliminary identification analysis classification processing said data collection download module and host data acquisition module analyzed in described identification.
3. the intelligent security defense system based on high in the clouds according to claim 2, is characterized in that, described property data base comprises: diagnostic characteristic storehouse, virus characteristic storehouse, leak feature database and intrusion feature database.
4. the intelligent security defense system based on high in the clouds according to claim 1, it is characterized in that, described Intelligent Processing Platform comprises that the system diagnostics evaluation module, system attack detection module, Malware killing module, Hole Detection reparation module, trace detection removing module, analysis blocking-up defense module, high level diagnostics reparation module, evaluation Audit Report module, process registration table driving monitoring module and the detection of system service descriptor table that are arranged on application layer recover module; Wherein,
Described system diagnostics evaluation module and system attack detection module, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module for leak and hidden danger to described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module and is evaluated Audit Report module for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP.
Described process registration table drive monitoring module for monitoring before all the other modules are called anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects and recovers module for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
5. the intelligent security defense system based on high in the clouds according to claim 1, is characterized in that, described Intelligent Processing Platform also comprises the expert system, feature knowledge storehouse and the monitoring rules storehouse that are arranged on inner nuclear layer; Wherein,
Described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
6. the intelligent security defense method based on high in the clouds, is characterized in that, comprising: use the intelligent security defense system based on high in the clouds as claimed in claim 1; Wherein, described system core function scheduler module carries out dispatching alternately described Intelligent Processing Platform according to described high in the clouds Intelligent treatment assembly; The Intelligent treatment assembly identification of described high in the clouds and analysis one FTP client FTP send to the abnormal information in network; Described Intelligent Processing Platform is carried out comprehensive maintenance to the abnormal information in the Intelligent treatment assembly of described high in the clouds.
7. the intelligent security defense method based on high in the clouds according to claim 6, is characterized in that, described high in the clouds Intelligent treatment assembly comprises: sort module is analyzed in data acquisition download module, host data acquisition module and identification; Wherein,
Described data acquisition download module is downloaded the property data base of real-time update and FTP client FTP is sent to anomalous event information, classification, filtration and analysis in network;
Described host data acquisition module gathers the sample data of malicious file, virus characteristic storehouse and the attack of FTP client FTP;
Described identification is analyzed the preliminary identification of sort module and is analyzed the abnormal information in classification processing said data collection download module and host data acquisition module.
8. the intelligent security defense method based on high in the clouds according to claim 7, it is characterized in that, at the property data base of download real-time update with in the step of anomalous event information, classification, filtration and analysis in to network, described property data base comprises: diagnostic characteristic storehouse, virus characteristic storehouse, leak feature database and intrusion feature database.
9. the intelligent security defense method based on high in the clouds according to claim 6, it is characterized in that, described Intelligent Processing Platform comprises that the system diagnostics evaluation module, system attack detection module, Malware killing module, Hole Detection reparation module, trace detection removing module, analysis blocking-up defense module, high level diagnostics reparation module, evaluation Audit Report module, process registration table driving monitoring module and the detection of system service descriptor table that are arranged on application layer recover module;
Described system diagnostics evaluation module and system attack detection module, for carrying out comprehensive diagnos assessment and detection to the safe condition of described FTP client FTP;
Described Malware killing module is for carrying out rapid scanning, feature identification, the resident virus of removing to described FTP client FTP;
Described Hole Detection repair module for leak and hidden danger to described FTP client FTP scan, detect, warning and download patches and reparation;
Described trace detection is removed detection and the removing of module for the virus that described FTP client FTP is occurred at network and the anomalous event vestige of attacking;
Described analysis blocking-up defense module is for carrying out identification, analysis and blocking-up defence to the anomalous event of described FTP client FTP;
Described high level diagnostics is repaired module and is evaluated Audit Report module for anomalous event and processing procedure are formed to safety evaluation Audit Report for the anomalous event of described FTP client FTP being carried out to deeper analysis, diagnosis and reparation;
Described evaluation Audit Report module is for evaluating and record formation Audit Report to the concrete data of the anomalous event of described FTP client FTP;
Described process registration table drive monitoring module for monitoring before all the other modules are called anomalous event process, identification and blocking-up operation;
Described system service descriptor table detects and recovers module for scanning the described FTP client FTP service of detection, distributing the original recovery system service descriptor table of system service descriptor table with described FTP client FTP.
10. the intelligent security defense system based on high in the clouds according to claim 6, is characterized in that, described Intelligent Processing Platform also comprises the expert system, feature knowledge storehouse and the monitoring rules storehouse that are arranged on inner nuclear layer; Wherein,
Described expert system is according to described feature knowledge storehouse and monitoring rules storehouse automatic acquisition knowledge, feature identification, analysis and monitoring.
11. intelligent security defense methods based on high in the clouds according to claim 6, is characterized in that, by mutual and collaborative to the application layer of described Intelligent Processing Platform and inner nuclear layer interlock.
12. intelligent security defense methods based on high in the clouds according to claim 11, is characterized in that, described interlock comprises that to utilize home server group response, buffer memory support and enterprises Cloud Server synchronous.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410148428.0A CN103905459A (en) | 2014-04-14 | 2014-04-14 | Cloud-based intelligent security defense system and defense method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410148428.0A CN103905459A (en) | 2014-04-14 | 2014-04-14 | Cloud-based intelligent security defense system and defense method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103905459A true CN103905459A (en) | 2014-07-02 |
Family
ID=50996613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410148428.0A Pending CN103905459A (en) | 2014-04-14 | 2014-04-14 | Cloud-based intelligent security defense system and defense method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103905459A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618427A (en) * | 2014-12-17 | 2015-05-13 | 百度在线网络技术(北京)有限公司 | Method and device for monitoring file via network |
| CN104660610A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Cloud computing environment based intelligent security defending system and defending method thereof |
| CN105959951A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile device information synchronization control method and mobile device information synchronization control system |
| CN107888601A (en) * | 2017-11-21 | 2018-04-06 | 国云科技股份有限公司 | A kind of cloud platform server Intelligent Measurement poisoning intrusion system and method |
| CN104935580B (en) * | 2015-05-11 | 2018-09-11 | 国家电网公司 | Information security control method based on cloud platform and system |
| CN108540474A (en) * | 2018-04-10 | 2018-09-14 | 成都理工大学 | A kind of computer network defense decision system |
| CN110865608A (en) * | 2019-11-21 | 2020-03-06 | 武夷学院 | Reconfigurable manufacturing system |
| CN111464546A (en) * | 2020-04-02 | 2020-07-28 | 中国人民解放军国防科技大学 | Network attack defense method based on system event |
| CN112069531A (en) * | 2020-07-17 | 2020-12-11 | 北京百度网讯科技有限公司 | Privacy data authorization method and platform, client and repair end |
| CN112615812A (en) * | 2020-11-19 | 2021-04-06 | 贵州电网有限责任公司 | Information network unified vulnerability multi-dimensional security information collection, analysis and management system |
| CN113468526A (en) * | 2021-06-03 | 2021-10-01 | 深圳市博锐信息科技有限公司 | Network security system based on big data |
| CN113824588A (en) * | 2021-09-14 | 2021-12-21 | 华能嘉祥发电有限公司 | Unified fusion substation system based on safety supervision requirements |
| CN116112243A (en) * | 2023-01-17 | 2023-05-12 | 广州鲁邦通物联网科技股份有限公司 | Industrial control system intelligent computer physical intrusion detection defense system and method |
-
2014
- 2014-04-14 CN CN201410148428.0A patent/CN103905459A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618427B (en) * | 2014-12-17 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for carrying out file monitor by network |
| CN104618427A (en) * | 2014-12-17 | 2015-05-13 | 百度在线网络技术(北京)有限公司 | Method and device for monitoring file via network |
| CN104660610A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Cloud computing environment based intelligent security defending system and defending method thereof |
| CN104935580B (en) * | 2015-05-11 | 2018-09-11 | 国家电网公司 | Information security control method based on cloud platform and system |
| CN105959951A (en) * | 2016-04-25 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile device information synchronization control method and mobile device information synchronization control system |
| CN107888601A (en) * | 2017-11-21 | 2018-04-06 | 国云科技股份有限公司 | A kind of cloud platform server Intelligent Measurement poisoning intrusion system and method |
| CN108540474B (en) * | 2018-04-10 | 2021-03-05 | 成都理工大学 | Computer network defense decision-making system |
| CN108540474A (en) * | 2018-04-10 | 2018-09-14 | 成都理工大学 | A kind of computer network defense decision system |
| CN110865608A (en) * | 2019-11-21 | 2020-03-06 | 武夷学院 | Reconfigurable manufacturing system |
| CN111464546A (en) * | 2020-04-02 | 2020-07-28 | 中国人民解放军国防科技大学 | Network attack defense method based on system event |
| CN111464546B (en) * | 2020-04-02 | 2022-03-18 | 中国人民解放军国防科技大学 | Network attack defense method based on system event |
| CN112069531A (en) * | 2020-07-17 | 2020-12-11 | 北京百度网讯科技有限公司 | Privacy data authorization method and platform, client and repair end |
| CN112069531B (en) * | 2020-07-17 | 2023-07-28 | 北京百度网讯科技有限公司 | Authorization method and platform for private data, client and repair end |
| CN112615812A (en) * | 2020-11-19 | 2021-04-06 | 贵州电网有限责任公司 | Information network unified vulnerability multi-dimensional security information collection, analysis and management system |
| CN113468526A (en) * | 2021-06-03 | 2021-10-01 | 深圳市博锐信息科技有限公司 | Network security system based on big data |
| CN113824588A (en) * | 2021-09-14 | 2021-12-21 | 华能嘉祥发电有限公司 | Unified fusion substation system based on safety supervision requirements |
| CN116112243A (en) * | 2023-01-17 | 2023-05-12 | 广州鲁邦通物联网科技股份有限公司 | Industrial control system intelligent computer physical intrusion detection defense system and method |
| CN116112243B (en) * | 2023-01-17 | 2023-09-05 | 广州鲁邦通物联网科技股份有限公司 | Industrial control system intelligent computer physical intrusion detection defense system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905459A (en) | Cloud-based intelligent security defense system and defense method | |
| Manoharan et al. | Revolutionizing Cybersecurity: Unleashing the Power of Artificial Intelligence and Machine Learning for Next-Generation Threat Detection | |
| Moustafa et al. | Data analytics-enabled intrusion detection: Evaluations of ToN_IoT linux datasets | |
| CN103118036A (en) | Cloud end based intelligent security protection system and method | |
| CN106790186A (en) | Multi-step attack detection method based on multi-source anomalous event association analysis | |
| CN108259462A (en) | Big data Safety Analysis System based on mass network monitoring data | |
| Meng et al. | Towards blockchain-enabled single character frequency-based exclusive signature matching in IoT-assisted smart cities | |
| Fu et al. | Detecting APT attacks: a survey from the perspective of big data analysis | |
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| CN107426159A (en) | APT based on big data analysis monitors defence method | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| Li et al. | A fog‐based collaborative intrusion detection framework for smart grid | |
| Choksi et al. | Intrusion detection system using self organizing map: a survey | |
| CN105871775A (en) | Security protection method and DPMA protection model | |
| Mishra et al. | Efficient approaches for intrusion detection in cloud environment | |
| [Retracted] Design of a Network Security Audit System Based on Log Data Mining | ||
| Zhou et al. | Research on information security system of waste terminal disposal process | |
| Chen et al. | Research on the active defense security system based on cloud computing of wisdom campus network | |
| CN106776225B (en) | Drowning-prevention keyboard and mouse device and internet surfing monitoring method thereof | |
| Bhardwaj et al. | Federated Learning for Getting the IoT Arrangement of Smart City Against Digital Threats | |
| Gao et al. | An Intelligent Threat-Detection Method for Power Monitoring System Based on Attack Chain Knowledge | |
| Li et al. | Association analysis of cyber-attack attribution based on threat intelligence | |
| Zhang et al. | Research on early warning and disposal technology of intelligent IoT terminal security threat | |
| US20230138200A1 (en) | Security management method and system for blended environment | |
| Li et al. | The Application of the Key Technology and Security Model in University Ideological and Political Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140702 |
|
| WD01 | Invention patent application deemed withdrawn after publication |