CN108833425A - A kind of network safety system and method based on big data - Google Patents
A kind of network safety system and method based on big data Download PDFInfo
- Publication number
- CN108833425A CN108833425A CN201810670233.0A CN201810670233A CN108833425A CN 108833425 A CN108833425 A CN 108833425A CN 201810670233 A CN201810670233 A CN 201810670233A CN 108833425 A CN108833425 A CN 108833425A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- message
- security
- control center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of network safety systems and method based on big data of technical field of network security, including Data Packet Seize processing module, wireless communication module, message processing module, message generating module, top control module, on-line condition monitoring module, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication module and system encryption module, the Data Packet Seize function that the present invention is provided according to network connection monitoring, it can integrate Host Intrusion Detection System at the terminal, the technologies such as security audit and viral diagnosis, in security control center, after the link information for integrating all controlled terminals, Network Intrusion Detection System and security audit can be implemented, it is provided comprehensively for terminal, completely, lasting safeguard protection.
Description
Technical field
The invention discloses a kind of network safety system and method based on big data, specially network security technology are led
Domain.
Background technique
With the development of network technology, traditional local area network structure drawback more fragile there is internet security, enterprise
The safety of industry network, stability, multi-functional and rapidity have become the problem of company manager pays close attention to the most.Internet
The information sharing that with raw opening, interactivity and the dispersing characteristic having the mankind is longed for, flexibly and quickly etc. demands obtain
To satisfaction.With deep and internet the rapid development of IT application process, the work of people, studying and living mode are being sent out
Raw huge change.In face of the severe situation of information security, existing network safety system is in prediction, reaction, prevention and recovery
There are the links of many weaknesses in terms of ability.
Existing network security defensive measure, such as firewall, IDS, encryption technology, shared feature are exactly to refuse type
Defence policies, i.e., according to it is existing it is fixed needs to specify a series of access measure, do not meet specified security strategy with regard to denied access,
The rule for not meeting firewall into the data of firewall such as, then do not allow and pass through, no code key stream can not just pass through normal channels
The data decrypted.The defense mechanism of this method is although powerful, however, it was found that it is inadequate with the ability of prevention, it cannot be exact
The target of attack or means of invader are known or predict, for this purpose, we have proposed a kind of network safety systems based on big data
And method comes into operation, to solve the above problems.
Summary of the invention
The purpose of the present invention is to provide a kind of network safety system and method based on big data, to solve above-mentioned background
The problem of being proposed in technology.
To achieve the above object, the present invention provides the following technical solutions:A kind of network safety system based on big data, packet
Include Data Packet Seize processing module, wireless communication module, message processing module, message generating module, top control module, presence
Monitoring modular, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication mould
Block and system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, uses NDIS HOOK technology in core layer
Carry out network data packet capturing, and the control and filtering being connected to the network according to strategy file, and with the radio communication mold
Block is electrically bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, utilizes system service
Device monitors the instruction of security control center, when the message generating module is called, actively initiates the connection to security control center
After transmit relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes,
And decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends number to security control center at regular intervals in network idle
Such as unreachable for judging whether security control center is reachable according to packet, then there is local offline logs text in corresponding warning message
In part;The firewall configuration module is realized under all distributed fire walls, intrusion detection strategy request and strategy using PBNS2
Function is sent out, is detected for network message;Whether the process monitoring module is permitted for the running process of periodic detection
Perhaps, if not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the exception for network system
Behavior is detected, and finds unknown attack mode;The host log monitoring module is for monitoring client host log simultaneously
Obtain its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the master control
Module real-time calling;
The system encryption module is used for the integrality of verify data and the encryption of user, computer and digital signature,
And it is integrated into application program or network service.
Preferably, the Data Packet Seize processing module includes Data Packet Seize module, rule match module and clearance/resistance
Disconnected module.
Preferably, the message of message generating module construction include message sink certification, processing result, process list,
The message logging that resource information and off-line state generate further includes the message that controlled terminal is actively uploaded to center.
Preferably, intrusion detection plug-in unit built in the dynamic analysis module, is added by system manager, and dynamic for network
Historical statistics mode is established in state behavior.
Preferably, tactful communication interface COPS built in the top control module, and integrated security policy database and detected rule library.
Preferably, a kind of network security method based on big data, the detailed process of this method are as follows:The data packet is cut
Processing module is obtained using Winsock 2SPI technology, network data packet capturing is carried out using NDIS HOOK technology in core layer, and
The control and filtering being connected to the network according to strategy file, it is logical by the wireless communication module and the message processing module
Letter, the information received is decrypted, recombinates, decodes, and decoded result is sent in the top control module, described total
The instruction of module response security control center, and the corresponding comprising modules in scheduling system are controlled, at message generating module
It after reason, is issued in the wireless communication module, realizes that all distributions are anti-using PBNS2 by the firewall configuration module
Wall with flues, intrusion detection strategy request and policy distribution function, are detected for network message.
Compared with prior art, the beneficial effects of the invention are as follows:The data packet that the present invention is provided according to network connection monitoring
Function is intercepted and captured, can integrate the technologies such as Host Intrusion Detection System, security audit and viral diagnosis at the terminal, in safety control
Center processed, after the link information for integrating all controlled terminals, it is possible to implement Network Intrusion Detection System and security audit lead to
Cross these safe practices and means, can in real-time detection network intrusion behavior or maloperation, or examine in the subsequent safety that carries out
Meter, while can also provide comprehensive, complete, lasting safety according to network security situation adjust automatically security strategy for terminal and protect
Shield.
Detailed description of the invention
Fig. 1 is present system functional block diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution:A kind of network safety system based on big data, including number
According to packet capturing processing module, wireless communication module, message processing module, message generating module, top control module, on-line condition monitoring
Module, firewall configuration module, process monitoring module, dynamic analysis module, host log monitoring module, authentication module with
And system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, uses NDIS HOOK technology in core layer
Carry out network data packet capturing, and the control and filtering being connected to the network according to strategy file, and with the radio communication mold
Block is electrically bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, utilizes system service
Device monitors the instruction of security control center, when the message generating module is called, actively initiates the connection to security control center
After transmit relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes,
And decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends number to security control center at regular intervals in network idle
Such as unreachable for judging whether security control center is reachable according to packet, then there is local offline logs text in corresponding warning message
In part;The firewall configuration module is realized under all distributed fire walls, intrusion detection strategy request and strategy using PBNS2
Function is sent out, is detected for network message;Whether the process monitoring module is permitted for the running process of periodic detection
Perhaps, if not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the exception for network system
Behavior is detected, and finds unknown attack mode;The host log monitoring module is for monitoring client host log simultaneously
Obtain its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the master control
Module real-time calling;
The system encryption module is used for the integrality of verify data and the encryption of user, computer and digital signature,
And it is integrated into application program or network service.
Wherein, the Data Packet Seize processing module includes Data Packet Seize module, rule match module and clearance/blocking
Module, the message of message generating module construction include message sink certification, processing result, process list, resource information with
And the message logging that off-line state generates, it further include the message that controlled terminal is actively uploaded to center, the dynamic analysis module
Built-in intrusion detection plug-in unit, is added by system manager, and establishes historical statistics mode, the master control for network dynamic behavior
Tactful communication interface COPS built in module, and integrated security policy database and detected rule library.
The present invention also provides a kind of network security method based on big data, the detailed process of this method is as follows:It is described
Data Packet Seize processing module utilizes Winsock 2SPI technology, carries out network data using NDIS HOOK technology in core layer
Packet capturing, and the control and filtering being connected to the network according to strategy file, pass through the wireless communication module and the message
Processing module communication, the information received is decrypted, recombinates, decodes, and decoded result is sent to the master control mould
In block, the instruction of the top control module response security control center, and the corresponding comprising modules in scheduling system, pass through message
It after generation module processing, is issued in the wireless communication module, institute is realized using PBNS2 by the firewall configuration module
It is distributed formula firewall, intrusion detection strategy request and policy distribution function, is detected for network message.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (6)
1. a kind of network safety system based on big data, it is characterised in that:Including Data Packet Seize processing module, wireless communication
Module, message processing module, message generating module, top control module, on-line condition monitoring module, firewall configuration module, process
Monitoring module, dynamic analysis module, host log monitoring module, authentication module and system encryption module;
The Data Packet Seize processing module utilizes Winsock 2SPI technology, carries out net using NDISHOOK technology in core layer
Network Data Packet Seize, and the control and filtering being connected to the network according to strategy file, and it is electrical with the wireless communication module
It is bi-directionally connected;
The wireless communication module is responsible for the interaction of the client and security control center of security control, is supervised using system server
The instruction for listening security control center passes after actively initiating the connection to security control center when the message generating module is called
Send relevant information;
The message processing module is decrypted the information received by the wireless communication module, recombinates, decodes, and will
Decoded result is sent in the top control module;
The message generating module is used to construct the message of security control center, and is uploaded to security control center;
The main control module is used to respond the instruction of security control center, and the corresponding comprising modules in scheduling system;
The on-line condition monitoring module sends data to security control center at regular intervals in network idle
Packet, such as unreachable for judging whether security control center is reachable, then there is local offline logs file in corresponding warning message
In;The firewall configuration module realizes all distributed fire walls, intrusion detection strategy request and policy distribution using PBNS2
Function is detected for network message;Whether the process monitoring module is allowed to for the running process of periodic detection,
If not allowing, process is closed, and generate warning message;The dynamic analysis module is used for the abnormal behaviour for network system
It is detected, finds unknown attack mode;The host log monitoring module is for monitoring client host log and obtaining
Its more new record, security control center up to when, upload the update of host log;
The authentication module is used for for authentification of messages such as password, personal identification number, keys, and supplies the top control module
Real-time calling;
The system encryption module is for the integrality of verify data and the encryption of user, computer and digital signature, union
In being serviced to application program or network.
2. a kind of network safety system based on big data according to claim 1, it is characterised in that:The data packet is cut
Obtaining processing module includes Data Packet Seize module, rule match module and clearance/blocking module.
3. a kind of network safety system based on big data according to claim 1, it is characterised in that:The message generates
The message of module construction includes disappearing for message sink certification, processing result, process list, resource information and off-line state generation
Log is ceased, further includes the message that controlled terminal is actively uploaded to center.
4. a kind of network safety system based on big data according to claim 1, it is characterised in that:The dynamic analysis
Intrusion detection plug-in unit built in module, is added by system manager, and establishes historical statistics mode for network dynamic behavior.
5. a kind of network safety system based on big data according to claim 1, it is characterised in that:The top control module
Built-in strategy communication interface COPS, and integrated security policy database and detected rule library.
6. a kind of network security method based on big data, it is characterised in that:The detailed process of this method is as follows:The data packet
It intercepts and captures processing module and utilizes Winsock 2SPI technology, network data packet capturing is carried out using NDISHOOK technology in core layer,
And the control and filtering being connected to the network according to strategy file, pass through the wireless communication module and the message processing module
Communication, the information received is decrypted, recombinates, decodes, and decoded result is sent in the top control module, described
Top control module responds the instruction of security control center, and the corresponding comprising modules in scheduling system, passes through message generating module
It after processing, is issued in the wireless communication module, all distributions is realized using PBNS2 by the firewall configuration module
Firewall, intrusion detection strategy request and policy distribution function, are detected for network message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810670233.0A CN108833425A (en) | 2018-06-26 | 2018-06-26 | A kind of network safety system and method based on big data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810670233.0A CN108833425A (en) | 2018-06-26 | 2018-06-26 | A kind of network safety system and method based on big data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108833425A true CN108833425A (en) | 2018-11-16 |
Family
ID=64138594
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810670233.0A Pending CN108833425A (en) | 2018-06-26 | 2018-06-26 | A kind of network safety system and method based on big data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108833425A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109753796A (en) * | 2018-12-07 | 2019-05-14 | 广东技术师范学院天河学院 | A kind of big data computer network security protective device and application method |
CN109995762A (en) * | 2019-03-07 | 2019-07-09 | 北京华安普特网络科技有限公司 | A kind of network security management device |
CN111049853A (en) * | 2019-12-24 | 2020-04-21 | 南通理工学院 | Security authentication system based on computer network |
CN112995141A (en) * | 2021-02-04 | 2021-06-18 | 浙江睿朗信息科技有限公司 | Intrusion detection method and Internet of things terminal with intrusion detection function |
CN114710420A (en) * | 2022-04-14 | 2022-07-05 | 广州形银科技有限公司 | Hybrid network monitoring system based on active network technology |
CN117032008A (en) * | 2023-07-06 | 2023-11-10 | 双龙软创(深圳)科技有限公司 | Remote monitoring method and system for ocean deepwater jacket |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674313A (en) * | 2009-10-15 | 2010-03-17 | 杭州华三通信技术有限公司 | SIP registration method for server to actively inform user switching, system and device thereof |
CN102026199A (en) * | 2010-12-03 | 2011-04-20 | 中兴通讯股份有限公司 | WiMAX system as well as device and method for defending DDoS attack |
CN202004790U (en) * | 2011-03-18 | 2011-10-05 | 蓝盾信息安全技术股份有限公司 | Network security detection and monitoring auditing system |
CN103036961A (en) * | 2012-12-07 | 2013-04-10 | 蓝盾信息安全技术股份有限公司 | Distributed collection and storage method of journal |
CN103118387A (en) * | 2012-12-17 | 2013-05-22 | 上海寰创通信科技股份有限公司 | Lightweight access point (AP) redundancy access control method of active standby mode |
WO2014032596A1 (en) * | 2012-09-03 | 2014-03-06 | Tencent Technology (Shenzhen) Company Limited | Systems and methods for enhancement of single sign-on protection |
CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
-
2018
- 2018-06-26 CN CN201810670233.0A patent/CN108833425A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674313A (en) * | 2009-10-15 | 2010-03-17 | 杭州华三通信技术有限公司 | SIP registration method for server to actively inform user switching, system and device thereof |
CN102026199A (en) * | 2010-12-03 | 2011-04-20 | 中兴通讯股份有限公司 | WiMAX system as well as device and method for defending DDoS attack |
CN202004790U (en) * | 2011-03-18 | 2011-10-05 | 蓝盾信息安全技术股份有限公司 | Network security detection and monitoring auditing system |
WO2014032596A1 (en) * | 2012-09-03 | 2014-03-06 | Tencent Technology (Shenzhen) Company Limited | Systems and methods for enhancement of single sign-on protection |
CN103036961A (en) * | 2012-12-07 | 2013-04-10 | 蓝盾信息安全技术股份有限公司 | Distributed collection and storage method of journal |
CN103118387A (en) * | 2012-12-17 | 2013-05-22 | 上海寰创通信科技股份有限公司 | Lightweight access point (AP) redundancy access control method of active standby mode |
CN103944915A (en) * | 2014-04-29 | 2014-07-23 | 浙江大学 | Threat detection and defense device, system and method for industrial control system |
Non-Patent Citations (1)
Title |
---|
杨维永: ""基于策略的网络安全***"", 《计算机与现代化》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109753796A (en) * | 2018-12-07 | 2019-05-14 | 广东技术师范学院天河学院 | A kind of big data computer network security protective device and application method |
CN109995762A (en) * | 2019-03-07 | 2019-07-09 | 北京华安普特网络科技有限公司 | A kind of network security management device |
CN111049853A (en) * | 2019-12-24 | 2020-04-21 | 南通理工学院 | Security authentication system based on computer network |
CN112995141A (en) * | 2021-02-04 | 2021-06-18 | 浙江睿朗信息科技有限公司 | Intrusion detection method and Internet of things terminal with intrusion detection function |
CN114710420A (en) * | 2022-04-14 | 2022-07-05 | 广州形银科技有限公司 | Hybrid network monitoring system based on active network technology |
CN117032008A (en) * | 2023-07-06 | 2023-11-10 | 双龙软创(深圳)科技有限公司 | Remote monitoring method and system for ocean deepwater jacket |
CN117032008B (en) * | 2023-07-06 | 2024-03-19 | 双龙软创(深圳)科技有限公司 | Remote monitoring method and system for ocean deepwater jacket |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108833425A (en) | A kind of network safety system and method based on big data | |
CN109729180A (en) | Entirety is intelligence community platform | |
KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
CN110958262A (en) | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry | |
US20040093520A1 (en) | Firewall system combined with embedded hardware and general-purpose computer | |
AU2020217317B2 (en) | Tunneled monitoring service and methods | |
CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
US8341735B2 (en) | Method and arrangement for automatically controlling access between a computer and a communication network | |
Khujamatov et al. | Modern methods of testing and information security problems in IoT | |
CN115314286A (en) | Safety guarantee system | |
CN110049015B (en) | Network security situation awareness system | |
CN103618613A (en) | Network access control system | |
CN114124450A (en) | Network security system and method for remote storage battery capacity checking | |
CN106534110B (en) | Trinity transformer substation secondary system safety protection system framework system | |
CN113972992B (en) | Access method and device for SDP controller and computer storage medium | |
KR101871406B1 (en) | Method for securiting control system using whitelist and system for the same | |
CN116668078A (en) | Internet intrusion security defense system | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
KR20120000942A (en) | Bot-infected host detection apparatus and method based on blacklist access statistics | |
CN106603624B (en) | Data mining system and implementation method thereof | |
KR20040049714A (en) | System for a security using internet and method thereof | |
CN113206852A (en) | Safety protection method, device, equipment and storage medium | |
Choi | IoT (Internet of Things) based Solution Trend Identification and Analysis Research | |
KR20200116773A (en) | Cyber inspection system | |
US20130332600A1 (en) | System for monitoring online interaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |
|
RJ01 | Rejection of invention patent application after publication |