CN109005168A - A kind of network security warning system and method for early warning - Google Patents
A kind of network security warning system and method for early warning Download PDFInfo
- Publication number
- CN109005168A CN109005168A CN201810823371.8A CN201810823371A CN109005168A CN 109005168 A CN109005168 A CN 109005168A CN 201810823371 A CN201810823371 A CN 201810823371A CN 109005168 A CN109005168 A CN 109005168A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- data
- information
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Alarm Systems (AREA)
Abstract
The present invention provides a kind of network security warning system and method for early warning, including the network security polling module for carrying out inspection to network security invasion information, basic network security data extraction module for being extracted to exception information data, for carrying out the network risks information identification module of risk identification to the extracted information of basic network security data extraction module, internet worm memory module for the storage to internet worm data, internet worm data for being stored in the data and internet worm memory module to potential invasion host carry out the internet worm characteristic matching module of aspect ratio pair, network security for the host that is monitored carries out the network safety pre-warning module of early warning and the internet worm data for identifying to internet worm characteristic matching module carry out security level assessment, the result assessed is sent to network The network safety grade evaluation module of safe early warning module effectively safeguards network kilter by the real-time monitoring to network security.
Description
Technical field
The present invention relates to network safety fileds, and in particular to a kind of network security warning system and method for early warning.
Background technique
The development of modern information technology has pushed generation, collection, transmission, the shared and analysis of data, so that science and work
Journey research has become data-intensive work.The level of informatization of human society is higher and higher, and Internet user's quantity is just
It is quickly being formed and is being emerged in the group at geometric growth, having certain network technology level in user, along with net
The increasingly increase of network flow, network is illegal, emergency event emerges one after another, and causes weight to national security, social stability, people's interests
Big harm.The phenomenon that abusing internet is more and more, strikes the eye and rouse the mind to destruction and loss caused by internet.Therefore, whole
A society is also higher and higher to the degree of dependence of the network information, and internet security problem has seemed more and more prominent, thus net
The importance of network safety is also higher and higher.Therefore, early warning is monitored to network security, it is illegal, prominent for handling network in time
Hair event, national society stablize, and ensure that people's interests have a very important role.
For the effective and safe for guaranteeing network, intrusion prevention system comes into being.Currently, it is anti-to there are a large amount of safety on the market
Shield program, such as checking and killing virus program, wooden horse killing program, Mail Scanner etc., however traditional protecting information safety
System-firewall technology and Intrusion Detection Technique etc. can not prevent the early warning of the attack to deep layers such as application layers, can not
Realize the real-time early warning alarm to attack.
Summary of the invention
In view of the above-mentioned problems in the prior art, there is provided a kind of network security warning systems for one of the object of the invention, to quilt
Monitoring host computer monitor in real time and early warning;In addition, it is a further object of the present invention to provide a kind of method for early warning of network security.
The following technical solution is employed by the present invention:
A kind of network security warning system, including
Network security polling module, for carrying out inspection to network security invasion information, discovery network security problem is timely
Activation system;
Basic network security data extraction module, for being extracted to exception information data;
Network risks information identification module, for carrying out wind to the extracted information of basic network security data extraction module
Danger identification;
Internet worm memory module, for the storage to internet worm data;
Internet worm characteristic matching module, for being deposited in the data and internet worm memory module to potential invasion host
The internet worm data of storage carry out aspect ratio pair;
Network safety pre-warning module, the network security for the host that is monitored carry out early warning;
Network safety grade evaluation module, the internet worm data for identifying to internet worm characteristic matching module carry out
Security level assessment, and the result assessed is sent to network safety pre-warning module.
It preferably, further include the temperature sensor and displacement sensor being installed on monitored host;Temperature sensor is used
In the temperature for incuding monitored host, the on-off state of controlled host is monitored;Displacement sensor sends host location information
To network security polling module.
It preferably, further include virus treated module, for handling intrusive viruses, concrete mode includes antivirus, peace
Fill patch, change password and adjustment permission.
Preferably, the warning information of network safety pre-warning module includes Time To Event data, event type data, thing
Part derived data and event confidence packets.
A kind of method for early warning of network security, comprising the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem,
Start basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) network risks information identification module by received data information carry out risk identification, judge host number it is believed that
Whether breath is safe:
1. received data information is sent to internet worm characteristic matching module if host data information security, into
Enter step (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in the net of internet worm memory module
Network virus data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module,
Security level assessment further is carried out to the doubtful viral data of internet worm characteristic matching module monitoring, and assessment result is sent out
It send to network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
Further, received data is sent out while received data is carried out early warning by network safety pre-warning module
It send to virus treated module, virus treated module automatically processes judged received viral data.
The invention has the advantages that:
The real-time monitoring and judgement to network security are realized, the kilter of network is maintained;
It is multi-faceted to ensure that network is complete by analysis, the judgement to unknown intrusion behavior;It is suitable for single node or multiple
Node deployment environment, deployment way are more flexible;
It can further be monitored by temperature sensor, snugly monitor the booting or shutdown feelings of monitored host at any time
Condition effectively improves internet security;
It can quickly and accurately make a response to security incident, convenient for the automatic and timely processing of security incident, greatly
The safety for improving network system has ensured the information and property safety of user, has positive society, economic effect.
Specific embodiment
The present invention is specifically described combined with specific embodiments below:
A kind of network security warning system, including network security polling module, basic network security data extraction module, net
Network risk information identification module, internet worm memory module, internet worm characteristic matching module, network safety pre-warning module, net
Network security level evaluation module, virus treated module and the temperature sensor being installed on monitored host, displacement sensor.
Wherein, network security polling module is used to carry out inspection to network security invasion information, finds network security problem
Timely activation system;
Basic network security data extraction module is for extracting exception information data;
Network risks information identification module is used to carry out wind to the extracted information of basic network security data extraction module
Danger identification;
Internet worm memory module is for the storage to internet worm data;
Internet worm characteristic matching module is used in data and internet worm memory module to potential invasion host be deposited
The internet worm data of storage carry out aspect ratio pair;
Network security of the network safety pre-warning module for the host that is monitored carries out early warning;
The internet worm data that network safety grade evaluation module is used to identify internet worm characteristic matching module carry out
Security level assessment, and the result assessed is sent to network safety pre-warning module;
Temperature sensor is used to incude the temperature of monitored host, monitors the on-off state of controlled host;Displacement sensing
Host location information is sent to network security polling module by device;
For virus treated module for handling intrusive viruses, concrete mode includes antivirus, installation patch, change password
With adjustment permission.
Specifically, the warning information of network safety pre-warning module includes Time To Event data, event type data, thing
Part derived data and event confidence packets.
When carrying out the early warning of network security, comprising the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem,
Start basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) network risks information identification module by received data information carry out risk identification, judge host number it is believed that
Whether breath is safe:
1. received data information is sent to internet worm characteristic matching module if host data information security, into
Enter step (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in the net of internet worm memory module
Network virus data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module,
Security level assessment further is carried out to the doubtful viral data of internet worm characteristic matching module monitoring, and assessment result is sent out
It send to network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
Meanwhile when the monitored host of setting is in off-mode, when temperature sensor monitors that monitored host is non-
Plan open state, then will send a command to displacement sensor, host location information is sent to network security by displacement sensor
Polling module;Network security polling module repeats the warning step of above-mentioned network security.
Specifically, received data is sent while received data is carried out early warning by network safety pre-warning module
To virus treated module, virus treated module automatically processes judged received viral data.
Certainly, the above description is not a limitation of the present invention, and the present invention is also not limited to the example above, this technology neck
The variations, modifications, additions or substitutions that the technical staff in domain is made within the essential scope of the present invention also should belong to of the invention
Protection scope.
Claims (6)
1. a kind of network security warning system and method for early warning, which is characterized in that including
Network security polling module, for carrying out inspection to network security invasion information, discovery network security problem starts in time
System;
Basic network security data extraction module, for being extracted to exception information data;
Network risks information identification module, for carrying out risk knowledge to the extracted information of basic network security data extraction module
Not;
Internet worm memory module, for the storage to internet worm data;
Internet worm characteristic matching module, for what is stored in the data and internet worm memory module to potential invasion host
Internet worm data carry out aspect ratio pair;
Network safety pre-warning module, the network security for the host that is monitored carry out early warning;
Network safety grade evaluation module, the internet worm data for identifying to internet worm characteristic matching module carry out safety
Grade assessment, and the result assessed is sent to network safety pre-warning module.
2. a kind of network security warning system according to claim 1, which is characterized in that further include being installed on monitored master
Temperature sensor and displacement sensor on machine;Temperature sensor is used to incude the temperature of monitored host, monitors controlled host
On-off state;Host location information is sent to network security polling module by displacement sensor.
3. a kind of network security warning system according to claim 1, which is characterized in that it further include virus treated module,
For handling intrusive viruses, concrete mode includes antivirus, installation patch, change password and adjustment permission.
4. a kind of network security warning system according to claim 1, which is characterized in that network safety pre-warning module it is pre-
Alert information includes Time To Event data, event type data, Event origin data and event confidence packets.
5. a kind of method for early warning of network security, which comprises the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem, starting
Basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) received data information is carried out risk identification by network risks information identification module, judges that host data information is
No safety:
1. received data information is sent to internet worm characteristic matching module, into step if host data information security
Suddenly (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in internet worm memory module network disease
Malicious data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module, into one
It walks and security level assessment is carried out to the doubtful viral data that internet worm characteristic matching module monitors, and assessment result is sent to
Network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
6. a kind of method for early warning of network security according to claim 5, which is characterized in that network safety pre-warning module will
Received data is sent to virus treated module while received data carries out early warning, virus treated module is to being sentenced
Received viral data of breaking are automatically processed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810823371.8A CN109005168A (en) | 2018-07-25 | 2018-07-25 | A kind of network security warning system and method for early warning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810823371.8A CN109005168A (en) | 2018-07-25 | 2018-07-25 | A kind of network security warning system and method for early warning |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109005168A true CN109005168A (en) | 2018-12-14 |
Family
ID=64596761
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810823371.8A Pending CN109005168A (en) | 2018-07-25 | 2018-07-25 | A kind of network security warning system and method for early warning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109005168A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110032869A (en) * | 2019-04-19 | 2019-07-19 | 湖南科技学院 | A kind of cloud computing protection early warning system based on big data |
CN110225065A (en) * | 2019-07-16 | 2019-09-10 | 广东申立信息工程股份有限公司 | A kind of network security warning system |
CN111049685A (en) * | 2019-12-16 | 2020-04-21 | 中国南方电网有限责任公司 | Network security sensing system, network security sensing method and device of power system |
CN112583813A (en) * | 2020-12-09 | 2021-03-30 | 南京拟态智能技术研究院有限公司 | Network security early warning system |
CN112861136A (en) * | 2021-04-14 | 2021-05-28 | 佳和乐享(北京)科技有限公司 | Network security supervision platform |
CN113193977A (en) * | 2021-03-12 | 2021-07-30 | 工业云制造(四川)创新中心有限公司 | Safe and trusted system based on block chain technology |
CN113542186A (en) * | 2020-04-13 | 2021-10-22 | 杭州电子科技大学 | Monitoring system based on network security and early warning method thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103745154A (en) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | Intrusion detection system and detection method with self-learning capability |
CN105791264A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network security pre-warning method |
CN107493187A (en) * | 2017-07-19 | 2017-12-19 | 国网浙江桐庐县供电公司 | A kind of Security Countermeasure for Information Network of Electric Power Enterprise management system with safe early warning |
CN107493259A (en) * | 2017-04-19 | 2017-12-19 | 安徽华脉科技发展有限公司 | A kind of network security control system |
-
2018
- 2018-07-25 CN CN201810823371.8A patent/CN109005168A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103745154A (en) * | 2013-12-27 | 2014-04-23 | 柳州职业技术学院 | Intrusion detection system and detection method with self-learning capability |
CN105791264A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network security pre-warning method |
CN107493259A (en) * | 2017-04-19 | 2017-12-19 | 安徽华脉科技发展有限公司 | A kind of network security control system |
CN107493187A (en) * | 2017-07-19 | 2017-12-19 | 国网浙江桐庐县供电公司 | A kind of Security Countermeasure for Information Network of Electric Power Enterprise management system with safe early warning |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110032869A (en) * | 2019-04-19 | 2019-07-19 | 湖南科技学院 | A kind of cloud computing protection early warning system based on big data |
CN110032869B (en) * | 2019-04-19 | 2022-08-09 | 湖南科技学院 | Cloud computing protection early warning system based on big data |
CN110225065A (en) * | 2019-07-16 | 2019-09-10 | 广东申立信息工程股份有限公司 | A kind of network security warning system |
CN111049685A (en) * | 2019-12-16 | 2020-04-21 | 中国南方电网有限责任公司 | Network security sensing system, network security sensing method and device of power system |
CN113542186A (en) * | 2020-04-13 | 2021-10-22 | 杭州电子科技大学 | Monitoring system based on network security and early warning method thereof |
CN112583813A (en) * | 2020-12-09 | 2021-03-30 | 南京拟态智能技术研究院有限公司 | Network security early warning system |
CN113193977A (en) * | 2021-03-12 | 2021-07-30 | 工业云制造(四川)创新中心有限公司 | Safe and trusted system based on block chain technology |
CN112861136A (en) * | 2021-04-14 | 2021-05-28 | 佳和乐享(北京)科技有限公司 | Network security supervision platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109005168A (en) | A kind of network security warning system and method for early warning | |
US9323925B2 (en) | Method and system for prevention of windowless screen capture | |
CN108462714A (en) | A kind of APT systems of defense and its defence method based on system resilience | |
CN110881049A (en) | Computer network safety intelligent control system | |
CN101826139A (en) | Method and device for detecting Trojan in non-executable file | |
CN103218561B (en) | Tamper-proof method and device for protecting browser | |
CN103150511A (en) | Safety protection system | |
CN105303107A (en) | Abnormal process detection method and apparatus | |
WO2014048257A1 (en) | Security protection system and method | |
CN110099060A (en) | A kind of network information security guard method and system | |
CN111726342A (en) | Method and system for improving alarm output accuracy of honeypot system | |
CN114666088A (en) | Method, device, equipment and medium for detecting industrial network data behavior information | |
CN115225321A (en) | Financial data anti-theft alarm system and method based on big data | |
CN111885019A (en) | Network security situation element extraction method based on attack and defense information comparison | |
CN116094817A (en) | Network security detection system and method | |
JP6407184B2 (en) | Attack countermeasure determination system, attack countermeasure determination method, and attack countermeasure determination program | |
CN114760089A (en) | Safety protection method and device for web server | |
CN106899977B (en) | Abnormal flow detection method and device | |
CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
CN113542186A (en) | Monitoring system based on network security and early warning method thereof | |
CN113079182B (en) | Network security control system | |
CN205862329U (en) | A kind of data base's Hole Detection and anti-intrusion device | |
CN115529169A (en) | Network safety system based on artificial intelligence | |
CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method | |
CN112784274A (en) | Linux platform based malicious sample detection and collection method and system, storage medium and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181214 |