CN109005168A - A kind of network security warning system and method for early warning - Google Patents

A kind of network security warning system and method for early warning Download PDF

Info

Publication number
CN109005168A
CN109005168A CN201810823371.8A CN201810823371A CN109005168A CN 109005168 A CN109005168 A CN 109005168A CN 201810823371 A CN201810823371 A CN 201810823371A CN 109005168 A CN109005168 A CN 109005168A
Authority
CN
China
Prior art keywords
module
network
data
information
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810823371.8A
Other languages
Chinese (zh)
Inventor
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Three Information Technology Service Co Ltd
Original Assignee
Anhui Three Information Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Three Information Technology Service Co Ltd filed Critical Anhui Three Information Technology Service Co Ltd
Priority to CN201810823371.8A priority Critical patent/CN109005168A/en
Publication of CN109005168A publication Critical patent/CN109005168A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Alarm Systems (AREA)

Abstract

The present invention provides a kind of network security warning system and method for early warning, including the network security polling module for carrying out inspection to network security invasion information, basic network security data extraction module for being extracted to exception information data, for carrying out the network risks information identification module of risk identification to the extracted information of basic network security data extraction module, internet worm memory module for the storage to internet worm data, internet worm data for being stored in the data and internet worm memory module to potential invasion host carry out the internet worm characteristic matching module of aspect ratio pair, network security for the host that is monitored carries out the network safety pre-warning module of early warning and the internet worm data for identifying to internet worm characteristic matching module carry out security level assessment, the result assessed is sent to network The network safety grade evaluation module of safe early warning module effectively safeguards network kilter by the real-time monitoring to network security.

Description

A kind of network security warning system and method for early warning
Technical field
The present invention relates to network safety fileds, and in particular to a kind of network security warning system and method for early warning.
Background technique
The development of modern information technology has pushed generation, collection, transmission, the shared and analysis of data, so that science and work Journey research has become data-intensive work.The level of informatization of human society is higher and higher, and Internet user's quantity is just It is quickly being formed and is being emerged in the group at geometric growth, having certain network technology level in user, along with net The increasingly increase of network flow, network is illegal, emergency event emerges one after another, and causes weight to national security, social stability, people's interests Big harm.The phenomenon that abusing internet is more and more, strikes the eye and rouse the mind to destruction and loss caused by internet.Therefore, whole A society is also higher and higher to the degree of dependence of the network information, and internet security problem has seemed more and more prominent, thus net The importance of network safety is also higher and higher.Therefore, early warning is monitored to network security, it is illegal, prominent for handling network in time Hair event, national society stablize, and ensure that people's interests have a very important role.
For the effective and safe for guaranteeing network, intrusion prevention system comes into being.Currently, it is anti-to there are a large amount of safety on the market Shield program, such as checking and killing virus program, wooden horse killing program, Mail Scanner etc., however traditional protecting information safety System-firewall technology and Intrusion Detection Technique etc. can not prevent the early warning of the attack to deep layers such as application layers, can not Realize the real-time early warning alarm to attack.
Summary of the invention
In view of the above-mentioned problems in the prior art, there is provided a kind of network security warning systems for one of the object of the invention, to quilt Monitoring host computer monitor in real time and early warning;In addition, it is a further object of the present invention to provide a kind of method for early warning of network security.
The following technical solution is employed by the present invention:
A kind of network security warning system, including
Network security polling module, for carrying out inspection to network security invasion information, discovery network security problem is timely Activation system;
Basic network security data extraction module, for being extracted to exception information data;
Network risks information identification module, for carrying out wind to the extracted information of basic network security data extraction module Danger identification;
Internet worm memory module, for the storage to internet worm data;
Internet worm characteristic matching module, for being deposited in the data and internet worm memory module to potential invasion host The internet worm data of storage carry out aspect ratio pair;
Network safety pre-warning module, the network security for the host that is monitored carry out early warning;
Network safety grade evaluation module, the internet worm data for identifying to internet worm characteristic matching module carry out Security level assessment, and the result assessed is sent to network safety pre-warning module.
It preferably, further include the temperature sensor and displacement sensor being installed on monitored host;Temperature sensor is used In the temperature for incuding monitored host, the on-off state of controlled host is monitored;Displacement sensor sends host location information To network security polling module.
It preferably, further include virus treated module, for handling intrusive viruses, concrete mode includes antivirus, peace Fill patch, change password and adjustment permission.
Preferably, the warning information of network safety pre-warning module includes Time To Event data, event type data, thing Part derived data and event confidence packets.
A kind of method for early warning of network security, comprising the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem, Start basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) network risks information identification module by received data information carry out risk identification, judge host number it is believed that Whether breath is safe:
1. received data information is sent to internet worm characteristic matching module if host data information security, into Enter step (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in the net of internet worm memory module Network virus data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module, Security level assessment further is carried out to the doubtful viral data of internet worm characteristic matching module monitoring, and assessment result is sent out It send to network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
Further, received data is sent out while received data is carried out early warning by network safety pre-warning module It send to virus treated module, virus treated module automatically processes judged received viral data.
The invention has the advantages that:
The real-time monitoring and judgement to network security are realized, the kilter of network is maintained;
It is multi-faceted to ensure that network is complete by analysis, the judgement to unknown intrusion behavior;It is suitable for single node or multiple Node deployment environment, deployment way are more flexible;
It can further be monitored by temperature sensor, snugly monitor the booting or shutdown feelings of monitored host at any time Condition effectively improves internet security;
It can quickly and accurately make a response to security incident, convenient for the automatic and timely processing of security incident, greatly The safety for improving network system has ensured the information and property safety of user, has positive society, economic effect.
Specific embodiment
The present invention is specifically described combined with specific embodiments below:
A kind of network security warning system, including network security polling module, basic network security data extraction module, net Network risk information identification module, internet worm memory module, internet worm characteristic matching module, network safety pre-warning module, net Network security level evaluation module, virus treated module and the temperature sensor being installed on monitored host, displacement sensor.
Wherein, network security polling module is used to carry out inspection to network security invasion information, finds network security problem Timely activation system;
Basic network security data extraction module is for extracting exception information data;
Network risks information identification module is used to carry out wind to the extracted information of basic network security data extraction module Danger identification;
Internet worm memory module is for the storage to internet worm data;
Internet worm characteristic matching module is used in data and internet worm memory module to potential invasion host be deposited The internet worm data of storage carry out aspect ratio pair;
Network security of the network safety pre-warning module for the host that is monitored carries out early warning;
The internet worm data that network safety grade evaluation module is used to identify internet worm characteristic matching module carry out Security level assessment, and the result assessed is sent to network safety pre-warning module;
Temperature sensor is used to incude the temperature of monitored host, monitors the on-off state of controlled host;Displacement sensing Host location information is sent to network security polling module by device;
For virus treated module for handling intrusive viruses, concrete mode includes antivirus, installation patch, change password With adjustment permission.
Specifically, the warning information of network safety pre-warning module includes Time To Event data, event type data, thing Part derived data and event confidence packets.
When carrying out the early warning of network security, comprising the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem, Start basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) network risks information identification module by received data information carry out risk identification, judge host number it is believed that Whether breath is safe:
1. received data information is sent to internet worm characteristic matching module if host data information security, into Enter step (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in the net of internet worm memory module Network virus data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module, Security level assessment further is carried out to the doubtful viral data of internet worm characteristic matching module monitoring, and assessment result is sent out It send to network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
Meanwhile when the monitored host of setting is in off-mode, when temperature sensor monitors that monitored host is non- Plan open state, then will send a command to displacement sensor, host location information is sent to network security by displacement sensor Polling module;Network security polling module repeats the warning step of above-mentioned network security.
Specifically, received data is sent while received data is carried out early warning by network safety pre-warning module To virus treated module, virus treated module automatically processes judged received viral data.
Certainly, the above description is not a limitation of the present invention, and the present invention is also not limited to the example above, this technology neck The variations, modifications, additions or substitutions that the technical staff in domain is made within the essential scope of the present invention also should belong to of the invention Protection scope.

Claims (6)

1. a kind of network security warning system and method for early warning, which is characterized in that including
Network security polling module, for carrying out inspection to network security invasion information, discovery network security problem starts in time System;
Basic network security data extraction module, for being extracted to exception information data;
Network risks information identification module, for carrying out risk knowledge to the extracted information of basic network security data extraction module Not;
Internet worm memory module, for the storage to internet worm data;
Internet worm characteristic matching module, for what is stored in the data and internet worm memory module to potential invasion host Internet worm data carry out aspect ratio pair;
Network safety pre-warning module, the network security for the host that is monitored carry out early warning;
Network safety grade evaluation module, the internet worm data for identifying to internet worm characteristic matching module carry out safety Grade assessment, and the result assessed is sent to network safety pre-warning module.
2. a kind of network security warning system according to claim 1, which is characterized in that further include being installed on monitored master Temperature sensor and displacement sensor on machine;Temperature sensor is used to incude the temperature of monitored host, monitors controlled host On-off state;Host location information is sent to network security polling module by displacement sensor.
3. a kind of network security warning system according to claim 1, which is characterized in that it further include virus treated module, For handling intrusive viruses, concrete mode includes antivirus, installation patch, change password and adjustment permission.
4. a kind of network security warning system according to claim 1, which is characterized in that network safety pre-warning module it is pre- Alert information includes Time To Event data, event type data, Event origin data and event confidence packets.
5. a kind of method for early warning of network security, which comprises the following steps:
(1) inspection is carried out to network security invasion information using network security polling module, when finding network security problem, starting Basic network security data extraction module, and extracted information is sent to network risks information identification module;
(2) received data information is carried out risk identification by network risks information identification module, judges that host data information is No safety:
1. received data information is sent to internet worm characteristic matching module, into step if host data information security Suddenly (3);
2. sending information to network safety pre-warning module if host data information is dangerous, network safety pre-warning is carried out;
(3) internet worm characteristic matching module by received information be stored in advance in internet worm memory module network disease Malicious data carry out aspect ratio pair, judge whether monitored host has threat according to matching result:
1. threatening if host data does not have, received data information is sent to network safety grade evaluation module, into one It walks and security level assessment is carried out to the doubtful viral data that internet worm characteristic matching module monitors, and assessment result is sent to Network safety pre-warning module;
2. threatening if host data has, network safety pre-warning module is sent information to, carries out network safety pre-warning.
6. a kind of method for early warning of network security according to claim 5, which is characterized in that network safety pre-warning module will Received data is sent to virus treated module while received data carries out early warning, virus treated module is to being sentenced Received viral data of breaking are automatically processed.
CN201810823371.8A 2018-07-25 2018-07-25 A kind of network security warning system and method for early warning Pending CN109005168A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810823371.8A CN109005168A (en) 2018-07-25 2018-07-25 A kind of network security warning system and method for early warning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810823371.8A CN109005168A (en) 2018-07-25 2018-07-25 A kind of network security warning system and method for early warning

Publications (1)

Publication Number Publication Date
CN109005168A true CN109005168A (en) 2018-12-14

Family

ID=64596761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810823371.8A Pending CN109005168A (en) 2018-07-25 2018-07-25 A kind of network security warning system and method for early warning

Country Status (1)

Country Link
CN (1) CN109005168A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032869A (en) * 2019-04-19 2019-07-19 湖南科技学院 A kind of cloud computing protection early warning system based on big data
CN110225065A (en) * 2019-07-16 2019-09-10 广东申立信息工程股份有限公司 A kind of network security warning system
CN111049685A (en) * 2019-12-16 2020-04-21 中国南方电网有限责任公司 Network security sensing system, network security sensing method and device of power system
CN112583813A (en) * 2020-12-09 2021-03-30 南京拟态智能技术研究院有限公司 Network security early warning system
CN112861136A (en) * 2021-04-14 2021-05-28 佳和乐享(北京)科技有限公司 Network security supervision platform
CN113193977A (en) * 2021-03-12 2021-07-30 工业云制造(四川)创新中心有限公司 Safe and trusted system based on block chain technology
CN113542186A (en) * 2020-04-13 2021-10-22 杭州电子科技大学 Monitoring system based on network security and early warning method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103745154A (en) * 2013-12-27 2014-04-23 柳州职业技术学院 Intrusion detection system and detection method with self-learning capability
CN105791264A (en) * 2016-01-08 2016-07-20 国家电网公司 Network security pre-warning method
CN107493187A (en) * 2017-07-19 2017-12-19 国网浙江桐庐县供电公司 A kind of Security Countermeasure for Information Network of Electric Power Enterprise management system with safe early warning
CN107493259A (en) * 2017-04-19 2017-12-19 安徽华脉科技发展有限公司 A kind of network security control system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103745154A (en) * 2013-12-27 2014-04-23 柳州职业技术学院 Intrusion detection system and detection method with self-learning capability
CN105791264A (en) * 2016-01-08 2016-07-20 国家电网公司 Network security pre-warning method
CN107493259A (en) * 2017-04-19 2017-12-19 安徽华脉科技发展有限公司 A kind of network security control system
CN107493187A (en) * 2017-07-19 2017-12-19 国网浙江桐庐县供电公司 A kind of Security Countermeasure for Information Network of Electric Power Enterprise management system with safe early warning

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032869A (en) * 2019-04-19 2019-07-19 湖南科技学院 A kind of cloud computing protection early warning system based on big data
CN110032869B (en) * 2019-04-19 2022-08-09 湖南科技学院 Cloud computing protection early warning system based on big data
CN110225065A (en) * 2019-07-16 2019-09-10 广东申立信息工程股份有限公司 A kind of network security warning system
CN111049685A (en) * 2019-12-16 2020-04-21 中国南方电网有限责任公司 Network security sensing system, network security sensing method and device of power system
CN113542186A (en) * 2020-04-13 2021-10-22 杭州电子科技大学 Monitoring system based on network security and early warning method thereof
CN112583813A (en) * 2020-12-09 2021-03-30 南京拟态智能技术研究院有限公司 Network security early warning system
CN113193977A (en) * 2021-03-12 2021-07-30 工业云制造(四川)创新中心有限公司 Safe and trusted system based on block chain technology
CN112861136A (en) * 2021-04-14 2021-05-28 佳和乐享(北京)科技有限公司 Network security supervision platform

Similar Documents

Publication Publication Date Title
CN109005168A (en) A kind of network security warning system and method for early warning
US9323925B2 (en) Method and system for prevention of windowless screen capture
CN108462714A (en) A kind of APT systems of defense and its defence method based on system resilience
CN110881049A (en) Computer network safety intelligent control system
CN101826139A (en) Method and device for detecting Trojan in non-executable file
CN103218561B (en) Tamper-proof method and device for protecting browser
CN103150511A (en) Safety protection system
CN105303107A (en) Abnormal process detection method and apparatus
WO2014048257A1 (en) Security protection system and method
CN110099060A (en) A kind of network information security guard method and system
CN111726342A (en) Method and system for improving alarm output accuracy of honeypot system
CN114666088A (en) Method, device, equipment and medium for detecting industrial network data behavior information
CN115225321A (en) Financial data anti-theft alarm system and method based on big data
CN111885019A (en) Network security situation element extraction method based on attack and defense information comparison
CN116094817A (en) Network security detection system and method
JP6407184B2 (en) Attack countermeasure determination system, attack countermeasure determination method, and attack countermeasure determination program
CN114760089A (en) Safety protection method and device for web server
CN106899977B (en) Abnormal flow detection method and device
CN107277070A (en) A kind of computer network instrument system of defense and intrusion prevention method
CN113542186A (en) Monitoring system based on network security and early warning method thereof
CN113079182B (en) Network security control system
CN205862329U (en) A kind of data base's Hole Detection and anti-intrusion device
CN115529169A (en) Network safety system based on artificial intelligence
CN108924129A (en) One kind being based on computer network instrument system of defense and intrusion prevention method
CN112784274A (en) Linux platform based malicious sample detection and collection method and system, storage medium and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214