CN202004790U - Network security detection and monitoring auditing system - Google Patents
Network security detection and monitoring auditing system Download PDFInfo
- Publication number
- CN202004790U CN202004790U CN 201120072305 CN201120072305U CN202004790U CN 202004790 U CN202004790 U CN 202004790U CN 201120072305 CN201120072305 CN 201120072305 CN 201120072305 U CN201120072305 U CN 201120072305U CN 202004790 U CN202004790 U CN 202004790U
- Authority
- CN
- China
- Prior art keywords
- module
- monitoring
- network
- network security
- storehouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a network security detection and monitoring auditing system, which relates to the field of network security and is used for solving the problem of function singularity of a network security detection product and a network monitoring auditing product in the prior art. The network security detection and monitoring auditing system comprises a monitoring center, and a host monitoring client, a network monitoring module and a vulnerability scanner which are connected with the monitoring center, wherein the host monitoring client, the network monitoring module and the vulnerability scanner transmit monitoring data and alarming data to the monitoring center; and the monitoring center detects the network security according to the received data, and adopts corresponding measures. The network security detection and monitoring auditing system organically combines network security detection and monitoring auditing.
Description
Technical field
The utility model relates to network safety filed, particularly relates to a kind of network security and detects and the monitor audit system.
Background technology
Along with popularizing of the Internet, the user is also more and more higher to the requirement of network security, and present network security detection type product and network monitoring audit product function are single, and the network security detection type product of different manufacturers and monitor audit product also can't be realized interlock, but often having bought the safety product security incident still constantly takes place, the user presses for and aly can collect host monitor, network monitoring, intrusion detection, vulnerability scanning and network behavior are audited and are detected and the monitor audit product in the network security of one, just user's trouble and worry can be solved fully, user's overlapping investment can also be reduced.
The utility model content
The utility model provides a kind of network security to detect and the monitor audit system, in order to network security testing product and the single problem of network monitoring audit product function that solves prior art.
The utility model comprises: Surveillance center, and the host monitor client that links to each other with described Surveillance center, network monitoring module and vulnerability scanners; Wherein, host monitor client, network monitoring module and vulnerability scanners send to Surveillance center with monitor data and data with alert; Surveillance center's basis receives that data in real time detects network security, and takes appropriate measures.
Further, the host monitor client is made up of monitoring analysis module and function realization module; Wherein, the monitoring analysis module invokes is connected incident and the driving that causes to the system interface file access with network, and carries out analysis-by-synthesis; Function realization module is called function corresponding according to described analysis result.
Further, the monitoring analysis module is made up of inner nuclear layer monitoring submodule and application layer monitoring submodule; Wherein, inner nuclear layer monitoring submodule is monitored the kernel driving in real time, application programming interfaces call and the incident of calling of the different levels of device drives kernel, the row filter analysis of going forward side by side; The connection of application layer monitoring submodule monitoring network, system journal, application daily record and system's current state, and analyze.
Further, function realize module according to the analysis result of monitoring analysis module and user monitoring peripheral hardware and interface are set, network is connected and share, file and database access, application service and outreach.
Further, network monitoring module is made up of grouping catcher, procotol decoder, intrusion detection module, sensitive content monitoring module, early warning module, intrusion model storehouse, sensitive information storehouse and information processing branch center; Wherein, the grouping catcher is collected data link layer network raw information, and is sent to the procotol decoder; The procotol decoder is submitted decoded protocol packet information to intrusion detection module, sensitive content monitoring module and information processing branch center according to the different procotols corresponding packet data structure of decoding; The intrusion detection module is connected with the intrusion model storehouse, according to attack feature of describing in the intrusion model storehouse and corresponding rule of response, decoded the Internet protocol data analyzed, and to early warning module responds analysis result; The sensitive content monitoring module is connected with the sensitive information storehouse, according to sensitive information content that writes down in the sensitive information storehouse and corresponding rule of response, keyword, filename mated, and to early warning module responds matching result; The early warning module is carried out operation accordingly according to the object information of intrusion detection module and the submission of sensitive content monitoring module; Information processing branch center and described Surveillance center carry out information interaction.
Further, vulnerability scanners is made up of scanner, scanning strategy module and system vulnerability storehouse; Wherein, scanner regularly detects the leak that each main frame of Intranet and the network equipment exist according to the strategy of storing in the scanning strategy module, and deposits leak information in the system vulnerability storehouse.
Further, Surveillance center is made up of main frame linked protection module, emergency response module, alarm module and strategy pattern storehouse; Wherein, main frame linked protection module is filtered data according to the strategy of storing in the strategy pattern storehouse; When the emergency response module is subjected to encroaching in system, carry out shutoff, isolation or forced shutdown; Alarm module is reported to the police to abnormal behaviour; Strategy pattern storehouse record monitoring strategies.
The utility model comprises: Surveillance center, and the host monitor client that links to each other with described Surveillance center, network monitoring module and vulnerability scanners, integrating host monitor, network monitoring, intrusion detection, vulnerability scanning and network behavior audits, the network security detection is combined with monitor audit, realized the interlock of network security detection type product and monitor audit product, and then avoided existing safety product that the problem of security incident constantly takes place, also can reduce user's overlapping investment.
Description of drawings
Fig. 1 is the system configuration schematic diagram of the utility model embodiment;
Fig. 2 is the structural representation of host monitor client among the utility model embodiment;
Fig. 3 is the structural representation of network monitoring module among the utility model embodiment;
Fig. 4 is the structural representation of vulnerability scanners among the utility model embodiment;
Fig. 5 is the structural representation of Surveillance center among the utility model embodiment.
Embodiment
Present embodiment provides a kind of network security detection and monitor audit system that host monitor, network monitoring, intrusion detection, vulnerability scanning and network behavior are audited that integrate, and describes in detail by the following examples.
Referring to shown in Figure 1, the system of present embodiment is made up of host monitor client 11, network monitoring module 12, vulnerability scanners 13 and Surveillance center 14.
Host monitor client 11, network monitoring module 12 and vulnerability scanners 13 send to Surveillance center 14 with monitor data and warning information, Surveillance center 14 finds network security problem and attack according to data in real time, takes different measures according to the different situations and the extent of injury then.
Referring to shown in Figure 2, host monitor client 11 is made up of monitoring analysis module 111 and function realization module 112.
Monitoring analysis module 111 is responsible for the variety of event and the driving of system interface file access and initiations such as network is connected are called, and carries out analysis-by-synthesis; Function realization module 112 is finished various concrete functions.
Further, monitoring analysis module 111 is made up of inner nuclear layer monitoring submodule 1111 and application layer monitoring submodule 1112.Inner nuclear layer monitoring submodule 1111 incident of calling of various kernel different levels such as the driving of monitoring kernel, API Calls and device drives in real time screens analysis; Information such as the 1112 main monitoring diverse network connections of application layer monitoring submodule, system journal, application daily record and system's current state extract relevant part and analyze.
Function realizes that module 112 is provided with the various functions of main realization according to the analysis result of monitoring analysis module 111 and user: peripheral hardware and interface monitoring, network is connected and share that monitoring, file and database access are monitored, application service monitoring and external connection monitoring.
Referring to shown in Figure 3, network monitoring module 12 is made up of grouping catcher 121, procotol decoder 122, intrusion detection module 123, sensitive content monitoring module 124, early warning module 125, intrusion model storehouse 126, sensitive information storehouse 127 and information processing branch center 128.
Grouping catcher 121 is collected data link layer network raw information and is sent to the procotol decoder.Procotol decoder 122 is according to the different procotols corresponding packet data structure of decoding, and submits decoded protocol packet information to intrusion detection module 123, sensitive content monitoring module 124 and information processing branch center 128.123 pairs of decoded the Internet protocol data of intrusion detection module are analyzed, and seek predefined attack mode from these network activitys, in case find wherein to contain the characteristic indication of attack, are about to this incident and submit early warning module 125 to.Intrusion model storehouse 126 is connected with intrusion detection module 123, is used for describing the feature and the corresponding rule of response of attack; Sensitive content monitoring module 124 is responsible for keyword, filename etc. is mated, and gives early warning module 125 with the result of mating.Sensitive information storehouse 127 is connected with sensitive content monitoring module 124, is used for writing down sensitive information content and corresponding rule of response.Early warning module 125 is carried out corresponding action according to the kind of event of intrusion detection module 123 and 124 submissions of sensitive content monitoring module according to preassigned respondent behavior.Information processing branch center 128 is used for carrying out the interchange of various information with Surveillance center 14.
Referring to shown in Figure 4, vulnerability scanners 13 is made up of scanner 131, scanning strategy module 132 and system vulnerability storehouse 133.
Scanner 131 regularly detects the leak that each main frame of Intranet and the network equipment exist according to certain strategy.Concrete, scanner 131 regularly detects the leak that each main frame of Intranet and the network equipment exist according to the strategy of storage in the scanning strategy module 132, and deposits leak information in system vulnerability storehouse 133.
Referring to shown in Figure 5, Surveillance center 14 is made up of main frame linked protection module 141, emergency response module 142, alarm module 143 and strategy pattern storehouse 144.
Main frame linked protection module 141 is filtered data according to the strategy of Surveillance center 14, the safety of protection main frame.Emergency response module 142 is taked emergency measuress such as shutoff, isolation or forced shutdown when main frame is subjected to encroaching on.Alarm module 143 is responsible for abnormal behaviour is reported to the police.Strategy pattern storehouse 144 record monitoring strategies also can write down above-mentioned intrusion model storehouse and system vulnerability storehouse.
Obviously, those skilled in the art can carry out various changes and modification to the utility model and not break away from spirit and scope of the present utility model.Like this, if of the present utility model these are revised and modification belongs within the scope of the utility model claim and equivalent technologies thereof, then the utility model also is intended to comprise these changes and modification interior.
Claims (7)
1. a network security detects and the monitor audit system, it is characterized in that, comprising: Surveillance center, and the host monitor client that links to each other with described Surveillance center, network monitoring module and vulnerability scanners;
Wherein, host monitor client, network monitoring module and vulnerability scanners send to Surveillance center with monitor data and data with alert; Surveillance center's basis receives that data in real time detects network security, and takes appropriate measures.
2. network security as claimed in claim 1 detects and the monitor audit system, it is characterized in that, described host monitor client is made up of monitoring analysis module and function realization module;
Wherein, the monitoring analysis module invokes is connected incident and the driving that causes to the system interface file access with network, and carries out analysis-by-synthesis;
Function realization module is called function corresponding according to described analysis result.
3. network security as claimed in claim 2 detects and the monitor audit system, it is characterized in that, described monitoring analysis module is made up of inner nuclear layer monitoring submodule and application layer monitoring submodule;
Wherein, inner nuclear layer monitoring submodule is monitored the kernel driving in real time, application programming interfaces call and the incident of calling of the different levels of device drives kernel, the row filter analysis of going forward side by side;
The connection of application layer monitoring submodule monitoring network, system journal, application daily record and system's current state, and analyze.
4. network security as claimed in claim 2 detects and the monitor audit system, it is characterized in that, described function realize module according to the analysis result of monitoring analysis module and user monitoring peripheral hardware and interface are set, network is connected and share, file and database access, application service and outreach.
5. network security as claimed in claim 1 detects and the monitor audit system, it is characterized in that described network monitoring module is made up of grouping catcher, procotol decoder, intrusion detection module, sensitive content monitoring module, early warning module, intrusion model storehouse, sensitive information storehouse and information processing branch center;
Wherein, the grouping catcher is collected data link layer network raw information, and is sent to the procotol decoder;
The procotol decoder is submitted decoded protocol packet information to intrusion detection module, sensitive content monitoring module and information processing branch center according to the different procotols corresponding packet data structure of decoding;
The intrusion detection module is connected with the intrusion model storehouse, according to attack feature of describing in the intrusion model storehouse and corresponding rule of response, decoded the Internet protocol data analyzed, and to early warning module responds analysis result;
The sensitive content monitoring module is connected with the sensitive information storehouse, according to sensitive information content that writes down in the sensitive information storehouse and corresponding rule of response, keyword, filename mated, and to early warning module responds matching result;
The early warning module is carried out operation accordingly according to the object information of intrusion detection module and the submission of sensitive content monitoring module;
Information processing branch center and described Surveillance center carry out information interaction.
6. network security as claimed in claim 1 detects and the monitor audit system, it is characterized in that described vulnerability scanners is made up of scanner, scanning strategy module and system vulnerability storehouse;
Wherein, scanner regularly detects the leak that each main frame of Intranet and the network equipment exist according to the strategy of storing in the scanning strategy module, and deposits leak information in the system vulnerability storehouse.
7. network security as claimed in claim 1 detects and the monitor audit system, it is characterized in that described Surveillance center is made up of main frame linked protection module, emergency response module, alarm module and strategy pattern storehouse;
Wherein, main frame linked protection module is filtered data according to the strategy of storing in the strategy pattern storehouse;
When the emergency response module is subjected to encroaching in system, carry out shutoff, isolation or forced shutdown;
Alarm module is reported to the police to abnormal behaviour;
Strategy pattern storehouse record monitoring strategies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120072305 CN202004790U (en) | 2011-03-18 | 2011-03-18 | Network security detection and monitoring auditing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120072305 CN202004790U (en) | 2011-03-18 | 2011-03-18 | Network security detection and monitoring auditing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202004790U true CN202004790U (en) | 2011-10-05 |
Family
ID=44707514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201120072305 Expired - Lifetime CN202004790U (en) | 2011-03-18 | 2011-03-18 | Network security detection and monitoring auditing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202004790U (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932453A (en) * | 2012-10-31 | 2013-02-13 | 江苏博智软件科技有限公司 | Method for achieving data center security system based on cloud computation |
| CN102984128A (en) * | 2012-11-05 | 2013-03-20 | 中国电力科学研究院 | Computer information privacy detection method based on network |
| CN106850534A (en) * | 2016-11-30 | 2017-06-13 | 北海高创电子信息孵化器有限公司 | A kind of scientific and technological information detection method based on internet |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
| CN108337238A (en) * | 2017-12-28 | 2018-07-27 | 广州华夏职业学院 | A kind of information security detecting system for teaching network |
| CN108833425A (en) * | 2018-06-26 | 2018-11-16 | 九江职业技术学院 | A kind of network safety system and method based on big data |
| CN108965305A (en) * | 2018-07-25 | 2018-12-07 | 安徽三实信息技术服务有限公司 | A kind of internet security monitoring system and its monitoring method |
-
2011
- 2011-03-18 CN CN 201120072305 patent/CN202004790U/en not_active Expired - Lifetime
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102932453A (en) * | 2012-10-31 | 2013-02-13 | 江苏博智软件科技有限公司 | Method for achieving data center security system based on cloud computation |
| CN102984128A (en) * | 2012-11-05 | 2013-03-20 | 中国电力科学研究院 | Computer information privacy detection method based on network |
| CN102984128B (en) * | 2012-11-05 | 2016-02-24 | 中国电力科学研究院 | A kind of network computer information security detection method |
| CN106850534A (en) * | 2016-11-30 | 2017-06-13 | 北海高创电子信息孵化器有限公司 | A kind of scientific and technological information detection method based on internet |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
| CN108337238A (en) * | 2017-12-28 | 2018-07-27 | 广州华夏职业学院 | A kind of information security detecting system for teaching network |
| CN108337238B (en) * | 2017-12-28 | 2021-04-20 | 广州华夏职业学院 | Information security detection system for teaching network |
| CN108833425A (en) * | 2018-06-26 | 2018-11-16 | 九江职业技术学院 | A kind of network safety system and method based on big data |
| CN108965305A (en) * | 2018-07-25 | 2018-12-07 | 安徽三实信息技术服务有限公司 | A kind of internet security monitoring system and its monitoring method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN202004790U (en) | Network security detection and monitoring auditing system | |
| CN102622818B (en) | All-directional intelligent monitoring method for bank ATMs | |
| CN102682565B (en) | Be suitable for fire-fighting and the security protection integral intelligent video frequency monitoring system of open space | |
| CN104239197A (en) | Method for discovering abnormal behaviors of management user based on big data log analysis | |
| CN115051879B (en) | Data analysis system of network security situation perception system based on machine learning | |
| CN112785803A (en) | Monitoring system based on Internet of things | |
| CN108809886A (en) | A kind of computer network security guard system | |
| CN108183901B (en) | FPGA-based host security protection physical card and data processing method thereof | |
| CN106448046A (en) | Alarm system for monitoring environment in which protected person is located | |
| CN205076589U (en) | Unusual early warning of elevator and supervision inquiry system | |
| CN102307184A (en) | Information asset protection method based on intrusion tolerance | |
| CN207458335U (en) | A kind of information monitoring system of underground parking | |
| CN103605597B (en) | Configurable computer protection system and method | |
| CN105739408A (en) | Business monitoring method used for power scheduling system and business monitoring system | |
| CN108924095A (en) | A kind of government website security monitoring alarm platform | |
| CN202472805U (en) | ATM safety prevention and control device | |
| CN115037536B (en) | Security information management is with preventing early warning platform that data is lost based on big data | |
| CN106250764A (en) | A kind of terminal control system | |
| CN102737464A (en) | Method, device and system for sensing state of intrusion alarm system | |
| CN105530136A (en) | Electric power scheduling system and business monitoring method for the same | |
| CN103093588A (en) | Alarm system and alarm information transmission method | |
| CN101895914A (en) | Method and system for alarming geologic anomaly of location of base station | |
| CN103078852A (en) | Method and device for judging asset states | |
| CN202486584U (en) | Dangerous article storage monitoring system | |
| CN108088497A (en) | A kind of computer floor integrated maintenance system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20111005 |
|
| CX01 | Expiry of patent term |