A kind of network safety system being applied to intellectual property operation platform and detection methodTechnical field
The invention belongs to computer network security technology field, relate more specifically to a kind of network safety system and detection sideMethod.
Background technology
In the cybertimes got the upper hand of with information, the importance of information resources more highlights, owing to individual enterprise can obtainOr the information provided is all limited, thus Public information service platform arises at the historic moment, this type of platform mostly by government, enterprise,The multi-subjects such as colleges and universities, industry organization puts into, uses market mechanism running, open to the society, service medium-sized and small enterprises, researchExploitation industry general character and guardian technique, raising this area innovation ability.
Intellectual property operation platform is to improve Regional Innovation Capacity, it is achieved the important way that intellectual achievement effectively converts, moreIt is to advance intellectual property industry development, makes the inevitable requirement of cultural soft power.The foundation of intellectual property operation platform, noCan be only thought, wisdom entrance capital market provides possible, is to integrate market resource especially, and the Financing Mode of Innovation Industry is doneGoing out useful practice, the foundation of intellectual property operation platform is not only intellectual property both sides of supply and demand and has built a high efficient and flexibleThe public service platform of the transaction of intellectual property achievement, intellectual property investment and financing activity, intangible asset etc., is also intellectual propertyManager payes attention to and promotes that the management of intellectual property transfer provides new approaches, promotes the industrialized development of intellectual property further, forRealize " Created in China " to do one's bit.
Intellectual property operation platform arranges information resources as a height, it is provided that the management platform of public service, logarithmBeing proposed higher requirement according to the safe operation of safety and network, in structure, Prevention-Security measure to be carried out, locates in timeReason emergency case, it is ensured that network can safely and steadily run.
Intrusion detection is the method for the protection network security of main flow in recent years, and Intrusion Detection Technique is positive as oneSafety protection technique, it is possible to flexibly for the characteristic of various network structures, actively monitoring computer network or system, andCan to external attack, internal attack and faulty operation carries out real-time guard, form effective security strategy, to computerNetwork or system play a part Initiative Defense, are computer security and the requisite ingredient of network security.
Intruding detection system is divided into two classes according to its detection Data Source: Host Intrusion Detection System system and based on netThe intruding detection system of network.Host Intrusion Detection System system extracts data (such as system journal etc.) conduct from individual hostThe data source of Intrusion analysis, and based-wed CL extracts the network message number as Intrusion analysis from networkAccording to source.As a rule Host Intrusion Detection System system can only detect individual host system, and Network Intrusion Detection SystemMultiple host computer systems of this network segment can be detected by system, multiple network invasion inspections being distributed in different segmentExamining system can be with collaborative work to provide higher intrusion detection capability.
Network Intrusion Detection System obtains the mode intercepted based on bag that general employing is passive to IP packet, examines in timeMeasure attack, it is also difficult to take prevention real-time, effective or control measure.
Summary of the invention
Fire wall and Intrusion Detection Technique are combined by the present invention, solve tradition intrusion detection and can not carry out actively control's
Problem.
A kind of network safety system being applied to intellectual property operation platform, including fire wall, event generator, intrusion detection mouldBlock, event memory module and alarm module.Fire wall, event generator, intrusion detection module and alarm module are sequentially connected, thingPart stores module and is connected with intrusion detection module and fire wall.
First the network data that fire wall is responsible for flowing into filters;
After event generator is responsible for the IP bag from fire wall is analyzed, is screened, it is converted into useful event information and sends toIntrusion detection module;
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection moduleAccording to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, specifically comprises the following steps that
(1) information collecting event generator is added up;
(2) constantly describe storehouse with normal network conditions to compare in real time, judge whether to occur by intrusion detection function
Intrusion event, as occurred, then sending this event to event memory module, if not invading, then repeating step(1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wallFiltration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, the intrusion detection function used in described detection method based on statistics is based on Naive-BayesAlgorithm.
Beneficial effect
(1) utilize firewall technology both to achieve the acquisition to the network data needed for intrusion detection, solve again tradition invasionThe problem that detection can not carry out actively controlling, it is ensured that the information security of intellectual property operation platform;
(2) result of network invasion monitoring also for fire wall Security Strategies provide foundation, improve the intelligence of fire wallAccess control ability.
Accompanying drawing explanation
Fig. 1 is the system structure schematic diagram of the present invention.
Fig. 2 is the detection method flow chart that the present invention uses.
Detailed description of the invention
As it is shown in figure 1, the network safety system of a kind of knowledge based property right operation platform, occur including fire wall, eventDevice, intrusion detection module, alarm module and event memory module.Fire wall, event generator, intrusion detection module and warning mouldBlock is sequentially connected, and event stores module and is connected with intrusion detection module and fire wall.
Fire wall uses packet filter firewall, and it decides whether to turn with security strategy according to the information of IP packet headerSending out this IP packet, security strategy is on filtering the correctness of behavior and efficiency impact is very big, for rule of simplification with improve efficiency,The filtering module of firewall system have employed based on connecting and the efficient packet filtering technique of hash algorithm, only receives Shen in systemPlease the Bao Shicai search rule collection of connection establishment, will refusal or the labelling write session table that allows, for common IP numberAccording to Bao Ze by source IP address, source port, the IP address of target, destination interface hash algorithm rapid at connection status the exterior and the interiorBe located by connecting probability, finds out corresponding action, thus improves the efficiency of packet filtering.
After event generator is responsible for the IP bag from fire wall carries out protocal analysis, screening, it is converted into useful event letterBreath sends intrusion detection module to.
The event information that event generator is sent by intrusion detection module performs intrusion detection;
The testing result that alarm module sends according to intrusion detection module, gives a warning information to server;
Event memory module receives the testing result that intrusion detection module sends, the attack number detecting intrusion detection moduleAccording to, it is analyzed and adds up, upgrading in time stored security policy database according to analysis result.
Further, intrusion detection uses detection method based on statistics, as in figure 2 it is shown, specifically comprise the following steps that
(1) information collecting event generator is added up;
(2) statistic is compared with the threshold value of setting in intrusion detection function, as exceeded threshold value, then judge to there occurs invasionEvent, sending this event to event memory module, if being not above threshold value, then judging not invade, and repeats step(1);
(3) event memory module is according to the intrusion event information received, the security strategy of amendment fire wall, changes fire wallFiltration behavior, it is achieved control in real time;
(4) step (1) is repeated.
Further, described intrusion detection function uses based on Naive-Bayes algorithm.This algorithm ratio is merely according to certainIndividual system
The combinatorial operation of metering or multiple statistic is superior, because Naive-Bayes algorithm is to obtain each system by studyMetering importance in intrusion detection, more intelligent than certain computing of fixing multiple statistics, it is more nearly networkConcrete applied environment.
Detection based on statistics is whether to exceed predetermined threshold value by test statistics to identify Network Abnormal, thereforeSelection to threshold value is extremely important, if threshold value is selected the lowest, then the probability reported by mistake is bigger, if threshold value is selected too high,It would be possible that the connection of some exceptions can be missed, currently preferred threshold value is 0.8.
In the present invention, fire wall and intrusion detection module are served as by two main frames respectively, use Fast Ethernet phase between themEven, fire wall main frame being inserted with 2 pieces of network interface cards, wherein 1 piece is operated under the mode of bridge, it is not necessary to any IP address, the most both may be usedTo increase the transparency of fire wall self, disguise and safety, simultaneously without the topology knot of concrete network of relocating during applicationStructure;Other one piece of network interface card has been responsible for and the communication function of intrusion detection main frame.