Internet threat monitoring and defending method based on dynamic joint defense

Abstract

The invention relates to an internet threat monitoring and defending method based on dynamic joint defense. The method comprises the following steps that an automatic blocking module is connected withinternet boundary blocking equipment through an application layer interface to achieve data transmission; wherein the automatic blocking module is configured to monitor each functional event processed by the functional layer in real time, and send the event, reaching a set threat level, in a monitoring result to the internet boundary blocking equipment. The internet boundary blocking equipment filters the IP address, the MAC address and the terminal name in the threat event by adopting an ADS blacklist protection strategy. As long as the source IP address of the data packet is matched with acertain address in the blacklist, the ADS equipment blocks the address and does not perform other detection any more, and the ADS equipment receives the black IP information, completes the blocking action and returns to the blocking state. According to the internet threat monitoring and defending method based on dynamic joint defense, manual operation can be replaced by adding an automatic defending mechanism, careless omission of the manual operation is avoided, power network equipment and software are protected, and threat attacks are effectively prevented.

Description

technical field [0001] The invention relates to network security, in particular to an Internet threat monitoring and defense method based on dynamic joint defense. Background technique [0002] In recent years, the network security situation of my country's key information infrastructure has become increasingly severe. Among them, power companies, as an important key information infrastructure unit in the country, are responsible for the management and operation of many important external applications, and are often targeted by hackers. At present, the number of cyber attacks against the power industry is also increasing. In order to ensure the security of the power network environment and block various attacks from the Internet, the long-term practice of the network security department is basically to carry out daily monitoring and inspection by investing a lot of manpower and material resources. Work. In order to protect the security of the Internet exit, the information ...

AI Technical Summary

Problems solved by technology

[0003] However, the effect is not ideal. There are still a large number of network attacks that cannot be effectively intercepted in the first place, resulting in attacks on the internal system of the network, which in turn affects the safety of electricity consumption in various industries in society.

At present, the information center has to invest a lot of manual work to carry out monitoring and disposal work every day, which is costly. According to the existing mechanism, relevant personnel conduct inspections every 2 hours, and the defense mechanism will generate budget during normal working hours on weekdays. The incident response time is 2 hours, and the response time during non-working hours such as evenings and weekends can reach up to 48 hours. It is difficult to improve the timeliness of security protection

And if a lot of work is done manually, mistakes will inevitably occur and affect the quality of protection

[0004] Therefore, the power network security has problems such as an unsound automatic defense system for Internet threats; threat protection methods and technical tools are too traditional; heavy workload, labor-intensive, long event response time, and the risk of misoperation

Images