Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cooperative intrusion detection based large-scale network security defense system

A technology of intrusion detection and network security, which is applied in the field of computer security, can solve the problems of small scale of cooperation, high attack hazard, and unobvious attack behavior, and achieve the effect of preventing coordinated intrusion

Inactive Publication Date: 2005-09-14
HUAZHONG UNIV OF SCI & TECH
View PDF0 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1) The attack lasts for a long time, and a single attack behavior is not obvious;
[0005] 2) The attack source is widely distributed and the attack is very harmful;
However, the current security products and solutions that use collaboration generally have the following deficiencies: First, the scale of collaboration is small, generally using the mode of firewall plus intrusion detection system; second, the degree of collaboration is low, and each security product is completely independent of each other , it cannot achieve real coordinated defense and intelligent interaction, at best it is a mutual superposition of functions
The third is that the scalability is not good, and there are performance bottlenecks, which cannot meet the requirements of complex analysis of massive data when detecting and defending large-scale coordinated intrusions
However, because the three levels of the system are not compatible with existing security products and technical solutions, to adopt this structure, security products must be redesigned according to the three levels of the system, which is obviously impossible to achieve, and each Security vendors will not want their products to be completely subject to any kind of platform and architecture

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cooperative intrusion detection based large-scale network security defense system
  • Cooperative intrusion detection based large-scale network security defense system
  • Cooperative intrusion detection based large-scale network security defense system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0047] like figure 1 As shown, the present invention uses a front-end scheduling subsystem 1, a firewall subsystem 2, a traffic detection subsystem 3, an intrusion detection subsystem 4, a back-end scheduling subsystem 5, an alarm clustering and association subsystem 6, and a console subsystem 7 Inherent tight cooperation to achieve the detection and defense of coordinated intrusion.

[0048] The front-end scheduling subsystem 1 is used to communicate with the console subsystem 7. According to the obtained status information about the firewall subsystem 2, it performs load scheduling based on the fault-tolerant hash scheduling algorithm for data packets entering from the external network, and adopts a dual-machine The fault-tolerant processing is carried out in the way of hot backup to ensure that when the main scheduler fails, the backup scheduler can succe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This invention discloses a large scale network safety protection system based on cooperative intrusion detection, in which, a parallel fire wall system is formed by applying an advanced parallel technology and a model based on trust to protect against DDOS attack effectively, the parallel IDS sub-system applies a technology combing parallel technology and the state detection technology. The flow detection subsystem has high identifying ability to un-rule data based on the artificial nerve network model to detect the known attack and discover new attack behavior. The subsystems of the parallel fire wall, IDS, flow detection and co-related analysis and alarm are independent and complete to each other in function to exchange detection information and transfer detection and protection rules by an information driven system. The control station manages the subsystems.

Description

technical field [0001] The invention belongs to the field of computer security, and in particular relates to a large-scale network security defense system based on cooperative intrusion detection. Background technique [0002] The security of computer network is an international issue, and the economic loss caused by the security of computer network in the world reaches tens of billions of dollars every year. According to statistics: hacker attacks have increased at a rate of 250% in the past 5 years, and 99% of large companies have experienced large intrusions. World-renowned commercial websites such as Yahoo, Buy, EBay, Amazon, and CNN have all been hacked, causing huge economic losses. Even RSA, which specializes in network security, has also been attacked by hackers. With the rapid development of informatization, the network security problem that our country is facing is becoming increasingly serious. In 2003, among the countries most frequently attacked by hackers, Ch...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
Inventor 金海孙建华韩宗芬邹建平陶智飞何丽莉杨志玲易川江涂旭平王杰程恩罗雅琴
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com