Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for sending safety strategy

A security strategy and strategy technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as limited processing capacity and affect the normal operation of linkage equipment, and achieve the effect of reducing transmission resources

Active Publication Date: 2008-01-23
NEW H3C SECURITY TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the limited ability of the linkage device to process linkage rules, when a large number of attacks occur, the IDS will continuously deliver a large number of linkage rules to the linkage device in response to a large number of attacks. normal operation of the equipment
Especially for the same attack, not only sending a large number of linkage rules to the linkage device will greatly affect the normal operation of the linkage device, but also for the same attack, it is meaningless to repeatedly issue the same attack within the time when the linkage rule is still valid

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for sending safety strategy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The core idea of ​​the present invention is: when the security detection device generates a security policy for an attack that occurs, it first stores the generated security policy, and when the conditions for delivering the security policy are met, then sends the generated security policy to the detected equipment.

[0058] In the present invention, it is necessary to set the undelivered security policy table, the delivered security policy table, the maximum number of issued policies and the maximum issued rate. Among them, the undelivered security policy table is provided to the security detection device to store the security policy that has not been delivered; the delivered security policy table is provided to the security detection device to store the security policy that has been delivered; the maximum issued policy The number is used to specify the maximum number of security policies that can be stored in the undelivered security policy table and the delivered sec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Setting up maximal down delivering rate, the method carries out following steps: (1) storing new security policy generated based on each attack; (2) when toggle condition is satisfied, obtaining present rate for down delivering security policy, determining whether present rate for down delivering security policy is smaller than maximal down delivering rate; if yes, then, obtaining and down delivering foremost security policy stored; otherwise, quitting down delivering security policy. The invention also discloses two methods for down delivering security policy. The invention controls quantity of down delivering security policy by security detection device to prevent device to be tested from being unable to run normally caused by large quantity of security policy down delivered. Through effective aggregation of security policy, the invention does not down deliver identical security policy repeatedly.

Description

technical field [0001] The invention relates to network security detection technology, in particular to a method for issuing security policies. Background technique [0002] Intrusion detection is to collect and analyze information from several key points in a computer network or computer system, to find out whether there are behaviors violating security policies and signs of being attacked in the network or system, and to take targeted actions and take these effective actions. Targeted actions are delivered to all intrusion detection targets, including network devices such as switches, routers, and firewalls. The combination of software and hardware for intrusion detection is an intrusion detection system (IDS). The objects that IDS detects and take targeted actions, such as switches, routers, firewalls, etc., are called IDS linkage devices. The IDS formulates different strategies for blocking attacks for different attacks, which are called linkage rules. Usually, a bloc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06
Inventor 汪翰林
Owner NEW H3C SECURITY TECH CO LTD