Method for implementing virtual engine technique for intrusion detection

A virtual engine and intrusion detection technology, applied in the field of computer networks, can solve the problems of high installation and maintenance costs, difficult deployment and monitoring, and inconvenient network expansion, achieving low cost investment, improving pertinence, and reducing false positives. Effect

Inactive Publication Date: 2008-10-29
BEIJING VENUS INFORMATION TECH +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The disadvantage of using multiple NIDS engines is that the product cost is relatively high. Since it needs to be installed at the entrances of multiple protected networks, the installation and maintenance costs are relatively high, and it is not easy to expand. In addition, multiple port mirroring needs to be done for switches. will affect the performance of the network
At the same time, it is not easy to deploy and monitor devices in the same VLAN (Virtual LAN, Virtual Local Area Network) network across different switches
[0004] Using NIDS that supports multiple listening ports for intrusion detection, on the one hand, it is not easy to expand the protected network, on the other hand, it is also difficult to deploy and monitor devices in the same VLAN network across different switches

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing virtual engine technique for intrusion detection
  • Method for implementing virtual engine technique for intrusion detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] Embodiment 1: an intrusion detection virtual engine technology implementation method includes the following steps;

[0026] Define the virtual engine:

[0027] The Unreal Engine is customized through the Unreal Engine Customization Wizard.

[0028] The main content of defining the virtual engine includes: the name of the virtual engine, the division type and scope of the virtual engine.

[0029] Generally, virtual engines are divided and defined according to protected objects. The division types of the virtual engine include: division according to VLAN tag information, division according to IP address information, and division according to MAC address information.

[0030] VLAN tag division format, VLAN tag is the identification number (VLAN ID) of a certain VLAN, and the format includes VLAN ID enumeration and VLAN ID range. Among them, the enumeration of VLAN IDs is separated by ",", for example: 1, 2, 4; the range of VLAN IDs is separated by "-", for example: 6-12...

Embodiment 2

[0058] Embodiment 2: A scenario application example of an intrusion detection virtual engine technology implementation method;

[0059] For example, different departments in an enterprise, such as the president's office, financial department, sales department, and general office, have different security requirements. If the same intrusion detection strategy is adopted, various problems will inevitably arise. If the policy is set too strictly, it will inevitably cause departments with low security sensitivity requirements (such as general offices, logistics departments, etc.) to receive alarms constantly, challenging their nerves again and again, and will cause "wolf is coming" over time If the policy setting is too simple, although non-sensitive departments no longer have to endure frequent "false alarms", it will undoubtedly relax the control of important departments (such as the president's office, financial department, and sales department). etc.) data detection, these high...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention features the physical engine of an Intrusion Detection System that virtualizes multi engines, by which the classified protection can be made according to the network condition of client, VLAN TAG information, IP address information or MAC address information. On each virtual engine, different detection strategy and security strategy standard can be executed and set in order to implement the object-oriented intrusion detection.

Description

technical field [0001] The present invention relates to a key technology of a network intrusion detection system (NIDS: Network Intrusion Detection System), which is one of the important products of network security——the implementation method of intrusion detection virtual engine technology (Intrusion Detection Virtual Engine Technology), which belongs to computer network technology field. Background technique [0002] NIDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response of network security events. Currently, in a large network, the protected networks of different departments, physical locations, or functional units may have different security requirements, or face different security risks, requiring different detection strategies and response methods. Usually, the solution will generally use multiple NIDS engines or NIDS ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06G06F7/08G06F11/30H04L9/32
Inventor 刘剑波王洋尚振威牟宪波焦玉峰
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap