Detecting system and method for network invasion behaviour

A detection system and network intrusion technology, applied in the field of network security, can solve problems such as difficult application layer processing, high R&D costs, and difficult data processing

Active Publication Date: 2007-10-10
QI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC +1
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (2) ASIC chip implementation: product reliability and performance are high, but it is difficult to expand, its development cycle is long, and research and development costs are high
[0007] (3) NPU chip implementation: the product has high reliability and performance, and is easy to expand. The research and development cost and difficulty are between the above two methods. Its main advantage lies in the high processing performance of the header part of the network message. The data part of the network is difficult to process, and the performance of the network layer is very high, but it is difficult to process the application layer
[0008] Intrusion detection equipment mainly processes the data part of the message. Due to its complexity, it is basically realized by "industrial computer + software" at present. The efficiency is very low, and the throughput rate is at the level of 10M. bottleneck

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting system and method for network invasion behaviour
  • Detecting system and method for network invasion behaviour
  • Detecting system and method for network invasion behaviour

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The technical scheme of the present invention will be described in further detail below in conjunction with accompanying drawing and embodiment:

[0025] Referring to shown in accompanying drawing 1, this kind of network intrusion detection system includes Hifn NP4G3 network processor 1, PCI-X high-speed switching device 2, CAM cache memory 3 and content filter 4, wherein, network processor 1 and content filter The device 4 realizes the two-way connection of data exchange through the high-speed switching device 2 and the cache 3, wherein the content filter 4 is composed of a flow reassembly unit 5, a flow reassembly memory 6, and a pattern matching chip 7 for intrusion rule matching processing. Chip 7 uses IDT CIE PAX.ware 2500, stream reassembly unit 5 and stream reassembly memory 6 to reassemble network packets into network data streams and store them.

[0026] The working process of the network processor 1 is controlled and implemented through its internally stored s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The system comprises: network processor, high speed switch device, high speed buffer and content filter. Wherein, the content filter comprises a stream reassembling unit, a stream reassembling memory and a mode match chip. The stream reassembling unit and the stream reassembling memory reassembles the network message into the network data stream. The method comprises: 1) when the network message enters into the system, firstly the network processor makes the state check for the header of network message; the network message passing the rule check is saved in the high speed buffer; otherwise, abandoning the message; 2) reassembling the network message in high speed buffer into network data stream, and saving the reassembled stream into the memory; 3) the mode match chip extracts the network data stream, and uses a invasion rule to make match; the stream passing the examination will be replayed; otherwise, it will be abandoned.

Description

technical field [0001] The invention relates to a network intrusion behavior detection system and detection method, relates to network security equipment, and belongs to the technical field of network security. Background technique [0002] With the wide application of the network, the focus of network security has also changed. The main target of attacks has gradually changed from TCP / IP and other protocol layers to application layer attacks. More and more attacks are mainly aimed at specific applications or Therefore, the detection and prevention of application layer attacks has become a new hotspot in the field of network security. [0003] Network administrators are in great need of a gateway-level device with functions such as firewall and intrusion detection. It is deployed between the internal network and the external network to play the role of access control and intrusion prevention, and provide security protection for the internal network. [0004] The firewall de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & AuthorityApplications(China)
IPC IPC(8): H04L12/26H04L29/06H04L12/56H04L12/66
Inventor肖为剑宋斌王刚胡兆博孙然程勇
OwnerQI-ANXIN LEGENDSEC INFORMATION TECH (BEIJING) INC