Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Suspected network threat information screener and screening and processing method

An information screening and suspicious technology, applied in the direction of security communication devices, digital transmission systems, electrical components, etc., can solve the problems of slow protocol analysis and processing speed, low system performance, missing data packets, etc., to improve detection efficiency and processing Powerful functions, saving hardware resources

Inactive Publication Date: 2009-12-09
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above-mentioned IDS systems based on hardware equipment can execute relatively high-complexity programs (processing methods), these high-performance gigabit-level IDS devices are often complex in structure and expensive, and are difficult to obtain in the vast number of small and medium-sized users. promotion and popularization
In addition, in view of the defects of the above-mentioned hardware-based IDS systems, at present, there are methods of using pure software to implement intrusion detection on platforms such as personal computers, such as: open source SNORT IDS, etc.; although these software IDS systems have low operating costs, And it has a strong intrusion detection capability, but because the rate of software packet grabbers in this type of IDS system is generally tens of megabits per second, if it is applied to a gigabit network, there will be: one is running It will directly miss a lot of data packets. Second, the pattern matching implemented by software makes the processing speed of protocol analysis extremely slow, which eventually leads to fatal defects such as low performance of the entire system.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Suspected network threat information screener and screening and processing method
  • Suspected network threat information screener and screening and processing method
  • Suspected network threat information screener and screening and processing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In this embodiment, there are 10 sets of network switching equipment (C 1-10 ) and the corresponding intrusion detection system A as an example:

[0026] The filter B in the present embodiment adopts the STRATIX III EP3SL150F FPGA (Field Programmable Gate Array) device produced by ALTERA Company as the filter body, wherein it is set: data aggregation module 1 resource configuration 1500 logic units and 0.5 megabit RAM ; The packet header and payload separation module 2 resource configuration is 600 logical units; the network layer suspected threat data packet screening 3 resource configuration is 1500 logical units; the transmission layer suspected threat data packet screening module 4 resource configuration is 1500 logical units; processing output Module 5 resource configuration is 150 logical units; in preprocessing module 6: IP reassembly unit 6.1 resource configuration is 2000 logical units and 5 Mbit RAM, TCP session reassembly unit 6.2 resource configuration is 20...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to a screener and a screening method for screening information tending to enter a detection system in the technical field of network safety. The screener adopts a functional module architecture device which is formed by modulating the F P G A logical resource and includes data aggregation, packet and payload separation, screening of suspected threat data packet in a network layer and a transmission layer, output processing, preprocessing, screening of suspected threat data packet in an application layer, and software and hardware interfaces; and the screening method includes aggregation processing, separation processing, screening of suspected threat data packet in the network layer and the transmission layer, output processing, data packet preprocessing and screening of suspected threat data packet in the application layer, and finally sends the data packet containing the suspected threat information into an intrusion detection system. The screener has the advantages of compact design and strong processing capability, the load of the intrusion detection system can be greatly reduced when the screener is matched with the intrusion detection system, and the invention increases the detection efficiency and the utilization ratio of the detection system, expands the range of detection, reduces the running cost, guarantees the safe running of the network, etc.

Description

technical field [0001] The invention belongs to the technical field of network security, especially a filter and a screening processing method for screening suspected threat information existing in the network, which is matched with an intrusion detection system (IDS: Intrusion Detection System). , the information flow intended to enter the detection system can be screened first, the normal information flow can be screened out, and only the data packets containing suspected threat information can be sent to the intrusion detection system (IDS) for further processing. Background technique [0002] With the development of the Internet, people pay more and more attention to network security. Intrusion Detection System (IDS), a new network security technology, is considered to be the second security door behind the firewall. IDS collects information from key points in the computer network and detects the information (such as: protocol analysis, feature detection, anomaly detect...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/36
Inventor 郑宇赵文豪周亮郭志勇李广军潘经纬杨一波钱宇平
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products