Network security detection method and system

Abstract

The invention provides a network security detection method and system. First four layers of a protocol of a capture data packet are analyzed to obtain quintuple information; an intrusion detection rule is used to carry out intrusion detection to the data packet; the quintuple information is used to add an identifier to the captured data packet; according to quintuple information of a stream object and a content of the data package, an application protocol type applied in the stream object is determined; according to the data packet with the identifier, flow data of the stream object using the same application protocol type is calculated and undergoes flow analysis; according to the application protocol type of the stream object, an analysis plug-in is used to analyze a data packet application layer protocol of the corresponding stream object so as to obtain data information; according to the data information, a user network behavior record is carried out; and the obtained data information obtained by analyzing is detected by matching a virus database. The intrusion detection, the network behavior detection, the abnormal flow analysis and the virus detection are integrated in one system, and only one interface is needed to realize multiple detection methods of the network access.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network security detection method and system. Background technique [0002] With the development of Internet technology, in order to prevent malicious network access from destroying, changing, and leaking data in the network system, and to ensure the safe and reliable operation of the network system, it is necessary to perform security detection on network access. Currently commonly used network security detection technologies include intrusion detection technology, network behavior audit technology, abnormal traffic analysis and calculation, and virus detection technology. [0003] The intrusion detection technology collects behavioral characteristics of abnormal network access and establishes a behavioral characteristic database. When a network access matching the behavioral characteristic database is detected, the network access is defined as intrusion access. The ...

AI Technical Summary

Problems solved by technology

Virus detection cannot solve the problem of network attack and network behavior audit

[0007] For most network devices, such as switches, routers, etc., only one data monitoring interface is configured for network security monitoring, and only one of the above methods can be used for security detection of network access. The above-mentioned technologies for network access security detection are different. There are advantages and disadvantages. Simply relying on a network security detection technology cannot identify all kinds of network attacks and intrusions, and cannot simultaneously realize the functions of network security status analysis, user behavior recording, attack monitoring and unknown malicious code identification.

Images