Content audit system based on active defense mechanism and content audit method thereof

Abstract

The invention discloses a content audit system based on an active defense mechanism. The content audit system comprises an active defense module and a verification module, the active defense module comprises a network transmission data frame interception module, a data frame white list matching module, a data frame blacklist matching module, a data frame recombination and redirection module, a data frame sending module and a data frame accepting and restoring module; the verification module comprises a communication processing module and a judging module. The invention further discloses a content audit method of the content audit system based on the active defense mechanism. By adoption of the content audit system and the content audit method disclosed by the invention, the shortcomings of the prior art can be improved, and the system security can be improved through an active security policy.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a content auditing system and a content auditing method based on an active defense mechanism. Background technique [0002] Industrial control system network content audit equipment is a special product for information security that records and analyzes the protocols, data and behaviors in the industrial control network, and makes certain response measures. [0003] Existing audit equipment generally adopts the bypass access method, and uses the white list mechanism to record and analyze the configuration changes and command changes of each industrial control host computer in the industrial control network, such as engineer stations and operator stations. Configuration changes include Configuration uploading, downloading, and command changes include operations such as writing commands and related parameters. The real-time requirements for these operations are usually sev...

AI Technical Summary

Problems solved by technology

[0006] 1. For the various industrial control hosts in the industrial control network, such as malicious sabotage by insiders from the engineer station and operator station, management personnel abusing their power, improper operation by executive personnel, and man-made sabotage operations, they can only be monitored and passively defended after the event, and cannot be blocked. before the damage occurs;

[0007] 2. For the industrial control hosts in the industrial control network, such as malicious code software and viruses from the engineer station and operator station, the attack on the industrial control network can only be monitored and passively defended afterwards, and cannot be blocked before the damage occurs;

[0008] In short, the existing industrial control network audit equipment cannot adopt an active defense strategy against unreasonable human operations, viruses, and malware codes from various industrial control hosts, so that these hazards are blocked in the industrial control host and do not spread to the industrial network. , especially the "Stuxnet" virus that occurred on the industrial network equipment of Iran's Bushehr nuclear power plant, which can minimize the damage caused to industrial network equipment

Images