Rule description method and construction method for network access control and medium

A network access control and rule technology, applied in the field of network security, can solve problems such as unfavorable maintenance and affecting the efficiency of rule execution, and achieve the effect of convenient modification and improved rule expression ability

Inactive Publication Date: 2019-02-26
INST OF INFORMATION ENG CAS
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, as the rules become more and more complex, there are a large number of repeated rules in the rules. For example, a group of malicious IP addresses appear repeatedly in multiple SNORT rules, which will affect the execution efficiency of the rules and is not conducive to maintenance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule description method and construction method for network access control and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The rule description method of the present invention will be described in detail below in conjunction with examples.

[0028] The construction of the access control rule of the present invention comprises the following three steps:

[0029] (1) Construct the characteristics of network access behaviors, that is, the conditions to be met for the implementation of access control rules.

[0030] a) If the existing group configuration is reused, record the group configuration ID. Otherwise, create a new group configuration and assign a unique group configuration ID.

[0031] b) Add domain configuration within the group configuration. For each piece of domain configuration it contains, assign a domain configuration ID, and store the relationship between the domain configuration ID and the group configuration ID it belongs to. After that, determine the matching location and matching content of the domain configuration

[0032] c) Record the group configuration ID.

[0033...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a rule description method and construction method for network access control and a medium. The rule description method is characterized in that each rule includes three levelsof domain configuration, group configuration, and compilation configuration; and the domain configuration is used for describing a network behavior needing matching, the group configuration includes aplurality of domain configurations and is used for describing a set of network behaviors needing matching, and the compile configuration is used for describing a strategy that is employed when the flow meets the network behaviors described by the group configuration. On the basis of the described rule, high-efficiency, precise, and flexible access control is realized.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a rule description method for network access control, a construction method and a medium. Background technique [0002] In recent years, with the development of various technologies, the network security situation has become increasingly severe, and enterprises and organizations have a strong demand for internal network access control. [0003] In the intrusion detection scenario, in order to prevent internal users from accessing risky websites, such as phishing websites and websites linked to horses, a blacklist will be established to prohibit access to such websites. In the data leakage prevention scenario, in order to prevent the important data of the enterprise from being stolen by insiders or attackers, access control technology will also be used to prevent this problem. [0004] Currently, there are two types of methods for describing network access behaviors, one is based on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0263
Inventor 刘庆云郑超
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products