Online network threat detection method and system based on VPN traffic traction

Abstract

The present invention provides an online network threat detection method and system based on VPN traffic traction. The method includes: building a cloud online system, wherein the cloud online system is composed of at least one cloud server; building a VPN service on the cloud server; Deploy a bypass malicious threat traffic detection device at the gateway of the high-bandwidth network channel; the detection target connects to the cloud online system through a VPN account; the cloud online system pulls the network traffic of the detection target to the bypass malicious threat traffic detection device; bypasses malicious threat traffic The detection device detects the received network traffic and stores the detection results for the detection target to view. The present invention also provides a corresponding system, through the technical scheme of the present invention, the threat flow detection equipment is deployed online, the detection equipment can be shared, the maintenance of the detection equipment is facilitated, and the equipment deployment and labor costs are reduced.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to an online network threat detection method and system based on VPN traffic traction. Background technique [0002] The existing network threat detection, location and forensics technologies only use offline portable tools to the gateway of the detection target or even a single machine to manually deploy tools to complete the detection. In the process of tool deployment, threat detection and location, the traditional malicious traffic threat detection device needs to be deployed in the terminal device of the detection target or the routing gateway of the external export, and then the malicious traffic threat detection device is used to detect malicious traffic. Therefore, a lot of labor is needed to deploy equipment before forensic detection is implemented, and a large proportion of forensic events cannot detect the threat of malicious code, thus causing a lot of waste of l...

AI Technical Summary

Problems solved by technology

Therefore, a lot of labor is required to deploy devices before implementing forensic detection, and a large proportion of forensic incidents cannot detect the threat of malicious code, thus causing a lot of waste of labor costs

And in the past, deploying malicious traffic threat detection equipment on terminals or LAN gateways can only detect the network health status of a single node or LAN. If the detection target is deployed with an intrusion prevention detection system, there is no need for long-term deployment of malicious traffic threat detection equipment and traffic detection Health status. Long-term deployment will affect network transmission performance and device resource consumption. If the malicious traffic threat detection device is removed, the cost of device deployment will be further increased.

In addition, because the previous malicious traffic threat detection equipment belongs to the terminal detection type, if the detection is deployed on a large scale, a large number of detection equipment will be required, which will make it difficult to update the equipment, and it will be difficult to simultaneously upgrade the signature database and C2 library for detecting malicious traffic. , but also requires a lot of labor costs

In summary, the current detection methods need to consume a lot of manpower, physical and time resources, resulting in high cost investment and time lag in forensics

Images