Intranet security protection method and system based on behavior strategy, and medium

A security protection and behavior technology, applied in transmission systems, digital transmission systems, security communication devices, etc., can solve problems such as inability to guarantee security, and achieve the effect of avoiding transmission

Active Publication Date: 2022-01-07
河南信大网御科技有限公司 +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Although the construction of network equipment based on the principle of mimicry has played a good role in protecting itself, the mimicry defense function only protects the service functions in the mimicry world, and the functions outside the mimicry world cannot guarantee security. At the same time, it is limited by technology and Therefore, how to protect the dark functions or other functions other than the service functions of heterogeneous executives, and how to solve the problem of security protection of intranet devices against unknown threats are crucial for improving The security of intranet equipment is of great significance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intranet security protection method and system based on behavior strategy, and medium
  • Intranet security protection method and system based on behavior strategy, and medium
  • Intranet security protection method and system based on behavior strategy, and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] figure 2 A flow chart of an intranet security protection method based on a behavior policy is shown, and the behavior policy-based intranet security protection method includes the following steps:

[0042] Establish a MAC address table hostList (M1, M2, ..., Mn) corresponding to the intranet host, where M1 to Mn represent n MAC addresses corresponding to the intranet host;

[0043] Determine whether there is the first type of abnormal behavior in the intranet, and if there is the first type of abnormal behavior in the intranet, establish an association between the abnormality identifier I and the MAC address of the relevant intranet host;

[0044]Determine whether there is a second type of abnormal behavior in the intranet, and if there is a second type of abnormal behavior in the intranet, establish an association between the abnormality identifier II and the MAC address of the relevant intranet host;

[0045] Determine whether new traffic packets are received, and i...

Embodiment 2

[0065] It should be noted that SMAC, SIP, SPORT, DMAC, DIP, DPORT, FTYPE, and LENGTH abnormalities correspond to the first type of abnormal behavior and are marked by the abnormality identifier Ⅰ.

[0066] This embodiment provides a specific implementation method for identifying the first type of abnormal behavior, as shown in the attached Figure 4 As shown, when determining whether the first type of abnormal behavior exists in the intranet, execute:

[0067] Read each traffic packets transmitted by the data exchange unit, establish and update the data traffic record table hostData of each intranet host to learn the traffic behavior of each intranet host; the data traffic record table hostData_i of the i-th intranet host (SMAC, SIP, SPORT, DMAC, DIP, DPORT, FTYPE, LENGTH), SMAC means source MAC address, SIP means source IP address, SPORT means source port number, DMAC means destination MAC address, DIP means destination IP address, DPORT means Destination port number, FTYPE ...

Embodiment 3

[0077] It should be noted that abnormalities in Layer 2 communication protocols, Layer 3 communication protocols, application layer communication protocols, network traffic rates, or the total amount of network data correspond to the second type of abnormal behavior and are marked by the abnormality indicator II.

[0078] This embodiment provides a specific implementation method for identifying the second type of abnormal behavior, as shown in the attached Figure 5 As shown, when determining whether there is the second type of abnormal behavior in the intranet, execute:

[0079] According to the preset time interval and the corresponding data traffic record table hostData, create and update the behavior record table action (X 1 、X 2 ,...,X 6 ), where X 1 Indicates the Layer 2 communication protocol, X 2 Indicates the three-layer communication protocol, X 3 Indicates the application layer communication protocol, X 4 Indicates the network traffic rate, X 5 Indicates the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an intranet security protection method and system based on a behavior strategy, and a medium. The method comprises the following steps: judging whether a first type of abnormal behaviors and a second type of abnormal behaviors exist in an intranet; determining whether a new flow packets is received or not, responding to the received new flow packets, extracting a destination MAC address in the new flow packets, and comparing the destination MAC address with an MAC address table hostList; if the destination MAC address exists in the MAC address table hostList, judging that the new flow packets is an intranet message, and judging whether the new flow packets is a flow packets based on a connection protocol or not; if the new flow packet is not the traffic packet based on the connection protocol, judging whether the destination MAC address in the new flow packets is associated with an abnormal identifier I or an abnormal identifier II, and whether a source MAC address in the new traffic packets is associated with the abnormal identifier I or the abnormal identifier II; if not, generating a first flow control strategy; otherwise, generating a second flow control strategy so as to block the threat in the intranet.

Description

technical field [0001] The present invention relates to the technical field of intranet security protection, in particular, to a method, system and medium for intranet security protection based on behavior policies. Background technique [0002] With the rapid development and application of the network, more and more scenarios begin to use the network for communication. Intranet security issues have also received increasing attention. Traditional methods often ensure intranet security by increasing terminal security, for example, by deploying anti-virus software and firewalls on terminal devices. This method often provides better protection against known threats. Unknown threats often cannot be effectively protected. [0003] Based on the DHR framework, the service functions in the mimicry world are introduced into the mimicry camouflage strategy, so that the mapping relationship between the operating environment and service functions in the mimicry world is diversified an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/1425H04L63/20H04L63/0236Y02D30/50
Inventor 吕青松冯志峰郭义伟张建军
Owner 河南信大网御科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap