IDS system for monitoring and analysis based on real-time network flow and detection method

Abstract

The invention relates to an IDS system for monitoring and analyzing based on real-time network flow and a detection method, and belongs to the technical field of network security. The monitoring system comprises an interaction module, a data processing module, an intrusion detection module and a visualization module. The detection method comprises the following steps that the interactive system obtains initial data of the user terminal asset data flow of the advanced threat detection perception and response platform, the initial data is received by the data processing module, the data is preprocessed and then packaged into preprocessed data blocks, then anomaly detection is conducted, and a result is output. The traffic abnormality judgment module judges whether intrusion data exists or not, and if yes, the intrusion detection module sends the preprocessed data block to the interaction module for early warning and response; if not, returning the data to the data processing module; and when any one of the deep packet detection result and the deep flow detection result is abnormal or both are abnormal, judging that the collected Internet of Things data flow is abnormal. And the visualization module is used for representing a final result by using a graph.

Description

technical field [0001] The invention relates to an IDS system and a detection method for monitoring and analyzing based on real-time network traffic, belonging to the technical field of network security. Background technique [0002] The network has become an important information construction infrastructure in our country, and frequent network security incidents have caused serious threats to it. In recent years, some research work has begun to focus on real-time intrusion detection, and enterprises and security operators have deployed a large number of network security devices. When a network attack occurs, the network security devices deployed at all levels of the network will generate network security alarm information. However, the focus of these concerns lies in the following two aspects: (1) passive detection, which sends an alarm after the intrusion occurs, and minimizes system losses; (2) uses a large number of filtering rules to check one by one. However, the ala...

AI Technical Summary

Problems solved by technology

[0004] At present, the network security awareness of small, medium and micro enterprises in my country is relatively weak, and they do not pay enough attention to network security. In addition, the previous network security systems and equipment are difficult to effectively manage in the face of massive unreliable security incidents. The equipment is expensive and the maintenance cost is relatively high. Without professional security operation and maintenance personnel, even if a lot of costs are spent on network security protection, the results achieved are mostly unsatisfactory

[0005] Thus existing work cannot address the goals proposed in the present invention

Images