CN105429987A - Security system for computer network - Google Patents

Abstract

The invention discloses a security system for a computer network. The security system comprises a host, a virtual switch, a core physical switch and a bypass firewall, wherein encryption modules are respectively arranged in the host and the virtual switch; an identity verification module is also arranged in the virtual switch; a key of each encryption module is updated once at each access; the security system further comprises a virus characteristic matching module, a port audit module, a traffic statistics module, a network anomaly assessment module, a virus isolation module, an emergency channel module, a restoration module and a data isolation uploading module, According to the security system, the network traffic is monitored and audited, so that the network is maintained in good condition; through analysis and memory of an unknown invasion behavior, the network immunocompetence is improved; the key is updated once at each access, so that the security of the network is further improved, and meanwhile, the system has data protection capability, so that a condition that a user is away from a computer to cause information loss is also avoided.

Description

A kind of safety system of computer network

Technical field

The present invention relates to computer network field, be specifically related to a kind of safety system of computer network.

Background technology

Along with the fast development of computer technology and network, computer is made to have become people's indispensable instrument in work, studying and living.Equally, the development of computer network, also bring the potential safety hazard of subscriber computer information, the network information is stolen, information attack, virus are propagated etc. exists all the time and occurs.

Network security is the key issue always studied in computer network and application thereof, but traditional network security theory and technology also exist following three defects that cannot overcome.First, central controlled method seems unable to do what one wishes for current distributed network environment; Secondly, network has homoorganicity, cannot stop suspected intruder and virus wide-scale distribution rapidly; Again, current network threatens makes rapid progress, and the nature static of legacy network safety theory and technology and passivity cannot adapt to badly changeable network environment.

Summary of the invention

For solving the problem, the invention provides a kind of safety system of computer network, carry out monitoring to network traffics and audit, maintaining network kilter, by to the analysis of unknown intrusion behavior and memory, improve network immunocompetence, effectively can control damaging range after invasion, guarantee a network connections and normally providing of serving, this system possesses independently repairs reducing power, the operation of maintaining network is stablized, and often accesses simultaneously and once namely upgrades a secondary key, further increase the safety of network.

For achieving the above object, the technical scheme that the present invention takes is:

A kind of Computer Network Security System, comprise main frame, virtual switch, core physical switches and bypass fire compartment wall, main frame is connected with virtual switch by Microsoft Loopback Adapter, virtual switch is connected with core physical switches by trunk passage, an output of core physical switches is connected with server by optical fiber, the other end is connected with the trust interface of bypass fire compartment wall by trunk passage, the untrust interface of described bypass fire compartment wall is crossed optical fiber and is connected with server, it is characterized in that, an encrypting module is respectively provided with in main frame and virtual switch, an authentication module is also provided with in virtual switch, after often once accessing, namely the key updating of an encrypting module is carried out,

Also comprise

Virus characteristic matching module, calculates the virus characteristic fingerprint of monitored main-machine communication packet, records comparison with in virus characteristic storehouse;

Port Audit Module, the key element choosing communication connection neutralization service relevant is comprehensively analyzed, for maintenance and research provide full and accurate report;

Traffic statistics module, raw data packets header information is utilized to carry out traffic statistics, traffic statistics are carried out in units of each connection that main frame is external, by extracting communicating pair IP and the computing of port numbers characteristic information participation hash function, hash-collision is solved with the algorithm of step-length multiplication, and the integrated flow connected belonging to upgrading with the message length field value in packet header;

Network Abnormal evaluation module, sets up polymorphic response to network anomaly assessment model, choosing tool characteristic parameter when network attack occurs and carries out quantification investigation, providing different response and treatment advice to threatening in various degree;

Virus isolation module, utilizes analog service and the main-machine communication producing abnormal flow, extracting attack fingerprint characteristic, enriches virus characteristic storehouse;

Escape truck module, being captured the user of main frame for pointing out, operational environment being adjourned to escape truck and works on, need not interruption of work process safety problem;

Recovery module, when leaving computer for finishing the work until user, sent to the designated mobile phone of user by short message editor module, thus prompting user there is potential safety hazard and provide the accurate recovery time suggestion, and help user select that computer is returned to invasion before safe condition;

Data, for the assessment result drawn according to Network Abnormal evaluation module, are carried out packing and are uploaded by transmission module in data isolation, and the data in dump.

Wherein, the step of described encrypting module encryption comprises:

The parameter that S1, initialization run in developing, utilize self feed back mapping function to carry out initialization to population in evolution, stochastic generation contains the initial population of some individualities;

S2, to calculate in current population for checking the frequency adaptive value of each individual frequency and for checking the sequence adaptive value of each individual sequence;

S3, contrast the adaptive value of each individuality and its place other individualities of population, calculate the order of each individuality in current population;

S4, according to rank value, descending is carried out to the individuality in population after, carry out random sampling, and divided by the system number of key, obtain quotient and remainder;

S5, will calculate obtain quotient as current be-encrypted data, and continue perform step S1, until calculate obtain quotient be zero;

Extraction operation rule in S6, use key selects a specific plaintext section;

S7, using calculate at every turn acquisition remainder arrangement and specific plaintext section as encrypted sequence of data.

Wherein, describedly also comprising a virus characteristic storehouse, for storing the special data of various virus, being connected with a update module, upgrade the data in virus characteristic storehouse for timing.

Wherein, described viral isolation module comprises

Virtual responder module, by providing virtual response and providing corresponding Virtual Service, makes opponent continue to attack to obtain attack traffic;

Analog service module, by performing analog service script, the main frame being redirected to immune isolation unit with flow carries out alternately, the reciprocal process of simulation normal service, makes threat main frame continue to attack;

Attack is put on record module, and record security isolation module and having threatens the communication information between main frame and write into Databasce, and the described communication information comprises call duration time, the IP of communicating pair and port information and assailant's operation system fingerprint information;

Data-mining module, when to arrive the flow of immune isolation unit if assert be dangerous flow, system intelligence extracting attack fingerprint characteristic by described feature stored in immune characteristic storehouse.

The present invention has following beneficial effect:

Carry out monitoring to network traffics and audit; maintaining network kilter; by to the analysis of unknown intrusion behavior and memory; improve network immunocompetence; effectively damaging range can be controlled after invasion; guarantee a network connections and normally providing of serving; this system possesses independently repairs reducing power; the operation of maintaining network is stablized; often access simultaneously and once namely upgrade a secondary key; further increase the safety of network, possess data protection ability simultaneously, it also avoid the generation of the situation not causing information dropout due to user before computer.

Accompanying drawing explanation

Fig. 1 is the structural representation of the safety system of a kind of computer network of the embodiment of the present invention.

Embodiment

In order to make objects and advantages of the present invention clearly understand, below in conjunction with embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.

As shown in Figure 1, embodiments provide a kind of Computer Network Security System, comprise main frame, virtual switch, core physical switches and bypass fire compartment wall, main frame is connected with virtual switch by Microsoft Loopback Adapter, virtual switch is connected with core physical switches by trunk passage, an output of core physical switches is connected with server by optical fiber, the other end is connected with the trust interface of bypass fire compartment wall by trunk passage, the untrust interface of described bypass fire compartment wall is crossed optical fiber and is connected with server, an encrypting module is respectively provided with in main frame and virtual switch, an authentication module is also provided with in virtual switch, after often once accessing, namely the key updating of an encrypting module is carried out,

Also comprise

Virus characteristic matching module, calculates the virus characteristic fingerprint of monitored main-machine communication packet, records comparison with in virus characteristic storehouse;

Port Audit Module, the key element choosing communication connection neutralization service relevant is comprehensively analyzed, for maintenance and research provide full and accurate report;

Traffic statistics module, raw data packets header information is utilized to carry out traffic statistics, traffic statistics are carried out in units of each connection that main frame is external, by extracting communicating pair IP and the computing of port numbers characteristic information participation hash function, hash-collision is solved with the algorithm of step-length multiplication, and the integrated flow connected belonging to upgrading with the message length field value in packet header;

Network Abnormal evaluation module, sets up polymorphic response to network anomaly assessment model, choosing tool characteristic parameter when network attack occurs and carries out quantification investigation, providing different response and treatment advice to threatening in various degree;

Virus isolation module, utilizes analog service and the main-machine communication producing abnormal flow, extracting attack fingerprint characteristic, enriches virus characteristic storehouse;

Escape truck module, being captured the user of main frame for pointing out, operational environment being adjourned to escape truck and works on, need not interruption of work process safety problem;

Recovery module, when leaving computer for finishing the work until user, sent to the designated mobile phone of user by short message editor module, thus prompting user there is potential safety hazard and provide the accurate recovery time suggestion, and help user select that computer is returned to invasion before safe condition;

Data, for the assessment result drawn according to Network Abnormal evaluation module, are carried out packing and are uploaded by transmission module in data isolation, and the data in dump.

The step of described encrypting module encryption comprises:

The parameter that S1, initialization run in developing, utilize self feed back mapping function to carry out initialization to population in evolution, stochastic generation contains the initial population of some individualities;

S2, to calculate in current population for checking the frequency adaptive value of each individual frequency and for checking the sequence adaptive value of each individual sequence;

S3, contrast the adaptive value of each individuality and its place other individualities of population, calculate the order of each individuality in current population;

S4, according to rank value, descending is carried out to the individuality in population after, carry out random sampling, and divided by the system number of key, obtain quotient and remainder;

S5, will calculate obtain quotient as current be-encrypted data, and continue perform step S1, until calculate obtain quotient be zero;

Extraction operation rule in S6, use key selects a specific plaintext section;

S7, using calculate at every turn acquisition remainder arrangement and specific plaintext section as encrypted sequence of data.

Describedly also comprising a virus characteristic storehouse, for storing the special data of various virus, being connected with a update module, upgrade the data in virus characteristic storehouse for timing.

Described viral isolation module comprises

Virtual responder module, by providing virtual response and providing corresponding Virtual Service, makes opponent continue to attack to obtain attack traffic;

Analog service module, by performing analog service script, the main frame being redirected to immune isolation unit with flow carries out alternately, the reciprocal process of simulation normal service, makes threat main frame continue to attack;

Attack is put on record module, and record security isolation module and having threatens the communication information between main frame and write into Databasce, and the described communication information comprises call duration time, the IP of communicating pair and port information and assailant's operation system fingerprint information;

Data-mining module, when to arrive the flow of immune isolation unit if assert be dangerous flow, system intelligence extracting attack fingerprint characteristic by described feature stored in immune characteristic storehouse.

The trust interface of described bypass fire compartment wall and untrust interface divide vlan sub-interface by 802.1Q agreement, be divided into the VLAN passage of each self-isolation, Visitor Logs adopts data link table form to store, when without memory space, the Visitor Logs that preferential deletion is old, before access, first virtual switch is retrieved the Visitor Logs stored, according to historical record determination access privileges, access privileges is that the priority of high access is higher than few visit capacity.

The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (4)

1. a Computer Network Security System, comprise main frame, virtual switch, core physical switches and bypass fire compartment wall, main frame is connected with virtual switch by Microsoft Loopback Adapter, virtual switch is connected with core physical switches by trunk passage, an output of core physical switches is connected with server by optical fiber, the other end is connected with the trust interface of bypass fire compartment wall by trunk passage, the untrust interface of described bypass fire compartment wall is crossed optical fiber and is connected with server, it is characterized in that, an encrypting module is respectively provided with in main frame and virtual switch, an authentication module is also provided with in virtual switch, after often once accessing, namely the key updating of an encrypting module is carried out,

Also comprise

Virus characteristic matching module, calculates the virus characteristic fingerprint of monitored main-machine communication packet, records comparison with in virus characteristic storehouse;

Port Audit Module, the key element choosing communication connection neutralization service relevant is comprehensively analyzed, for maintenance and research provide full and accurate report;

Traffic statistics module, raw data packets header information is utilized to carry out traffic statistics, traffic statistics are carried out in units of each connection that main frame is external, by extracting communicating pair IP and the computing of port numbers characteristic information participation hash function, hash-collision is solved with the algorithm of step-length multiplication, and the integrated flow connected belonging to upgrading with the message length field value in packet header;

Network Abnormal evaluation module, sets up polymorphic response to network anomaly assessment model, choosing tool characteristic parameter when network attack occurs and carries out quantification investigation, providing different response and treatment advice to threatening in various degree;

Virus isolation module, utilizes analog service and the main-machine communication producing abnormal flow, extracting attack fingerprint characteristic, enriches virus characteristic storehouse;

Escape truck module, being captured the user of main frame for pointing out, operational environment being adjourned to escape truck and works on, need not interruption of work process safety problem;

Recovery module, when leaving computer for finishing the work until user, sent to the designated mobile phone of user by short message editor module, thus prompting user there is potential safety hazard and provide the accurate recovery time suggestion, and help user select that computer is returned to invasion before safe condition;

Data, for the assessment result drawn according to Network Abnormal evaluation module, are carried out packing and are uploaded by transmission module in data isolation, and the data in dump.

2. a kind of Computer Network Security System according to claim 1, is characterized in that, the step of described encrypting module encryption comprises:

The parameter that S1, initialization run in developing, utilize self feed back mapping function to carry out initialization to population in evolution, stochastic generation contains the initial population of some individualities;

S2, to calculate in current population for checking the frequency adaptive value of each individual frequency and for checking the sequence adaptive value of each individual sequence;

S3, contrast the adaptive value of each individuality and its place other individualities of population, calculate the order of each individuality in current population;

S4, according to rank value, descending is carried out to the individuality in population after, carry out random sampling, and divided by the system number of key, obtain quotient and remainder;

S5, will calculate obtain quotient as current be-encrypted data, and continue perform step S1, until calculate obtain quotient be zero;

Extraction operation rule in S6, use key selects a specific plaintext section;

S7, using calculate at every turn acquisition remainder arrangement and specific plaintext section as encrypted sequence of data.

3. a kind of Computer Network Security System according to claim 1, is characterized in that, describedly also comprises a virus characteristic storehouse, for storing the special data of various virus, is connected with a update module, upgrades the data in virus characteristic storehouse for timing.

4. a kind of Computer Network Security System according to claim 1, is characterized in that, described viral isolation module comprises

Virtual responder module, by providing virtual response and providing corresponding Virtual Service, makes opponent continue to attack to obtain attack traffic;

Analog service module, by performing analog service script, the main frame being redirected to immune isolation unit with flow carries out alternately, the reciprocal process of simulation normal service, makes threat main frame continue to attack;

Attack is put on record module, and record security isolation module and having threatens the communication information between main frame and write into Databasce, and the described communication information comprises call duration time, the IP of communicating pair and port information and assailant's operation system fingerprint information;

Data-mining module, when to arrive the flow of immune isolation unit if assert be dangerous flow, system intelligence extracting attack fingerprint characteristic by described feature stored in immune characteristic storehouse.