CN114095255A - Network security monitoring method, device and storage medium - Google Patents
Network security monitoring method, device and storage medium Download PDFInfo
- Publication number
- CN114095255A CN114095255A CN202111387973.1A CN202111387973A CN114095255A CN 114095255 A CN114095255 A CN 114095255A CN 202111387973 A CN202111387973 A CN 202111387973A CN 114095255 A CN114095255 A CN 114095255A
- Authority
- CN
- China
- Prior art keywords
- data
- classification
- network
- priority
- key data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012544 monitoring process Methods 0.000 title claims abstract description 22
- 238000004458 analytical method Methods 0.000 claims abstract description 15
- 238000007405 data analysis Methods 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 6
- 238000012423 maintenance Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 abstract description 4
- 238000001514 detection method Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 6
- 238000012550 audit Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device and a storage medium for network security monitoring, which comprises the steps of obtaining a complete mirror image network data packet from a link layer of a mirror image data server; according to the obtained data packet, classifying and storing the key data in the data packet according to a readable format; according to the classification of the key data, correspondingly defining a priority for each classification, accessing and exporting the key data stored in the classification, and sequentially issuing the key data from high to low according to the priority; and according to the issued classification data, performing data analysis on the classification data, and generating analysis data and alarm information. The invention can quickly find various network security threats encountered by an IP-based network, such as an IP multimedia subsystem network, and prompt network maintenance personnel to process in time, thereby playing good monitoring and preventing roles, simultaneously ensuring the security of an internal network under the condition of influencing the network operation speed as little as possible, and having high processing speed and high efficiency for the accessed data detection.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method, a device and a storage medium for network security monitoring.
Background
With the rapid development of network technology, especially the rapid popularization of the Internet, computer networks have been deeply penetrated into people's lives and various industries, and play more and more important roles in data processing, information dissemination, electronic commerce and the like. However, the network brings a lot of security problems such as frequent hacking, serious information theft, etc. while bringing a lot of information quickly and conveniently. The network security problem is becoming a great challenge for informatization of human society, and is increasingly paid attention by people. Therefore, there is a need to provide a network security monitoring method that can quickly discover various network security threats encountered by an IP-based network, and prompt network maintenance personnel to perform processing in time, thereby playing a good role in monitoring and preventing.
Disclosure of Invention
The present invention is directed to a method, an apparatus, and a storage medium for network security monitoring, so as to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
a method of network security monitoring, comprising:
acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
according to the obtained data packet, classifying and storing the key data in the data packet according to a readable format;
according to the classification of the key data, correspondingly defining a priority for each classification, accessing and exporting the key data stored in the classification, and sequentially issuing the key data from high to low according to the priority;
and according to the issued classification data, performing data analysis on the classification data, and generating analysis data and alarm information.
Preferably, the verification whether the mirror network data packet is acquired completely comprises: comparing bytes of each received data packet, checking a mark field in the RTP packet, and indicating that one frame of data is completely received if the detected mark field appears as 0 and 1 of adjacent bits according to the data.
Preferably, the classifying the key data in the key data classification storage according to the readable format by the data packet includes: the key data is divided into source IP, destination IP, protocol type, IP packet size, port and MAC address, and then stored in a column type storage mode.
Preferably, the region where the classified storage is located is correspondingly divided into a plurality of sub-regions for storing classified key data, and the definition of the priority includes first defining the sub-regions, then accessing, then initializing, and finally setting the priority.
Preferably, the definition of the sub-regions comprises the general definition of a person variable or an array of sub-region structures, the access comprises the access to a writing method of the person variable and the access to a writing method of an element in a pointer variable p, the initialization comprises the simultaneous initialization of the definition, a structure variable is defined firstly and then assigned one by one, the value is assigned when the element is read in, the initialization is carried out by using a constructor, the priority setting comprises the function and the cmp in the sort is written outside the structure, and the structure is packaged by struct.
In order to achieve the above purpose, the invention also provides the following technical scheme:
an apparatus for network security monitoring, comprising:
the acquisition module is used for acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
the classified storage module is used for classifying and storing the key data in the data packet according to a readable format according to the acquired data packet;
the definition module is used for correspondingly defining the priority for each category according to the category of the key data, accessing the key data stored in the category, exporting the key data and sequentially issuing the key data from high to low according to the priority; and
and the analysis module is used for carrying out data analysis on the classification data according to the issued classification data and generating analysis data and alarm information.
Preferably, the obtaining module includes:
the comparing unit is used for comparing the bytes of the received data packets each time;
and the verification unit is used for checking the mark field in the RTP packet, and if the detected mark field appears as 0 and 1 of adjacent bits according to the data, the data receiving of one frame is complete.
Preferably, the definition module includes:
the sub-region definition unit is used for defining a person variable or an array for the sub-region structural body;
the access unit is used for accessing the writing method of the person variable and the writing method of the element in the pointer variable p;
the initialization unit is used for defining and initializing at the same time, firstly defining a structure variable, then assigning values one by one, assigning values when reading in, and initializing by using a constructor;
and the priority setting unit is used for writing the function and the cmp in the sort outside the structural body and packaging the function and the cmp in the struct by using struct.
In order to achieve the above purpose, the invention also provides the following technical scheme:
a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of the preceding claims.
Compared with the prior art, the invention has the beneficial effects that:
the method can quickly discover various network security threats encountered by an IP-based network, such as an IP multimedia subsystem network, and prompt network maintenance personnel to process in time, thereby playing good monitoring and preventing roles, ensuring the security of an internal network under the condition of influencing the network operation speed as little as possible, and having high processing speed and high efficiency on the accessed data detection.
Drawings
FIG. 1 is a block diagram of a method of an apparatus for network security monitoring of the present invention;
FIG. 2 is a schematic diagram of a network security monitoring apparatus according to the present invention;
FIG. 3 is a schematic diagram of an acquisition module of the present invention;
FIG. 4 is a schematic diagram of a defining module of the present invention;
FIG. 5 is an internal structural view of a computer apparatus of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example (b):
referring to fig. 1 to 5, the present invention provides a technical solution:
a method of network security monitoring, comprising:
s101, acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
s102, classifying and storing key data in the data packet according to a readable format according to the acquired data packet;
s103, correspondingly defining a priority for each category according to the category of the key data, accessing and exporting the key data stored in the category, and issuing the key data in sequence from high to low according to the priority;
and S104, performing data analysis on the classified data according to the issued classified data, and generating analysis data and alarm information.
Specifically, the verification whether the mirror network data packet is completely acquired includes: comparing bytes of each received data packet, checking a mark field in the RTP packet, and indicating that one frame of data is completely received if the detected mark field appears as 0 and 1 of adjacent bits according to the data.
Specifically, the classifying, by the data packet, the key data in the key data classification storage according to the readable format includes: the key data is divided into source IP, destination IP, protocol type, IP packet size, port and MAC address, and then stored in a column type storage mode.
Specifically, the region where the classified storage is located is correspondingly divided into a plurality of sub-regions for storing classified key data, and the definition of the priority includes firstly defining the sub-regions, secondly accessing, secondly initializing, and finally setting the priority.
Specifically, the definition of the sub-regions comprises the general definition of a person variable or an array of a sub-region structure, the access of a writing method comprising the access of the person variable and a writing method comprising the access of an element in a pointer variable p, the initialization comprises the simultaneous initialization of the definition, a structure variable is defined firstly, then the value is assigned one by one, the value is assigned when the value is read in, the initialization is carried out by using a constructor, the priority setting comprises the writing of a function and a cmp in sort outside the structure, and the structure is packaged by struct.
In the present invention, a network security monitoring apparatus includes:
the acquisition module is used for acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
the classified storage module is used for classifying and storing the key data in the data packet according to a readable format according to the acquired data packet;
the definition module is used for correspondingly defining the priority for each category according to the category of the key data, accessing the key data stored in the category, exporting the key data and sequentially issuing the key data from high to low according to the priority; and
and the analysis module is used for carrying out data analysis on the classification data according to the issued classification data and generating analysis data and alarm information.
Specifically, the obtaining module includes:
the comparing unit is used for comparing the bytes of the received data packets each time;
and the verification unit is used for checking the mark field in the RTP packet, and if the detected mark field appears as 0 and 1 of adjacent bits according to the data, the data receiving of one frame is complete.
Specifically, the definition module includes:
the subarea defining unit is used for defining a person variable or an array in the subarea structural body;
the access unit is used for accessing the writing method of the person variable and the writing method of the element in the pointer variable p;
the initialization unit is used for defining and initializing at the same time, firstly defining a structure variable, then assigning values one by one, assigning values when reading in, and initializing by using a constructor;
and the priority setting unit is used for writing the function and the cmp in the sort outside the structural body and packaging the function and the cmp in the struct by using struct.
In the present invention, the computer program realizes the steps of the method as described in any one of the above when executed by a processor.
In the invention, the data flow direction is as follows: the method comprises the steps that an acquisition module acquires a complete mirror image network data packet from a link layer of a mirror image data server, a classification storage module stores key data in the data packet in a classification mode such as a source IP (Internet protocol), a target IP, a protocol type, an IP packet size, a port, an MAC (media access control) address and the like into a database according to the acquired data packet in a readable format, a definition module correspondingly defines priority for each classification according to the classification of the key data, accesses and exports the classified and stored key data, and sequentially issues the key data from high to low according to the priority, finally an analysis module analyzes the data according to rules and generates analysis data and alarm information, and finally an alarm information display module displays the relevant information to a system analyst for processing.
The method of the invention can quickly find various network security threats encountered by an IP-based network, such as an IP multimedia subsystem network, and prompt network maintenance personnel to process in time, thereby playing a good role in monitoring and preventing.
In the invention, byte comparison is carried out on each received data packet, a mark field in an RTP packet is checked, complete data receiving of a frame is shown according to the fact that the detected mark field appears as 0 and 1 of adjacent bits, then key data are divided into a source IP, a target IP, a protocol type, an IP packet size, a port and an MAC address, and then the data are stored in a column type storage mode: the line memory is correspondingly divided into a plurality of sub-regions used for storing classified key data, and the priority is defined so that the data can be issued according to the importance or the priority degree, specifically, the definition of the sub-regions comprises the general definition of a person variable or an array of a structure body of the sub-regions, the access comprises the writing method of accessing the person variable, the writing method of an element in a pointer variable p, the initialization comprises the simultaneous initialization of the definition, a structure body variable is defined firstly, then the value is assigned one by one, the value is assigned when being read in, the initialization is carried out by using a construction function, the priority setting comprises the function and the cmp in the sort, the function and the cmp are written outside the structure body, and the structure is packaged by struct. For the priority queue, the most important is the priority sequence, the idea can also adopt a self-defined data structure, and the overloading is less than an operator function, and the overloading is taken as a friend function and then output. It can be understood that the effect of the smaller than signal after reloading is to compare the data with smaller priority in the array, if the party with a larger data value is returned, the larger the value is, the smaller the priority is, and conversely, the smaller the value is, the larger the priority is.
In the invention, the classified storage of the key data adopts the column type storage, and the method has the advantages of skipping over the data which do not meet the conditions, only reading the required data and reducing the IO data volume. Compression encoding may reduce disk storage space. Since the data types of the same column are the same, more efficient compression coding (e.g., Run Length Encoding and Delta Encoding) can be used to further save storage space. And only the needed columns are read, vector operation is supported, and better scanning performance can be obtained.
In the invention, the analysis module provides various analysis modes such as statistical analysis, audit log, reduction analysis and the like, and network data are analyzed from different angles from surface to point. Specifically, the method comprises the following steps: TCP connection blocking, for illegal TCP session in communication, the administrator can directly perform active blocking through RNSMS. The function can completely adopt the strategy customized by the monitoring implementer, so that the computer can block the TCP connection meeting the specified strategy of the monitoring implementer in real time according to the strategy, count the network flow, monitor the flow of the monitored network, count the total flow, the time-sharing flow and each IP flow of the network, respectively count the flow of each protocol packet according to different protocols, and draw a dynamic flow change diagram. Through flow statistics and a flow change diagram, an administrator can find abnormal flow, burst flow and network flow distribution, and management personnel can take reasonable safety measures. And generating an audit log, and generating the audit log for the acquired network data, so that network management personnel can analyze and obtain evidence afterwards. The OPSEC interface is used in the RNSMS system, and when the following conditions occur, interaction is generated between the RNSMS and a firewall supporting the OPSEC interface, so that the overall precaution capacity of the network is improved, and the like.
The method can quickly find various network security threats encountered by an IP-based network, such as an IP multimedia subsystem network, prompt network maintenance personnel to process in time, play a good role in monitoring and preventing, simultaneously ensure the safety of an internal network under the condition of influencing the network operation speed as little as possible, and has high processing speed and high efficiency for the accessed data detection.
The invention, the remaining parts not described, are the same as, or known or realizable by the prior art and will not be described in detail here.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. A method for network security monitoring, comprising:
acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
according to the obtained data packet, classifying and storing the key data in the data packet according to a readable format;
according to the classification of the key data, correspondingly defining a priority for each classification, accessing and exporting the key data stored in the classification, and sequentially issuing the key data from high to low according to the priority;
and according to the issued classification data, performing data analysis on the classification data, and generating analysis data and alarm information.
2. The method of claim 1, wherein the verifying whether the mirror network packet acquisition is complete comprises: comparing bytes of each received data packet, checking a mark field in the RTP packet, and indicating that one frame of data is completely received if the detected mark field appears as 0 and 1 of adjacent bits according to the data.
3. The method of claim 1, wherein the data packet classifies the critical data in the critical data classification storage according to a readable format comprises: the key data is divided into source IP, destination IP, protocol type, IP packet size, port and MAC address, and then stored in a column type storage mode.
4. The method of claim 1, wherein the area where the classification storage is located is correspondingly divided into a plurality of sub-areas for storing the classified key data, and the definition of the priority comprises sub-area definition, access, initialization, and priority setting.
5. The method of claim 4, wherein the definition of the sub-regions comprises defining a person variable or an array of the structural body of the sub-regions, the accessing comprises accessing the writing of the person variable, the accessing comprises accessing the writing of the element in a pointer variable p, the initializing comprises the simultaneous initialization of the definition, defining a structural body variable, then assigning values one by one, assigning values when reading in, and initializing using a constructor, and the setting of the priority comprises writing the function outside the structural body with the cmp in sort, and packaging the function with struct.
6. An apparatus for network security monitoring, comprising:
the acquisition module is used for acquiring a complete mirror image network data packet from a link layer of a mirror image data server;
the classified storage module is used for classifying and storing the key data in the data packet according to a readable format according to the acquired data packet;
the definition module is used for correspondingly defining the priority for each category according to the category of the key data, accessing the key data stored in the category, exporting the key data and sequentially issuing the key data from high to low according to the priority; and
and the analysis module is used for carrying out data analysis on the classification data according to the issued classification data and generating analysis data and alarm information.
7. The method of claim 6, wherein the obtaining module comprises:
the comparing unit is used for comparing the bytes of the received data packets each time;
and the verification unit is used for checking the mark field in the RTP packet, and if the detected mark field appears as 0 and 1 of adjacent bits according to the data, the data receiving of one frame is complete.
8. The method for network security monitoring according to claim 6, wherein the defining module comprises:
the sub-region definition unit is used for defining a person variable or an array for the sub-region structural body;
the access unit is used for accessing the writing method of the person variable and the writing method of the element in the pointer variable p;
the initialization unit is used for defining and initializing at the same time, firstly defining a structure variable, then assigning values one by one, assigning values when reading in, and initializing by using a constructor;
and the priority setting unit is used for writing the function and the cmp in the sort outside the structural body and packaging the function and the cmp in the struct by using struct.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111387973.1A CN114095255A (en) | 2021-11-22 | 2021-11-22 | Network security monitoring method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111387973.1A CN114095255A (en) | 2021-11-22 | 2021-11-22 | Network security monitoring method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114095255A true CN114095255A (en) | 2022-02-25 |
Family
ID=80302924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111387973.1A Pending CN114095255A (en) | 2021-11-22 | 2021-11-22 | Network security monitoring method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095255A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1486036A (en) * | 2003-08-22 | 2004-03-31 | 北京港湾网络有限公司 | Method for high-speed calssification and filtration of mass information |
| CN1968180A (en) * | 2005-11-16 | 2007-05-23 | 中兴通讯股份有限公司 | Multilevel aggregation-based abnormal flow control method and system |
| US20110302656A1 (en) * | 2009-02-24 | 2011-12-08 | Fadi El-Moussa | Detecting malicious behaviour on a computer network |
| CN102739537A (en) * | 2012-06-26 | 2012-10-17 | 中兴通讯股份有限公司 | Method and device for forwarding Ethernet packets |
| US20140157405A1 (en) * | 2012-12-04 | 2014-06-05 | Bill Joll | Cyber Behavior Analysis and Detection Method, System and Architecture |
| US20150244678A1 (en) * | 2013-11-13 | 2015-08-27 | ProtectWise, Inc. | Network traffic filtering and routing for threat analysis |
| CN110213198A (en) * | 2018-02-28 | 2019-09-06 | 中标软件有限公司 | The monitoring method and system of network flow |
| CN110417759A (en) * | 2019-07-16 | 2019-11-05 | 广东申立信息工程股份有限公司 | A kind of method of IDC information security management |
| CN112351024A (en) * | 2020-11-03 | 2021-02-09 | 广东电网有限责任公司 | Public network communication safety monitoring system and method |
| CN112367276A (en) * | 2020-12-31 | 2021-02-12 | 南京群顶科技有限公司 | Network resource dynamic self-adaption method and system based on network flow priority |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
-
2021
- 2021-11-22 CN CN202111387973.1A patent/CN114095255A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1486036A (en) * | 2003-08-22 | 2004-03-31 | 北京港湾网络有限公司 | Method for high-speed calssification and filtration of mass information |
| CN1968180A (en) * | 2005-11-16 | 2007-05-23 | 中兴通讯股份有限公司 | Multilevel aggregation-based abnormal flow control method and system |
| US20110302656A1 (en) * | 2009-02-24 | 2011-12-08 | Fadi El-Moussa | Detecting malicious behaviour on a computer network |
| CN102739537A (en) * | 2012-06-26 | 2012-10-17 | 中兴通讯股份有限公司 | Method and device for forwarding Ethernet packets |
| US20140157405A1 (en) * | 2012-12-04 | 2014-06-05 | Bill Joll | Cyber Behavior Analysis and Detection Method, System and Architecture |
| US20150244678A1 (en) * | 2013-11-13 | 2015-08-27 | ProtectWise, Inc. | Network traffic filtering and routing for threat analysis |
| CN110213198A (en) * | 2018-02-28 | 2019-09-06 | 中标软件有限公司 | The monitoring method and system of network flow |
| CN110417759A (en) * | 2019-07-16 | 2019-11-05 | 广东申立信息工程股份有限公司 | A kind of method of IDC information security management |
| CN112351024A (en) * | 2020-11-03 | 2021-02-09 | 广东电网有限责任公司 | Public network communication safety monitoring system and method |
| CN112367276A (en) * | 2020-12-31 | 2021-02-12 | 南京群顶科技有限公司 | Network resource dynamic self-adaption method and system based on network flow priority |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
Non-Patent Citations (5)
| Title |
|---|
| 小鱼YN: "结构体——定义、访问、初始化、优先级设置", 《CSDN》, pages 1 - 2 * |
| 小鱼YN: "结构体——定义、访问、初始化、优先级设置", pages 1 - 2, Retrieved from the Internet <URL:https://blog.csdn.net/qq_43803508/article/details/88894113> * |
| 张承, 蒋东兴, 刘启新, 石岩: "浅析网络监控系统对网络性能的影响", 小型微型计算机系统, no. 09 * |
| 王旭仁: "实时网络安全监控系统的设计和实现", 《计算机工程》, vol. 31, no. 4, pages 1 - 2 * |
| 王涛;田航;: "基于协议分析的网络服务审计系统研究", 数字通信, no. 04 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7900194B1 (en) | Kernel-based intrusion detection using bloom filters | |
| US20050273673A1 (en) | Systems and methods for minimizing security logs | |
| KR20190010956A (en) | intelligence type security log analysis method | |
| CN117240598B (en) | Attack detection method, device, terminal equipment and storage medium | |
| CN111885210A (en) | Cloud computing network monitoring system based on end user environment | |
| CN113765850B (en) | Internet of things abnormality detection method and device, computing equipment and computer storage medium | |
| CN109587122A (en) | Realize that self ensures the system and method for Web subsystem safety based on WAF system function | |
| CN117272308A (en) | Software security test method, device, equipment, storage medium and program product | |
| CN113206850B (en) | Malicious sample message information acquisition method, device, equipment and storage medium | |
| CN110381015A (en) | A kind of clustering method based on intruding detection system warning message | |
| CN110955890B (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| CN110061854A (en) | A kind of non-boundary network intelligence operation management method and system | |
| CN113536304B (en) | An anti-bypass method and equipment based on operation and maintenance audit system | |
| CN115225385A (en) | Flow monitoring method, system, equipment and computer readable storage medium | |
| CN114095255A (en) | Network security monitoring method, device and storage medium | |
| CN115396142A (en) | Information access method, device, computer equipment and medium based on zero trust | |
| CN119862567A (en) | Method, device and equipment for analyzing government enterprise gateway log based on artificial intelligence | |
| CN118410005B (en) | A log audit method, device, medium and product | |
| CN117061560A (en) | Audit method, audit device, electronic equipment and readable storage medium | |
| CN114745166B (en) | Industrial asset risk perception method and device and electronic equipment | |
| CN115696337A (en) | A mobile terminal security monitoring and analysis method and device | |
| CN115484326A (en) | Method, system and storage medium for processing data | |
| CN115225387B (en) | Data security tamper-proof method and system based on big data and cloud platform | |
| CN119496640B (en) | A data detection and processing method and system for network security of a ticketing platform | |
| CN118796575B (en) | Interface audit method, device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220225 |
|
| RJ01 | Rejection of invention patent application after publication |