Bypass detection and blocking method and system for data security risk behavior

Bypass detection and blocking method and system for data security risk behavior

The invention discloses a bypass detection and blocking method and system for data security risk behaviors. The invention aims to solve the problems of high false alarm rate, high missing report rate and single blocking effect in the blocking of data security risk behaviors in the prior art. The met...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DONG ENZE, TAN ZHIQIANG, YUAN LICHENG, CHEN YING, LIU XIAOBO, CHENG XIANJIE, LI JIN, XIE XIAOGANG
Format: Patent
Sprache:chi ; eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a bypass detection and blocking method and system for data security risk behaviors. The invention aims to solve the problems of high false alarm rate, high missing report rate and single blocking effect in the blocking of data security risk behaviors in the prior art. The method comprises the following steps: S1, collecting a mirror image traffic message based on a DPDK technology; s2, sequentially carrying out network layer protocol analysis and transport layer protocol analysis on the collected mirror image flow message, and sending the message size and information obtained by analysis to a rule control module; s3, matching the obtained information with a static IP rule and a flow characteristic dynamic rule in sequence; when the matching is successful, triggering a corresponding blocking event; s4, adopting a three-level blocking mode for a transmission layer which is a TCP protocol; and a two-stage blocking mode is adopted for other protocols. A dynamic blocking rule is adopted to