吉林大学学报(信息科学版) ›› 2019, Vol. 37 ›› Issue (5): 559-565.

• • 上一篇    下一篇

局域网恶意代码入侵自动安全监测系统设计

李建   

  1. 暨南大学网络与教育技术中心,广州510630
  • 出版日期:2019-09-24 发布日期:2019-12-25
  • 作者简介:李建( 1989— ) ,女,湖南岳阳人,暨南大学助理工程师,主要从事网络安全研究,( Tel ) 86-15626457548 ( Email)rtefs5545@163. com。

Design of Automatic Security Monitoring System for LAN Intrusion Code Intrusion

LI Jian   

  1. Network and Education Technology Center,Jinan University,Guangzhou 510630,China
  • Online:2019-09-24 Published:2019-12-25

摘要: 传统的入侵监测系统跟不上恶意代码升级的速度,监测效果差。为此,设计了一种局域网恶意代码入侵自动安全监测系统。在系统硬件部分,通过在数据库模块对存在入侵攻击行为的恶意代码数据包进行存储匹配监测,并储存还原后的信息,通过入侵监测模块对存在入侵行为的数据包进行特征提取,并判断是否存在入侵行为; 通过数据库还原模块对网络传输的数据包进行拦截,并将数据进行还原处理及储存; 通过日志审计模块将入侵系统的信息传送到数据库中,用户通过控制中心模块了解系统的各种信息; 在此基础上采用聚类算法对入侵系统的恶意代码进行有效监测。实验结果表明,该监测系统的覆盖监测率高、监测耗时少、误差率低,应用优势明显。

关键词: 局域网, 恶意代码, 入侵监测, 聚类算法

Abstract: Traditional intrusion monitoring system can not keep up with the speed of malicious code upgrade,monitoring effect is poor. Therefore,an automatic security monitoring system for malicious code intrusion in local area network is designed. In the hardware part of the system,the malicious code packets with intrusion and attack behaviors are stored and matched by the database module,and the restored information is stored. The features of the packets with intrusion are extracted by the intrusion monitoring module,and the intrusion behaviors are judged. Through the database restore module to the network transmission packet interception,and restore the data processing and storage; Through the log audit module,the information of intrusion into the system is transmitted to the database. On this basis,a clustering algorithm is used to effectively monitor the malicious code invading the system. The experimental results show that the monitoring system has the advantages of high coverage monitoring rate,less monitoring time and low error rate.

Key words: local area network ( LAN) , malicious code, intrusion monitoring, clustering algorithm

中图分类号: 

  • TP393. 08