Search

CN-121984739-A - Three-layer cross-network security system based on detection-admission-trapping

CN121984739ACN 121984739 ACN121984739 ACN 121984739ACN-121984739-A

Abstract

The invention relates to a three-layer cross-network security system based on detection-admission-trapping, belonging to the field of network security. The detection layer ensures that the system has no basic loopholes and backdoors through two stages of deep security detection before network access and real-time risk monitoring after network access, the access layer builds a three-level dynamic management and control system based on an IP white list to realize cross-network protection of default rejection and minimum authorization, the trapping layer builds a virtual-real combined high-simulation honeypot network to build an active defense depth system, and trapping and tracing countermeasures are implemented on an attacker. The invention provides a three-layer cross-network security system based on detection-admission-trapping, which overcomes the defects that the traditional static layered architecture is difficult to cope with hidden danger such as network attack and loopholes, and the like, and thoroughly solves the technical defects of strategy hysteresis, no blocking of transverse permeation and attack tracing deficiency in the traditional cross-network scheme.

Inventors

  • WU ZHIYONG
  • HUANG HE
  • HU QI
  • MIAO YU
  • ZHOU WEI
  • JIA YAYONG
  • ZHANG PENG
  • JING BO
  • SUN HAO
  • LI CHUNHAO
  • ZHAO YUANJIE
  • LIU WEI
  • LI YANBIN
  • Yin Qidi
  • ZHU TAO
  • MU YUAN
  • LIU LEI
  • CHEN GUOCHUN

Assignees

  • 中国人民解放军32003部队

Dates

Publication Date
20260505
Application Date
20260127

Claims (10)

  1. 1. A three-layer cross-network security system based on detection-admission-trapping is characterized by comprising a detection layer, an admission layer and a trapping layer; the detection layer is used for realizing the depth security detection before network access and the real-time risk monitoring after network access, and the depth security detection before network access relies on a large-scale vulnerability mining cloud platform, a vulnerability scanning system and a manual analysis mode to implement multi-dimensional network access examination on equipment or an information system to be accessed to the network; the admission layer is used for constructing a three-level dynamic management and control system based on the IP white list, and realizing the cross-network protection of 'default rejection and minimum authorization' through the three-level linkage admission system; the trapping layer is used for constructing a virtual-real combined high-simulation honeypot network, and disposing honeypot clusters at the cross-network boundary to induce an attacker to implement penetration attack and backtrack.
  2. 2. The three-layer cross-network security system based on detection-admission-trapping as claimed in claim 1, wherein the unknown vulnerabilities and backdoor procedures of the device are actively detected by fuzzy test and firmware binary disassembly analysis at the time of pre-network access deep security detection.
  3. 3. The three-layer cross-network security system based on detection-admission-trapping according to claim 1, wherein in the case of pre-network deep security detection, a CVE vulnerability feature library and a custom rule engine are combined to perform deep scanning on an operating system service port and an open API interface, identify high-risk security defects, generate an network security assessment report and execute a ticket overrule mechanism.
  4. 4. The three-layer cross-network security system based on detection-admission-trapping as claimed in claim 1, wherein hacking and abnormal data externally connected attack behaviors are identified through network traffic deep analysis during real-time risk monitoring after network access.
  5. 5. The three-layer cross-network security system based on detection, admission and trapping according to claim 1, wherein when real-time risk monitoring is performed after network access, leak scanning is performed on online equipment by synchronously utilizing a leak scanning probe, a dynamic risk assessment system is constructed, threat levels are marked in real time, and policy sealing control and offline processing are performed on problematic equipment in time.
  6. 6. The three-layer cross-network security system based on detection-admission-trapping as claimed in claim 1, wherein the admission layer establishes a hierarchical IP address library at a first level, divides trusted IP segments according to security level or enterprise trust domain, implements white list accurate credit, only allows intra-library IP to initiate cross-network access request, isolates non-credit IP traffic outside the cross-network node, and introduces behavior baseline dynamic verification at a third level to conduct real-time de-weighting treatment on abnormal behavior of credit IP.
  7. 7. The detection-admission-trap based three-layer cross-network security system of claim 6, wherein the abnormal behavior comprises port scanning, high frequency reconnection.
  8. 8. The three-layer cross-network security system based on detection-admission-trapping as claimed in claim 1, wherein the trapping layer guides an attacker to a forged information system and a database server key node through a traffic redirection technology, induces the attacker to implement penetration attack, and simultaneously starts attack link backtracking.
  9. 9. The detection-admission-trap based three-layer cross-network security system of claim 8, wherein the trap layer synchronizes virtualizing real service nodes as common terminals, reducing high-value target exposure risk, forming an active defense depth.
  10. 10. The three-layer cross-network security system based on detection-admission-trapping according to claim 1, wherein the system is deployed in a cloud-end hybrid architecture and an industrial OT/IT fusion network, and attack chain full life cycle defense is realized through a three-layer collaboration mechanism.

Description

Three-layer cross-network security system based on detection-admission-trapping Technical Field The invention belongs to the field of network security, and particularly relates to a three-layer cross-network security system based on detection-admission-trapping. Background In high security demand scenarios such as industrial control, military command, and enterprise core business, physical isolation networks are widely deployed as an infrastructure that ensures data confidentiality and system reliability. However, the cross-network file transmission and data interaction behavior driven by the business collaboration requirements virtually breaks the security boundary constructed by physical isolation, so that the network boundary is exposed to the threat of the novel attack link. Therefore, it is necessary to construct a systematic cross-network security protection mechanism to realize full life cycle security control of the transmission channel while ensuring necessary data circulation. The core limitation of the cross-network data security exchange method and device based on multi-layer protection (application number: 202411856840.8) is that the static layered architecture lacks the defense against hidden troubles such as network attack, loopholes and the like, and each layer is in an isolated operation state, so that the transmission strategy cannot be dynamically optimized based on real-time threat information, a data flow closed loop cannot be established to realize self-adaptive iteration of the defense strategy, and an active blocking mechanism for transverse penetration attack is further absent, so that the whole defense system stays in a passive reinforcement layer, and the cross-network penetration of novel network threats is difficult to deal with. Disclosure of Invention First, the technical problem to be solved The invention aims to solve the technical problem of how to provide a three-layer cross-network security system based on detection-admission-trapping so as to solve the problem that the existing defense system stays at a passive reinforcement layer and is difficult to cope with the cross-network penetration of novel network threats. (II) technical scheme In order to solve the technical problems, the invention provides a three-layer cross-network security system based on detection-admission-trapping, which comprises a detection layer, an admission layer and a trapping layer; the detection layer is used for realizing the depth security detection before network access and the real-time risk monitoring after network access, and the depth security detection before network access relies on a large-scale vulnerability mining cloud platform, a vulnerability scanning system and a manual analysis mode to implement multi-dimensional network access examination on equipment or an information system to be accessed to the network; the admission layer is used for constructing a three-level dynamic management and control system based on the IP white list, and realizing the cross-network protection of 'default rejection and minimum authorization' through the three-level linkage admission system; the trapping layer is used for constructing a virtual-real combined high-simulation honeypot network, and disposing honeypot clusters at the cross-network boundary to induce an attacker to implement penetration attack and backtrack. (III) beneficial effects The invention provides a three-layer cross-network security system based on detection, admission and trapping, wherein a detection layer ensures that the system has no basic loopholes and backdoors through two stages of deep security detection before network access and real-time risk monitoring after network access, an admission layer builds a three-level dynamic management and control system based on an IP white list to realize cross-network protection of 'default rejection and minimum authorization', a trapping layer builds a virtual-real combined high-simulation honeypot network to build an active defense depth system, and trapping and tracing countermeasures are implemented on an attacker. The invention provides a three-layer cross-network security system based on detection-admission-trapping, which overcomes the defects that the traditional static layered architecture is difficult to cope with hidden danger such as network attack and loopholes, and the like, and thoroughly solves the technical defects of strategy hysteresis, no blocking of transverse permeation and attack tracing deficiency in the traditional cross-network scheme. Drawings Figure 1 is a diagram of a three-layer defense architecture of the present invention. Detailed Description To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention will be given with reference to the accompanying drawings and examples. The invention relates to the technical field of network security, in particular to a method and a sys