Security Monitoring System For The Application Services On Police Information Network

With the development of ministry of public security’s information technology, the dependence on the network and application systems is growing for police work. Therefore, safety, stability and reliable operation of critical application systems on public security information network are the main tasks and objectives for information management department. However, the traditional security settings of network could not evaluate or analyse the application system, and it could not monitor or alarm network behaviors, like stealing or destroying data, etc. Although, firewalls, antivirus and other products provide access control, virus killing and network attack prevention or any other functions. Shortcomings still exist in the safety protection areas:(1) a lack of security method focusing on application from network flow;(2) a lack of timely treatment of abnormal behavior event. The security monitoring system for the application services on police information network can make up for functional defects of traditional security products. It can make comprehensive and systematic safety analysis about abnormal flow on the network, to achieve real-time monitoring for network flow, then timely find and locate intrusion attacks or other illegal acts for critical applications and databases. So, it provides a user-friendly traffic monitoring, analysis, processing tools for security administrators and comprehensively improves monitoring and protection level of public security network.The article is based on the analysis of the security monitoring system for the application services on police information network, and has a further study about traffic monitoring principle. Through the analysis of the system requirements, the system is divided into three parts:ASM, CMS and ADS. The system through the bypass deployment obtains real-time network traffic data. It through the way of mirror collects network traffic information from core switch of department information center (or key application system front-end exchange). It effectively uses the information about the hierarchy and related protocol by protocol analysis technology. By protocol analysis of data packet, data reorganization and command parsing, it can quickly judge the flow application types and timely detect of abnormal traffic. The system adopts the DPI technology in the application layer, according to the characteristics of code, then automatically matches, recognizes application type and acquires application layer content. The administrator can make analysis on application according to the definition of the strategy. In this article, through the demand analysis and the design of the system, the author achieves a service system with a traffic monitoring, centralized supervision and alarm function. The administrator can not only make the business safety analysis, analysis of network traffic, but also provide effective solutions for application security. At the same time it provides a large amount of text data for further academic study. The author mainly participated in and completed the development process of ASM. The solution provided by the system for safety monitoring of public security information network is simple and easy operate, greatly reducing workload of the network administrator, improves work efficiency.