Full Network Traffic Security Analysis System For The Medical Industry

With the increasing application of digital information technology in the medical industry,a large number of medical system equipment is connected to external networks,exposing network security vulnerabilities in medical institutions,and attracting the attention of network hackers.In order to promote the healthy development of Internet medical treatment and ensure the security and stability of medical networks,it is particularly important to analyze the network traffic of medical institutions.Medical institutions have a high-bandwidth network environment that contains a large number of medical communication messages.How to efficiently collect medical network data traffic without affecting medical services is a hot issue.Medical institutions have a large number of key medical equipment,and detecting network communication data of key medical system equipment is also the focus of traffic security analysis.At present,most traffic security analysis systems are implemented based on common scenarios.This article focuses on the medical network environment,detects network communication data related to medical system equipment,analyzes network security issues,and builds a system visual management platform.The main research work is as follows:1.Design a full traffic capture mechanism in a high-bandwidth medical network environment.By analyzing the shortcomings of traditional packet capture technology,based on the Data Plane Development Kit(DPDK),the DPDK is optimized by using network card multi-queue technology and multi-core multi-thread technology to achieve the packet capture rate of more than 99.9% in a 10 Gigabit network environment.2.Propose a security detection model based on medical network traffic.Use DPDK and Hyperscan to build a Deep Packet Inspection(DPI)engine to complete the traffic protocol identification.Through analyzing the traffic characteristics of common medical network attacks,and building a black and white list library based on medical communication protocols,the traffic security analysis and detection are completed.3.Design a two-layer intrusion detection model based on machine learning stacking algorithm.Random forest,AdaBoost,XGBoost,and logistic regression algorithms are selected as learners of the intrusion detection model to construct a two-layer intrusion detection model.By optimizing the algorithm model,we get better prediction accuracy than the single-mode algorithm.4.Set up a visual management website for traffic security analysis.The web development technology is used to design the server backend and browser front-end pages.The backend organizes the analysis results of the detection model and sends them to the front-end.The front-end displays information such as traffic trends and device details in charts and other visual forms to analyze network traffic more intuitively and clearly.