Intrusion Detection & Control System
  • High speed backbone network virus detection

    Network virus monitoring probe (VDS V6) system combines packet capture platform technology and AVL SDK anti-virus engine, which can detect network virus at G-level content filtering speed under 10 Gigabit bandwidth.

  • High precision network virus detection

    Based on powerful anti-virus technology and long-term accumulation of virus library, the probe can detect multiple transmission and network scanning attacks in real time.

  • Network virus behavior monitoring

    VDS uses content-based detection as the main method, supplemented by behavior analysis, to achieve accurate detection of viruses, and can also make a comprehensive monitoring of network virus scanning, attack, implantation, control, upgrade and other behaviors.

  • Accurate virus source location

    In the first time to find the spread of network virus and other malicious behavior, pre-alarm virus events and provide the source, lock source IP and MAC address, to achieve accurate location of virus source. 

  • Analysis of high risk virus trend

    It can find the host address and security events with high risk level, frequent occurrence and wide range of influence in the network. 

  • Security event statistics

    The system can quickly find the virus with the highest number of infections, the virus address with the largest number of packets, and the most vulnerable host address by means of node event level distribution diagram and event scanning IP graph. 

  • Professional event statistics

    B/S management system architecture is used to analyze and manage the security events in the network, and to deal with the complex application environment in the network with flexible mechanism. 

  • GPU acceleration technology

    The acceleration technology based on general hardware GPU (gaphics processing units) is adopted, and it can be linearly extended to multi device cluster, which fully meets the processing requirements of core network and backbone network.

Monitoring probe device function

It can capture single/two-way data on the network, support the docking of HTTP, FTP, POP3 and SMTP protocols, and can remotely manage the HTTPS protocol. The system can detect the data packet and data stream, and detect the types of malicious code, including worms, infection viruses, Trojans, PE viruses, risk programs, etc;

In addition, the system can also obtain the suspected malicious code file or address information, and then de duplicate it and send it back to the system; the system can flexibly configure the detection module, and can detect the known and unknown malicious code, and has certain detection ability for unknown virus, the results and malicious code address will be sent back to the system after de duplication. online upgrade is supported.

Safety management center function

The management server directly manages the probe, and realizes the centralized data collection and upgrade of the probe through the management server, and carries out data statistics and analysis on the monitored events and suspicious samples.

In depth analysis of device functions

Malicious code analysis equipment can conduct in-depth static and dynamic analysis of the analysis object, and has the ability of environment simulation. It can simulate the execution of the format document, and has the ability of distinguishing and judging of analysis objective, and provides the detailed analysis and identification results of it. 

The system consists of three basic parts: network virus monitoring probe (VDS V6), security management center (ASOC) and in-depth analysis system (MAS).

The system architecture is as follows:


System architecture diagram

Network topology

The intrusion detection & control system samples 10% of the traffic of the metropolitan area network export link, and can collect 10Gbps traffic through the route selector for monitoring, so as to realize the sampling monitoring and analysis of the whole network. The network topology of the system is shown in the following figure:


Network topology

TongTech brands



XML 地图 | Sitemap 地图