Unlock instant, AI-driven research and patent intelligence for your innovation.

Detection method and device for network attack

A network attack and detection method technology, applied in the field of network security, can solve the problems of inability to support upper-layer protocols such as HTTP or FTP, inability to define session flow status, poor correlation of attack rules, etc. Maintenance, good reusability, effect of improving accuracy

Inactive Publication Date: 2008-12-03
NEW H3C TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] 1. Few upper-layer protocols are supported. For example, Snort only supports protocols such as TCP / UDP / ICMP, but cannot support upper-layer protocols such as HTTP or FTP;
[0012] 2. Only the state of TCP connection establishment can be defined, but the state of session flow cannot be defined;
[0013] 3. The correlation between attack rules is poor and it is difficult to reuse;
[0014] 4. Attack rules are expressed in the form of logical lines, which is difficult to parse and maintain

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for network attack
  • Detection method and device for network attack
  • Detection method and device for network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention proposes context detection based on session state. When multiple data packets in a session match the states of all features in a rule, the rule is considered to be matched, thereby further reducing the false positive rate of attack detection. .

[0057] like figure 2 As shown, it is a schematic flowchart of the first embodiment of the network attack detection method of the present invention. This embodiment includes the following steps:

[0058] Step 10: Receive the data message of the session flow, and compare the current data message with the features in the preset feature library one by one;

[0059] Step 20: When the current data message matches the feature, query the attack rule referencing the matching feature in the preset rule base, and the attack rule includes one or more features, the state corresponding to the feature, and the defined operations;

[0060] Step 30, determine whether the attack rule has been recorded in the session st...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This invention relates to one network attack test method, which comprises the following steps: reviving dialogue flow data message to find out current data message matched characteristics and attack rules; then judging rules all relative dialogue status is satisfied, if yes, the operation executes the attack rules definition operation on current data message or dialogue flow. This invention also relates to one network attack test device, which comprises message receive module, characteristic memory module, rules memory module, characteristic match module, dialogue status record module, dialogue match module and message process module.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and a device for attack detection on data packets by using a preset rule base. Background technique [0002] With the continuous improvement of the network security risk factor, the firewall, which was once the most important security precaution, can no longer meet people's needs for network security. As a useful supplement to firewalls, Intrusion Detection System / Intrusion Prevention System (IDS / IPS) can help network systems quickly detect the occurrence of attacks and take active defenses, extending the system administrator's Safety management capabilities. [0003] IDS / IPS detects attacks based on feature detection. A number of attack rules are stored in the system database. These attack rules can be used to filter data packets one by one. Once a data packet is found to have relevant features, a warning message will be issued or the data packet will be blocked. like...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L12/56H04L29/06
Inventor 雷公武胡华强
Owner NEW H3C TECH CO LTD