Method for solving mass alarm in NIDS

An intrusion detection system, a massive technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of high false alarm rate, isolated alarm, alarm flood, etc.

Inactive Publication Date: 2007-12-19
西安交大捷普网络科技有限公司
View PDF0 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention provides a method for solving massive alarms in the intrusion detection system, so as to overcome the problems of alarm flood, high false alarm rate and isolated alarms in the existing intrusion detection system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for solving mass alarm in NIDS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention can be deployed in IDS equipment. The following will describe in detail by implementing the present invention in an IDS device.

[0025] The steps of the present invention are:

[0026] The first stage: preprocessing stage:

[0027] (1) capturing data packets on the network in a bypass listening mode;

[0028] (2) Rule matching, assuming that when there are 9000 IDS rules, an array is established as a[9000], and addresses pointing to different linked lists are stored in the array, and the statistical information of each rule is stored in a linked list pointed to by a data element. In this way, when the event is triggered, the matching is very fast. a[id] can directly find the first address of the linked list that needs to be counted (that is, hash search), and use id as the index. Each node of the linked list stores a link that triggers this rule. Statistical information, including: source address (SrcIP), destination address (DstIP), source por...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This invention relates to a method for solving mass warning in a NIDS system including two steps: 1, preprocess stage: setting a network card a miscellaneous mode, grasping data packets in circulation by Libpcap, which applies a zero copy technology to map a user memory in the kernel to decode the grasped data packets via a link layer, processing the protocol layer and re-setting flows to match them in rule to generate a warning event to be stored in a hash chained list, in which, f(x)=a[x] and the lower list of the array is used as the index to increase the lookup efficiency, 2, statistic stage: calculating the generated events according to the attribute value of the chained list to decide if it warns according to the set selection.

Description

Technical field: [0001] The invention relates to the technical field of network intrusion detection (NIDS), in particular to a method for solving massive alarms in an intrusion detection system. Background technique: [0002] With the development of computer network technology, network security has become one of the most concerned issues. Intrusion detection technology is one of the core technologies of dynamic network security technology. It collects information from several key points in the network system and analyzes it to find out whether there are behaviors violating security policies and signs of being attacked in the network system. In the actual network environment, the intrusion detection system often encounters a large number of alarm information, and it is difficult for inexperienced administrators to accurately identify the real attack from the numerous alarms, and cannot determine the actual attack behavior and source. The above phenomenon occurs because the c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26
Inventor 刘涛白亮张永彬赵卫栋靳卫衡
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap