Condition detection based protocol abnormity detecting method and system

An anomaly detection and state detection technology, applied in the network field, can solve problems such as lack of products, and achieve the effect of convenient expansion

Inactive Publication Date: 2008-02-06
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, there is a shortage of products with complete protocol anomaly detection functions. Therefore, it is necessary to develop a complete and easy-to-extend protocol anomaly detection technology, to make up for the lack of misuse detection technology as much as possible, and to improve intrusion detection or auditing systems on a larger scale. Detection and defense capabilities for unknown attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Condition detection based protocol abnormity detecting method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Relevant technical content and detailed description of the present invention, now cooperate accompanying drawing to explain as follows:

[0033] As shown in Figure 1, the present invention provides a protocol anomaly detection system based on state detection, including a syntax interpreter 1, an actual protocol normal model library 2, a protocol running state location module 3, a protocol prediction migration module 4 and an anomaly detection module 5 . Among them, the syntax interpreter 1 is used to explain the added formal description model of the protocol and verify whether it conforms to the rules of the grammar; the actual protocol normal model library 2 is used to store the legal formal description of the protocol that has passed the syntax detection stage and the corresponding generated corresponding The protocol state machine; the protocol running state positioning module 3 is used to accurately locate the protocol state in the current session according to the a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a based on a status measure protocol abnormal measure method and system. The foundation of a protocol normal running state model comprises the examination of a protocol formal description expression and the making of a correlation protocol state machine; a protocol running state orientation moment realizes the exact orientation of the used protocol state in the present conversation towards the exact network communication data message; a protocol running state moving moment realizes the forecast of the next likely ongoing state moving and makes a normal state running concourse of the after-orientation protocol state; an abnormal examination moment judges whether the present protocol running accords with the protocol standard model and return the examination result by the gained subsequent message and the forecast running concourse. The present invention can check the correlative abnormal protocol in the network protocol communication process according to the exact protocol of the practically gained message and can conveniently expand the protocol normal running model according to the practical requirement.

Description

technical field [0001] The invention belongs to the field of network technology, and performs protocol anomaly detection according to protocol specifications used in messages in network data streams, and in particular relates to a state detection-based protocol anomaly detection method and system that can be used in intrusion detection systems and audit products. Background technique [0002] As an important means of network security protection, the IDS-Intrusion Detection System is usually deployed inside the key network or at the entrance of the network boundary. intrusions and take appropriate action. The current intrusion detection methods are mainly divided into misuse detection technology and anomaly detection technology. Anomaly detection can detect known and unknown attacks, but the establishment of normal behavior models can only be generated based on international standards and using artificial intelligence, machine learning algorithms, etc., requiring a lot of da...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L12/56
Inventor 孙海波王磊叶润国王洋李博
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap