Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting scanning attack

A technology for detecting scans and devices, which is applied to detect scan attacks, detect scan attack devices, detect scan attack devices based on monitoring the number of attacks within a certain period of time, and detect scan attack fields based on monitoring the number of attacks within a certain period of time. It can solve problems such as high complexity and high time precision requirements, and achieve the effect of low implementation cost, simple implementation method and reduced difficulty.

Inactive Publication Date: 2008-02-13
NEW H3C TECH CO LTD
View PDF0 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] When the attacker uses multiple computers to scan and attack, it cannot be detected by the above method; because the existing monitoring method uses the rate statistics method, there is a high probability of false positives and false negatives; namely: When the attacker lowers the scanning rate, it may not be detected by using the aforementioned detection method; what’s more, due to the high requirement for time accuracy and the need to maintain each session information, the complexity of implementing the aforementioned method is relatively high. high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting scanning attack
  • Method and device for detecting scanning attack
  • Method and device for detecting scanning attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Referring to Fig. 4, before describing each embodiment of the present invention in detail, it is necessary to briefly explain the format of the ICMP address unreachable message: generally, each message shown in Fig. 4 is included in an ICMP address unreachable message content:

[0033] IP packet header, including: source IP address (SIP) and destination IP address (DIP);

[0034] ICMP message header, for the unreachable message, its type (Type) value is 3; when the code (Code) value is 2, 3, it indicates that the protocol is unreachable and the port is unreachable respectively;

[0035] Original IP packet header, including: original source IP address (0_SIP), original destination IP address (0_DIP) and original protocol (0_Protocol);

[0036] Original IP UDP message header, including: source port (0_SPORT) and destination port (0_DPORT) of the original IP message.

[0037] Embodiments of the first aspect:

[0038] Referring to FIG. 1 , it is an example of a detection...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

After some embodiments, the present invention discloses a method and a device for detecting scan attacks. The present invention parses the received message information and records the information of the destination port or the IP address in the message information; then the times, for which the destination port or the IP address are recorded in a scheduled time, are counted; and finally when the recorded times of the destination port or the IP address reach a predetermined threshold, then the present invention judges that a scan attack occurs. The device of the present invention comprises a first unit, which parses the received message information and records the destination port or the IP address, a second unit, which is used to count the times for which the destination port or the IP address are recorded in a scheduled time, and a third unit, which is used to judge that a scan attack occurs when the recorded times of the destination port or the IP address reach a predetermined threshold. In every technical scheme of embodiment, the present invention effectively detects scan attacks according to the times of the port or protocol attack in a scheduled time, thus reducing the false alarm rate and the realization difficulty of scan detection.

Description

technical field [0001] The present invention relates to a method for detecting scanning attacks, especially a method for detecting scanning attacks based on monitoring the number of attacks within a certain period of time; the present invention also relates to a device for detecting scanning attacks, especially a method based on The invention relates to a device for detecting scanning attacks by monitoring the number of attacks inside, and belongs to the technical field of network security. Background technique [0002] The purpose of scanning attacks is to find services that can be successfully attacked; scanning attacks are usually a network detection technique commonly used by hackers or other attackers, including Internet Protocol (Internet Protocol, hereinafter referred to as: IP) address scanning (IP-Sweep) and port Scan (Port-scan) two. [0003] The purpose of IP-Sweep is to detect active hosts in the network. The method of attack is: send a large number of messages...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L12/56H04L29/06
Inventor 施鸿殊
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com