Method and device for detecting scanning attack
A technology for detecting scans and devices, which is applied to detect scan attacks, detect scan attack devices, detect scan attack devices based on monitoring the number of attacks within a certain period of time, and detect scan attack fields based on monitoring the number of attacks within a certain period of time. It can solve problems such as high complexity and high time precision requirements, and achieve the effect of low implementation cost, simple implementation method and reduced difficulty.
Inactive Publication Date: 2008-02-13
NEW H3C TECH CO LTD
View PDF0 Cites 44 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0011] When the attacker uses multiple computers to scan and attack, it cannot be detected by the above method; because the existing monitoring method uses the rate statistics method, there is a high probability of false positives and false negatives; namely: When the attacker lowers the scanning rate, it may not be detected by using the aforementioned detection method; what’s more, due to the high requirement for time accuracy and the need to maintain each session information, the complexity of implementing the aforementioned method is relatively high. high
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0032] Referring to Fig. 4, before describing each embodiment of the present invention in detail, it is necessary to briefly explain the format of the ICMP address unreachable message: generally, each message shown in Fig. 4 is included in an ICMP address unreachable message content:
[0033] IP packet header, including: source IP address (SIP) and destination IP address (DIP);
[0034] ICMP message header, for the unreachable message, its type (Type) value is 3; when the code (Code) value is 2, 3, it indicates that the protocol is unreachable and the port is unreachable respectively;
[0035] Original IP packet header, including: original source IP address (0_SIP), original destination IP address (0_DIP) and original protocol (0_Protocol);
[0036] Original IP UDP message header, including: source port (0_SPORT) and destination port (0_DPORT) of the original IP message.
[0037] Embodiments of the first aspect:
[0038] Referring to FIG. 1 , it is an example of a detection...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
After some embodiments, the present invention discloses a method and a device for detecting scan attacks. The present invention parses the received message information and records the information of the destination port or the IP address in the message information; then the times, for which the destination port or the IP address are recorded in a scheduled time, are counted; and finally when the recorded times of the destination port or the IP address reach a predetermined threshold, then the present invention judges that a scan attack occurs. The device of the present invention comprises a first unit, which parses the received message information and records the destination port or the IP address, a second unit, which is used to count the times for which the destination port or the IP address are recorded in a scheduled time, and a third unit, which is used to judge that a scan attack occurs when the recorded times of the destination port or the IP address reach a predetermined threshold. In every technical scheme of embodiment, the present invention effectively detects scan attacks according to the times of the port or protocol attack in a scheduled time, thus reducing the false alarm rate and the realization difficulty of scan detection.
Description
technical field [0001] The present invention relates to a method for detecting scanning attacks, especially a method for detecting scanning attacks based on monitoring the number of attacks within a certain period of time; the present invention also relates to a device for detecting scanning attacks, especially a method based on The invention relates to a device for detecting scanning attacks by monitoring the number of attacks inside, and belongs to the technical field of network security. Background technique [0002] The purpose of scanning attacks is to find services that can be successfully attacked; scanning attacks are usually a network detection technique commonly used by hackers or other attackers, including Internet Protocol (Internet Protocol, hereinafter referred to as: IP) address scanning (IP-Sweep) and port Scan (Port-scan) two. [0003] The purpose of IP-Sweep is to detect active hosts in the network. The method of attack is: send a large number of messages...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L12/56H04L29/06
Inventor 施鸿殊
Owner NEW H3C TECH CO LTD
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap