Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network intrude detecting method based on inherent subsequence mode decomposition

A network intrusion detection and pattern decomposition technology, which is applied in the field of network intrusion detection, can solve problems such as practical difficulties, large amount of calculation, and complicated NativeAPI calling process

Active Publication Date: 2008-08-27
四川电子科技大学教育发展基金会
View PDF2 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0052] This method has a large amount of calculation, the establishment of first-order and second-order models, the calculation of parameters, and the process of training and building models for normal data are very complicated, and it is difficult to apply them in practice.
And this method only considers the relationship between the two steps before and after the process to call the Native API, but the Native API call process in the actual situation is very complicated, and only considering the two steps before and after the relationship model is not enough to describe the complex call process of the process to the Native API in the actual operating environment
Therefore, this method is only applicable to the detection of certain intrusions, and cannot be generally applied to intrusion detection in real-time environments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrude detecting method based on inherent subsequence mode decomposition
  • Network intrude detecting method based on inherent subsequence mode decomposition

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0085] The present invention is further described below in conjunction with embodiment.

[0086] 1. Network data acquisition and preprocessing

[0087] This program uses WINCAP to intercept network data packets. WINPCAP is a third-party software driver package applied to Windows platform for data packet capture and network analysis. It provides Windows applications with the ability to access the bottom layer of the network. The main idea comes from the Unix system. The famous BSD packet capture framework. The basic architecture of WINPCAP consists of three modules.

[0088] 1. NPF (Network Packet Filter) is the core component of the WINPCAP architecture. It works at the core level of the system and is used to filter data packets and add information such as time stamps and data packet lengths to the packets. NPF directly obtains the data packet from the data link layer through NDIS, and forwards it to the application layer program without modification. NPF also allows users ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network intrusion detection method which makes decomposition based on an inherent subsequence mode, including the following steps: 1, network data interception and pretreatment are done; 2, the sequence of a normal training set and a suspected sequence respectively go through the inherent sequence pattern mining, wherein, a sequence chart is established for the sequences; a closed path in the sequence chart is located and identified as a candidate sequence for the inherent subsequence mode; the inherent subsequence modes composing each candidate sequence are located according to the original sequence; 3, stratification is made in accordance with the support degree; 4, anomaly detection is done as follows: firstly, the inherent subsequence modes of the suspected sequence and the normal sequence respectively and independently form a plurality of layers in accordance with the respective support degree, then the inherent subsequence mode of the suspended sequence and the normal subsequence are matched in the corresponding layer, finally, the anomaly degree is calculated based on the number of matches so as to judge whether the suspected sequence is abnormal. The method overcomes the deficiencies in the prior art and can accurately and effectively identify the existing attacks and the increasing number of new attacks.

Description

technical field [0001] The invention relates to the technical field of computer networking network security, in particular to a network intrusion detection method. Background technique [0002] The development of computer networking technology has changed the computing model dominated by stand-alone computers. However, the risks and opportunities of network intrusion have correspondingly increased dramatically. Designing security measures to prevent unauthorized access to system resources and data is a very important and urgent problem in the field of network security. Intrusion detection is a kind of network security technology produced and developed under this background. Specifically, intrusion detection is to monitor the operating status of the network system, detect and discover various attack attempts, attack behaviors or attack results, so as to ensure the confidentiality, integrity and availability of system resources. Intrusion detection technology is mainly divi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/36H04L29/06
Inventor 朱莺嘤叶茂赵欣李丽娟孟喜
Owner 四川电子科技大学教育发展基金会
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com