Network inbreak event association detecting method

An event correlation and detection method technology, applied in the field of network security, can solve the problems of large system resources and time consumption, low alarm information matching efficiency, low efficiency, etc., to achieve accurate identification of attacks, improve accuracy, and improve speed and efficiency. Effect

Inactive Publication Date: 2008-09-24
SHANGHAI JIAO TONG UNIV
View PDF0 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that the matching efficiency of alarm information is very low, the main reason is that the intruder often has to carry out a certain attack hundreds or thousands of times before he may succeed once o

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network inbreak event association detecting method
  • Network inbreak event association detecting method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0021] The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings: this embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the described embodiment.

[0022] like figure 1 As shown, the behavior of hackers invading the system has a certain sequence relationship. Take the use of the Sadmind vulnerability (a system security vulnerability) on the Solaris (a UNIX operating system) host to carry out a denial of service attack as an example. This attack first Buffer overflow attack to obtain the root user authority on the host, and then launch a denial of service attack. Its general intrusion steps are as follows:

[0023] 1. Use the port scanning tool (IPsweep) to scan the target network to detect active host informatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a correlative detecting method of network intrusion events, which pertains to the network security technical field. In the correlative detecting method of the invention, an intrusion detecting system reports the intrusion warning information and stores all warning informations respectively into four database tables. Beginning from the attack of the fourth database table, each warning item in the fourth database table is searched and matched previous hacker attack behavior in the third database table which stores backdoor; if the searching and matching are successful, new searching and matching are carried out; the warning items in the third database table are searched and matched in the second database table which stores promotion authority; the process is analogized until warning items in the first database table are matched, and the results concerning successful matching are stored into the event database table after being associated; beginning from the fourth database table when all warning items are finished, the searching and matching are carried out from the third database table, the process is analogized till the first database table are matched. The correlative detecting method of the invention reduces false warning rate of intrusion event detecting system and improves the accuracy rate of reporting security event.

Description

technical field [0001] The invention relates to a detection method in the technical field of network security, in particular to a network intrusion event correlation detection method. Background technique [0002] With the rapid development of computer networks, the security of information and networks has become an unavoidable problem for countries, enterprises and individuals. As a solution to network security problems, the intrusion detection system has become a new generation of security protection technology after traditional security protection measures such as firewalls and data encryption because it has the characteristics of actively monitoring the network / system to find intrusion behavior. Intrusion detection systems based on misuse usually cannot detect new types of attacks and variant attacks of known attacks, while the false alarm rate of intrusion detection systems based on anomalies is too high. And more importantly, the current intrusion detection system onl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L12/24H04L29/06G06F17/30
Inventor 易平蒋兴浩吴越李建华柳宁
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap