Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network inbreak event association detecting method

A technology of event correlation and detection method, applied in the field of network security, to achieve the effect of improving speed and efficiency, reducing the amount of analysis data, and reducing the false alarm rate

Inactive Publication Date: 2010-12-15
SHANGHAI JIAOTONG UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that the matching efficiency of alarm information is very low, the main reason is that the intruder often has to carry out a certain attack hundreds or thousands of times before he may succeed once or twice before proceeding to the next attack.
[0005]This front-to-back matching method is theoretically feasible, but in an actual system, it will consume a lot of system resources and time for search and matching, which is inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network inbreak event association detecting method
  • Network inbreak event association detecting method
  • Network inbreak event association detecting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] 3. If the Solaris host has a vulnerability, use the host with the sadmind vulnerability to launch a buffer overflow attack to obtain the root authority of the host. This attack step needs to be performed multiple times to obtain the root authority of multiple hosts;

[0026] 4. Install denial-of-service attack programs on these hosts that have obtained root authority, and install a control program on one of the hosts;

[0027] 5. The hacker controls the denial of service ddos ​​attack program from the control machine to attack;

[0028] The hacker's intrusion is an orderly process, and only after the previous intrusion steps are successful, the subsequent intrusion steps can be executed normally.

[0029] like figure 2 As shown, this embodiment proposes the following specific steps for the general sequence of the above-mentioned hacking system:

[0030] First, four database tables are established to store four types of original alarm events: scan for vulnerabilities,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a correlative detecting method of network intrusion events, which pertains to the network security technical field. In the correlative detecting method of the invention, an intrusion detecting system reports the intrusion warning information and stores all warning informations respectively into four database tables. Beginning from the attack of the fourth database table, each warning item in the fourth database table is searched and matched previous hacker attack behavior in the third database table which stores backdoor; if the searching and matching are successful, new searching and matching are carried out; the warning items in the third database table are searched and matched in the second database table which stores promotion authority; the process is analogized until warning items in the first database table are matched, and the results concerning successful matching are stored into the event database table after being associated; beginning from the fourth database table when all warning items are finished, the searching and matching are carried out from the third database table, the process is analogized till the first database table are matched. The correlative detecting method of the invention reduces false warning rate of intrusion event detecting system and improves the accuracy rate of reporting security event.

Description

technical field [0001] The invention relates to a detection method in the technical field of network security, in particular to a network intrusion event correlation detection method. Background technique [0002] With the rapid development of computer networks, the security of information and networks has become an unavoidable problem for countries, enterprises and individuals. As a solution to network security problems, the intrusion detection system has become a new generation of security protection technology after traditional security protection measures such as firewalls and data encryption because it has the characteristics of actively monitoring the network / system to find intrusion behavior. Intrusion detection systems based on misuse usually cannot detect new types of attacks and variant attacks of known attacks, while the false alarm rate of intrusion detection systems based on anomalies is too high. And more importantly, the current intrusion detection system on...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06G06F17/30
Inventor 易平蒋兴浩吴越李建华柳宁
Owner SHANGHAI JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com