Network virus detecting method based on network data streams and device thereof

A network virus and detection method technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of high false alarm rate and false negative rate, so as to improve performance and reduce false positive rate and false negative rate , the effect of reducing the length

Active Publication Date: 2009-09-30
北京辰信领创信息技术有限公司
View PDF0 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For the network virus detection technology based on data packets, the detection performance is relatively high, but because the data packets captured by the device are out of order, it will cause a relatively high rate of false alarms and false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network virus detecting method based on network data streams and device thereof
  • Network virus detecting method based on network data streams and device thereof
  • Network virus detecting method based on network data streams and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The core of the method of the present invention is to classify network viruses according to file types, so that file types correspond to network virus types, and reduce the number of network viruses that are matched for each data stream; The virus is scanned twice to reduce the length of scanning a single virus; the network data stream is reorganized to reduce the false positive rate and the false negative rate; cross-stream decompression, decoding, unpacking and matching, so that the device can detect transmission in the network Virus; detects embedded network viruses, enabling the device to detect script viruses hidden in PE and OLE2 files.

[0056] Those of ordinary skill in the art know that the general workflow of network virus detection is:

[0057] In the initialization phase, read the network virus information from the virus information database, decrypt and parse the network virus information; in the detection phase, first obtain the data packet by the network packet...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network virus detecting method based on network data streams and a device thereof in a TCP/IP network. The method comprises the steps of classifying network virus according to the types of host files, fragmenting the characteristics of the network virus according to different description types, recombining special numbers of network data packets into network data streams, matching the network virus characteristics after being classified and segmented with the network data streams, detecting implicit network virus in the network data streams and scanning format characteristics of webpage files in the matching process so as to detect embedded network virus. In the invention, twice matching can be carried out for the network data streams and the network virus characteristics to detect the embedded network virus, thereby the network virus spread in the TCP/IP network can be effectively and accurately detected, network users can be prevented from being attacked by network virus spread by a network, and a safe network environment is provided for the network users.

Description

Technical field [0001] The invention relates to the technical field of network and information security, in particular to a network virus detection method and device based on network data flow in a TCP / IP network. Background technique [0002] At present, with the development of the Internet and network application models, people can carry out e-commerce, resource sharing and entertainment activities through the network. The network has gradually become an indispensable part of people’s work, life and study. At the same time, people’s Security requirements are becoming stronger. Currently, in the information security market, firewall products, intrusion detection products, and antivirus products are still mainstream products. With the rapid spread of network viruses and the mature combination of hacker technology, the integration of traditional anti-virus technology and network security technology has become inevitable. Traditional anti-virus technology and intrusion detection te...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L12/56
Inventor 华东明肖小剑邓炜周涛
Owner 北京辰信领创信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap