Method for detecting WEB service abnormality

A web service and anomaly detection technology, applied in the field of network security, can solve problems such as lag

Inactive Publication Date: 2010-01-27
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The biggest flaw of this technical route is that this method must extract the attack characteristics of known attacks in advance, and this method has the inherent defect of lagging behind unknown attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting WEB service abnormality
  • Method for detecting WEB service abnormality

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] At first, explain the thought of the present invention:

[0021] Through the analysis and research of the TCP / IP and HTTP protocol communication messages between the client and the Web server in various states, the normal state of the Web server, the abnormal state of the attack, and the communication report are established. By analyzing the behavior patterns of network communication packets, we can discover the status changes of the Web server, thereby detecting unknown denial-of-service attacks. The request data part is extracted and recorded, so that the attack detection device using the transparent series access mode can further detect and block the same attack in the future; the attack detection device using the bypass mode can promptly report to the police when the attack occurs and log and provide attack signatures to administrators.

[0022] Second step, explain basic principle of the present invention:

[0023] Correspondence Model between Web Server State an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for detecting WEB service abnormality, which comprises the following steps: analyzing and establishing a corresponding relation between a state of a Web server (4) and a behavior of communication message; detecting and analyzing network communication message in real time, and acquiring the state of the Web server (4) and transition thereof according to the behavior of the communication message; and judging and reporting whether the Web server is subjected to unknown denial service attack according to the state transition condition of the Web server (4). By analyzing and establishing the corresponding relation between the state of the Web server and the behavior of the communication message, detecting the message in real time and analyzing the corresponding state and transition of the Web server, the method can discover the abnormal state of the Web server, and can warn and stop the unknown denial service attack, and prevent, extract and record the network message with attack characteristics compared with the prior method.

Description

technical field [0001] The invention relates to network security, in particular to a method for detecting abnormalities in WEB services. Background technique [0002] The detection of unknown attacks and unknown denial-of-service attacks has always been a difficult problem in the fields of network intrusion prevention, network intrusion protection, and anti-denial of service. None of the industry's network intrusion detection, network intrusion protection, and anti-denial of service products can detect, alarm, protect and defend against unknown new denial of service attacks. The fundamental reason is that the industry's network intrusion detection, network intrusion protection and anti-denial of service products basically use feature matching to detect, alarm, block and protect. The biggest defect of this technical route is that this method must extract the attack characteristics of known attacks in advance, and this method has the inherent defect of lagging behind unknown ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 赵海峰牛妍萍
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap