Network attack detection method

A detection method and network attack technology, applied in the field of network security, can solve the problems of increasing the number of alarms, reducing the quality of alarms, and being unable to accurately describe attack behaviors

Active Publication Date: 2010-07-14
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF0 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It can be seen that in the absence of host information, the network security infrastructure cannot accurately describe the attack behavior, which will bring a large number of false positives. These false positives will greatly increase the number of alarms on the one hand, and greatly increase the number of Reduced quality of alerts

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack detection method
  • Network attack detection method
  • Network attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] The core technical content of the present invention will be described in further detail below through embodiments in conjunction with the accompanying drawings.

[0062] This embodiment describes a specific network attack detection method based on the attack graph method.

[0063] 1) Implementation details of step 1):

[0064] The network security infrastructure used in the present invention may be a firewall or an intrusion detection system. Taking Snort as an example, Snort is an open source and free network intrusion detection system (NIDS), which can be deployed on the network boundary to detect misuse of all data passing through this boundary. Snort provides interfaces, and users can use these interfaces to develop their own plug-ins and generate alarm information in a custom format. Step 1) The alarm in IDMEF format can be generated by adding a plug-in in Snort.

[0065] 2) Obtain the host status associated with the alarm behavior and use it to judge the validi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack detection method, which belongs to the technical field of the network safety, and comprises the following steps: 1) alarm which is obtained from a network safety infrastructure is converted to an alarm in a uniform form; 2) the status information of a host computer which is associated to the alarm action is obtained, the alarm association action is judged whether to take effect according to the status information, and when one alarm association action is invalid, the alarm is abandoned, otherwise the alarm is marked as valid; and when the status information of the host computer which is associated to the alarm action cannot be obtained, the alarm is marked as undetermined; 3) valid alarm and undetermined alarm are aggregated to generate a safety event; 4) the attack graph is instantiated by the generated safety event to obtain an attack scene graph; 5) and the attach scene graph which satisfies the conditions is outputted, and the attack type is determined. The method effectively reduces the expenditure of the attack graph algorithm, and is free from reducing the timeliness of the discovering process while improving the network attack accuracy.

Description

technical field [0001] The invention relates to a network attack detection method, which is applied to a P2P peer-to-peer network to discover real attacks from alarm data by using an attack graph, and belongs to the technical field of network security. Background technique [0002] Various network security infrastructure deployed at each node in the network will report a large number of alarms every day. These alarm data have the characteristics of large quantity, wide distribution of sources, inconsistent format, and high false alarm rate. Manual analysis alone cannot detect these alarms. data are processed efficiently. Currently widely used network security infrastructure includes intrusion detection systems and firewalls. Network attacks generally have many attack steps, and these steps have different characteristics. In particular, the behavior of some steps will exist in large numbers on the network, such as port scanning, so the number of alarms provided by the networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/26
Inventor 聂楚江许佳和亮
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap