Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data obtaining method of intrusion detection

A technology of data acquisition and intrusion detection, which is applied in the direction of data exchange network, digital transmission system, electrical components, etc., and can solve the problem of false alarm of intrusion detection system, intrusion detection and processing of traffic abnormality, intrusion detection system positioning error attack host, etc. problems to reduce false positives

Inactive Publication Date: 2012-03-28
INVENTEC CORP
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (1) The traffic filtered by the firewall will still appear in the processing of intrusion detection: figure 2 The operation of the data packet acquisition position on the left is located before the firewall operation, so it will obtain the data packets lost by the firewall. These data packets are meaningless to the intrusion detection system, but will cause false positives of the intrusion detection system
[0005] (2) The intrusion detection process cannot be implemented normally for the traffic with the network address translation (NAT) function enabled: the firewall with the NAT operation enabled needs to change the source IP, source port or destination IP, destination port
These operations are figure 2 The "Destination Network Address Translation before Routing (PRE_ROUTING DNAT)" module and the "Source Network Address Translation after Routing (POST_ROUTING SNAT)" module are completed, and the ip and port information of the data packet obtained by the prior art is the information before the NAT operation , so that the intrusion detection system locates the wrong attacking host or the attacked host
[0006] (3) It is impossible to restore the encrypted Internet Protocol Security (Internet Protocol Security, IPsec) data packet into plain text for detection: the IPsec encrypted data packet will be analyzed inside the protocol stack (protocol stack), and the data packet acquisition position of the prior art It is located outside the protocol, so what is obtained is an undecrypted data packet, and the intrusion detection system cannot process the ciphertext data packet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data obtaining method of intrusion detection
  • Data obtaining method of intrusion detection
  • Data obtaining method of intrusion detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The technical solutions of the present invention will be further described in more detail in conjunction with the accompanying drawings and specific embodiments.

[0028] Please refer to image 3 and Figure 4 , image 3 is a system functional block diagram of data acquisition by the intrusion detection system of the present invention, Figure 4 It is a block diagram of the data flow obtained by the intrusion detection system 100 of the present invention. Such as Figure 4 As shown, the three main functional modules of the firewall 200 include three before-routing target network address translation (PRE_ROUTING DNAT) 400, forwarding chain filtering intrusion detection data acquisition (FORWARD) 420 and post-routing source network address translation (POST_ROUTING SNAT) 440 Function point, the data acquisition point of the present invention is located in the "forward (FORWARD) chain filtering", that is, the forwarding chain filtering intrusion detection data acquisit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a data obtaining method of intrusion detection, which obtains data after carrying out forwarding chain filtering on a firewall, wherein the mode for obtaining the data comprises a socket communication mode and a character equipment work mode. The data obtaining method of intrusion detection of the invention can obtain the data filtered by the fire wall, so the false reporting is reduced. In addition, data after the network address translation (NAT) can be obtained, so an attacking party and an attacked party can be correctly positioned. A decrypted Internet protocol security data pack (IPsec data pack) can also be obtained, so the IPsec data flow can be normally processed.

Description

technical field [0001] The invention relates to a data processing method for network security, in particular to a data acquisition method for intrusion detection. Background technique [0002] Intrusion Detection (Intrusion Detection) is the discovery of intrusion behavior. It collects and analyzes information from several key points in a computer network or computer system, and discovers whether there are signs of violations of security policies and attacks in the network or system. An intrusion detection system (IDS) is a combination of software and hardware for intrusion detection. In general, intrusion detection systems can be divided into host-type and network-type. Host intrusion detection systems often use system logs, application logs, etc. as data sources. The data source of the Network Intrusion Detection System (NIDS) is the data packet on the network. [0003] Please refer to figure 1 and figure 2 , figure 1 is a system functional block diagram of data ac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/56H04L29/06
Inventor 李岩刘桂东陈玄同
Owner INVENTEC CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com