Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for detecting scanning behaviors of ports

A technology for detecting ports and behaviors, applied in the field of port scanning behaviors and systems, it can solve the problems of high concealment, concealment, and difficulty in detection, and achieve the effect of avoiding false negatives and false positives.

Inactive Publication Date: 2010-12-01
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] There are many forms of port scanning, but they can be divided into two types: TCP port scanning and UDP port scanning. Generally speaking, TCP port scanning is used to obtain the open information of TCP ports, and UDP port scanning is used to obtain open information of UDP ports. Information, TCP port scanning accounts for the vast majority of terminal scanning, and TCP port scanning is divided into TCP SYN Only port scanning and TCP full connection scanning. The former scanning only sends TCP SYN handshake messages, and does not complete complete The three-way handshake process, so it is easier to judge, the latter scan will establish a complete TCP handshake, so it is relatively difficult to detect, and the concealment is relatively high
[0004] From the way of use, port scanning is divided into two types: slow scanning and fast scanning. In most cases, ordinary attackers often use fast scanning to detect ports. It can be easily detected by software, but in order to avoid the detection of detection software, experienced attackers often use the rarer slow scan method for port detection. The method of detecting limited ports for a long time is very concealed. It is difficult to identify them in normal visits, so it has become a major problem for various detection products

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting scanning behaviors of ports
  • Method and system for detecting scanning behaviors of ports
  • Method and system for detecting scanning behaviors of ports

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The technical solution of the present invention will be described in more detail below with reference to the drawings and embodiments.

[0046] refer to figure 1 , which shows a method for collecting port scanning behavior data according to an embodiment of the present invention, including the following steps:

[0047] Step S101: write the corresponding relationship between the protected IP addresses of each client and its open port number in the configuration file;

[0048] Described port number is UDP / TCP port number;

[0049] The client is a host terminal or device;

[0050] Step S102: Continuously capturing network packets, and extracting the source IP address and destination IP address in the network packets;

[0051] Step S103: sequentially judge whether the extracted destination IP address matches the IP address of a certain protected client in the configuration file, if the judgment result is "yes", then enter step S104; if the judgment result is "no", then ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for detecting scanning behaviors of ports. The method comprises the following steps of: writing a corresponding relationship between the IP address of each protected client and an open port number thereof into a configuration file; monitoring the accessed condition of each protected client, and maintaining an open port access list and an unopened port access list of the access clients for the protected clients; calculating the average numbers of open ports and unopened ports, accessed by the access clients, of the protected clients according to the open port access list and the unopened port access list of the access clients for the protected clients respectively; and simultaneously performing quick scanning judgment and slow scanning judgment according to the preset quick scanning judgment rule and the preset slow scanning judgment rule so as to detect the quick scanning behaviors of the ports and well discover the slow scanning behaviors.

Description

technical field [0001] The present invention relates to the detection of port scanning behaviors for network hosts and devices, and in particular to a method of collecting port asset information and port asset activity information of hosts or network devices on network devices or host terminals, and based on these port asset information and port asset information. Asset activity information to detect port scanning behaviors for these network devices and host terminals, including the detection of TCP port scanning and UDP port scanning. Background technique [0002] Port scanning, especially port slow scanning, is a common information collection behavior before network attacks. Attackers use this type of port detection to discover the open services on the target host, and even the type of software running, so that the attacker can conduct attacks. Choose the appropriate attack method and attack count at the right time to infiltrate the target host. Therefore, although the po...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
Inventor 李博牛妍萍
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com