A method for network intrusion detection and alarm

A technology for network intrusion detection and alarm information, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of high false alarm rate, increased workload of administrators, and excessive false alarms.

Inactive Publication Date: 2011-12-14
NANJING UNIV +1
View PDF2 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although more and more powerful, they all currently have an important problem: too high false positives
On the one hand, this adds a heavy workload to the administrator, so that it may ignore the key attack events that really need to be handled in the system; on the other hand, the high false alarm rate makes automatic intrusion response, such as linkage with the firewall, impossible carry on well

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] According to IDMEF (Intrusion Detection Message Exchange Format) drafted by IDWG (Intrusion Detection Working Group) of IETF, the attributes contained in general IDS alarm information mainly include timestamp, source IP, destination IP, port number , attack type, detector ID, etc. If you want to evaluate the threat degree of IDS alarm information, it is not enough to rely on the information provided by IDS alarm information. For this reason, the following basic elements must be determined.

[0034] 1 node, service

[0035] A node refers to a special machine and device in the network, and a service refers to a network service provided by a node based on a local area network or the Internet. Nodes and services are destinations for connections entering the system.

[0036] 2 node value and service value

[0037] The node value is a quantified value used to represent the importance of the node. We set the node value measurement range from 1 to N, where 1 represents the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Based on the network intrusion detection and alarm method, the IDS alarm information attributes include time stamp, source IP, destination IP, port number, attack type and detector ID, and determine the following basic elements; 1) node and service; 2) node value and service value ;3) node security degree; 4) alarm reliability; 5) alarm risk; The evaluation of the alarm information also needs to evaluate the environmental matching degree of the alarm information, so its algorithm is still multi-layered; 6-1), calculate the environmental matching degree according to the matching degree of known environmental factors; 6-2), use and The method of calculating the matching degree of the environment is the same method to calculate the credibility and danger level and the final alarm threat level; the state of the attack type credibility is divided into three types: high, medium and low, and the values ​​are 1, 0.6, and 0.2 respectively. , the state of the correlation attack is respectively set to three states of strong correlation, weak correlation and no correlation.

Description

1. Technical field [0001] The invention relates to a new method for network intrusion detection and alarm. 2. Background technology [0002] Since James Anderson first proposed the concept of intrusion detection in the 1980s, intrusion detection system as a component of network security has achieved great development. Many R&D institutions and security vendors are conducting research and development in this area, and have launched many corresponding products. Although more and more powerful, they all currently suffer from an important problem: excessive false positives. On the one hand, this adds a heavy workload to the administrator, so that it may ignore the key attack events that really need to be handled in the system; Execute well. 3. Contents of the invention [0003] The object of the present invention is, from the characteristic of IDS (intrusion detection) self, has proposed a Threat-based Dynamic Alerts Analysis TDAA (Threat-based Dynamic Alerts Analysis) mode...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26H04L29/06
Inventor 石进张辰高为刘建邦潘健翔
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products