Real-time intrusion detection method based on data mining

A technology of intrusion detection and data mining, applied in the direction of electrical digital data processing, special data processing applications, instruments, etc., can solve the problem of incomplete and inaccurate expert knowledge, difficult to modify or merge with new detection models, and lack of detection of attack methods Ability and other issues

Inactive Publication Date: 2012-06-27
NANJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) Lack of effectiveness: Existing rule bases, knowledge bases, and statistical methods are all hand-coded based on expert knowledge. Faced with complex network environments, expert knowledge is often incomplete and inaccurate;
[0006] (2) Lack of adaptability: When writing detection codes, experts generally focus on analyzing known system vulnerabilities or attack modes, and lack detection capabilities for unknown attack methods
[0007] (3) Limited scalability: Because experts design detection models based on experience, such models are often only aimed at a specific detection environment, and the original detection rules and detection models are generally difficult to modify or merge with new ones.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time intrusion detection method based on data mining
  • Real-time intrusion detection method based on data mining
  • Real-time intrusion detection method based on data mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] figure 1 is an architecture of the present invention which includes sensors, detectors, a data warehouse, data analysis engine, adaptive policy manager and adaptive pattern manager. The system adopts a distributed architecture and consists of a series of automation components. The components here are independent in design, but can be centrally managed through the data warehouse. Components access each other through a public protocol, where the public protocol uses Extensible Markup Language (XML).

[0039] The basic working relationship between various components such as figure 2 shown.

[0040] Below is the main workflow of the present invention:

[0041] The sensor collects and formats information from the system environment or network environment, and then sends it to the data warehouse for storage. The data analysis engine extracts information from the data warehouse in real time, uses the marking tool to mark the data, and extracts the features of the marked i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a real-time intrusion detection method based on data mining. An ASM (adaptive strategy management) module and an AMM (adaptive model management) module are added into a distributed real-time system framework and used for automatically generating and distributing detection strategies and detection models of an intrusion detection system based on data mining respectively. By the aid of the structure, the problems in terms of automation of related data, automatic generation and distribution of the detection models and the detection strategies, and real-time data evaluation can be solved. A distributed system comprises some components which can be flexibly changed in the system framework to adapt to different environmental changes and meet the demands of users.

Description

Technical field [0001] The present invention is a technical solution for intrusion detection. It mainly applies data mining technology to real -time invasion detection applications, which belongs to the field of computer network security technology. Background technique [0002] With the rapid development of information technology, the risk and opportunities of network invasion have also increased sharply. Design security measures to prevent the resources and data or malicious attacks of unauthorized access system resources and malicious attacks, which has become a very in the current field of cyber security.Important and urgent issues.As an important support technology for information security, the invasion testing technology has developed significantly, and has become an important part of the structure of the security protection system. [0003] Invasion testing refers to the process of discovering and identifying unauthorized interviews or malicious attacks and invasion in a s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30H04L29/06H04L29/08
Inventor 任勋益陈丹伟祁正华余洋张俊锋
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap