Method and system for detecting and defending multichannel network intrusion

An intrusion detection and network technology, applied in the field of network communication, can solve problems such as slow calculation convergence speed, inability to adapt to DDOS attack classification and calculation, etc., to achieve the effect of improving system resource occupancy rate, increasing real-time performance, and efficient positioning and searching

Inactive Publication Date: 2012-07-04
NORTHWESTERN POLYTECHNICAL UNIV
View PDF3 Cites 63 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above is the original neural network calculation, but for the existing attack model, the calculation convergence speed is too slow to adapt to the classification and calculation of DDOS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting and defending multichannel network intrusion
  • Method and system for detecting and defending multichannel network intrusion
  • Method and system for detecting and defending multichannel network intrusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] Now in conjunction with embodiment, accompanying drawing, the present invention will be further described:

[0063] The first part of the kernel access monitoring program

[0064] For DDOS distributed denial-of-service attacks in the network, as well as for the control of some hosts, we can use the monitoring in the kernel to resist some external attacks.

[0065] 1.1 Structure and interface model

[0066] Existing projects are loaded in the driver mode, and the core module mainly deals with file access control. You can understand the position of the kernel driver access monitoring system in the existing security module through a complete security module:

[0067] From figure 2 We can see that several modules in the user application layer obtain the support of various modules in the kernel through the kernel interface, such as the file monitoring module, which controls file IO access through the kernel monitoring module in the kernel space, and then feeds back to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a system for detecting and defending multichannel network intrusion, wherein a half-polling manner is used in a network card driver at a network side to capture a data packet and from a rule for judging abnormal traffic. At an operating system side, secure access control is realized by additionally setting authority control in a Capability module of Linux, meanwhile, monitoring and control treatment is performed on a kernel layer of an operating system, and the monitoring of Trojan and other abnormal operations or virus destruction is realized by carrying out credential privilege arbitration on processes, operating an i-node and carrying out secure control on an application layer. Formed feature data are gathered and sent to a Bayes model for classification, an improved backward propagation neural network (BPNN) is guided in to carry out data training so as to make the produced rule capable of defending corresponding attacks. The system disclosed by the invention comprises three modules and five submodules, wherein the three modules include a network data packet processing module, an operating system layer detecting module ad a detection center module.

Description

technical field [0001] The invention relates to network communication, detection and protection of network attacks, in particular to a network multi-path intrusion detection and defense method and system. Background technique [0002] For the network monitoring part, domestic and foreign mainly focus on capturing data packets on the network through some standard function libraries, calling network card devices, etc. The specific classification can be roughly divided into network bypass monitoring part and operating system monitoring part. [0003] Network bypass monitoring: The monitoring program is used in different ways in different operating systems. In the Windows environment, there are 3 options to choose from to realize network monitoring by programming. The details are as follows: [0004] (1) Raw Socket (raw socket), originally one of the most popular network programming interfaces on Unix, and later Microsoft introduced it into Windows and realized it. [0005] (2...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 马博慕德俊
Owner NORTHWESTERN POLYTECHNICAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap