Method and device for detecting intrusion

An intrusion detection and data flow technology, applied in the field of information management, can solve the problems of untraceable attack behaviors of unknown types, and inability to detect misuse detection type IDS.

Inactive Publication Date: 2012-09-19
BEIJING VENUS INFORMATION TECH +1
View PDF4 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention provides an intrusion detection method and device, which solves the problems that the misuse detection type IDS cannot detect unknown types of attack behaviors and cannot trace and omission of reported attack behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting intrusion
  • Method and device for detecting intrusion
  • Method and device for detecting intrusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The current misuse detection IDS has the following deficiencies:

[0042] 1. Unable to detect unknown types of attacks. Because the misuse detection IDS always detects based on the characteristics of known attacks, when a new attack method appears, before it is mastered by IDS vendors, IDS vendors will not be able to extract the characteristics of this type of attack and analyze the IDS The feature database of the product is upgraded, so that the IDS product does not have the ability to detect this new type of attack, so even if the host is found to be attacked, it cannot detect the source and type of the attack.

[0043] 2. Unable to trace the underreported attacks. Since the misuse detection IDS always detects attacks based on the traffic captured in real time, it is impossible to trace back the attack behaviors that are not detected in real time. There are many reasons for false negatives. For example, it may be because the real-time traffic exceeds the processing ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for detecting intrusion, and relates to the field of information management. The problem that a misuse detection IDS (intrusion detection system) cannot detect unknown type aggression or trace report failure aggression is solved. The method includes the steps: loading a feature library including a plurality of intrusion behavior features; acquiring data stream to be analyzed; and analyzing the data stream to be analyzed according to the feature library and matching the data stream with an intrusion behavior conforming to the intrusion behavior features in the feature library from the data stream to be analyzed. The method and the device are applicable to the detection process of the IDS, and realize comprehensive and reliable intrusion detection.

Description

technical field [0001] The invention relates to the field of information management, in particular to an attack detection method and device. Background technique [0002] In order to alleviate the increasingly serious information security problems, more and more enterprises and institutions have deployed Intrusion Detection Systems (IDS) to detect and deal with malicious attacks. [0003] IDS can be divided into two types from the principle of implementation: anomaly detection type and misuse detection type. Anomaly detection IDS will first establish a normal profile model of the monitored network, such as network traffic, TCP / IP connections, etc., and then judge whether there is an intrusion based on the deviation between the measured value at the time of detection and the normal model. This method is capable of detecting both known and unknown intrusions, but has a high rate of false negatives and false positives. The misuse detection IDS will first extract the character...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 周涛潘宇东许立广
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap