Method and system for program network behavior recognition

An identification method and network technology, applied in the computer field, can solve the problem of inaccurate identification of the network behavior of new programs or new variants, and achieve the effect of improving network security

Active Publication Date: 2016-12-28
三六零数字安全科技集团有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The biggest disadvantage of such a traditional solution is that there is a lag, and samples of new threats must be found and analyzed in order to effectively intercept them
[0004] It can be seen that the traditional program network behavior identification method cannot accurately identify the network behavior of new programs or new variants.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for program network behavior recognition
  • Method and system for program network behavior recognition
  • Method and system for program network behavior recognition

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0016] Most traditional program network behavior recognition schemes start with known data, that is, try to find which parts of the data are known, and then find useful parts from the known data to determine whether the data is a threat. But the disadvantage of this approach is that once the application layer data of network data is unknown, there will be very little effective known data that can be obtained, so it is difficult to m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for procedure network behavior identification. The system comprises a client-side and a cloud server. The client-side is used for obtaining a data packet of a procedure in prior network behavior and receiving an identification result returned by the cloud server in the process of accessing network of the procedure. The cloud server is used for receiving the data packet, obtained by the client-side, of the prior network behavior of the procedure and judging whether an unknown treaty is included in application layer data. If the treaties in the application layer data are all known, the prior network behavior of the procedure is marked to be the network behavior capable of being identified of the procedure. If the unknown treaty is included, the network behavior is marked to be the dubious network behavior of the procedure. The identification result is sent to the client-side so that accurate identification of the network behavior of the procedure is achieved.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a program network behavior recognition method and system. Background technique [0002] As we all know, in today's Internet environment, the most widely used network structure satisfies the DoD model (also known as the TCP / IP protocol family). The DoD model includes: link layer, Internet layer, transport layer and application layer. If a program wants to send or receive Internet data, it needs to make its data conform to the TCP / IP protocol standard, so that the data can be transmitted accurately and effectively on the Internet. Among these four-layer protocols: the data structure of the link layer, the Internet layer, and the transport layer has a set of relatively strict standards, and programmers cannot change its structure without authorization, so it is easy to be monitored by security software or security equipment. Critical data is difficult to camouflage. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 刘海粟张聪熊昱之
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap