A detection rule optimization configuration method and device

A technology that optimizes configuration and rules, applied in computer security devices, digital transmission systems, instruments, etc., can solve problems such as resource consumption, reduce IPS detection efficiency and performance, and achieve the effect of improving efficiency, avoiding performance consumption, and improving detection efficiency.

Active Publication Date: 2017-07-21
HUAWEI TECH CO LTD
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In IPS threat detection, most of its performance is consumed in the protocol content detection part. Therefore, using the existing method of directly enabling protocol detection rules will also detect protocol threats that do not appear in the network, resulting in IPS consumption. A lot of unnecessary resources are consumed, which reduces the efficiency and performance of IPS detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection rule optimization configuration method and device
  • A detection rule optimization configuration method and device
  • A detection rule optimization configuration method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention belong to the protection scope of the present invention.

[0054] see figure 1 , Embodiment 1 of the present invention provides a detection rule optimization configuration method, characterized in that the method includes:

[0055] S11. Receive network traffic.

[0056] Taking IPS equipment as an example, its protocol detection adopts pattern matching. That is, there are different detection rules corresponding to different protocols. We know that different protocols have different vulnerabilities, and the threats come from attacks on these vulnera...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection rule optimization configuration method and equipment, wherein, the method includes: receiving network traffic; extracting messages in the network traffic, and identifying the Protocol-related information; saving the protocol-related information and the corresponding relationship between the protocol-related information to the first learning association table; matching the corresponding rule items from the vulnerability rule base according to the relevant protocol information, and generating the first simplified rule set. Through the simplified rule set generated by the present invention, subsequent protocol detection is only performed on the protocol threats that may appear in the live network, therefore, the content to be detected later is reduced, the detection efficiency is improved, and unnecessary performance consumption is avoided at the same time .

Description

technical field [0001] The invention relates to the field of configuration of detection rules, in particular to a method and equipment for optimal configuration of detection rules. Background technique [0002] With the widespread use of computers and the continuous popularization of networks, there are more and more threats from inside and outside the network. In order to protect the security of the system, it is necessary to perform threat detection on the network. Protocol content detection is a type of threat detection. [0003] Taking IPS equipment as an example, the existing protocol content detection is mainly performed by pattern matching, that is, different detection rules correspond to different protocol configurations. The IPS device provides the function of custom rules, and detection is performed by adding, enabling or disabling certain detection rules by the user. However, there are thousands of existing protocol types, and tens of thousands of specific prot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06H04L29/08H04L47/2475
CPCH04L63/0263H04L43/028H04L43/18H04L63/0236H04L63/1416G06F21/552G06F21/554
Inventor 蒋武王涛
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap