Intrusion detection method and device
An intrusion detection and entry technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of inability to detect intrusion events, inability to detect Linux system kernels, etc., to improve system reliability and achieve the effect of protection
Active Publication Date: 2014-01-15
GUANGZHOU HUADUO NETWORK TECH
View PDF3 Cites 7 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
At present, the information collected and analyzed in the host intrusion detection technology based on the Linux system belongs to the information of the user state, and the Linux system kernel cannot be detected, so the intrusion event of the Linux system kernel state cannot be detected.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0086] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.
[0087] figure 1 It is a flowchart of an intrusion detection method provided by an embodiment of the present invention. The executive body of this embodiment is a terminal device, see figure 1 , the method includes:
[0088] 101. Obtain a system call list;
[0089] 102. Deriving a system call pointer from the system call linked list;
[0090] 103. Process the system call pointer with a fingerprint algorithm to obtain system call pointer fingerprint data;
[0091] 104. Comparing the fingerprint data of the currently acquired system call pointer with the fingerprint data of the system call pointer pre-stored at the local end;
[0092] 105. When it is determined that the currently acquired system call pointer fingerprint data is incon...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an intrusion detection method and device, and belongs to the technical field of computer security. The method comprises the steps that a system call chain table is obtained; a system call pointer is derived out of the system call chain table; the system call pointer is processed through a fingerprint algorithm, and system call pointer fingerprint data are obtained; the system call pointer fingerprint data obtained at present are compared with system call pointer fingerprint data prestored in a home terminal; when the system call pointer fingerprint data obtained at present are determined to be inconsistent with the system call pointer fingerprint data prestored in the home terminal, an intrusion event is determined to occur in the hole terminal. The intrusion detection device comprises a first obtaining module, a deriving module, a fingerprint algorithm processing module, a first comparison module and a first determining module. According to the intrusion detection method and device, the present fingerprint data are compared with the prestored system call pointer fingerprint data to judge whether the intrusion event occurs, the intrusion event to a system kernel mode can be detected, comprehensive protection of a system is achieved, and system reliability is improved.
Description
technical field [0001] The invention relates to the technical field of computer security, in particular to an intrusion detection method and device. Background technique [0002] As Linux systems are more and more used in enterprise servers, how to improve the security of Linux systems has become a problem worthy of attention. [0003] In order to provide real-time protection for the Linux system, the host intrusion detection technology is generally used to detect whether there is an intrusion event in the system by collecting and analyzing system logs, user-mode configuration files, library files, and system instructions. [0004] In the process of realizing the present invention, the inventor finds that there are at least the following problems in the prior art: [0005] The Linux system divides itself into two parts: user mode and kernel mode. At present, the information collected and analyzed in the host intrusion detection technology based on the Linux system belongs ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 韩方张涛
Owner GUANGZHOU HUADUO NETWORK TECH