Suspicious event detection method and system based on URL heterogeneity

An event detection and heterogeneous technology, applied in the field of network security, can solve problems such as lagging response speed and potential safety hazards

Inactive Publication Date: 2014-07-02
HARBIN ANTIY TECH
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to better display the various functions of the website, the browser has changed from the original static role to an operating system that can dynamically run client programs, and it has also brought greater security risks to users.
[0003] Traditional malicious program detection meth...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Suspicious event detection method and system based on URL heterogeneity
  • Suspicious event detection method and system based on URL heterogeneity

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention provides a method and system for detecting suspicious events based on URL heterogeneity, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to enable the above-mentioned objectives, features and The advantages can be more obvious and easy to understand. The technical scheme of the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0028] The present invention first provides a suspicious event detection method based on URL heterogeneity, such as figure 1 Shown, including:

[0029] S101 captures network data packets sent by the user;

[0030] S102 parse the network data packet, and extract the URL in the network data packet;

[0031] S103 determines whether the URL is a highly suspicious event based on the detection rules in the knowledge base, if it is, perform in-depth detection, otherwise, use a preset detection ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a suspicious event detection method and system based on URL heterogeneity. The method includes the steps of firstly, capturing network data packets in the user sending direction; secondly, analyzing the network data packets, and extracting URLs in the network data packets; thirdly, judging whether the URLs are highly-suspicious events or not based on the detection rule in a knowledge base, conducting deep detection if the URLs are highly-suspicious events, and otherwise, conducting detection through a preset detection scheme; fourthly, adding or deleting the detection rule as required, judging whether server ports required by the URLs are system reserved ports or not, judging the URLs to be security events if the server ports required by the URLs are the system reserved ports, and judging the URLs to be the highly-suspicious events if the server ports required by the URLs are not the system reserved ports; fifthly, judging whether domain names of the URLs are meaningful words or not, judging the URLs to be security events if the domain names of the URLs are meaningful words, and judging the URLs to be the highly-suspicious events if the domain names of the URLs are not meaningful words. The suspicious event detection method and system solve the problem that a traditional detection method has an effect on known malicious URLs and has no effect on unknown or non-captured URLs.

Description

Technical field [0001] The invention relates to the technical field of network security, in particular to a suspicious event detection method and system based on URL heterogeneity. Background technique [0002] The web browser used to browse websites has evolved from displaying content to an environment where distributed applications can be executed. In order to better display the various functions of the website, the browser has changed from its original static role to an operating system that can dynamically run client programs, and it also brings greater security risks to users. [0003] Traditional detection methods for malicious programs are mostly based on signatures. The method for URL detection is to match known captured malicious URLs. However, this method is basically invalid for unknown malicious URLs, and its response speed is also far Behind the speed of malicious program development and conversion. Summary of the invention [0004] In view of the above technical prob...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F17/30
Inventor 童志明沈长伟张栗伟
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap