Network anomaly behavior detection method based on out-degree and in-degree of host

A technology of access and host, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problem of difficult effective extraction and identification of packet and flow characteristics

Active Publication Date: 2014-11-05
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF3 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] With the popularity of various protocol encryption and the emergence of various forged and imitated protocols in network security attack and defense, it is becoming more and more difficult to effectively extract and identify packet and flow characteristics

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] Examples are given below to describe the present invention in detail.

[0020] Most of the network anomaly detection algorithms are researched and analyzed on the basis of the overall topology of the computer network, but rarely consider the relationship between the access degree of a single host and network anomalies. Based on the communication principles of computer networks and the propagation principles of some network anomalies, such as worms, the applicant first guessed that there is a certain relationship between the abnormal behavior of computer networks and the ingress and egress of hosts. Through experiments, it is found that there is indeed a certain mathematical law between some network anomalies and the ingress and egress of hosts. On this basis, a network abnormal behavior detection method based on "host access degree" is proposed. From a relatively macro perspective, the method detects the output and entry degrees of IP addresses for hosts, and identifies...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting network anomaly behaviors based on the out-degree and in-degree of a host, and provides a host attribute determination and attack detection method from a brand new aspect. A certain quantity of types of network behavior detection and anomaly behavior monitoring can be realized under the condition of low technical difficulty and low resource consumption. A degree, the out-degree and the in-degree are defined firstly, wherein the degree is the connection quantity of quadruples; the out-degree refers to the connection quantity of quadruples transmitted by the host to other hosts; and the in-degree refers to the connection quantity of quadruples received from other hosts by the host. According to the method, detection of the network anomaly behaviors is realized according to whether the out-degree and in-degree proportions of the host surpass a known range or not; and the out-degree and in-degree proportion ranges of different service hosts are different.

Description

technical field [0001] The invention relates to network anomaly detection technology, in particular to a method for detecting network anomaly behavior based on host access degree. Background technique [0002] In the current network security industry, for network attack detection, P2P traffic purification and other fields, the traditional packet inspection technology (DPI) technology is currently used for protocol identification and traffic screening. Even the newer DFI technology still focuses on the micro Protocol identification and detection are performed on a flow-by-flow basis. [0003] With the popularity of various protocol encryption and the emergence of various forged and imitated protocols in network security attack and defense, it is becoming more and more difficult to effectively extract and identify packet and flow characteristics. Contents of the invention [0004] In view of this, the present invention provides a method for detecting abnormal network behavi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 贺欣刘刚王大伟刘永强王秀文杜大帅张慧李城龙贺龙涛
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap