Multi-step attack alarm associated network service interface development method

A service interface and associated network technology, applied in transmission systems, electrical components, etc., can solve problems such as network attacks that are difficult to deal with, and achieve the effect of solving large amounts of data

Inactive Publication Date: 2014-12-17
JILIN UNIV
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, the alarm correlation part is used to solve the problem that traditional intrusion detection technology can only identify a single attack, and it is difficult to deal with complex network attack behaviors with multiple steps. It analyzes and correlates a large number of alarm information on key nodes.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-step attack alarm associated network service interface development method
  • Multi-step attack alarm associated network service interface development method
  • Multi-step attack alarm associated network service interface development method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0136] 1. LLDOS1.0 attack

[0137] The present invention uses the LLDOS1.0 attack data in the DARPA2000 data set widely used in the security field as the experimental data to describe the specific implementation of the present invention. The time of this data set is from 09:25 to 12:35 on March 7, 2000, and a total of 33,907 alarms were generated, of which 33,786 alarms were related to LLDOS1.0 attacks. The attack process is as attached image 3 shown.

[0138] 2. The home page of the alarm correlation system is attached Figure 4 As shown, the file upload page is as attached Figure 5 shown.

[0139] 3. After the LLDOS1.0 alarm correlation, the relationship between the total number of alarm input, super-alarm training, and the number of super-alarm-related alarms. The results are attached Image 6 shown.

[0140] 4. The statistical results of the above correlation results are shown in Table 5.

[0141] Table 5 LLDOS1.0 alarm, super-alarm training, and the relationship...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a multi-step attack alarm associated network service interface development method, and belongs to the field of safety of network information. A data processing module, an alarm associating module and a network service interface developing module are provided aiming at the process design of the multi-step attack alarm associated network service interface development method; a fuzzy measured value is computed by fuzzy integral, an alarm is combined into a super alarm according to the measured value, a threshold value represented by an integral value is updated according to the combination situation of the alarms, and the support alarm is generated, weed out or deleted in a super alarm queue according to the integral value. The association of the alarms is achieved in a fuzzy integral manner, and distributed by the network service interface for being invoked. According to the method, the problems that a traditional intrusion detection system is large in system resource consumption and cannot be applicable to various terminals, in particular to mobile terminals, are overcome. Burdens of network safety staffs can be relieved, and protection to complex network attacks can be performed in a targeted manner.

Description

technical field [0001] The present invention relates to the field of network information security, in particular to a method for developing a multi-step attack alarm association network service interface, which is a method for multi-step attack alarm association with fuzzy integrals. and terminal calls for alarm correlation. Background technique [0002] As computers have brought great changes to people's way of life and work, various security issues continue to emerge, seriously threatening the security of personal, company and even national information. Traditional methods of protecting computer security are mainly passive defenses, such as firewalls, encryption, and antivirus software. The intrusion detection system (IDS) uses active methods to detect potential and ongoing threats in the network in real time, which is an effective method to ensure network security. [0003] The concept of IDS (Intrusion Detection Systems) was first proposed in the 1980s. At present,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 胡亮李泰辉解男男努尔布力张振胡洁珺
Owner JILIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap