Network intrusion identification method based on anomaly flow and black-white list library of IP terminal

An abnormal traffic, black and white list technology, applied in the transmission system, electrical components, etc., can solve the problems of increasing network burden, complex network traffic of data mining technology operating system, and increased false negative rate, so as to avoid the effect of system crash

Inactive Publication Date: 2015-03-25
STATE GRID CORP OF CHINA +3
View PDF3 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are obvious defects in this method: first, for large-scale distributed attacks, the load of the central console will exceed the processing limit, resulting in an increase in the rate of false positives; second, the data collected by multiple detectors in the network The transmission on the Internet increases the network burden to a certain extent, resulting in a decrease in the performance of the network system; third, due to the delay of network transmission, the data packets processed by the central console cannot reflect the current network status in real time
3. The increasing complexity of the data mining technology operating system and the sharp increase in network traffic have led to an alarmingly rapid increase in audit data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion identification method based on anomaly flow and black-white list library of IP terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in further detail in conjunction with the accompanying drawings and specific embodiments.

[0017] Network intrusion will generate a lot of flooded message data, which will lead to a surge in network traffic data. At the same time, the propagation and attacks of these messages will directly cause the CPU usage of routers and switches on the path to continue to rise, seriously affecting normal routing. and forwarding efficiency, and even cause downtime and complete network paralysis, and the attacked servers and business data centers cannot operate normally. Therefore, how to detect network intrusions in a timely manner has become crucial for power companies.

[0018] In the present invention, first set up such as figure 1 The IP terminal analysis behavior platform shown includes an external network server, an internal network server and a client, wherein the client communicates with the external network server, and the external ne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network intrusion identification method based on anomaly flow and a black-white list library of an IP terminal. The network intrusion identification method includes the steps that a flow preset threshold is set for early warning with a base line analysis method, anomaly flow features are extracted for early warning, the black-white list library is built, early warning is carried out when a server is accessed by a non-white-list IP, and in the monitoring process, a flow analysis library, an anomaly flow feature library and the black-white list library are continuously updated and perfected. When network intrusion to the electric system server is processed with the network intrusion identification method, an alarm can be given in time, a network operation and maintenance person can be reminded to carry out attention and processing in time, and big losses, caused by system crash and network complete paralysis which are caused by network intrusion, of a power grid can be avoided.

Description

technical field [0001] The invention relates to a network intrusion identification method based on IP terminal abnormal traffic and a black-and-white list database, and belongs to the technical field of power system information security. Background technique [0002] In the process of information globalization, electronic information technology is in a period of rapid development. While the scope of information technology continues to expand, the network connection between power data and systems is getting closer. The power system relies more and more on the power information network to ensure the efficient, reliable and safe operation of each system. Nowadays, the power system has been popularized in all aspects of production, operation and management of power enterprises, so the security of power system information is the guarantee for the safe operation of the power system and the reliable power supply to the society. [0003] There are several existing solutions: How to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 夏飞崔恒志张明明丁一新徐晓海梅沁郑海雁官国飞葛崇慧
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap