Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting malicious network behaviors

A behavioral and network technology, applied in the field of network security, can solve problems such as insufficient accuracy and false detection, and achieve the effect of improving accuracy and reducing interference

Active Publication Date: 2015-04-15
SIEMENS AG
View PDF3 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although compared with the signature-based matching technology, the current data mining technology can detect polymorphic and deformed malicious network behaviors more effectively, but the detection accuracy is still not high enough, and false detections often occur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious network behaviors
  • Method and device for detecting malicious network behaviors
  • Method and device for detecting malicious network behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In the following, various embodiments of the present invention will be described in detail with reference to the accompanying drawings.

[0024] In an embodiment of the present invention, the data tuple X={x 1 ,x 2 ,...,x k} (k is an integer) to characterize network behavior, where x 1 ,x 2 ,...,x k Different characteristic attributes used to describe the network behavior, which can be obtained based on groups related to the network behavior. For example, x 1 ,x 2 ,...,x k It can be the key fields in the TCP / IP header and application layer protocol header of packets related to network behavior, the statistical information (for example, frequency) of packets related to network behavior, and the main body of packets related to network behavior keywords, etc. Packets related to network behavior can be sent from mobile terminals, gateway devices in the mobile Internet (for example, Gateway GPRS Support Nodes (GGSN) or Serving GPRS Support Nodes (SGSN) in General Pa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and a device for detecting malicious network behaviors. The device comprises a calculation module and a determination module; the calculation module is used for calculating a correlation degree value of to-be-detected network behaviors and each of multiple behavior classes according to characteristic parameters of each behavior class so as to obtain multiple correlation degree values, the behavior classes include a normal behavior class and at least one network behavior class, and the characteristic parameters of the behavior classes are obtained by means of training by taking the known malicious network behaviors and normal network behaviors as training samples; the determination module is used for determining that the to-be-detected behaviors belong to normal network behaviors or malicious network behaviors according to that the maximum correlation degree value in the correlation degree values is the correlation degree value of the to-be-detected network behaviors and the normal behavior class or the correlation degree value of the to-be-detected network behaviors and one of the malicious behavior classes. By the method and the device, accuracy in malicious network behavior detection can be improved.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for detecting malicious network behaviors. Background technique [0002] With the advancement of mobile communication technology, the mobile Internet has been extensively developed. Subsequently, there have also been many network attacks against the mobile Internet, which have created a great threat to the mobile Internet and mobile terminals. [0003] Traditionally, signature-based matching techniques are used to detect malicious network behaviors in the mobile Internet. However, malicious network behaviors are not fixed. Usually, attackers will make some small changes to malicious network behaviors to generate polymorphic and deformed malicious network behaviors. However, using signature-based matching techniques cannot effectively detect polymorphisms. and deformed malicious cyber behavior. [0004] To this end, many data mining techniques have been propo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F17/30
CPCG06F16/285H04L63/1416H04L63/1483
Inventor 郭代飞隋爱芬林冠洲郭涛
Owner SIEMENS AG
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com