Security analysis framework based on network traffic meta data

A technology for security analysis and network traffic, applied in the field of security analysis framework based on network traffic metadata, can solve problems such as network attack detection point lag, lack of unknown threat perception capabilities, lack of intelligent backtracking and correlation analysis capabilities for security events, etc. Achieve the effect of improving accuracy and emergency response time and ensuring safety

Inactive Publication Date: 2015-07-01
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
View PDF1 Cites 91 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In short, in the face of the challenges of unknown targeted attacks such as APT, the current network security defense system has the following limitations: most of the detection methods of network attacks are based on known knowledge and characteristics, and lack the ability to perceive unknown threa...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security analysis framework based on network traffic meta data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] The security analysis framework consists of a data layer, an analysis layer, a support layer, and a display layer. Through the acquisition, preprocessing, and storage of metadata related to users, applications, locations, operations, and time in network traffic, key technologies, With the support of core algorithms, auxiliary resources and model libraries, the security analysis and display of network metadata can be realized.

[0026] The data layer includes three parts: data acquisition, data preprocessing and data storage, wherein data acquisition obtains data through network traffic, application program interface API, non-API, SNMP and other methods, from DNS, HTTP, FTP , SMTP protocol analyzes and extracts metadata related to networks, personnel, applications, sessions, locations, operations, and time; data preprocessing includes data cleaning, generalization, marking, and association to provide standardized guarantees for subsequent storage and analysis; Data stora...

Embodiment 2

[0040] Taking the detection of malicious and unknown attacks through HTTP traffic as an example to illustrate a security analysis framework based on network traffic metadata, including:

[0041] Data layer: includes three parts: data acquisition, data preprocessing and data storage; use network flow technology (NetFlow, sFlow) to obtain metadata of HTTP GET, POST and server return type, respectively:

[0042] a) HTTP GET metadata: including timestamp, domain name, URL (remove domain name), Referer, user IP, user port, server IP, server port, User-Agent;

[0043] b) HTTP POST metadata: including timestamp, domain name, URL (remove domain name), sending type, sending bytes, Referer, user IP, user port, server IP, server port, User-Agent;

[0044] c) Server return type: including timestamp, HTTP status code, file type, file size, server IP, server port, user IP, user port;

[0045] For the massive HTTP traffic metadata obtained by analysis, it is regularly imported to the HDFS f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security analysis framework based on network traffic meta data. The framework comprises a data layer, an analysis layer, a supporting layer and a displaying layer; the meta data of users, application, location, operation and time relevant to network traffic are acquired, compressed and stored, by means of the key technology, core algorithm, assistant resource and model database of the supporting layer, the secure analysis and displaying of the network meta data are implemented. According to the framework, the network traffic is acquired, the traffic meta data are extracted, the suspected malicious attacks existing in the network traffic are detected by the big data technology, the accuracy of malicious attack detection can be improved, the emergency responding time can be prolonged, and the security of the IT environment is guaranteed effectively; the theoretical basis and guidance are provided for deep security analysis of the network big data, and the significant value can be brought to malicious unknown attack detection, attack tracing and forensic analysis, network security situation awareness and other aspects.

Description

technical field [0001] The invention relates to the technical field of computer network information security, in particular to a security analysis framework based on network traffic metadata. Background technique [0002] With the rapid development of network communication technology, the continuous deepening of Internet applications, and the increasingly rich information carried, the Internet has become an important infrastructure of human society. However, misconfigurations in the network, targeted attacks such as DDoS attacks, worm outbreaks, and advanced persistent threats occur from time to time, and the Internet is facing severe security challenges. [0003] Anomaly detection is valued by academia and industry because it can detect unknown attacks. Researchers have proposed a large number of anomaly detection methods and systems. However, with the continuous growth of network bandwidth and the continuous progress of network attack and defense games, the network itself ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/26
Inventor 李清玉颜斌
Owner LANGCHAO ELECTRONIC INFORMATION IND CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap