Attack detection rule opening method, and equipment

A technology of attack detection and rules, which is applied in the field of communication, can solve the problems of affecting security, missing attacks, reducing the utilization rate of attack detection rules, etc., and achieve the effect of balancing cost and security and increasing the number

Active Publication Date: 2015-08-19
NEW H3C TECH CO LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Based on this, if all attack detection rules are directly enabled on the network device, a large number of attack detection rules will be enabled, and there are many attack detection rules that the network device needs to process, which will inevitably lead to a decrease in the processing performance of the network device
If only a small number of attack detection rules are enabled on network devices, the utilization rate of attack detection rules will be reduced, and some attacks may even be missed by network devices, affecting security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack detection rule opening method, and equipment
  • Attack detection rule opening method, and equipment
  • Attack detection rule opening method, and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] Aiming at the problems existing in the prior art, the embodiment of the present invention provides a method for enabling attack detection rules, which intelligently adjusts the number of enabled attack detection rules in real time, and reduces the number of enabled attack detection rules under the condition of controllable false positives. In the embodiment of the present invention, the attack detection rule table is pre-configured on the network device, and the triggering and opening rule set is configured for the attack detection rule. The attack detection rule and the corresponding attack detection rule in the triggering and opening rule set are attacks of the same attack type. A detection rule or an associated attack detection rule is, for example, an attack detection rule for detecting a cross-site scripting attack.

[0024] In the embodiment of the present invention, the attack detection rule table includes information of a plurality of attack detection rules, and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack detection rule opening method, and equipment. The method includes the steps that network equipment determines whether a current opened attack detection rule has a corresponding trigger opening rule set when flows are made to match the current opened attack detection rule; the network equipment obtains a rule identification in the trigger opening rule set if the current opened attack detection rule has a corresponding trigger opening rule set; and when the default state of the attack detection rule corresponding to the rule identification is a non-set state and the intelligent state of the attack detection rule corresponding to the rule identification is a non-set state or a closed state, the network equipment starts the attack detection rule corresponding to the rule identification, and modifies the intelligent state of the attack detection rule corresponding to the rule identification to be an opening state. According to the embodiment of the invention, the cost and the security of the network equipment can be as balanced as possible.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a method and device for enabling an attack detection rule. Background technique [0002] With the improvement of users' awareness of network security technology and network security products, users pay more and more attention to the number of attack detection rules supported by network devices, and with the steady increase in the number of new vulnerabilities every year, the number of attacks supported by network devices The number of detection rules has also exploded. Based on this, if all attack detection rules are directly enabled on the network device, a large number of attack detection rules will be enabled, and the network device needs to process many attack detection rules, which will inevitably lead to a decrease in the processing performance of the network device. If only a small number of attack detection rules are enabled on network devices, the utilization rat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 张惊申
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap