Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Server network behavior description method

A server and network technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of many differences, poor new attack or intrusion detection effect, high false positive rate, etc., to achieve intuitive and reliable results, The effect of reducing the false negative rate and high accuracy

Active Publication Date: 2015-11-18
成都蜀道易信科技有限公司
View PDF2 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This detection method is similar to the detection method of computer viruses, and its recall rate depends entirely on the coverage of the rule base. Once the attacker modifies the attack characteristic pattern to hide his behavior, this detection method is powerless. Therefore, for new attacks or The intrusion detection effect is very poor, which will result in a high rate of false positives; when new attack methods appear, new rules and detection methods need to be added to the signature database, so it is necessary to continuously update and maintain the signature database; in addition, in order to detect a variety of To detect attacks, the system needs to maintain a huge attack pattern library, and the detection must match the rules in the pattern library one by one, so the system cost is high
[0008] The current main methods of intrusion detection are based on the idea of ​​misuse detection. According to the characteristics of specific network attacks, specific traffic detection modes are written, and then the collected traffic data is matched with known attack modes; detection methods based on abnormal traffic characteristics The disadvantage is that it is necessary to write corresponding rules for each attack to detect anomalies. However, as the network and application environment become increasingly complex, it is difficult for the original strategy to detect emerging new types of network attacks. There are many differences in the definition of abnormal features, so the adaptability and scalability of detection methods based on abnormal features are increasingly difficult to meet the protection needs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Server network behavior description method
  • Server network behavior description method
  • Server network behavior description method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0050] A server network behavior description method, comprising the following steps:

[0051] (1) Obtain the flow information of entering and exiting the server through the data packet sniffing module;

[0052] (2) Extract the flow information according to the flow attributes through the flow attribute extraction and calculation module, and make statistics on the flow corresponding to each flow attribute according to the time window to form historical data;

[0053] (3) Calculate the acquired historical data through the system parameter learning module that interacts with the historical data in real time, and obtain the system parameters based on the stability of the traffic structure;

[0054] (4) Construct a dynamic normal flow profile according to system parameters and historical data;

[0055] (5) Construct the current traffic structure a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a server network behavior description method. The method comprises the steps that (1) traffic information in and out of a server is acquired; (2) according to traffic attributes, the traffic information is extracted, and according to a time window, traffic corresponding to each traffic attribute is counted to form historical data; (3) the historical data are calculated to acquire system parameters based on the traffic structure stability; (4) a dynamic normal traffic contour is built; (5) the current traffic structure is constructed; and (6) a difference measurement method is used to compare the normal traffic contour and the current traffic structure, and whether a network is normal is judged according to the size of a difference value. According to the invention, the server network behavior description method can adapt to an increasingly complex network environment, can detect a part of new network attacks, and can take initiative in detection.

Description

technical field [0001] The invention relates to a behavior description method for network abnormal traffic detection, in particular to a server network behavior description method based on traffic structure stability. Background technique [0002] The server is usually used as the core equipment in the IT system to provide network services, so the security protection of the server is particularly important; for the security protection of the server network, according to the characteristics of the protection means, it can be mainly divided into the following three categories: (1) Deploying intrusion detection based on the network boundary System, firewall and other protective equipment; (2) Correlation analysis and mining based on server logs; (3) Traffic analysis on servers. [0003] At present, the main means of server security protection is to deploy border devices such as IDS, IPS, and firewalls on the network border to detect and filter the traffic entering and leaving t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 陈兴蜀邵国林尹学渊叶晓鸣江天宇
Owner 成都蜀道易信科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com