Method and system for detecting network security threat based on trusted business flow

A technology for network security and threat detection, applied in the field of network information security, can solve the problems of low false positive rate and anti-kill efficiency, high false positive rate of defense system, and many loopholes, etc., to improve the degree of intervention and perception, and high anti-kill efficiency. , the effect of low false alarm rate

Active Publication Date: 2015-12-09
STATE GRID CORP OF CHINA +1
View PDF8 Cites 85 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The purpose of the present invention is to provide a network security threat detection method and system based on trusted service flow, so that it can comprehensively and effectively detect network security threats, with low false alarm ra...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting network security threat based on trusted business flow
  • Method and system for detecting network security threat based on trusted business flow
  • Method and system for detecting network security threat based on trusted business flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention provides a network security threat detection method and system based on a trusted service flow. By real-time monitoring and characteristic analysis of the actual flow in the service system and the "trusted service flow", the network system can be discovered and found in time. Abnormal network behavior and host behavior, so as to achieve the purpose of timely detection of security threats.

[0033] Among them, abnormal network behavior and host behavior include: using an incorrect identity, at an incorrect time, in an incorrect location (through incorrect channels), and performing incorrect operations on unauthorized resources in an incorrect manner .

[0034] Trusted business flow is to monitor the business traffic in daily work, sample the behavior of the system or users, calculate the collected samples, and obtain a series of parameter variables to describe these behaviors, thus sorting out The minimum network access relationship that satisfies norma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for detecting a network security threat based on trusted business flow. The method comprises the following steps of establishing a blacklist and a white list of network flow and constructing a baseline model, wherein the white list is the trusted business flow and is a feature contour library of normal network behavior and host behavior; comparing real-time monitoring flow data and the baseline model; when the real-time data is matched with the blacklist, outputting an abnormal flow alarm; when the real-time data is matched with the white list and a deviation exceeds a preset threshold, outputting a threat flow alarm; and when the real-time data is mismatched with the blacklist and the white list, treating as a gray list and outputting an unknown flow alarm. According to the method and the system, the network security threat can be comprehensively and effectively detected at a low false alarm rate and high anti-virus efficiency, and the method and the system can adapt to a more granular network attack and defense confrontation environment.

Description

Technical field [0001] The invention relates to the technical field of network information security, in particular to a method and system for detecting network security threats based on trusted service flow. Background technique [0002] The software and hardware design of the currently deployed firewall was only considered based on the situation when it was working at L2-L4, and did not have the ability to comprehensively and in-depth monitor the data flow. Naturally, it was unable to effectively identify the illegal traffic disguised as normal business. As a result, the worm Illegal traffic such as, attacks, spyware, and point-to-point applications can easily enter and exit the network through the open ports of the firewall. This is why users are still plagued by intrusions, worms, viruses, and denial of service attacks after the firewall is deployed. In fact, worms can penetrate firewalls and spread quickly, causing host failures, swallowing valuable network bandwidth, P2P an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 郑生军范维王莉南淑君宿雅婷
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap