Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network threat evaluation method based on multi-granularity anomaly detection

An anomaly detection, multi-granularity technology, applied in the field of network security, can solve the problem of not being able to adapt well to quickly and accurately identify attack events, perceive threat situation, etc., to ensure safe use and use effects, huge economic and social benefits, and stable methods. reliable results

Active Publication Date: 2016-03-16
THE PLA INFORMATION ENG UNIV
View PDF3 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above situation, in order to overcome the defects of the prior art, the purpose of the present invention is to provide a network threat assessment method based on multi-granularity anomaly detection, which can effectively solve the problem that the existing threat situation assessment technology based on network data packets or network traffic cannot It is well adapted to the problem of quickly and accurately identifying attack events and perceiving threat situations in a high-speed network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network threat evaluation method based on multi-granularity anomaly detection
  • Network threat evaluation method based on multi-granularity anomaly detection
  • Network threat evaluation method based on multi-granularity anomaly detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] The specific implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings and specific conditions.

[0013] In the specific implementation of the present invention, firstly, the packet-based coarse-grained anomaly detection is used to analyze the time slices containing abnormal network traffic; and then, through the flow-based fine-grained anomaly detection, the network traffic of abnormal time slices is stream recombined and extracted Flow feature attributes, using the flow feature anomaly detection algorithm to determine the attack type; finally, for the detected threat events, quantitatively evaluate the severity of the current network threat, which is specifically implemented by the following steps:

[0014] 1. Package-based coarse-grained anomaly detection:

[0015] 1. Online monitoring of data traffic in the real-time network environment, and store it according to the time window of 1 minute, and u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a network threat evaluation method based on multi-granularity anomaly detection, and can effectively solve the problem that the existing threat situation evaluation technology based on a network data packet or a network flow cannot be well suitable for rapidly and accurately identifying an attack event and perceiving a threat situation in a high-speed network environment. The network threat evaluation method comprises the following steps: analyzing a time slice including an abnormal network flow by utilizing a packet-based coarse granularity anomaly detection; performing flow reassembly of the network flow of the abnormal time slice and extracting a flow characteristic attribute through flow-based fine granularity anomaly detection, and judging the attack type by utilizing a flow characteristic anomaly detection algorithm; and finally, quantifying and evaluating the serious degree of the threat event in a current network according to the detected threat event. The method disclosed by the invention is easy to operate and can detect the serious degree of the threat event subjected by the network precisely in real time; network workers can easily know the security threat subjected by the current network in time; and effectively emergency response measures can be taken in time.

Description

technical field [0001] The invention relates to network security technology, in particular to a network threat assessment method based on multi-granularity anomaly detection based on network traffic network security threat assessment. Background technique [0002] With the rapid development of Internet technology, the Internet has gradually become an indispensable part of people's production and life, which greatly facilitates people's production and life. At the same time, the increasingly complex network environment has also produced a variety of network attacks, which have brought huge economic losses to society and posed a huge challenge to national security. Although there are many security products such as firewalls, intrusion detection equipment, and intrusion prevention systems, they face complex and diverse attack detection requirements in high-speed network environments. On the one hand, detection methods based on statistics or simple packet pattern matching cannot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 尹美娟刘晓楠罗军勇邱庆云唐梓淇赵志强
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products