Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Behavior characteristics-based network attack detection method and device

A network attack and detection method technology, applied in the field of information security, can solve problems such as lack of interoperability of the system and insufficient network attack detection capabilities, and achieve the effect of reducing the number, reducing the false alarm rate, and improving processing efficiency

Inactive Publication Date: 2016-04-06
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF5 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these methods are usually independently developed based on different security requirements and goals, and are mostly limited to a single host or network architecture, lack of interoperability between systems, and are obviously insufficient for large-scale network attack detection capabilities.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior characteristics-based network attack detection method and device
  • Behavior characteristics-based network attack detection method and device
  • Behavior characteristics-based network attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] All features disclosed in this specification, or all disclosed steps in a method or process, may be combined in any way except mutually exclusive features and / or steps.

[0061] Any feature disclosed in this specification, unless expressly stated otherwise, may be replaced by other equivalent or alternative features serving a similar purpose. That is, unless expressly stated otherwise, each feature is but one example of a series of equivalent or similar features.

[0062] This embodiment describes a specific behavior correlation-based network attack detection method including the following steps, see figure 1 :

[0063] step 1:

[0064] The present invention obtains the original security information by using a security device, and the security device includes but is not limited to a firewall, an intrusion detection system, a vulnerability library, an antivirus software, a host monitoring system, and the like. Among them, the intrusion detection system can be Snort, t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a behavior characteristics-based network attack detection method and device, and relates to the technical field of information security. The technical points of the method comprise the following steps: step 1, collecting original security information output by various types of security equipment, and converting all security information into security events with the unified format; step 2, classifying all security events according to each field content; and step 3, sequencing all security events which have the same source IP address and the same destination IP address and occur within one monitoring period according to the sequence of event generation time to obtain security event combinations, and searching whether the same security event combination is stored in a security event correlation rule library or not, if yes, determining that a host corresponding to the destination IP address suffers from attacking and warning, or if not, storing all security events in an association rule mining database.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a network attack detection method based on behavior characteristics. Background technique [0002] In the rapid popularization of the Internet, while people feel the convenience brought by the network, they are also faced with various attacks and threats: confidential leakage, data loss, network abuse, identity fraud, illegal intrusion and other data show that my country's 63.6% of enterprise users are at the "high risk" level, and the annual economic losses caused by network leaks are as high as tens of billions. [0003] With the development of computer networks and related technologies, the speed of network attacks is getting faster, the scale is getting bigger and the degree of automation is getting higher and higher, such as worms, DDos attacks, botnets, etc. have brought about the normal use of the network. a great threat. [0004] At present, the attack detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 刘方饶志宏徐锐
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com