Scanning detection optimizing method based on sequence hypothesis testing

A technology of scanning detection and optimization method, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problems of connection request failure, low connection success rate, etc., and achieve the effect of low false detection rate and high detection rate

Active Publication Date: 2016-07-13
HARBIN ENG UNIV
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At this time, the connection request always fails, resulting in...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Scanning detection optimizing method based on sequence hypothesis testing
  • Scanning detection optimizing method based on sequence hypothesis testing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention will be described in detail below in conjunction with specific embodiments.

[0018] The present invention proposes a scanning detection optimization method based on sequence hypothesis testing, which specifically includes the following steps:

[0019] Step 1: Judging whether the current connection is successful or not;

[0020] Step 2: Calculate the ratio value for each source IP address;

[0021] Step 3: Filter the scan source IP address;

[0022] Described step 1 mainly comprises the following steps:

[0023] Step 11, first assume that the source host is host A, and the destination host is B.

[0024] Step 12, if the current connection is a failed connection, there are mainly the following two situations: the first is that after A sends a SYN packet to B, B replies with a RST packet to A; the second is that A sends a SYN packet to B After a certain period of time has elapsed, but the RST packet sent from B has not been received.

[0025] St...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a scanning detection optimizing method based on sequence hypothesis testing.The method comprises the steps that whether current connection succeeds or not is judged, wherein whether current connection succeeds or fails is firstly judged, and meanwhile whether source IP addresses and target IP address of current connection are stored in advance or not is judged; the rate value of each source IP address is solved, wherein the rate value of each source IP address is solved according to two conditions; the source IP addresses are screened and scanned, wherein the rate values and a threshold value are compared to judge whether the IP addresses are scanning sources or not.The method is mainly used for solving the problems that a scanning host cannot be detected well through many existing port scanning methods, and a high misstatement rate and a high missing report rate exist.It is verified through experiments that the method has a higher detection rate and a lower false detecting rate compared with a threshold value random walk algorithm.

Description

technical field [0001] The invention relates to a network scanning detection method. Specifically, a scan detection optimization method based on sequential hypothesis testing. Background technique [0002] As defense functions become stronger and stronger, network scanning methods are becoming more and more diverse. Traditional, simple, and low-level port scanning detection technologies can no longer meet the requirements, and it is difficult to detect ports correctly and efficiently. Therefore, it is necessary to conduct a more in-depth comparative analysis of the characteristics of normal network traffic and data packets and the characteristics of traffic and data packets when scanning behavior occurs. However, normal network behavior will interfere with the detection of port scanning behavior, and false detections may also occur. At this time, how to improve the correct rate of detecting the port scanning behavior and reduce the false detection rate of detecting the por...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26
CPCH04L43/00H04L43/08
Inventor 玄世昌杨武王巍苘大鹏童心张宁
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap