Intrusion detection method for self-learning protocol rule

A self-learning, rule-based technology, applied in the field of intrusion detection of self-learning protocol rules, can solve the problem of unable to automatically generate key field rules, unable to solve the problem of self-learning message communication format, etc.

Active Publication Date: 2016-08-17
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Through retrieval, it is found that patent CN104702584A provides a method for self-learning communication objects. This method achieves access control between communication objects by presetting specific function codes, but it cannot solve the problem of self-learning message communication formats. Automatically generate key field rules based on information data captured in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method for self-learning protocol rule
  • Intrusion detection method for self-learning protocol rule
  • Intrusion detection method for self-learning protocol rule

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0021] The intrusion detection method of the self-learning protocol rule of the present invention, its overall process is as follows figure 1 As shown, it specifically includes the following steps:

[0022] 1. Data packet collection

[0023] The interface based on the libpcap / winpcap dynamic library receives the message sent by the network device, turns on the promiscuous mode of the network card, and collects a set of normal workflow data. Divide the data packets into "groups" according to the source IP, destination IP, source port, destination port, and protocol type (TCP, UDP or ICMP), and sort the data packets in each group according to the order received . figure 2 It is a schematic diagram of the collection process flow, and the speci...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an intrusion detection method for a self-learning protocol rule. The method mainly comprises the steps that normal data flow is collected, divided, clustered and subjected to protocol format extraction. A quintuple protocol rule is generated and stored permanently. In the detecting process, rule information is read, a quintuple rule mapping table is generated, a data package is compared with all rules in sequence, and data package and depth package analysis is carried out. Compared with the prior art, the method does not depend on a specific protocol, the protocol format needing to be detected can be obtained through self learning, depth package analysis is carried out, high accuracy is achieved, the technology is simple, and popularization is easy.

Description

technical field [0001] The invention relates to the field of protocol reverse analysis and intrusion detection, in particular to an intrusion detection method for self-learning protocol rules, which belongs to the technical field of computer Internet. Background technique [0002] With the popularization of information technology, the security problems brought by the network have become more and more prominent. There are more and more types of network attacks, and the harm they bring is also increasing. As an important part of information security, network security is related to national security and social stability, and its importance has become increasingly prominent with the acceleration of global informatization. [0003] At this stage, the Internet adopts the Internet four-layer protocol, namely the application layer, transport layer, network layer, and physical layer. The protocol data unit in which the information of the application layer is transmitted is called a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L69/22
Inventor 石志强王中杰杨安孙利民朱红松
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap