Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network session statistical characteristic based large-scale network scanning detection method

A statistical feature and network session technology, applied in the field of Internet security, to achieve the effect of automatic detection function, high efficiency, and resource saving

Inactive Publication Date: 2016-10-12
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF6 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Moreover, many existing network attack detection technologies can only detect a specific attack method. For example, the solution proposed in Reference 2 can only detect port scanning, which has certain limitations.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network session statistical characteristic based large-scale network scanning detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described in detail below in conjunction with accompanying drawings and examples.

[0027] The present invention summarizes the behavior characteristics of hackers scanning for different protocols through analysis, and focuses attention on the return value and request mode in the traffic. Aiming at these two points, a large-scale scanning detection method based on the statistical characteristics of network sessions is proposed. By comparing the definition of the abnormal return value with the request mode, it is judged whether the traffic conforms to the characteristics of the attack behavior, so as to identify the possible attack behavior. At the same time, the characteristics reflected in the request time of network scanning are added to the detection mechanism, which improves the accuracy of the analysis results.

[0028] Firstly, the captured raw traffic is classified according to the network protocol, and then the attack chara...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network session statistical characteristic based large-scale network scanning detection method, and belongs to the technical field of internet security. The network session statistical characteristic based large-scale network scanning detection method comprises the steps of screening and classifying captured original network data according to protocol types; then restoring each session in the data and clustering the sessions according to source IPs; counting the number of abnormal returned value of all sessions of each IP, calculating a ratio of the number of the abnormal returned values to the number of normal returned values; analyzing request modes of all sessions of each IP, observing whether the request modes corresponding to the abnormal returned values are accordant; judging whether an attack behavior exists based on the ratio and the request modes; and when the attack behavior exists, obtaining IP information of an attacker and an attacked target, and correspondingly performing processing measures. The network session statistical characteristic based large-scale network scanning detection method is very high in practical feasibility and universal, can identify the scanning condition of any IP made by the attacker, and has a chance to detect an unknown attacking way.

Description

technical field [0001] The invention belongs to the technical field of Internet security, and specifically refers to a large-scale network scanning detection method based on network session statistical characteristics. Background technique [0002] With the continuous development of the Internet and the popularization of computer technology, the global economy is growing faster and faster, and people's lives are becoming more and more convenient, but at the same time it also brings various network security problems and hidden dangers. The development of Internet technology has increased the risks and opportunities of cyber attacks, and once a large-scale cyber attack occurs, the consequences will be more serious. How to do a good job in network security defense has been paid more and more attention by people. The ideal way to deal with network attacks is to build a completely secure system, but this requires all users to authenticate themselves and to use various encryption...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 李应博张伟孙波房婧姜栋蒋卓键武斌李轶夫鲁骁张建松盖伟麟司成祥杜雄杰刘成
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com