Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network malicious data detection method, device and system

A technology for malicious data and network data, applied in transmission systems, electrical components, etc., can solve problems such as false positives and false negatives, and cannot detect unknown intrusions, and achieve the effect of reducing false positives

Active Publication Date: 2016-11-09
国富瑞数据系统有限公司 +1
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The feature detection method is mainly to match the network data or behavior with the existing malicious data feature database of the system, but this method is easy to cause false positives and negative negatives, and cannot detect unknown intrusions; the anomaly detection method is based on the construction On the basis of the normal characteristics of the network, define the "abnormal" feature quantity and threshold value. Once the threshold value is exceeded, it will be regarded as abnormal and alarmed. If the threshold value is set unreasonably, it will easily lead to false positives and false positives.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network malicious data detection method, device and system
  • Network malicious data detection method, device and system
  • Network malicious data detection method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] This embodiment provides a method for detecting network malicious data, such as figure 1 shown, including:

[0056] S1. Collect network data. Specifically, the network data of the local area network or the Internet that needs to be monitored can be collected continuously; the network data of the local area network or the Internet that needs to be monitored can also be collected every preset time, such as 5s. Specifically, the applicable collection method can be selected according to the network environment or security level requirements of the local area network or the Internet to be monitored.

[0057] S2. Extracting data feature values ​​in the network data. Specifically, any data analysis method in the prior art may be selected to extract data characteristic values ​​in the network data to obtain the network environment situation of the currently monitored local area network or the Internet.

[0058] S3. Obtain the degree of association between each data character...

Embodiment 2

[0105] This embodiment provides a network malicious data detection device, such as figure 2 shown, including:

[0106] The data collection unit 1 is used for collecting network data.

[0107] The data processing unit 2 is configured to extract data feature values ​​in the network data.

[0108] The data analysis unit 3 is used to obtain the degree of association between each data characteristic value and the malicious data characteristic value in the pre-stored malicious characteristic value set; if the degree of association between a certain data characteristic value and the malicious data characteristic value exceeds The threshold of the degree of association is preset, and the malicious data feature value set is expanded according to the data feature value. Specifically, if the degree of correlation between a certain data feature value and malicious data feature value in the collected network data exceeds the preset correlation degree threshold, it means that even if the...

Embodiment 3

[0127] This embodiment provides a network malicious data detection system, including the network malicious data detection device and the display device in Embodiment 2.

[0128] The display device is used to receive and display the data transmitted by the network malicious data detection device. Specifically, the display device may be a display screen.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network malicious data detection method, device and system, and the method comprises the steps: firstly collecting network data, and extracting a data characteristic value in the network data; secondly obtaining the correlation between the data characteristic value and a malicious data characteristic value in a pre-stored malicious characteristic set; and finally carrying out the expansion of the malicious data characteristic set according to the data characteristic value when the correlation between one data characteristic value and the malicious data characteristic value exceeds a preset correlation threshold value. The method can continuously correct and optimize the malicious data characteristic set, achieves the prediction judgment of unknown network threats and the active defense of the network safety, and reduces the false alarm and alarm leakage rates of intrusion detection of network malicious data.

Description

technical field [0001] The invention relates to the technical field of network intrusion detection (NIDS), in particular to a method, device and system for detecting network malicious data. Background technique [0002] NIDS is the abbreviation of Network Intrusion Detection System (Network Intrusion Detection System), which is an important development direction of network security. It uses the most advanced data capture and protocol analysis technology to monitor all original traffic in the network, and conduct The analysis and processing of traffic and protocols, according to the pattern matching with the existing event and behavior feature database, identifies network attack events and provides event response, realizes monitoring, filtering and even blocking of network data, and ensures the security of the network environment. [0003] There are mainly two detection methods adopted by existing network intrusion detection systems: signature-based detection and anomaly-base...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441
Inventor 杨宇波张国力赵阳耿晓洁邱勇凯夏晓敬
Owner 国富瑞数据系统有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com