Network attack analysis system

A technology for analyzing system and network attacks, applied in the field of information security, it can solve the problems of difficulty in understanding the security threat status of the system, waste of security management personnel to deal with useless information, and too many irrelevant alarms.

Inactive Publication Date: 2017-01-04
LIUZHOU LONGHUI TECH
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of alarms and many irrelevant alarms, most of the energy of security management personnel is spent on processing useless information, and it is difficult to understand the security threat status of the system
[0005] 2. Most of the existing intrusion detection equipment detects based on a single data packet, which is reflected in the form of expression. The alarm information of the intrusion detection equipment is an isolated intrusion event
In this way, when large-scale network abnormal behavior occurs, it is difficult to intuitively obtain the characteristics of the abnormal behavior from the alarm information, and it is difficult to evaluate the current network attack situation as a whole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack analysis system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0022] figure 1 is a schematic structural diagram of a network attack analysis system according to an embodiment of the present invention. The network attack analysis system 100 according to this embodiment includes an entropy module unit 101 , a triple module unit 102 , a hot event propagation display module unit 103 , and a comprehensive correlation analysis module unit 104 .

[0023] The entropy module unit 101 is used to read the intrusion detection device log within a specified time period, then calculate the entropy distribution value of the source address and the destination address of the intrusion detection device log, determine whether there is a large-scale network attack event, and then provide comprehensive correlation analysis The module unit 104 outputs the judgment result of the address distribution status of the current netwo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack analysis system, which comprises an entropy module unit, a triple module unit, a hot event propagation display module unit and a comprehensive association analysis module unit, wherein the entropy module unit reads logs of an intrusion detection system, computes entropy distribution values of source addresses and destination addresses, judges whether a large-scale network security event exists or not and outputs a judging result to the comprehensive association analysis module unit; and the triple module unit reads the logs of the intrusion detection system, merges the logs of the intrusion detection system, and detects and reports abnormal addresses or hot events. According to the analysis system disclosed by the invention, through computing the entropy distribution values of the source addresses and the destination addresses of the logs of the intrusion detection system, the large-scale network security event capable of causing the abnormal address distribution, such as network scanning and distributed denial of service attacks, can be detected.

Description

technical field [0001] The invention relates to the field of information security, in particular to a network attack analysis system. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but at the same time, human society is facing a huge challenge of information security. In order to alleviate the increasingly serious security problems, intrusion detection equipment (IDS: IntrusionDetectionSystem) has been deployed more and more widely. IDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response to network attack events. At present, IDS generally adopts the misuse detection technology. The detection method is as follows: first, code the identification specific intrusion behavior pattern, establish a misuse pattern library, and the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1416H04L41/14H04L63/1425H04L63/1441
Inventor 黎健生梁远鸿
Owner LIUZHOU LONGHUI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap