Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for detection of address entropy

A technology of address and IP address, which is applied in the field of information security, and can solve problems such as wasteful processing of useless information by security managers, intuitive acquisition of abnormal behaviors, and difficult network attacks

Inactive Publication Date: 2017-02-22
LIUZHOU LONGHUI TECH
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of alarms and many irrelevant alarms, most of the energy of security management personnel is spent on processing useless information, and it is difficult to understand the security threat status of the system
[0005] 2. Most of the existing intrusion detection equipment detects based on a single data packet, which is reflected in the form of expression. The alarm information of the intrusion detection equipment is an isolated intrusion event
In this way, when large-scale network abnormal behavior occurs, it is difficult to intuitively obtain the characteristics of the abnormal behavior from the alarm information, and it is difficult to evaluate the current network attack situation as a whole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The following is the process of detecting the entropy distribution value of source address and target address. The flow starts from step 101 .

[0027] Step 101: Read entropy detection configuration parameter information, and set the current address entropy detection stage as the learning stage.

[0028] Step 102: Query all logs reported by the intrusion detection device in the current observation period.

[0029] Step 103: Count all logs reported by the intrusion detection device, and count the occurrence times of all source IP addresses and destination IP addresses in the logs. The source IP address and the destination IP address are mapped to integers using the hash (Hash) algorithm during statistics. Preferably, the source IP address and the destination IP address are 32-bit IPv4 addresses, and the Hash (hash) algorithm is used to map these 32-bit IPv4 addresses into 16-bit integers during statistics.

[0030] Step 104: Calculate the entropy distribution H of the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a method for detection of an address entropy. The current network attack condition is assessed and the attack condition which most should be paid attention to at present according to the mass of logs generated by an intrusion detection device. The method comprises: obtaining a log of an intrusion detection device, and determining whether there is a large-scale network attack event or not through calculation of the distribution conditions of the log source address and the destination address of the intrusion detection device; merging the log of the inversion detection device according to the three parameters consisting of the source address, the destination address and the types of the event, and detecting and reporting an abnormal address and a hotspot event; performing statistics and displaying the communication process of the hotspot event in the assigned time quantum through graphics; and performing association of the output results to give out the comprehensive assessment of the current network attack condition. The system comprises an entropy module unit, a triple module unit, a hotspot event communication display module unit and a comprehensive association analysis module unit.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for detecting address entropy. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but at the same time, human society is facing a huge challenge of information security. In order to alleviate the increasingly serious security problems, intrusion detection equipment (IDS: IntrusionDetectionSystem) has been deployed more and more widely. IDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response to network attack events. At present, IDS generally adopts the misuse detection technology. The detection method is as follows: first, code the identification specific intrusion behavior pattern, establish a misuse pattern library, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1416
Inventor 黎健生梁远鸿
Owner LIUZHOU LONGHUI TECH