Network intrusion detection method and device

A network intrusion detection and network data technology, applied in the field of information security, can solve the problem that the database cannot be updated in time and the detection accuracy, and achieve the effect of improving the accuracy.

Active Publication Date: 2017-03-22
BEIJING AN XIN TIAN XING TECH CO LTD
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides a network intrusion detection method and device to solve the problem of low...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion detection method and device
  • Network intrusion detection method and device
  • Network intrusion detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] Embodiment 1 of the present invention discloses a network intrusion detection method, which is applied to a network intrusion detection device. The flow chart of the method is as follows figure 1 shown, including the following steps:

[0057] S101, performing misuse detection on the network data collected in real time according to the current intrusion feature database;

[0058] In the process of executing step S101, misuse detection is performed on the network data collected in real time, and whether there is an intrusion behavior in the network data is judged by matching the feature value sequence of the network data with the current intrusion feature database; wherein, the collected network data can be Include at least one preset parameter value. The preset parameter is the most obvious feature that changes in the network system when the attack occurs. The preset parameter includes but is not limited to IP source address, IP destination address, source port, destinat...

Embodiment 2

[0066] In combination with the network intrusion detection method disclosed in the first embodiment of the present invention and the accompanying figure 1 , Embodiment 2 of the present invention also provides a network intrusion detection method, the method flow chart is as follows figure 2 shown, including the following steps:

[0067] S101, performing misuse detection on the network data collected in real time according to the current intrusion feature database;

[0068] S102, when it is determined that there is an intrusion behavior in the network data, process the eigenvalue sequence of the network data according to the genetic algorithm to obtain each current eigenvalue sequence;

[0069] S103. Calculate the fitness value of each current feature value sequence, and store the current feature value sequence whose fitness value is greater than the threshold in the current intrusion feature database. The threshold is to pre-process at least one training feature value sequen...

Embodiment 3

[0075] In combination with the network intrusion detection method disclosed in Embodiment 1 and Embodiment 2 of the present invention, such as figure 1 and figure 2 In the shown step S102, the eigenvalue sequence of the network data is processed according to the genetic algorithm, and the specific execution process of each current eigenvalue sequence is obtained, as shown in image 3 shown, including the following steps:

[0076] S301. Add the eigenvalue sequence of the network data to the corresponding population according to the first preset population composition rule, wherein the number of eigenvalue sequences in each population is the same;

[0077] In the process of executing step S301, according to the first preset population composition rule, for example, construct 2 populations, each population has 3 eigenvalue sequences, and sequentially add the eigenvalue sequences of the continuously collected network data to the corresponding in the population.

[0078] S302. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network intrusion detection method and device. The method comprises the following steps of: according to a current intrusion feature database, performing misuse detection of network data acquired in real time; when the fact that the network data has an intrusion behavior is judged, processing feature value sequences of the network data according to a genetic algorithm, so that various current feature value sequences are obtained; and, calculating adaptation values of the various current feature value sequences, and storing the current feature value sequences, the adaptation values of which are greater than a threshold value, in the current intrusion feature database, wherein the threshold value is obtained by processing at least one training feature value sequence in the current intrusion feature database in advance. By means of the method disclosed by the invention, detection on network flow data is realized; furthermore, crossover and variation of the detected intrusion behavior can be carried out according to the genetic algorithm; furthermore, more intrusion behaviors can be obtained through comparison with the adaptation threshold value; therefore, the intrusion feature database can be continuously updated; and thus, the network intrusion detection accuracy rate can be continuously increased.

Description

technical field [0001] The present invention relates to the technical field of information security, and more specifically, to a network intrusion detection method and device. Background technique [0002] With the rapid development of network technology, network information security has become an important topic in the development of network information. NIDS (Network Intrusion Detection System, Network Intrusion Detection System) is another important security technology after traditional security protection measures such as "firewall" and "data encryption". [0003] The current mainstream network intrusion detection system is the misuse detection system. The misuse detection system matches the characteristic value sequence of the collected network data based on the pre-established intrusion feature database, so as to detect whether there is an intrusion behavior in the network data. However, since the intrusion signature database cannot be updated in time, this will resu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 翟建军钟金鑫齐志彬陈青民李周丁晓
Owner BEIJING AN XIN TIAN XING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap