Unlock instant, AI-driven research and patent intelligence for your innovation.

Reverse DNS query attribute aggregation-based exception detection method and system

A DNS query and anomaly detection technology, which is applied in transmission systems, electrical components, etc., can solve the problems of low false negative rate and high false negative rate

Inactive Publication Date: 2017-05-31
STATE GRID CORP OF CHINA +2
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage of anomaly-based technology is that the false positive rate is low and the judgment of unknown types of network attacks can be quickly judged. The disadvantage is that the false positive rate is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reverse DNS query attribute aggregation-based exception detection method and system
  • Reverse DNS query attribute aggregation-based exception detection method and system
  • Reverse DNS query attribute aggregation-based exception detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in more detail:

[0050] like figure 1As shown, the anomaly detection method based on reverse DNS query attribute aggregation includes five parts: log collection and extraction, data aggregation, feature vector extraction, model training, and anomaly detection.

[0051] Specifically, first collect and extract the logs, filter out the DNS logs containing the PTR field, then collect the filtered reverse DNS query logs, and extract the effective information tuple Info=.

[0052] Carry out data aggregation then, in the scheme of the present invention, at first collect the reverse DNS query log that produces in the network security equipment, after extracting log feature, log is aggregated based on the attribute of target IP address, as figure 2 As shown, it is divided into two processes: horizontal aggregation and vertical aggregation. The specific process of horizont...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a reverse DNS query attribute aggregation-based exception detection method and system. Reverse DNS query logs of devices are fused, so as to detect abnormal behaviors, such as the frequency of scanning a network segment and spam raging, of the network rapidly. Reverse DNS query record data amount is small, so that device congestion due to a large quantity of logs is avoided, and the device performance is improved. The whole monitor network is controlled globally according to reverse DNS query records of different devices. The reverse DNS query records are content of log information that cannot be controlled by an attacker, the attacker cannot hide the behavior, the recorded content of the log is more reliable, and the activity state of the whole network is reflected more accurately, so that abnormal behaviors in the network environment are better detected.

Description

technical field [0001] The invention relates to the fields of network security and data aggregation, in particular to an anomaly detection method and system based on reverse DNS query attribute aggregation. Background technique [0002] As network intrusions and attacks are developing toward distribution, scale, complexity, and indirection, higher requirements are placed on security product technology, and an efficient network security alarm technology is urgently needed to improve the security of security products. performance. [0003] Intrusion detection is the detection of intrusion behavior. The intrusion detection system collects information of all key nodes in the network and computer system to check whether there are violations of security policies and signs of being attacked in the network or system. The data sources of intrusion detection are the logs of various network security devices (such as firewalls, IDS, IPS, etc.), which will record the activities of the t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/168
Inventor 刘艇王利明罗熙杨婧张明扬周晟傅慧斌
Owner STATE GRID CORP OF CHINA