Anomaly detection method and device based on host network behaviors

A host network, anomaly detection technology, applied in the Internet field, can solve problems such as detection

Active Publication Date: 2017-05-31
HILLSTONE NETWORKS CORP
View PDF5 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Embodiments of the present invention provide a method and device for anomaly detection based on host network behavior, to at least solve the technical problem in the prior art that some anomalies cannot be detected through a single session / connection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly detection method and device based on host network behaviors
  • Anomaly detection method and device based on host network behaviors
  • Anomaly detection method and device based on host network behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] According to an embodiment of the present invention, a method embodiment of an anomaly detection method based on host network behavior is provided. It should be noted that the steps shown in the flowchart of the accompanying drawings can be implemented in a computer system such as a set of computer-executable instructions. and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that herein.

[0024] figure 2 is an anomaly detection method based on host network behavior according to an embodiment of the present invention, such as figure 2 As shown, the method includes the following steps:

[0025] Step S102: Collect network behavior data of each host in the at least one host according to the historical abnormal network behavior.

[0026] Specifically, the common network behaviors, that is, abnormal network behaviors, can be extracted according to the network behaviors of the existi...

Embodiment 2

[0053] According to an embodiment of the present invention, a product embodiment of an abnormality detection device based on host network behavior is provided, Figure 4 is an anomaly detection device based on host network behavior according to an embodiment of the present invention, such as Figure 4 As shown, the device includes an acquisition module 101 , an analysis module 103 , a determination module 105 and a matching module 107 .

[0054] Among them, the collection module 101 is used to collect the network behavior data of each host in the at least one host according to the abnormal historical network behavior; the analysis module 103 is used to perform multi-dimensional analysis on the network behavior data, and obtain at least one dimension of each host. The dimensional data on each dimension in the dimensional data; the determination module 105 is used to determine the abnormal dimension data in the dimensional data; the matching module 107 is used to match the abnor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anomaly detection method and device based on host network behaviors. The method comprises the following steps: acquiring network behavior data of each host in at least one host according to historical abnormal network behaviors; carrying out multi-dimension analysis on the network behavior data to obtain dimension data on each dimension of at least one dimension of each host; determining abnormal dimension data in the dimension data; aiming at each host, matching the abnormal dimension data with a pre-defined rule; determining whether the abnormal network behaviors occur or not and determining the abnormal network behaviors corresponding to the abnormal dimension data under the condition of determining that the abnormal network behaviors occur, wherein the pre-defined rule is used for determining whether the abnormal network behaviors occur or not according to the abnormal dimension data and determining the abnormal network behaviors corresponding to the abnormal dimension data under the condition of determining that the abnormal network behaviors occur. By adopting the anomaly detection method and device disclosed by the invention, the technical problem in the prior art that certain anomalies cannot be detected through single session/connection detection is solved.

Description

technical field [0001] The present invention relates to the field of the Internet, and in particular, to a method and device for detecting anomalies based on host network behavior. Background technique [0002] In a corporate or campus network, there are often sharp boundaries. Firewall / UTM is usually used as a border protection device to connect the internal network and the external network (wide area network), and also protect the hosts and servers in the internal network, prevent illegal access and attacks from the outside to the inside, and also protect the hosts and servers in the internal network. The server is properly isolated, and unauthorized access to the server from internal hosts is prevented. figure 1 It is the network topology structure diagram in the prior art. Specifically, it can represent the network of a typical enterprise or university, such as figure 1 As shown, where Internet represents the external network, LAN1 represents the internal network 1, 10...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/14H04L63/1416H04L63/1425
Inventor 李矩希於大维尚进蒋东毅董浩陆骋怀
Owner HILLSTONE NETWORKS CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap