Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal detection method and device based on host network behavior

A host network and anomaly detection technology, applied in the Internet field, can solve problems such as detection

Active Publication Date: 2019-11-08
HILLSTONE NETWORKS CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Embodiments of the present invention provide a method and device for anomaly detection based on host network behavior, to at least solve the technical problem in the prior art that some anomalies cannot be detected through a single session / connection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal detection method and device based on host network behavior
  • Abnormal detection method and device based on host network behavior
  • Abnormal detection method and device based on host network behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] According to an embodiment of the present invention, a method embodiment of an anomaly detection method based on host network behavior is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be implemented in a computer system such as a set of computer-executable instructions and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0024] figure 2 is an anomaly detection method based on host network behavior according to an embodiment of the present invention, such as figure 2 As shown, the method includes the following steps:

[0025] Step S102, collecting network behavior data of each host in at least one host according to historical abnormal network behavior.

[0026] Specifically, based on the network behaviors of existing attack samples, their common network behaviors, that is, abnormal network b...

Embodiment 2

[0053] According to an embodiment of the present invention, a product embodiment of an anomaly detection device based on host network behavior is provided, Figure 4 is an anomaly detection device based on host network behavior according to an embodiment of the present invention, such as Figure 4 As shown, the device includes an acquisition module 101 , an analysis module 103 , a determination module 105 and a matching module 107 .

[0054] Among them, the collection module 101 is used to collect the network behavior data of each host in at least one host according to the historical abnormal network behavior; Dimension data on each dimension in the data; Determining module 105 is used to determine the abnormal dimension data in the dimension data; Matching module 107 is used to match the abnormal dimension data with predefined rules for each host to determine whether an abnormal network occurs Behavior, and determine the abnormal network behavior corresponding to the abnorma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an anomaly detection method and device based on host network behaviors. The method comprises the following steps: acquiring network behavior data of each host in at least one host according to historical abnormal network behaviors; carrying out multi-dimension analysis on the network behavior data to obtain dimension data on each dimension of at least one dimension of each host; determining abnormal dimension data in the dimension data; aiming at each host, matching the abnormal dimension data with a pre-defined rule; determining whether the abnormal network behaviors occur or not and determining the abnormal network behaviors corresponding to the abnormal dimension data under the condition of determining that the abnormal network behaviors occur, wherein the pre-defined rule is used for determining whether the abnormal network behaviors occur or not according to the abnormal dimension data and determining the abnormal network behaviors corresponding to the abnormal dimension data under the condition of determining that the abnormal network behaviors occur. By adopting the anomaly detection method and device disclosed by the invention, the technical problem in the prior art that certain anomalies cannot be detected through single session / connection detection is solved.

Description

technical field [0001] The invention relates to the field of the Internet, in particular to a method and device for detecting anomalies based on host network behavior. Background technique [0002] In an enterprise or campus network, there are usually clear boundaries. Firewall / UTM is usually used as a border protection device, connecting the internal network and external network (wide area network), and at the same time protecting the hosts and servers in the internal network, preventing illegal access and attacks from the outside to the inside, and also protecting the hosts and servers in the internal network. The server is properly isolated, and internal hosts are prevented from illegally accessing the server. figure 1 It is a network topology diagram in the prior art, specifically, it can represent a typical enterprise or university network, such as figure 1 As shown, Internet represents the external network, LAN1 represents internal network 1, 10.100.31.0 / 24 represent...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/14H04L63/1416H04L63/1425
Inventor 李矩希於大维尚进蒋东毅董浩陆骋怀
Owner HILLSTONE NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com