Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal flow inspection method and device

An abnormal traffic and abnormal technology, applied in the field of information security, can solve problems such as limited accuracy, loss of user traffic, data theft, etc.

Active Publication Date: 2020-02-18
CHINA TELECOM CORP LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing technology mainly detects by setting the threshold of sending traffic on the terminal. Only when the sent traffic reaches a certain level can a traffic alarm be provided. It is difficult to quickly discover the behavior of malicious programs sending abnormal traffic, which causes certain traffic for users. loss, but also prone to data theft
In addition, because only traffic usage is monitored, false positives are prone to occur, and the accuracy is limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal flow inspection method and device
  • Abnormal flow inspection method and device
  • Abnormal flow inspection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

[0024] In the security settings of the existing mobile terminals, the highest system authority is generally not opened to the user, and the program of the mobile terminal does not have the operation authority of the log file, that is, the default setting of the log file cannot be tampered with. In a cracked mobile terminal system, such as being "jailbroken" or "Rooted", the user has obtained the highest control authority over the system, and the program of the mobile terminal also has the operation authority to log files. This is also the fundamental reason why mobile terminal systems are more likely to be infected with malicious programs after being cracked. Therefore, according to the operation behavior of the network program in the mobile terminal on the system log, its abnormal situation can be judged, so as to det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention proposes an abnormal flow verification method and device, and relates to the field of information safety. The method comprises the steps: monitoring the behaviors of a network program of a mobile terminal in operating a system log; determining an abnormal network program which carries out the abnormal operation of the system log according to the behaviors of the network program of the mobile terminal in operating the system log; and determining the abnormal flow transmitted by the abnormal network program. The method can monitor the behaviors of the network program of the mobile terminal in operating the system log. Through the analysis of the abnormal operation behaviors, the method recognizes a network program which avoids the keeping or removing of system record through modifying a system log file during the transmission of vicious flow, and determines the abnormal flow transmitted by the abnormal network program.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and device for checking abnormal traffic. Background technique [0002] At present, with the rapid development of mobile broadband technology and the rapid growth of mobile smart terminal users, abnormal traffic sent by malicious programs has become a major security risk for network operations. However, the existing technology mainly detects by setting the threshold of sending traffic on the terminal. Only when the sent traffic reaches a certain level can a traffic alarm be provided. It is difficult to quickly discover the behavior of malicious programs sending abnormal traffic, which causes a certain amount of traffic for users. loss, but also prone to data theft. In addition, since only traffic usage is monitored, false positives are prone to occur, and the accuracy is limited. Contents of the invention [0003] An object of the present invention is to improve t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56H04W12/12H04W24/04
CPCH04W12/12H04W24/04
Inventor 刘东鑫刘国荣史国水王帅肖宇峰
Owner CHINA TELECOM CORP LTD