Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for constructing passive multi-dimensional host fingerprint model in network environment

A technology of network environment and construction method, which is applied in the field of passive multi-dimensional host fingerprint model construction, can solve the problems of lowering the accuracy of identifying the host, misjudgment, etc., and achieves the effect of reducing CPU burden, ensuring accuracy, and improving processing capacity

Active Publication Date: 2019-12-03
THE PLA INFORMATION ENG UNIV
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the deficiencies in the prior art, the present invention provides a passive multi-dimensional host fingerprint model construction method and its device in a network environment, which effectively solves the problems of reduced accuracy and misjudgment of host identification caused by insufficient feature acquisition, and the multi-dimensional features of hosts Perform extraction and fusion, build a multi-dimensional host fingerprint database, comprehensively describe the host, and improve the accuracy of host identification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for constructing passive multi-dimensional host fingerprint model in network environment
  • Method and device for constructing passive multi-dimensional host fingerprint model in network environment
  • Method and device for constructing passive multi-dimensional host fingerprint model in network environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Embodiment one, see figure 1 As shown, a passive multi-dimensional host fingerprint model construction device in a network environment includes:

[0040] The network traffic interception and screening model is used to initially screen and filter the original network traffic through the five-tuple strategy;

[0041] The host feature information identification and extraction module is used to extract multi-dimensional host feature information through different types of plug-ins. The plug-in types include at least: host hardware feature analysis, host software environment feature analysis, and host network behavior feature analysis. Different types of plug-ins correspond to corresponding hosts Identifying features of feature information;

[0042] The host fingerprint library building module builds a multi-dimensional host fingerprint library for host identification based on the MAP-SCORE algorithm.

[0043] Due to the diversity of host feature information, for a host, due ...

Embodiment 2

[0044] Embodiment two, such as Figure 1~2 As shown, it is basically the same as Embodiment 1, the difference is that: the host fingerprint database construction module includes:

[0045] A host feature matrix construction unit, configured to construct a host feature matrix storing feature information through the MAP method;

[0046] The host fingerprint extraction unit adopts the SCORE method to evaluate the correlation degree of each feature in the host feature matrix corresponding to different hosts, and builds a multi-dimensional host fingerprint library for host identification.

[0047] see figure 2 As shown in Fig. 1, through the extraction of host feature information, the host feature information with many entries in different dimensions of the host is obtained. However, due to the regulations of the application protocol, the host feature information carried by different behaviors in the process of interaction between the host and the application program is not the sa...

Embodiment 3

[0048] Embodiment three, see Figure 1~3 As shown, a method for constructing a passive multi-dimensional host fingerprint model in a network environment includes the following content:

[0049] Preliminary screening and filtering of network data traffic;

[0050] Extract multi-dimensional host feature information through different types of plug-ins, wherein different types of plug-ins correspond to corresponding identification features in the identification feature library;

[0051] Based on the MAP-SCORE algorithm, the correlation degree of each feature information corresponding to different hosts is evaluated, and a multi-dimensional host fingerprint library for host identification is constructed.

[0052] The method is simple and easy to implement, can accurately and efficiently discover host characteristic information, provides a technical basis for comprehensive understanding of hosts and accurate identification of hosts, and has strong practical application value.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a passive multi-dimension host fingerprint model building method and a passive multi-dimension host fingerprint model building device under a network environment. The method comprises primarily screening and filtering network data traffic; extracting multi-dimension host feature information by different type of plug-ins, wherein the different types of plug-ins are corresponding to corresponding recognition features in a recognition feature library; and assessing degrees of association between each piece of feature information and different hosts based on an MAP-SCORE algorithm, and building a multi-dimension host fingerprint library used for recognizing the hosts. The method provided by the invention is simple and easy to operate, the problem that in the prior art, the host recognition rate is low due to the fact that the acquired features are incomplete is effectively solved, the host feature information can be accurately and efficiently found, a technical basis is provided for comprehensively learning the hosts and accurately recognizing the hosts, and the practical application value is provided.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a passive multi-dimensional host fingerprint model construction method and a device thereof in a network environment. Background technique [0002] With the rapid development of the Internet, people's social activities tend to be more and more networked, and the network has become a new platform for disseminating, storing and exchanging various information. According to the statistical report on the development of China's Internet released by the China Internet Network Information Center (CNNIC) in 2016, as of June 2016, the number of Internet users in my country reached 710 million, and 21.32 million new Internet users were added in the first half of the year, with a growth rate of 51.7%. , an increase of 1.3 percentage points compared with the end of 2015, 3.1 percentage points higher than the global average. The popularity of the Internet has brought great...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L12/26H04L29/06
CPCH04L41/08H04L41/145H04L43/02H04L63/0227H04L63/1408H04L63/1441
Inventor 张凯翔刘琰常斌罗向阳吴旭程王鑫陈宏伟何尔一
Owner THE PLA INFORMATION ENG UNIV
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com