Network attack data analysis and intelligent processing method
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A network attack and data analysis technology, applied in the field of network engineering, can solve the problems of heavy losses, single function and strategy, ignoring attack event logic and correlation, etc., to achieve the effect of strong adaptability and perfect strategy
Active Publication Date: 2017-10-20
INST OF APPLIED MATHEMATICS HEBEI ACADEMY OF SCI
View PDF3 Cites 30 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
Traditional network defense measures, such as anti-virus software, firewall technology, and intrusion detection systems, etc., are passive security defense strategies. When faced with a huge persecution attack in a short period of time, they will suffer heavy losses and lack protection against vulnerabilities. State correlation analysis, multi-vulnerability and threat assessment methods only study the impact of each attack event on host or network security in isolation, ignoring the logic and correlation between attack events, resulting in incomplete and accurate evaluation results
[0003] Since the assessment methods have not yet reached a consensus on early warning and real-time analysis, the existing security assessment mainly includes post-event assessment based on IDS, COPS and other alarm information and pre-event assessment based on network vulnerability analysis. The assessment is lagging and cannot provide an effective basis for the formulation of active defense strategies; the pre-assessment is static and cannot reflect the evolution of the network attack situation in real time. Therefore, there is currently no network security assessment that can meet both predictability and real-time requirements method
[0004] At present, network security equipment and network management software at home and abroad are still limited to a single function and strategy, or simple linkage, administrators also face greater learning and use costs, and work efficiency is low
Even if a security vendor provides a multi-device comprehensive solution of the same brand and provides professional technical training, it cannot cope well with complex network attack methods or cause great harm due to long lag time
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Examples
Experimental program
Comparison scheme
Effect test
specific Embodiment
[0062] A specific embodiment, a network attack data analysis and intelligent processing method, including the following steps,
[0063] Step 1. Connect various network security devices to one or more SDN switches to form a security resource pool;
[0064] Step 2, the security controller issues a security control command to operate the SDN switch, and pulls the network traffic to the designated network security device for security processing according to the security needs of different users;
[0065] Step 3: The security controller conducts centralized policy management and real-time status monitoring of the network security equipment. When the network security equipment is abnormal, the security controller issues a security policy instruction to balance the load or migrate traffic in time to ensure that normal network communication is not affected. ;
[0066] Also includes the following steps:
[0067] The first step is to collect device information, actively collect real-t...
specific Embodiment 2
[0139] Specific embodiment 2, as an improvement to the present invention, in the 6th step also includes network attack-defense strategy game method, network attack-defense game comprises two parts: a. static attack-defense game research and b. dynamic attack-defense game research, wherein,
[0140] a. Static offensive and defensive game research, the interdependence of offensive and defensive decisions before the attack occurs, combined with static Bayesian game theory, an active defense strategy analysis method suitable for complex network systems is given, including
[0141] (1) Design the offensive and defensive Agent structure system in the network offensive and defensive confrontation scene, analyze the game type based on active defense and the elements of participants, attack and defense costs and benefits;
[0142] (2) Extend the definition of the object Petri net, introduce the attack and defense information structure on the transition and the transition output arc, and...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention relates to a network attack data analysis and intelligent processing method which comprises the steps that: S1, various network safety devices are connected to one or more SDN switches to form a safety resource pool; S2, a safety controller sends out a safety control instruction to operate the SDN switches, and according to different user safety demands, pulling network traffic to designated network safety devices to carry out processing; and S3, the safety controller carries out strategy centralized management and state real-time monitoring on the network safety devices, and when the network safety devices are abnormal, the safety controller sends out a safety strategy instruction to carry out balanced load or traffic migration so as to ensure no influence on normal network communication. The network attack data analysis and intelligent processing method is characterized by further comprising the steps of: by a Telent protocol, actively collecting real-time state information, local flash memory information and collection log center information of a network device, a safety device and a server; carrying out big data real-time comprehensive analysis; updating and synchronizing a third-party IDS feature library; carrying out whole network attack modeling; generating a defense instruction; and carrying out combination defense.
Description
technical field [0001] The invention relates to the technical field of network engineering, in particular to a network attack data analysis and intelligent processing method. Background technique [0002] The development of information technology has brought both convenience and threat to people, so solving security problems is an urgent task in network and information construction. Traditional network defense measures, such as anti-virus software, firewall technology, and intrusion detection systems, etc., are passive security defense strategies. When faced with a huge persecution attack in a short period of time, they will suffer heavy losses and lack protection against vulnerabilities. State correlation analysis, multi-vulnerability and threat assessment methods only study the impact of each attack event on host or network security in isolation, ignoring the logic and correlation between attack events, resulting in incomplete and accurate evaluation results . [0003] S...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/1441H04L63/20
Inventor 武辉林王程成彬羊红光李世超
Owner INST OF APPLIED MATHEMATICS HEBEI ACADEMY OF SCI
Login to view more 
Login to view more