Network attack detection method and device, terminal equipment and computer storage medium

A network attack and detection method technology, applied in the field of network security, can solve problems such as low analysis efficiency, high maintenance cost, and difficulty in having unknown attack detection capabilities

Active Publication Date: 2020-08-14
北京长亭未来科技有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For rule-based detection technology, in order to be able to detect new attacks or reduce false positives, regular expressions need to be continuously added and modified, resulting in higher maintenance costs and lower detection efficiency
At the same time, since the process of extracting attack patterns as detection rules needs to be based on existing attack samples, it is difficult for rule-based detection technologies to have the ability to detect unknown attacks
The detection technology based on grammatical analysis can solve some problems of the rule-based detection technology to a certain extent, but it still has some defects. The problem of low parsing efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack detection method and device, terminal equipment and computer storage medium
  • Network attack detection method and device, terminal equipment and computer storage medium
  • Network attack detection method and device, terminal equipment and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0084] figure 1 It is a flow chart of the method for detecting a network attack according to Embodiment 1 of the method of the present invention. see figure 1 , in this embodiment, the method includes:

[0085] S1: Parse the target field from the request data by automaton.

[0086] S2: Decode the field value of the target field to obtain the decoded value of the target field.

[0087] S3: Perform attack detection on the request data according to the decoded value.

[0088] Field value refers to the value of a field in the request data. For example, "GET" is the field value of the method field in the request data.

[0089] The decoded value refers to the decoded result obtained after decoding a certain field value in the request data.

[0090] Wherein, the automaton is used for parsing request data (such as HTTP request), scanning the entire request data in a linear time, and analyzing each component of the request data for subsequent detection process.

[0091] Taking t...

Embodiment approach 2

[0095] The method provided in this embodiment includes all the content in method embodiment 1, and details are not repeated here. Wherein, the direct carrier of the target field may be request data or a field value in the request data.

[0096] If the direct carrier of the target field is the request data, the processing S1 is realized in the following way:

[0097] The target field is parsed directly from the request data by the first automaton.

[0098] Correspondingly, in the method provided in this embodiment, the first automaton is constructed based on the communication standard corresponding to the request data.

[0099] Such as image 3 As shown, if the direct carrier of the target field is the field value in the request data, the processing S1 is realized in the following way:

[0100] S11: Parsing out the carrier field (the request data field including the target field) from the request data by the first automaton.

[0101] S12: Using the second automaton to parse...

Embodiment approach 3

[0107] The method provided in this embodiment includes all the content in the method embodiment 2, which will not be repeated here. Such as Figure 4 As shown, in this embodiment, S12 includes the following processing:

[0108] S121: Determine the suspected content type of the request body field (possible content type of the request body field).

[0109] S122: Select a second automaton according to the suspected content type.

[0110] S123: Using the selected second automaton to parse out the target field from the field value of the request body field.

[0111] Because the present invention analyzes the possible content types of the request body, and executes parsing processing corresponding to the analyzed content types, it can effectively prevent attackers from using the protocol to bypass attack detection.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a network attack detection method and device, terminal equipment and a computer storage medium, relating to the field of network security technology. The network attack detection method comprises the following steps: parsing a target field from request data through an automaton; decoding a field value of the target field to obtain a decoded value of the target field; and performing attack detection for the request data according to the decoded value. According to the technical scheme provided by the invention, the request data is parsed by the automaton, and thereby, a parsing process of the request data can be efficiently executed.

Description

technical field [0001] The present invention relates to the technical field of network security, and more specifically, to a network attack detection method and device, a terminal device, and a computer storage medium. Background technique [0002] Web (network) application firewall (WAF) will detect the network request of the protected web application, find the threats in it, and take corresponding alarm or interception actions. WAF itself should not have any functional impact on the web applications it protects, that is, it must meet the requirements of efficient detection, low false positives and low false negatives. Existing detection technologies mainly include rule-based detection technology and syntax analysis-based detection technology. For the rule-based detection technology, in order to be able to detect new attacks or reduce false positives, regular expressions need to be continuously added and modified, resulting in higher maintenance costs and lower detection e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1416
Inventor 刘超朱文雷吴雷李昌志刘金钊张酉夫李扬
Owner 北京长亭未来科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap