Intrusion prevention system and method

An intrusion prevention system and algorithm technology, applied in the field of network security, can solve the problems of performance bottleneck, false negative rate, high false positive rate, false negative rate, high false negative rate, etc., to improve detection matching speed, accurate and perfect signature code , the effect of strong computing power

Inactive Publication Date: 2018-01-19
INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has the following shortcomings: 1. In the face of the impact of high-speed and large-scale data, effective detection cannot be carried out, and the rate of false positives and false positives will be high; 2. Without a high-performance computing platform, it may not be detected in time An attack has been detected or an attack has been detected
This method has the following disadvantages: the high-performance computing capability of a single-chip NetFPGA chip is limited, and when large-scale high-speed data enters the intrusion prevention system, the defense effect is not ideal, performance bottlenecks will occur, and the false positive rate and false positive rate will be relatively high. Not suitable for defending against big data attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion prevention system and method
  • Intrusion prevention system and method
  • Intrusion prevention system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Such as Figure 1-3 As shown, the present invention includes an intrusion prevention system comprising

[0040] Data packet capture module: responsible for capturing the data packets entering the host and storing them in the database of the data storage module;

[0041] Data storage module: store data in the entire intrusion prevention system;

[0042]Data packet analysis module: analyze the data packets captured by the data packet capture module, reassemble the fragmented data packets, and classify according to the source address, source port, protocol type and data packet size of the data packets;

[0043] Matching filtering module: use the matching filtering algorithm in the matching filter to match and filter the captured data packets;

[0044] FPGA acceleration platform: use the computing characteristics of the FPGA computing system to accelerate the execution speed of the data, packet classification module, matching filter module and neural training module algor...

Embodiment 2

[0052] This embodiment is preferably as follows on the basis of Embodiment 1: It further includes a log analysis module: performing real-time analysis on log files generated inside the host.

[0053] The matching filter module uses the neural network generated by the BP error backpropagation neural network algorithm to match and filter the preprocessed data. BP error backpropagation neural network algorithm is a kind of inverse deduction learning algorithm of multi-layer network. The basic idea is that the learning process consists of two processes: the forward propagation of the signal and the back propagation of the error. The weight adjustment process of each layer of signal forward propagation and error back propagation is repeated, and the process of continuous weight adjustment is also the learning and training process of the network. This process has been carried out until the error of the network output is reduced to an acceptable level, or until the preset number of ...

Embodiment 3

[0058] An intrusion prevention method, comprising the steps of:

[0059] S1: start the intrusion prevention system, the data packet capture module invokes the data packet capture program to capture the network data packets entering the host, and store them in the database of the data storage module;

[0060] S2: the data packet analysis module analyzes the captured data packets, reassembles the fragmented data packets, and discards incorrectly formatted data packets;

[0061] S3: The matching filtering module uses the matching filtering algorithm embedded in the FPGA acceleration platform to match and filter the analyzed data packets according to the feature library, stores the abnormal data packets in the data storage module, and starts the security response module; the matching filtering algorithm It is a BP error backpropagation neural network parallel algorithm, and the neural network generated by the BP error backpropagation neural network parallel algorithm on the FPGA a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion prevention system and method. The intrusion prevention system comprises a data packet capture module, a data pack analysis module, a matching filter module, an FPGA (field programmable gate array) acceleration platform and a feature learning module; the data packet capture module is responsible for capturing and storing data packets entering a host; the data packet analysis module is used for analyzing and reorganizing the data packets captured by the data packet capture module; the matching filter module is used for matching and filtering the data packetscaptured in a matching filter through a matching filter algorithm; the FPGA acceleration platform is used for accelerating data by the aid of an FPGA calculation system and execution speed in algorithm of a packet classification module, the matching filter module and a neural training module; the feature learning module is used for performing neutral training on the data subjected to matching filter by the aid of a neutral network algorithm embedded in the FPGA acceleration platform. By the above principle, high calculation capability is achieved, intrusion behaviors can be detected in time before occurrence of the intrusion behaviors, misinformation and false report cannot happen, prevention effect is good, and the intrusion prevention system and method is quite suitable for intrusion prevention of big data.

Description

technical field [0001] The invention relates to the field of network security, in particular to an intrusion prevention system and method. Background technique [0002] With the advent of the era of big data, various big data technologies continue to emerge, bringing great convenience to people's social life. At the same time, issues related to the security of big data and the use of big data to carry out network attacks have become increasingly prominent, especially the most threatening APT attack. This has brought great threats to our network environment, especially for large enterprises and important national departments. The detection of APT attacks has also become the key detection object of network detection. Traditional intrusion detection / prevention systems have the disadvantages of high false positives and false negatives. [0003] The current mainstream solution is to use the fusion of multiple defense technologies, such as the combination of firewalls and intru...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/55G06N3/08
Inventor 王电钢龚艳母继元毛启均常健
Owner INFORMATION & TELECOMM COMPANY SICHUAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap