Detecting method and detecting device for network attack

A network attack and detection method technology, applied in the field of cloud computing, can solve problems such as low mining accuracy, network traffic growth, and accuracy reduction, and achieve the effect of improving mining accuracy and solving detection efficiency.

Inactive Publication Date: 2018-03-23
HUAZHONG NORMAL UNIV
View PDF5 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Although the traditional intrusion detection system represented by Snort guarantees the security of the cloud platform to a certain extent, this model has a series of problems such as inflexible configuration of network rules. In addition, the rapid expansion of the scale of the cloud platform makes the network topology complex. and the rapid growth of network traffic, but in the traditional intrusion detection system, the filtering device and the rout

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method and detecting device for network attack
  • Detecting method and detecting device for network attack
  • Detecting method and detecting device for network attack

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0033] Please refer to figure 2 , the present embodiment provides a network attack detection method, the method comprising:

[0034] Step S200: Obtain the current data flow in the network;

[0035] In this embodiment, the current data flow that may include normal traffic, attack traffic, and malicious traffic can be obtained in real time through the OpenFlow switch under the SDN framework.

[0036] Step S210: Based on the pre-established malicious behavior attack signature database, determine whether the behavior of the current data flow is abnormal;

[0037] In this embodiment, the malicious behavior attack feature library may be obtained by training network traffic through machine learning or deep learning models. It can be understood that the malicious behavior supply feature library contains a large number of normal behavior traffic features The normal behavior pattern library composed of the abnormal behavior pattern library and the abnormal behavior pattern library co...

no. 2 example

[0072] Please refer to Figure 7 , this embodiment provides a network attack detection device 700, which includes:

[0073] An acquisition module 710, configured to acquire the current data flow in the network;

[0074] A primary detection module 720, configured to determine whether the behavior of the current data flow is abnormal based on a pre-established malicious behavior attack signature database;

[0075] The secondary detection module 730 is used to determine whether the behavior of the current data stream is normal through the sliding window genetic algorithm frequent pattern mining model and the outlier detection model based on kernel density estimation when the behavior of the current data stream is not abnormal ;

[0076] The extracting module 740 is configured to extract behavior features of the current data stream when the behavior of the current data stream is abnormal, and add the behavior features to the malicious behavior attack feature library.

[0077] P...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a detecting method and a detecting device for network attack and relates to the technical field of cloud computing. The detecting method for the network attack comprises the following steps: acquiring a current data flow in the network; based on a pre-established malicious act attack signature database, judging whether the behavior of the current data flow is abnormal or not; when the behavior of the current data flow is no, judging whether the behavior of the current data flow is normal or not by using a sliding window genetic algorithm frequent pattern mining model andan abnormal point detection model estimated based on nuclear density; when the behavior of the current data flow is no, extracting behavior characteristics of the current data flow, and adding the behavior characteristics into the malicious act attack signature database. According to the detecting method and the detecting device provided by the invention, by adopting a nested sliding window genetic algorithm frequent pattern mining model, the problems that a frequent mode, based on single-time scanning, of the current data flow is not high in mining accuracy, untimely processing of data is caused by high-speed growth of network data and the accuracy of a conventional intrusion detection technique is reduced due to complexity of a cloud computing environment network can be effectively solved.

Description

technical field [0001] The present invention relates to the technical field of cloud computing, in particular to a network attack detection method and device. Background technique [0002] With the development and maturity of various network technologies, the new service model of cloud computing based on the Internet has achieved unprecedented development. "Computing" has been rated as a cutting-edge technology for several consecutive years, and it is also an important foundation for new technologies such as artificial intelligence in the 2017 technology report. [0003] Under the cloud computing model, advantages such as improved IT efficiency and cost savings attract a large amount of data to gather in the cloud platform. On the one hand, it brings convenience in application, and on the other hand, it also greatly increases the risk of the platform being attacked. Many malicious attacks (such as APT attacks, etc.) are hidden in large-scale network traffic, attacking or st...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441
Inventor 黄涛张浩刘三女牙杨华利张文君
Owner HUAZHONG NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap