Computer network anomaly detection method and system and mobile terminal

Abstract

The invention discloses a computer network anomaly detection method and system and a mobile terminal in the technical field of network security. The detection method includes the following specific steps: S1, monitoring and analyzing activities of a user and a system; S2, checking system configuration and bugs; S3, identifying known attacks and sending an alarm to the relevant personnel; S4, performing statistical analysis on daily behaviors of the user and the system; S5, evaluating the integrity of important systems and data; and S6, operating system log management, and identifying the useractivities that violate security policies. According to the scheme of the invention, the detection system is arranged on each node of the network, so that attackers cannot easily transfer evidences, strong detection real-time performance can be achieved, the possibility of the own attacks can be reduced, and meanwhile, by adopting the high learning and adaptive capabilities of a neural network, new intrusion behavior features can be identified with high accuracy, and the new intrusion behavior features and variant forms of the known intrusion behaviors can also be identified with a certain probability.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a computer network anomaly detection method, system and mobile terminal. Background technique [0002] With the rapid development of computer networks, network threats and other network-related problems are increasing, such as network attacks, data theft, viruses, worms, malicious port scanning activities, etc. Network threats are acting faster, changing at a faster rate, and more complex. Today, cyber threats infiltrate directly through computer networks despite perimeter defenses, so there are many tools for threat detection. [0003] Traditional inspections include simple or deep packet inspection and can usually be categorized as intrusion detection and prevention devices or antivirus systems. These devices set up a threat database in the form of signatures, so that the signatures of the threat database can be matched with the data packets transmitted by the compute...

AI Technical Summary

Problems solved by technology

These devices set up a threat database in the form of signatures, so that the signatures of the threat database can be matched with the data packets transmitted by the computer network. Since the signature creation process is human-operated, new network threat signatures appear, or network threat signatures change, threats The database cannot create new features in time

[0004] Another traditional detection method is to detect anomalies by monitoring traffic rates. The detection method of traffic monitoring anomalies will generate a large number of false alarms, because many reasons unrelated to network threats will cause the rate of change of traffic or other observable quantities to occur. In addition, traditional traffic anomaly detection systems were originally designed to detect changes in predetermined behavior

Images