Abnormality detection system and method based on protocol analysis
A protocol analysis and anomaly detection technology, which is applied in the field of network security, can solve the problems of affecting identification efficiency, large bottlenecks in processing performance, difficulty in realizing application layer protocol identification and processing, etc., and achieve the effect of simplifying processing intensity
Inactive Publication Date: 2018-05-01
BEIJING INST OF COMP TECH & APPL
View PDF7 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] 1. For an event, it is necessary to extract a large number of features from each data packet involved for analysis. When a large-scale event occurs, there is still a large bottleneck in processing performance;
[0005] 2. Application layer protocol identification Most of the application layer protocol identification is based on port identification, because the new protocol does not register the port number, or the dynamic allocation of the port number, etc., resulting in low accuracy of protocol identification; and the identification method based entirely on the characteristic string affects Recognition efficiency, it is difficult to realize accurate and efficient recognition and processing of application layer protocols
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0020] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.
[0021] figure 1 Shown is the block diagram of the anomaly detection system based on the protocol analysis of the present invention, as figure 1 As shown, the anomaly detection system based on protocol analysis of the present invention includes: data capture module 1, data state recording module 2, data analysis module 3, rule detection module 4, wherein data analysis module 3 includes data analysis sub-module 31 and protocol attribute analysis Submodule 32.
[0022] Such as figure 1 As shown, the data capture module 1 completes the cache of Ethernet data and sends it to the data status record module 2 for historical status record matching; the data status record module 2 completes the comparison between the event dat...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an abnormality detection system and method based on protocol analysis. The abnormality detection system based on protocol analysis comprises a data capturing module, a data state recording module, a data analysis module and a rule detection module; the data capturing module is used for caching received data and sending the data to the data state recording module; the data state recording module is used for conducting history matching on the received data and selecting a data packet needing to be analyzed and the analysis mode according to the history if matching succeeds; the data analysis module is used for receiving the data packet needing to be analyzed, conducting protocol analysis on the data packet, extracting protocol attribute features and sending the feature data to the rule detection module; and the rule detection module is used for conducting feature data detection and giving an alarm if an abnormality exists. According to the abnormality detection system and method based on protocol analysis, the problems that the recognition precision is influenced if recognition is conducted only through a port number, and the recognition efficiency is influenced if recognition is conducted only through a large number of feature strings can be avoided.
Description
technical field [0001] The invention belongs to the technical field of network security, in particular to an anomaly detection system and method based on protocol analysis. Background technique [0002] With the rapid development of the IT industry, the structure and software of computers have become extremely large and complex. A large number of abnormal events on the network have become the primary task of solving today's network security problems. Intrusion into other people's computers, abuse of other people's systems, and behavior events that destroy the integrity of other people's data. For the wanton flooding of abnormal events, intrusion detection, as a detection technology for abnormal events, can actively detect malicious intrusion behaviors in the system, as well as internal Identify and respond to unauthorized activities and misuse. [0003] The existing anomaly detection technology is basically based on the protocol analysis technology. Compared with the tradit...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/0263H04L63/1425
Inventor 李红刘丰张金生曾淑娟王红艳
Owner BEIJING INST OF COMP TECH & APPL