Attack detection method and device

An attack detection and to-be-detected technology, applied in the computer field, can solve the problems of high CPU consumption, low firewall work efficiency, serious system consumption, etc., so as to increase work efficiency, reduce system performance consumption, and reduce CPU usage. Effect

Inactive Publication Date: 2018-06-01
BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD +1
View PDF5 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the existing attack detection methods, the regular expression-based rule matching algorithm is a fine-grained rule matching algorithm, that is, the regular expression will make more detailed matching judgments on the fields to be detected, and the system consumes a lot, so the system runs based on regular When the expression rule matching algorithm is used, the CPU (Central Processing Unit) consumption rate of the host where the system is located is high. In addition, because the packets received by the firewall contain a large number of non-aggressive normal packets, the firewall system Regular expression-based rule matching judgment is performed on each message, resulting in low efficiency of the firewall

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack detection method and device
  • Attack detection method and device
  • Attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0048] The technical terms involved in the embodiments of the present invention are briefly introduced below.

[0049] Firewall: When users in the network access each other or a client accesses a server, a data flow will be generated between the source host and the destination host. The firewall captures and parses the data flow, and the captured data reflects the user's operation intention and access information. In the prior art, the firewall compares the captur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiments of the invention disclose an attack detection method and device; the method comprises the following steps: firstly, acquiring a target request message; extracting a to-be-detected field from the target request message; then, judging whether a firewall rule matched with the to-be-detected field exists in a blacklist rule base based on a pattern matching algorithm; if yes, detectingthe to-be-detected field based on a regular expression and determining whether the target request message is offensive or not; if not, directly judging that the target request message is not offensive. According to the scheme provided by the invention, for a normal legal request message, when attack detection is carried out, the CPU occupancy rate and the system performance consumption of a firewall system can be greatly reduced; moreover, most of the messages received by the firewall system are legal, so according to the embodiments of the invention, the working efficiency of the firewall system can be greatly improved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to an attack detection method and device. Background technique [0002] A firewall, also known as a protective wall, is a network security system located between an internal network and an external network, which allows or restricts the transmission of data according to specific rules. The prior art discovers the attack characteristics of aggressive packets through certain fields in the packets, and these fields are called fields to be detected; for packets received by the firewall, when the parameter value of the field to be detected in the packet When it matches any firewall rule in the blacklist rule base, the system judges that the message is malicious, and the system warns, blocks or records the message in the attack log of the system according to the pre-defined method. [0003] At present, in the process of detecting attack characteristics, the firewall first extracts the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/0245H04L63/1416
Inventor 王生新
Owner BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap