Real-time malicious behavior detection method and device
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A real-time detection and behavior technology, applied in the field of cloud computing, can solve problems such as network traffic growth, difficult protection, inflexible network rule configuration, etc., and achieve the effect of improving the processing bottleneck
Inactive Publication Date: 2018-06-05
HUAZHONG NORMAL UNIV
View PDF4 Cites 14 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0005] Although the traditional intrusion detection system represented by Snort guarantees the security of the cloud platform to a certain extent, this model has a series of problems such as inflexible configuration of network rules. In addition, the rapid expansion of the scale of the cloud platform makes the network topology complex. and the rapid growth of network traffic, but in the traditional intr
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
no. 1 example
[0032] Please refer to figure 2 , this embodiment provides a method for real-time detection of malicious behavior, which is applied in an SDN network system, and the method includes:
[0033] Step S200: Based on the malicious behavior attack model including possible attack schemes on the cloud platform, establish a malicious behavior attack signature database under the cloud computing environment;
[0034] In this embodiment, by analyzing the malicious behavior supply model including possible attack schemes on the cloud platform and the remaining problems of the current attack detection model, an SDN-based malicious behavior implementation detection model, that is, the malicious behavior attack feature library, can be established. It can be understood that the content in the malicious behavior attack model may not only be limited to possible attack schemes on the cloud platform, but may also be possible attack schemes in the local system or other environments.
[0035] After...
no. 2 example
[0080] Please refer to Figure 9 , this embodiment provides a malicious behavior real-time detection device 900, which is applied to an SDN network system, and includes:
[0081] The signature database module 910 is used to establish a malicious behavior attack signature database under the cloud computing environment based on a malicious behavior attack model including possible attack schemes on the cloud platform;
[0082] A detection module 920, configured to detect in real time whether there is any malicious behavior in the current data flow in the network based on the malicious behavior attack feature library;
[0083] The interception module 930 is configured to indicate that there is a current network attack when there is malicious behavior in the current data flow, and intercept the current data flow.
[0084] Please refer to Figure 10 , in this embodiment, further, the detection module 920 may also include the following units:
[0085] An acquisition unit 921, conf...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides a real-time malicious behavior detection method and device which are applied to an SDN system, and relates to the technical field of cloud computing. The real-time malicious behavior detection method comprises the steps that a malicious behavior attack feature library in a cloud computing environment is built on the basis of a malicious behavior attack model containing possible attack schemes on a cloud platform; whether or not a malicious behavior exists in a current data flow in a network is detected in real time on the basis of the malicious behavior attack feature library; and if yes, it represents that a network attack exists at present, and the current data flow is intercepted. According to the real-time malicious behavior detection method and device, for solving the problem that an existing malicious behavior detection model cannot effectively deal with the processing efficiency bottleneck brought by the large-scale network traffic and the traffic controldifficulty brought by the network topology complexity, an SDN-based real-time malicious behavior detection model is designed by combining a flexible SDN architecture with a big data processing framework to solve the low detection efficiency problem which exists in research at present and is caused by handling the bottleneck and network traffic control problems.
Description
technical field [0001] The invention relates to the technical field of cloud computing, in particular to a method and device for real-time detection of malicious behavior. Background technique [0002] With the development and maturity of various network technologies, the new service model of cloud computing based on the Internet has achieved unprecedented development. "Computing" has been rated as a cutting-edge technology for several consecutive years, and it is also an important foundation for new technologies such as artificial intelligence in the 2017 technology report. [0003] Under the cloud computing model, advantages such as super computing power and extremely low cost attract a large amount of data to gather in the cloud platform. On the one hand, it brings convenient application, and on the other hand, it also greatly increases the risk of the cloud platform being attacked. Therefore, how to effectively detect malicious behaviors on the cloud platform and carry ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more