Network attack detection method and device based on log analysis

A technology of network attack and detection method, applied in the field of network information security, can solve the problem of single server security detection environment of power information network and other problems

Active Publication Date: 2018-06-19
NORTH CHINA ELECTRICAL POWER RES INST +2
View PDF10 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the uniqueness of the power information network security design, it is not allowed to change the current network structure during the detection process, so it is impossible to scan with hardware-connected network security devices
In addition, due to the relatively fixed network structure and externally provided service types, the environment for security detection of a single server in the power information network is relatively single

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack detection method and device based on log analysis
  • Network attack detection method and device based on log analysis
  • Network attack detection method and device based on log analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0073] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0074] In the process of researching the embodiment of the present invention, the inventor found that there are the following ways to detect network attack behavior in the prior art:

[0075] Use server logs to detect network attacks after the fact. At present, you can mainly scan through server log security scanning tools. The log security scanning tool can detect the server logs of various system platforms, and can select the corresponding security scanning ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network attack detection method and device based on log analysis, and relates to the technical field of network information security. The method comprises the following steps:reading a server log file, obtaining a network address, a server port number, an application type and a fault type of a host corresponding to a to-be-detected log, and judging a format type adopted by the server log according to header format information of the server log file; performing matching with a preset scene type according to the format type adopted by the server log, and the network address, the server port number, the application type and the fault type of the to-be-detected hot to determine a scanning scene corresponding to the to-be-detected log; selecting a scanning strategy uniquely corresponding to the scanning scene from a preset strategy library; scanning the to-be-detected log according to the scanning strategy to generate a log security scanning result; and outputtingthe log security scanning result, the scanning scene and the scanning strategy according to a preset file format.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a log analysis-based network attack detection method and device. Background technique [0002] At present, with the continuous development of network information technology, network servers, etc. are also facing various types of attacks. In order to ensure the security of a network server, etc., it is generally necessary to perform network attack detection. For example, network attack detection for web servers can be mainly divided into pre-detection and post-event detection. Pre-detection is to identify network access behaviors with malicious behavior characteristics through preset security policies, so as to realize early warning of network intrusion behaviors. and blocking. Pre-testing mainly includes software testing and hardware testing, among which software testing mainly includes various terminal security defense software, special anti-virus software...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 徐小天陈乐然李敏孙跃高冉馨陈威
Owner NORTH CHINA ELECTRICAL POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap