Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Anomaly detection method and system based on business flow

An anomaly detection and business system technology, which is applied in the business flow-based anomaly detection method and system field, can solve the problem of judging unknown network threats, attack behaviors, business flow-related elements that cannot reflect business logic relationships, and unsatisfactory security protection system effects and other issues to achieve the effect of rapid perception and in-depth analysis

Active Publication Date: 2021-01-29
CHENGDU UNIV OF INFORMATION TECH
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are three problems in detecting abnormal traffic in this way: (1) The relevant elements of business traffic in statistical analysis cannot reflect the business logic relationship, and it is impossible to judge whether there are possible unknown threats and attack behaviors on the network based on business logic
(2) It is difficult to detect attacks that exploit internal logic loopholes in the business; (3) It is impossible to detect violations by legitimate employees
[0009] With the continuous development of network attack technology, the attack methods are becoming more complex and the attack scale is expanding. However, the existing security protection system is not very effective in detecting unknown threats and monitoring insider violations.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly detection method and system based on business flow
  • Anomaly detection method and system based on business flow
  • Anomaly detection method and system based on business flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0043] The current anomaly detection method based on business flow is to use various elements of business flow to establish a normal profile of execution for the business system or each business user, and then analyze the actual traffic of the business and the actual operation behavior of each user during the operation of the system. Anomalies are detected by comparison with pre-established normal profiles. There are three problems in detecting abnormal traffic in this way: (1) The relevant elements of business traffic in statistical analysis cannot reflect the business logic relationship, and it is impossible to judge whet...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of network space security, and discloses a method and system for abnormality detection based on business flow. By monitoring the business flow, the source IP address, destination IP address, source port, destination port, protocol type, Time and other elements, analyze whether there is anomaly from the perspective of business agreement; based on the time interval between current business events and the execution frequency of certain parts of business activities, analyze whether there is anomaly from the perspective of business performance; from the perspective of business logic, Construct a business logic matrix based on the normal business process logic structure, and analyze whether there is any abnormality in the sequence of current business events. The invention makes up for the deficiencies of traditional safety protection measures, detects safety problems that cannot be found by traditional technical means, strengthens the internal control of safety protection, prevents the occurrence of violations by internal personnel, and forms a powerful supplement and improvement to the existing safety protection system.

Description

technical field [0001] The invention belongs to the field of network space security, and in particular relates to a business flow-based abnormality detection method and system. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: [0003] With the continuous development of network attack technology, the attack methods are becoming more and more complex and the attack scale is expanding. However, the existing security protection system emphasizes external defense. Traditional security measures such as intrusion detection based on rules and attack characteristics, firewalls, etc. and monitoring insider violations have been far from ideal. When more and more attackers launch an attack, they will first test whether they can bypass the security detection of the target network and use some new attack methods, such as zero-day threats, advanced evasion techniques, multi-stage attacks, and APT attacks. Because they bypa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 林宏刚
Owner CHENGDU UNIV OF INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com