Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

An attack detection method and device

An attack detection and attack signature technology, applied in the field of network communication, can solve the problems of low efficiency of custom signature attack detection and low query efficiency, and achieve the effects of efficient intrusion prevention, saving storage cost, and improving the efficiency of signature matching.

Active Publication Date: 2021-03-23
杭州迪普信息技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, custom features are generally stored in linked list arrays. This storage structure has high storage efficiency, but when detecting whether the traffic carries the stored features, the query efficiency is low, making the attack detection efficiency for custom features low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An attack detection method and device
  • An attack detection method and device
  • An attack detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order for those skilled in the art to better understand the technical solutions in the embodiments of this specification, the technical solutions in the embodiments of this specification will be described in detail below in conjunction with the drawings in the embodiments of this specification. Obviously, the described implementation Examples are only some of the embodiments in this specification, not all of them. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments in this specification shall fall within the scope of protection.

[0025] Among common network packet attack signatures, some signatures are extracted based on specific fields in the header of the protocol, specific strings in the packet, etc. These signatures are generally stored in the signature database of the IPS device. There are also some features, but there are certain rules in some parts, for example, the message is of a specific length, a certain byte of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attack detection method and an attack detection device. The attack detection method is characterized by comprising the step of pre-configuring an attack characteristic decision-making tree, wherein the decision-making tree is composed of multiple layers connected in sequence, and each layer is composed of multiple nodes connected in sequence. The method comprises the steps of A, receiving a message; B, traversing each node in the decision-making tree, and finding whether the message comprises an attack characteristic stored in each node or not; if the condition thatthe message comprises the attack characteristic stored in any node is found, turning to the step C for processing; C, acquiring a processing action stored in the found node, and processing the messageand determining whether to perform the subsequent step according to the acquired processing action or not; and if yes, turning to the step D for processing; and D, determining whether the found nodehas a corresponding low-layer node or not; if yes, determining the corresponding low-layer node and using the node as the found node, and turning to the step C for processing.

Description

technical field [0001] The embodiments of this specification relate to the technical field of network communication, and in particular, to an attack detection method and device. Background technique [0002] At present, in order to defend against network intrusions and attacks, IPS (Intrusion Prevention System, intrusion prevention system) equipment is generally deployed at the server group entrance or network entrance. The IPS equipment generally stores the protocol header in the form of a signature database. Common network attack characteristics such as specific fields and specific strings in messages. In addition, specific forms of attack characteristics can also be stored in the form of custom characteristics. [0003] At present, custom features are generally stored in linked list arrays. This storage structure has high storage efficiency, but when detecting whether the traffic carries the stored features, the query efficiency is low, which makes the attack detection ef...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441
Inventor 左虹
Owner 杭州迪普信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com