Method and device for port scanning detection, computer device and storage medium

A port scanning and port technology, applied in the field of information security, can solve the problems of high false alarm rate and low detection accuracy, and achieve the effect of reducing the false alarm rate, improving detection accuracy, and facilitating and effective detection.

Active Publication Date: 2019-01-01
GUANGZHOU SHIYUAN ELECTRONICS CO LTD
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Port scanning behavior is identified in massive server access records. Generally, it is judged by counting the number of data packets, which has the problem of low detection accuracy; while the detection method based on abnormality has a high false positive rate. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for port scanning detection, computer device and storage medium
  • Method and device for port scanning detection, computer device and storage medium
  • Method and device for port scanning detection, computer device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] figure 1 It is a flow chart of a method for port scan detection provided in Embodiment 1 of the present invention. This embodiment is applicable to the situation of inspecting port scan behavior and identifying high-risk ports. The method can be implemented by configuring hardware and / or software The device of port scanning detection is carried out, specifically comprises the following steps:

[0025] Step S110: Generate a shopping basket corresponding to the source IP based on the port access log of the target server, and mine the frequent k-item sets of the port access of the source IP to the target server cluster through association rules for the shopping basket.

[0026] Extract the access records within the time slice from the target server port access log of the operation and maintenance security audit system, including source IP, destination IP, port and access time. According to the port access log of the target server, generate its own shopping basket for each...

Embodiment 2

[0040] figure 2 It is another flow chart of a method for port scan detection in Embodiment 2 of the present invention. This solution proposes to use the Apriori association rule algorithm to find out the frequent item sets of port access to detect port scanning behavior, and then find out the association relationship between high-risk ports according to the frequent item sets, improve the port detection accuracy, and reduce the false alarm rate. The basic principle of Apriori algorithm is to use support to represent the strength of association rules, and regard items with association rules as a set. The strength of a rule association can be measured by support and confidence. Such as figure 2 As shown, a method for port scan detection provided in this embodiment specifically includes:

[0041] Step S210: Generate a shopping basket corresponding to the source IP based on the port access log of the target server, and mine the frequent k-item sets of the port access of the s...

Embodiment 3

[0055] Figure 4 A schematic structural diagram of a device for port scan detection provided by Embodiment 3 of the present invention, as shown in Figure 4 As shown, the device includes: a frequent itemset generating module 310 , a port scanning judging module 320 and a high-risk port judging module 330 .

[0056] Wherein, the frequent itemset generation module 310 is used to generate the shopping basket corresponding to the source IP based on the target server port access log, and dig out the frequent k of the port access of the source IP to the target server cluster through association rules for the shopping basket itemsets.

[0057] The port scanning judging module 320 is configured to sort the frequent k-itemsets in two layers of k value and variance, and judge the port scanning behavior of the source IP based on the sorting result.

[0058]The high-risk port judging module 330 is configured to calculate the confidence of the port identified as the port scanning behavio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for port scanning detection, a computer device and a storage medium. The method comprises: a shopping basket corresponding to a log source generation sourceIP is visited based on a target server port and the shopping basket is excavated based on an association rule to obtain a frequent k item set of port visiting of the target server cluster by the source IP; k value and variance ranking is carried out on the frequent k item set and a port scanning behavior of the source IP is determined based on ranking results; and a confidence coefficient of theport with the identified port scanning behavior in the frequent K item set relative to a preset high-risk port is calculated. According to the invention, the frequent k item set is found out based onthe association rule, the port scanning behavior is detected by setting the k value and variance thresholds, and the high-risk port is identified further by setting the confidence coefficient threshold. Therefore, the detection precision of the port scanning behavior and the high-risk port recognition degree are improved; and the false alarm rate is reduced.

Description

technical field [0001] The embodiment of the present invention relates to information security technology, and in particular to a method, device, computer equipment and storage medium for port scan detection. Background technique [0002] As more and more important information is stored in the computer and network system, the security problem of the system is becoming more and more serious. It is necessary to find better measures to protect the system from intruders' attacks. The operation and maintenance security audit system uses various technical means to collect and monitor in real time in order to protect the network and data from system damage and data leakage caused by non-compliant operations from internal legitimate users in a specific network environment. It is a technical means for centralized alarming, recording, analysis, and processing of system status, security events, and network activities of each component in the network environment. [0003] Discovering t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 方建生
Owner GUANGZHOU SHIYUAN ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap