Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device, computer equipment and storage medium for port scan detection

A port scanning and port technology, applied in the field of information security, can solve the problems of high false alarm rate and low detection accuracy, and achieve the effect of reducing false alarm rate, improving detection accuracy, and convenient and effective detection

Active Publication Date: 2021-02-05
GUANGZHOU SHIYUAN ELECTRONICS CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Port scanning behavior is identified in massive server access records. Generally, it is judged by counting the number of data packets, which has the problem of low detection accuracy; while the detection method based on abnormality has a high false positive rate. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, computer equipment and storage medium for port scan detection
  • Method, device, computer equipment and storage medium for port scan detection
  • Method, device, computer equipment and storage medium for port scan detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] figure 1 It is a flow chart of a method for port scan detection provided in Embodiment 1 of the present invention. This embodiment is applicable to the situation of inspecting port scan behavior and identifying high-risk ports. The method can be implemented by configuring hardware and / or software The device of port scanning detection is carried out, specifically comprises the following steps:

[0025] Step S110: Generate a shopping basket corresponding to the source IP based on the port access log of the target server, and mine the frequent k-item sets of the port access of the source IP to the target server cluster through association rules for the shopping basket.

[0026] Extract the access records within the time slice from the target server port access log of the operation and maintenance security audit system, including source IP, destination IP, port and access time. According to the port access log of the target server, generate its own shopping basket for each...

Embodiment 2

[0040] figure 2 It is another flow chart of a method for port scan detection in Embodiment 2 of the present invention. This solution proposes to use the Apriori association rule algorithm to find out the frequent item sets of port access to detect port scanning behavior, and then find out the association relationship between high-risk ports according to the frequent item sets, improve the port detection accuracy, and reduce the false alarm rate. The basic principle of Apriori algorithm is to use support to represent the strength of association rules, and regard items with association rules as a set. The strength of a rule association can be measured by support and confidence. Such as figure 2 As shown, a method for port scan detection provided in this embodiment specifically includes:

[0041] Step S210: Generate a shopping basket corresponding to the source IP based on the port access log of the target server, and mine the frequent k-item sets of the port access of the s...

Embodiment 3

[0055] Figure 4 A schematic structural diagram of a device for port scan detection provided by Embodiment 3 of the present invention, as shown in Figure 4 As shown, the device includes: a frequent itemset generating module 310 , a port scanning judging module 320 and a high-risk port judging module 330 .

[0056] Wherein, the frequent itemset generation module 310 is used to generate the shopping basket corresponding to the source IP based on the target server port access log, and dig out the frequent k of the port access of the source IP to the target server cluster through association rules for the shopping basket itemsets.

[0057] The port scanning judging module 320 is configured to sort the frequent k-itemsets in two layers of k value and variance, and judge the port scanning behavior of the source IP based on the sorting result.

[0058]The high-risk port judging module 330 is configured to calculate the confidence of the port identified as the port scanning behavio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device, computer equipment and storage medium for port scanning detection, including: generating a shopping basket corresponding to a source IP based on a target server port access log, mining the shopping basket for the source IP through an association rule The frequent k-itemsets of the port access of the IP to the target server cluster; the k-value and variance two-layer sorting is performed on the frequent k-itemsets, and the port scanning behavior of the source IP is judged based on the sorting results; the calculation includes the frequent k-items Centralizes the confidence of ports identified as port scanning behavior relative to preset high-risk ports. The invention uses association rules to find frequent k-itemsets, detects port scanning behavior by setting k value and variance threshold, and further identifies high-risk ports by setting confidence threshold, thereby improving the detection accuracy of port scanning behavior and the recognition degree of high-risk ports , to reduce the false positive rate.

Description

technical field [0001] The embodiment of the present invention relates to information security technology, and in particular to a method, device, computer equipment and storage medium for port scan detection. Background technique [0002] As more and more important information is stored in the computer and network system, the security problem of the system is becoming more and more serious. It is necessary to find better measures to protect the system from intruders' attacks. The operation and maintenance security audit system uses various technical means to collect and monitor in real time in order to protect the network and data from system damage and data leakage caused by non-compliant operations from internal legitimate users in a specific network environment. It is a technical means for centralized alarming, recording, analysis, and processing of system status, security events, and network activities of each component in the network environment. [0003] Discovering t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 方建生
Owner GUANGZHOU SHIYUAN ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com