A malicious site access interception method and detection system based on flow analysis

A traffic analysis and malicious technology, which is applied in the field of network information security, can solve the problems of unpublished real-time online detection methods of malicious sites, and achieve the effects of easy promotion, real-time monitoring, and improvement of network security

Inactive Publication Date: 2019-01-25
STATE GRID HUNAN ELECTRIC POWER +2
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Currently, there is no published literature dealing with real-time online detection methods for malicious sites

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A malicious site access interception method and detection system based on flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described below in conjunction with examples.

[0027] The present invention detects malicious site visits based on flow analysis, and specifically uses the log feature information of "source IP address, syn value of TCP protocol, ack value of TCP protocol, and destination IP address" in the flow data to identify whether the current visit is is a visit to a malicious site. After the present invention collects the traffic packet, it will extract characteristic information therefrom to generate a log data unit, as shown in Figure 1, which is the format of the log data unit:

[0028] Table 1

[0029] Attributes

attribute name

src_ip

source ip address

dst_ip

destination ip address

host

Main site domain name

syn

The syn value of the TCP protocol

message

Raw log information

[0030] In order to realize the monitoring of malicious site visits, the present invention ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious site access interception method and detection system based on flow analysis. The method comprises the following steps: S1, constructing a malicious site detection model based on log characteristic information detection in flow data; wherein, the malicious site model performs access interception according to detected malicious site access; S2, collecting the flowmirror data packet at the network outlet in real time, extracting the log characteristic information in the flow mirror data packet to generate a log data unit, and sending the log data unit to the log buffer queue; S3: The malicious site detection model constructed based on S1 analyzes and detects the log data unit in S2, and updates the detected IP address-domain name mapping temporary file tothe IP address-domain name mapping file of the DNS server. The invention realizes the real-time on-line detection of the malicious site and the real-time interception of the detected visit of the malicious site, thereby improving the security of the network system.

Description

technical field [0001] The invention belongs to network information security technology, and in particular relates to a flow analysis-based malicious site access interception method and detection system. Background technique [0002] A malicious site refers to a network site that embeds malicious code in a web page and combines it with a remote control Trojan horse or virus to destroy the user's computer software and steal the user's personal information without the user's permission. Such as the switch domain name site in the ransomware virus that swept the world in 2017. Internet regulators such as the National Internet Emergency Response Center and some provincial communications administrations have also published blacklists of malicious sites. By detecting access to malicious sites, information assets infected with viruses and Trojans can be located, so that emergency measures can be quickly carried out to avoid large-scale infection of viruses and Trojans and prevent n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/56G06F21/566
Inventor 田建伟乔宏朱宏宇田峥黎曦刘洁
Owner STATE GRID HUNAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap