Differentiated intrusion prevention method based on trust degree

A technology of intrusion prevention and trust degree, applied in the field of network security, which can solve problems such as hardware waste

Active Publication Date: 2019-02-15
BEIJING INST OF COMP TECH & APPL
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method has high availability, it will cause waste of hardware during the time when data traffic is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Differentiated intrusion prevention method based on trust degree
  • Differentiated intrusion prevention method based on trust degree
  • Differentiated intrusion prevention method based on trust degree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0047] Such as figure 1 As shown, the present invention provides a trust-based differentiated intrusion prevention method. In this method, the following definitions are first made:

[0048] C: Role, the role is established based on the IP address, and the IP address is used as the representation method. Since the IP address is unique, each role is unique;

[0049]T: trust degree, the trust degree is the standard for changing the packet detection rules, each role corresponds to a trust degree, T∈[0,5], the trust degree is divided into grades, and is divided into high trust degree T by the subordinate range of its value h , medium trustworthiness T m , low confidence T l and zero trust T z Four grades, T h ∈[4,5], T...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a differentiated intrusion prevention method based on a trust degree, and relates to the technical field of network securities. The differentiated intrusion prevention methodbased on the trust degree proposed by the invention comprises the following steps: establishing a trust degree comparison mechanism by performing traversal matching on characters; dividing data traffic based on trust degree grading; performing differentiated detection on the traffic by adopting different levels to match filters under different rules, so that the purposes of differential safety detection under the condition of large traffic and conventional safety detection at ordinary times are achieved. According to the differentiated intrusion prevention method based on the trust degree provided by the invention, the detection number of filters of high and medium trust degree characters is reduced, and a data packet discarding method is adopted for a zero-trust-degree character, so thatthe time consumption of unnecessary detection can be effectively reduced, and the purpose of increasing the performance of intrusion prevention equipment is achieved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a differentiated intrusion defense method based on trust degree. Background technique [0002] The principle of intrusion prevention technology to realize real-time inspection and prevent intrusion is that it has a large number of filters, which can prevent various attacks. The filters can deeply check the content of data packets, so as to check data packets byte by byte. All data packets flowing through the intrusion prevention device are classified based on header information in the data packets, such as source and destination IP addresses, port numbers, and application domains. Each filter is responsible for analyzing the corresponding data packet. The data packets that pass the inspection can continue to move forward, and the data packets containing malicious content will be discarded, so as to achieve the purpose of intrusion prevention. Due to the performance lim...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441H04L63/205
Inventor 姜琦吴朝雄石波刘滋润
Owner BEIJING INST OF COMP TECH & APPL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap