Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion prevention system (IPS) false positive detection method and device

A detection method and technology of a storage device are applied in the field of network security and can solve the problems of serious IPS false alarm detection lag, network service impact and other problems.

Active Publication Date: 2019-03-01
武汉思普崚技术有限公司
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] This application provides a detection method for IPS false positives to solve the problem that the detection lag of existing IPS false negatives is serious, which causes IPS false positives to have a great impact on normal network services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion prevention system (IPS) false positive detection method and device
  • Intrusion prevention system (IPS) false positive detection method and device
  • Intrusion prevention system (IPS) false positive detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0045] The first embodiment of the present invention discloses an IPS false alarm detection method. This method is applied to IPS. IPS is a network attack and intrusion prevention system deployed in the network. The IPS includes an IPS feature library, which can detect Perform byte-by-byte inspection, discard data packets containing attack characteristics, record the hit attack characteristics in the IPS log, and intercept all subsequent data packets from network attackers.

[0046] refer to figure 1 , is a schematic workflow diagram of a detection method for an IPS false positive provided in the embodiment part of the present application, comprising the following steps:

[0047] Step 101, after receivi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention disclose an intrusion prevention system (IPS) false positive detection method and device. The method comprises steps of after all data packets in a preset period are received, acquiring a hit characteristic corresponding to each data packet, and determining the data packet matched with the hit characteristic as an illegal data packet, wherein the hit characteristic isan attack characteristic hit by the illegal data packet in an IPS characteristic bank; configuring a characteristic filter policy according to the hit characteristic, wherein the characteristic filterpolicy comprises a preset characteristic hit threshold, and the preset characteristic hit threshold represents a maximum that any hit characteristic is allowed to hit in the preset period; and if thehit times of any hit characteristic in the preset period is greater than or equal to the preset characteristic hit threshold, determining IPS false positive. Through adoption of the method and device, IPS false positive can be detected timely, impact of IPS false positive on normal network businesses is reduced, and IPS prevention efficiency is improved.

Description

technical field [0001] The present application relates to the field of network security, in particular to a method and device for detecting IPS false positives. Background technique [0002] An intrusion prevention system (Intrusion Prevention System, IPS) usually includes an IPS signature database. By deploying IPS in the network, it is possible to check the data packets passing through the IPS byte by byte, so as to detect network attack behavior in real time, and limit the access requests of network attackers in combination with rich control methods. For example, if the data packet contains the attack signature in the IPS signature database, it is confirmed that the data packet hits the IPS signature database, that is, the data packet is an illegal data packet, and it is determined that in the IPS signature database, it is consistent with the illegal data The matching feature of the packet is a hit feature, and it is determined that the sender of the illegal data packet ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/1416H04L63/1425H04L63/1441
Inventor 曾祥禄
Owner 武汉思普崚技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com