Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A detection method and device for ips false alarm

A storage device and illegal technology, applied in the field of network security, can solve the problems of serious IPS false positive detection lag, network service impact, etc.

Active Publication Date: 2021-04-09
武汉思普崚技术有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] This application provides a detection method for IPS false positives to solve the problem that the detection lag of existing IPS false negatives is serious, which causes IPS false positives to have a great impact on normal network services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method and device for ips false alarm
  • A detection method and device for ips false alarm
  • A detection method and device for ips false alarm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0045] The first embodiment of the present invention discloses an IPS false alarm detection method. This method is applied to IPS. IPS is a network attack and intrusion prevention system deployed in the network. The IPS includes an IPS feature library, which can detect Perform byte-by-byte inspection, discard data packets containing attack characteristics, record the hit attack characteristics in the IPS log, and intercept all subsequent data packets from network attackers.

[0046] refer to figure 1 , is a schematic workflow diagram of a detection method for an IPS false positive provided in the embodiment part of the present application, comprising the following steps:

[0047] Step 101, after receivi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present application discloses a method and device for detecting IPS false alarms, wherein the method includes: after receiving each data packet within a preset period, obtaining the hit feature corresponding to each data packet, and determining the matching The data packets with the above hit characteristics are illegal data packets, and the hit characteristics are the attack characteristics hit by illegal data packets in the IPS signature database; configure the feature filtering strategy according to the hit characteristics, and the feature filtering strategies include: preset feature hit threshold, preset feature hit The threshold is the maximum number of times that any hit feature is allowed to be hit within a preset period; if any hit feature is hit for a number greater than or equal to the preset feature hit threshold within the preset period, it is determined that the IPS is false positive. By adopting the foregoing method or device, IPS false positives can be detected in time, the influence of IPS false positives on normal network services can be reduced, and the defense efficiency of IPS can be improved.

Description

technical field [0001] The present application relates to the field of network security, in particular to a method and device for detecting IPS false positives. Background technique [0002] An intrusion prevention system (Intrusion Prevention System, IPS) usually includes an IPS signature database. By deploying IPS in the network, it is possible to check the data packets passing through the IPS byte by byte, so as to detect network attack behavior in real time, and limit the access requests of network attackers in combination with rich control methods. For example, if the data packet contains the attack signature in the IPS signature database, it is confirmed that the data packet hits the IPS signature database, that is, the data packet is an illegal data packet, and it is determined that in the IPS signature database, it is consistent with the illegal data The matching feature of the packet is a hit feature, and it is determined that the sender of the illegal data packet ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/1416H04L63/1425H04L63/1441
Inventor 曾祥禄
Owner 武汉思普崚技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com