A flow-based abnormal communication behavior detection method and system
An anomaly detection and detection system technology, applied in transmission systems, electrical components, etc., can solve problems such as hazards, lack of real-time performance, poor generality, etc., and achieve the effect of comprehensive discovery range, high data processing efficiency, and strong real-time performance.
Active Publication Date: 2021-07-16
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0011] Aiming at the problem of insufficient real-time performance and poor generality of detection in the current internal network anomaly detection, the present invention proposes a flow-based abnormal communication behavior detection method and system, relying on flow (flow) data, for important network Nodes and ordinary network nodes use different methods to construct traffic models, respectively conduct network anomaly detection, and then correlate network events of important targets and common targets, and dig out certain harmful network intrusion behaviors and abnormal communication behaviors
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0041] The technical solutions of the present invention will be described below in conjunction with the drawings and embodiments.
[0042] The purpose of the present invention is to realize the real-time and universal detection of abnormal communication behaviors in the enterprise internal network, so as to quickly discover various abnormalities and maintain the security of the internal network. First of all, the flow-based abnormal communication behavior detection method of the present invention is described, and an implemented business process is as follows figure 1 As shown, the specific implementation steps are described below.
[0043] Step 1: Configure key target IP. The source of key targets consists of two parts: external submission and monitoring and analysis acquisition.
[0044] 1) Based on the key objectives submitted externally. As a fixed part of the key target set, the externally submitted key targets are the main service targets of this system; for the extern...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a flow-based abnormal communication behavior detection method and system, belonging to the field of passive discovery of network security abnormal events. The detection system of the present invention includes: a configuration management module for configuring whitelist IP, key target IP and general target IP, a data acquisition module and a storage module for acquiring and storing network flow data information, and a key point for detecting key targets and general targets respectively Object anomaly detection module and general object anomaly detection module and anomaly evaluation module. The detection method of the present invention adopts different methods to construct traffic models for important network nodes and ordinary network nodes, respectively conducts network anomaly detection, and then correlates network events of important targets and common targets, and digs out network intrusion behaviors and abnormal communications with certain hazards Behavior. The invention has good discovery ability for various types of traffic abnormal behaviors, has low calculation complexity for traffic data, and has strong real-time abnormality discovery.
Description
technical field [0001] The invention relates to the field of passive discovery of abnormal network security events, and is a method and system for abnormal detection of full-volume communication behaviors based on full-volume flow data and targeting an internal network to communicate with an external IP address system. Background technique [0002] With the rapid development of computer and network technology, the scale of Internet users is increasing day by day. According to a report released by China Internet Network Information Center (CNNIC), as of December 2015, the number of Internet users in my country has reached 688 million, and the Internet penetration rate is 50.3%. At the same time, 89.0% of enterprises across the country use the Internet for office work. The Internet has become an indispensable and important infrastructure in people's production and life. [0003] At the same time, network security issues have become increasingly prominent, and frequent network ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 李志辉严寒冰丁丽温森浩姚力朱芸茜王小群陈阳李世淙徐剑王适文肖崇蕙贾子骁张帅吕志泉韩志辉马莉雅雷君周彧周昊高川楼书逸文静吕卓航杜飞
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT