Unlock instant, AI-driven research and patent intelligence for your innovation.

Lost host detection technology based on big data algorithm

A detection technology and big data technology, which is applied in the field of failed host detection based on big data algorithms, and can solve problems such as inability to protect against targeted special attacks, inability to correlate judgments, false positives and false negatives by security equipment

Active Publication Date: 2019-12-24
BLUEDON INFORMATION SECURITY TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method is fast, convenient, and highly compatible, it cannot protect against special targeted attacks, and it cannot make correlation judgments based on different attacks on the same host. Therefore, it is easy to cause false positives and false negatives when using traditional security devices.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Lost host detection technology based on big data algorithm
  • Lost host detection technology based on big data algorithm
  • Lost host detection technology based on big data algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in detail below with reference to the accompanying drawings. The detailed examples described are only a part of the present invention and are not intended to limit the present invention.

[0017] Step S1: Based on intermittent connection analysis, upstream and downstream traffic abnormality analysis, covert channel analysis, port abnormality analysis, server active outreach behavior analysis, suspicious domain name analysis, traffic abnormality analysis, DNS-based botnet detection, Netflow-based botnet Detect the needs of 9 algorithm models, extract Netflow, Http, Dns traffic, and do feature engineering preprocessing of the algorithm model for these traffic.

[0018] Build a real local area network environment, artificially attack the local area network or plant certain viruses such as zombies, Trojans, worms, etc. The extracted information includes IP address information, port information, traffic size, protocol type, dns domain ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a lost host detection technology based on a big data algorithm. The method comprises the steps of simulating the whole process that hackers or zombie, Trojans, worms and other viruses attack a host; judging and identifying the whole process of the attack by utilizing a big data algorithm; establishing a real virus local area network environment, collecting attack behavior data samples of viruses by utilizing a virus local area network, putting the attack samples into an algorithm and safety equipment to detect anomalies reported by the algorithm and the safety equipment,and finally learning the weight occupied by each attack process based on a logistic regression algorithm.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to a technology for detecting a lost host based on a big data algorithm. Background technique [0002] A host is a computer network or various devices used in a communication network, including but not limited to computers, switches, routers, and security devices. Hackers attack the host, or viruses such as zombies, Trojans, and worms attack the host, so that the host is controlled or even directly paralyzed. The whole process of this attack is called host failure. [0003] At present, most security devices protect against one or more domains. Therefore, most of the security policies of the devices are shared, and the rules can be applied to all hosts in the domain to block many common attacks. . It is precisely because of these universal protections that hackers or viruses such as zombies, Trojans, and worms can easily bypass security devices and attack a certain host. I...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/24
CPCH04L63/145H04L63/1416H04L63/1425H04L41/145H04L61/4511
Inventor 杨育斌陶彦百柯宗贵
Owner BLUEDON INFORMATION SECURITY TECH CO LTD