Unlock instant, AI-driven research and patent intelligence for your innovation.

Network intrusion detection system and method

A network intrusion detection and payload technology, applied in the transmission system, electrical components, etc., can solve the problems of limited equipment performance, low intrusion detection efficiency and throughput, no targeted detection of intrusion data packets, etc., to achieve increased throughput, The effect of improving detection speed

Active Publication Date: 2020-04-17
ELECTRIC POWER RES INST OF GUANGDONG POWER GRID
View PDF9 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This application provides a network intrusion detection system and method, which are used to solve the problem that the existing SDN-based intrusion detection has limited device performance, and the intrusion data packets are not detected efficiently and in a targeted manner, which leads to the efficiency and throughput of intrusion detection. low technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion detection system and method
  • Network intrusion detection system and method
  • Network intrusion detection system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] For ease of understanding, see figure 1 , a first embodiment of a network intrusion detection system provided by the present application, comprising: a packet header matching module 101, a packet payload compiling module 102, and a packet payload matching module 103;

[0039] Packet header matching module 101 is used to extract the packet header field of the data packet to be combined into an N-tuple, and carry out packet header matching detection according to the N-tuple and the preset rule base, and trigger the packet load matching module if the match is successful;

[0040] Packet load compiling module 102, is used for when the complexity of data packet is lower than threshold value, is compiled packet load into DFA matching library, sends DFA matching library to packet load matching module, when the complexity of data packet is higher than or equal to threshold value , compile the packet payload into an NFA matching library, and send the NFA matching library to the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network intrusion detection system and method. The system comprises a packet header matching module, a packet load compiling module and a packet load matching module, whereinthe packet header matching module is used for extracting a packet header field to form an N-tuple, carrying out the packet header matching detection according to the N-tuple and a preset rule base, and triggering the packet load matching module if the matching succeeds; the packet load compiling module is used for compiling the packet load into a DFA matching library when the complexity of the data packet is lower than a threshold value, compiling the packet load into an NFA matching library when the complexity of the data packet is higher than or equal to the threshold value, and sending theDFA matching library and the NFA matching library to the packet load matching module; and the packet load matching module is used for performing DFA matching detection according to the DFA matching library during packet load detection of the data packet, directly skipping NFA matching detection if matching succeeds, or otherwise, performing NFA matching detection according to the NFA matching library. The technical problems that the existing SDN-based intrusion detection is relatively low in efficiency and low in throughput can be solved.

Description

technical field [0001] The present application relates to the technical field of network intrusion detection, in particular to a network intrusion detection system and method. Background technique [0002] Deep packet inspection and tuple matching are important technical means for intrusion detection, while software-defined networking (SDN) devices separate the control plane from the data plane to achieve flexible control and efficient forwarding. Therefore, implementing deep packet inspection and tuple matching on SDN devices can obtain high-performance network intrusion detection capabilities and flexible control over the network. [0003] The existing SDN-based intrusion detection has limitations in the performance of the SDN controller, and data packets that occupy a large memory are prone to space explosions during compilation. The efficiency of all-packet intrusion detection is low, and it is impossible to obtain high throughput. Contents of the invention [0004] ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/30
Inventor 曾智勇林丹生高雅伍晓泉黄晶晶
Owner ELECTRIC POWER RES INST OF GUANGDONG POWER GRID
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More