Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network intrusion detection method, device and system and storage medium

A technology of network intrusion detection and detection nodes, which is applied in the field of network security, can solve the problems of detection engine missing reports, intrusion detection efficiency reduction, and inability to meet security detection, etc., to achieve the effect of improving detection efficiency and security

Pending Publication Date: 2020-04-21
SHENZHEN Y& D ELECTRONICS CO LTD
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the traffic reaches 50M and above, the intrusion detection efficiency of the existing technical solutions will be greatly reduced, and at the same time, it will cause the detection engine to generate false positives, which obviously cannot meet the needs of security detection.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion detection method, device and system and storage medium
  • Network intrusion detection method, device and system and storage medium
  • Network intrusion detection method, device and system and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0072] Embodiment two: refer to Figure 4 , the embodiment of the present invention discloses a network intrusion detection device, the network intrusion detection device includes: an initialization module 10, a distribution module 20, a replication module 30, a calculation module 40, a distribution module 50, a detection module 60 and an addition module 70, the initialization Module 10 is used to initialize the distributed computing system, distribution module 20 is used to assign the feature rule library to the corresponding detection group; copy module 30 is used to copy the same business data mirroring flow to different distributed Detection group; Calculation module 40 is used to calculate the traffic size of the business data copied by sdn exchange flow replication technology mirroring traffic; Distribution module 50 distributes business data to a single detection node or detection group according to the traffic size; Detection module 60 is used for according to character...

Embodiment 3

[0075] Embodiment 3: This embodiment discloses a network intrusion detection system, which includes a storage device and a processor. Wherein, the storage device stores program codes for implementing corresponding steps in the network detection method according to the embodiment of the present invention. The processor is used to run the program code stored in the storage device to execute the corresponding steps of the network detection method according to the embodiment of the present invention, and to realize the corresponding modules in the network detection device according to the embodiment of the present invention.

Embodiment 4

[0076] Embodiment 4: According to a network intrusion detection device, in this embodiment, a storage medium is also provided, on which program instructions are stored, and when the program instructions are run by a computer or a processor, they are used to execute the implementation of the present invention. The corresponding steps of the network detection method of the example are used to realize the corresponding modules in the code review device according to the embodiment of the present invention. The storage medium may include, for example, a memory card, a hard disk, a read-only memory (ROM), an erasable programmable read-only memory (EPROM), a portable compact disc read-only memory (CD-ROM), a USB memory, or any combination of the above-mentioned storage media . The computer readable storage medium can be any combination of one or more computer readable storage medium.

[0077] According to an embodiment of the present invention, a computer program is also provided, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network intrusion detection method, device and system and a storage medium, and the method comprises the steps: initializing a distributed computing system, and enabling a detection node to report node information to a management and control node; distributing a feature rule base to detection nodes of corresponding detection groups, and copying the same service data mirror image traffic to different distributed detection groups by using a stream copying technology; according to the flow copied to the detection group by the flow copying technology, controlling the service data to be shunted to a single detection node or a detection node of the detection group of the same feature rule base; and enabling the detection node to receive the to-be-detected message, perform matching detection according to the feature rule base and output a detection result to the management and control node. Through a technical means of adopting a distributed and parallel computing architecture and shunting a network data stream to a plurality of detection nodes by utilizing distributed and sdn switch stream replication, the technical problem of low detection efficiency during large-flow data in the prior art is solved, and the effect of improving the system detection efficiency is achieved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network intrusion detection method, device, system and storage medium. Background technique [0002] SDN switch: a data forwarding device based on the idea of ​​software-defined network. [0003] The issue of information system security is a very complex issue, that is, how complex the information system is, the complexity of the information system security issue. Similarly, information security is a concept that is difficult to quantify. We can compare the "performance" and "security" of an information system. For performance issues such as network throughput, system computing speed, database storage, query indicators, etc., users can consider choices according to their actual business needs, budget and other conditions. Although users cannot touch or feel the improvement of system performance, they can actually see it. Therefore, it is very important to improve th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 戚建淮汪乔郑伟范刘建辉胡金华宋晶彭华
Owner SHENZHEN Y& D ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products