Unlock instant, AI-driven research and patent intelligence for your innovation.

Process list generation method and device

A process and list technology, applied in the field of network security, can solve the problem of low efficiency of manual preset abnormal process detection rules, and achieve high efficiency

Active Publication Date: 2020-05-15
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method and device for generating a process list, which is used to solve the problem of low efficiency in the way of artificially preset abnormal process detection rules existing in the related art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Process list generation method and device
  • Process list generation method and device
  • Process list generation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0105] Method 1: If there is only one process running on the server, the process ID of the process is used as the process set corresponding to the server.

[0106] For example, only process A is running on server 4, and processes running on server 5 are A, B, and C. For server 1, the corresponding process set is only 1 {A}.

[0107] In this embodiment of the present invention, for any process set, if the process set includes a process identifier, it is determined that the weight corresponding to the process set is a preset weight, for example, the preset weight is 0.

[0108] Optionally, it can also be determined according to the ratio of the number of running processes of the server to the total number of running processes of all servers, then the weight of the process set {A} corresponding to server 1 is 1 / 4, and the weight of the process set {A} corresponding to server 2 is The weight is 3 / 4.

[0109] It should be noted that, generally, there is more than one process runni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a process list generation method and device, relates to the technical field of network security, and is used for solving the problem of relatively low efficiency of a mode of manually presetting an abnormal process detection rule. The method comprises the following steps: determining a process identifier of a running process of a to-be-detected server; for any server, determining the weight of at least one process set corresponding to the server, wherein the process set comprises the process identification of at least one process running in the corresponding server; forany process identifier, determining the normality corresponding to the process identifier according to the weight corresponding to the process set containing the process identifier, the normality being used for representing the frequency information of the processes corresponding to the same process identifier operated by each server; and generating a process list for detecting an abnormal process according to the normality corresponding to each process identifier. According to the invention, the process list for detecting the abnormal process is automatically generated based on unsupervisedzero manual intervention, so that the generation efficiency of the process list is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for generating a process list. Background technique [0002] At present, the main means of protection against network attacks are firewalls and intrusion detection technology. As a warning line between the internal network and the external network, the firewall effectively blocks most of the malicious attacks. However, the function of the firewall is limited. Its defense strategy is static and can only block attacks from the external network. The intrusion detection technology effectively makes up for the defects of the firewall. It can monitor the server status in real time to determine whether the user behavior is normal. Process monitoring is an important link in the implementation of network security technology. Many intrusion detection systems and antivirus software have the function of monitoring server processes. However, the timeliness of in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 李忠义李阳郝传洲袁帅
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD