Unlock instant, AI-driven research and patent intelligence for your innovation.

An attack detection method, device, electronic equipment, and storage medium

An attack detection and target detection technology, applied in the computer field, can solve problems such as incomplete rules, reduced rule availability and value, misjudgment, etc., to achieve the effect of improving accuracy, accuracy and usability

Active Publication Date: 2022-03-22
SANGFOR TECH INC
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the above scheme, the tracking of the attack traffic is only limited to the same TCP (full name in Chinese: Transmission Control Protocol, full name in English: Transmission Control Protocol) flow. When the attacker’s attack flow spans multiple different TCP flows, it cannot Accurately describe the attack process through a series of rules. If only the rules are extracted for each sub-TCP flow feature of the attack process, each rule is often incomplete, which will easily lead to a large number of misjudgments, greatly reducing the usability and value of the rules.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An attack detection method, device, electronic equipment, and storage medium
  • An attack detection method, device, electronic equipment, and storage medium
  • An attack detection method, device, electronic equipment, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of this application.

[0054] The embodiment of the present application discloses an attack detection method, which realizes attack detection across TCP streams, improves the accuracy and usability of rule expression, and further improves the accuracy of attack detection.

[0055] see figure 1 , a flow chart of an attack detection method shown according to an exemplary embodiment, as shown in figure 1 shown, including:

[0056] S101: Determine the detection rule corresponding to each TCP flow in the target atta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application discloses an attack detection method, an apparatus, an electronic device and a computer-readable storage medium. The method includes: determining a detection rule corresponding to each TCP stream in a target attack behavior, acquiring a basic data stream, and analyzing the target attack behavior. The detection rule corresponding to the first TCP stream in the behavior is determined as the target detection rule; the target data stream that conforms to the target detection rule is matched from the basic data stream, so that the first subscriber subscribes to the target data stream through the message broker and uses the target data stream as the target data stream. Publish the updated basic data stream to the message broker; determine the detection rule corresponding to the next TCP stream as the target detection rule, and re-enter the step of matching the target data stream that meets the target detection rule from the basic data stream; For the target data stream of the target detection rule corresponding to the last TCP stream in the target attack behavior, it is determined that the target attack behavior exists, and the attack detection across TCP streams is realized.

Description

technical field [0001] The present application relates to the field of computer technology, and more specifically, to an attack detection method and device, an electronic device, and a computer-readable storage medium. Background technique [0002] NIDS (full name in Chinese: Network Intrusion Detection System, full name in English: Network Intrusion Detection System) is used to detect specific patterns in network traffic and issue alarms. NIPS (full name in Chinese: Network Intrusion Prevention System, full name in English: Network Intrusion Prevention System) is used to detect network traffic and respond to and control specific network traffic, such as resetting connections or blocking connections. [0003] Taking the traditional signature-based NIDS / NIPS as an example, in order to effectively detect known attacks, it is usually necessary to develop rules for detecting known attack patterns, that is, signatures. Therefore, in order to protect the vulnerabilities of a cert...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1441
Inventor 庞思铭
Owner SANGFOR TECH INC