Unlock instant, AI-driven research and patent intelligence for your innovation.
A network attack intrusion detection method using full-text indexing
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A network attack and intrusion detection technology, which is applied in the field of information security, can solve the problems of insufficient ability to extract potential attack features of abnormal traffic, and achieve the effects of improved detection rate, good data versatility, and high execution efficiency
Active Publication Date: 2022-07-15
EAST CHINA ELECTRIC POWER TEST & RES INST +1
View PDF0 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0005] However, the existing label-based intrusion detection technology relies too much on expert experience and statistical analysis, resulting in insufficient ability to extract potential attack characteristics of abnormal traffic.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0049] like figure 1 As shown, the present invention provides a network attack intrusion detection method using full-text indexing, comprising the following steps:
[0050] 1) Establish a simulated network environment E, and generate normal network traffic and known attack abnormal traffic;
[0051] 2) Obtain the literal value of each data packet in normal network traffic and known attack abnormal traffic respectively;
[0052] 3) Construct the generalized suffix array SA and the generalized longest common prefix array LCPA according to the obtained literal value;
[0053] 4) Use the generalized suffix array SA and the generalized longest public prefix array LCPA to search for all the common literal values in the known attack abnormal traffic as potential attack characteristics;
[0054] 5) Use the potential attack feature as a training set to train a two-class judgment model;
[0055] 6) Use the trained two-class judgment model to judge whether the detected traffic is ab...
specific example
[0082] Step S4: Since the length of the substring is the same as the length of the character string, each character string itself is a substring, and the obtained four substrings are: E 0 =abaa, E 1 =abca, E 2 =caab. Divide each substring into 2 segments to get: F 0 =ab,F 1 =aa,F 2 =ab,F 3 =ca,F 4 =ca,F 5 =ab.
[0083] Step S5: From the previous step, a segment set F={ab, aa, ab, ca, ca, ab} is obtained, and then a segment string F'=abHaaHabHcaHcaHabH is constructed according to the segment set F. Among them, the construction results of the generalized suffix array SA and the generalized longest common prefix array LCPA of the segment set F are as follows:
[0084] Generalized Suffix Array and Generalized Longest Common Prefix Array of Table F
[0085]
[0086] Step S601: Set the integer K=3, access the generalized longest common prefix array LCPA from left to right, and obtain an interval LCPA[14, 15] that satisfies the requirements.
[0087] Step S602: For the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention relates to a network attack intrusion detection method using full-text indexing, comprising the following steps: 1) establishing a simulated network environment E, and generating normal network traffic and known attack abnormal traffic; 2) respectively obtaining normal network traffic and known attack Literal value of each data packet in abnormal traffic; 3) Construct generalized suffix array SA and generalized longest common prefix array LCPA according to the obtained literal value; 4) Use generalized suffix array SA and generalized longest common prefix array LCPA to search for known Attack all the common literal values in the abnormal traffic as potential attack features; 5) Use the potential attack features as a training set to train a two-class judgment model; 6) Use the trained two-class judgment model to judge whether the detected traffic is abnormal traffic, Compared with the prior art, the present invention has the advantages of high detection rate and high execution efficiency.
Description
technical field [0001] The invention relates to the field of information security, in particular to a network attack intrusion detection method using full-text indexing. Background technique [0002] Intrusion detection can improve the active defense capability of information systems against network attacks. Technically, it can be divided into two categories: label-based and exception-based. In contrast, tag-based intrusion detection has higher detection accuracy for known attacks, and is the basis for constructing the core components of the current mainstream Intrusion Detection System (IDS). [0003] The basic idea of label-based intrusion detection technology is to determine whether the detected traffic has similar or identical characteristics to the abnormal traffic caused by known attacks. One implementation method is: first, extract attack features from abnormal traffic with known attacks according to expert experience to construct a signature database; then, use a...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More