Flow monitoring method and system for multi-protocol attack data

A technology of traffic monitoring and attack data, applied in the field of network security, can solve the problems of affecting the detection results, performance dependent on the design of traffic characteristics, etc.

Pending Publication Date: 2020-11-10
SHENZHEN CASTLE SECURITY TECH CO LTD
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The core idea of ​​the existing attack traffic detection scheme is to use the difference between the attack behavior traffic characteristics and the normal behavior traffic characteristics for detection, w

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow monitoring method and system for multi-protocol attack data
  • Flow monitoring method and system for multi-protocol attack data
  • Flow monitoring method and system for multi-protocol attack data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] In order to have a clearer understanding of the technical features, purposes and effects of the invention, the specific embodiments of the present invention are now described with reference to the accompanying drawings, in which the same reference numerals represent components with the same or similar structures but the same functions.

[0056]In this article, "schematic" means "serving as an example, example or illustration", and any illustration or implementation described as "schematic" should not be interpreted as a more preferred or more advantageous Technical solutions. In order to keep the drawings concise, the drawings only schematically show the parts related to this exemplary embodiment, and they do not represent the actual structure and true proportion of the product.

[0057] The invention discloses a flow monitoring method for multi-protocol attack data. The multi-protocol attack data is multi-protocol network flow data. The flow monitoring method includes:...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention aims to provide a flow monitoring method for multi-protocol attack data, the multi-protocol attack data is multi-protocol network flow data, and the flow monitoring method comprises thefollowing steps: training data structure information and data time sequence information of network flow sample data to establish a flow identification model; identifying the current network flow dataaccording to the flow identification model, and obtaining a plurality of flow characteristic values in the current network flow data; acquiring multi-protocol type information in the current network transmission data according to the plurality of flow characteristic values and the characteristic values of the plurality of transmission protocols; dividing the flow data of the network flow data intoa plurality of data flow segments according to the detection period; obtaining an autocorrelation function rhok value of the flow in the data segment sequence; judging whether the multi-protocol typeinformation is set protocol type information or not; and combining the continuity of network transmission data traffic and the judgment of a network transmission protocol. Network transmission data traffic is accurately monitored in real time.

Description

technical field [0001] The invention relates to the field of network security. In particular, the present invention relates to a traffic monitoring method and system for multi-protocol attack data. Background technique [0002] The core idea of ​​the existing attack traffic detection scheme is to use the difference between the attack behavior traffic characteristics and the normal behavior traffic characteristics for detection, which has the disadvantage of relying on the normal behavior model and abnormal threshold setting to affect the detection results, and the performance is very dependent on the traffic characteristics the design of. Contents of the invention [0003] The purpose of the present invention is to provide a flow monitoring method for multi-protocol attack data, which can be judged through self-similarity and model learning, combined with the continuity of network transmission data flow and the judgment of network transmission protocols. Accurate and rea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 催文科唐忞旻石庆辉
Owner SHENZHEN CASTLE SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap