Zombie machine detection method based on alarm association

A detection method and alarm technology, applied in the field of the Internet of Things, can solve problems such as time-consuming, tedious, and difficult updates, and achieve the effect of reducing bad consequences and reducing false alarm rates

Active Publication Date: 2020-11-13
HOHAI UNIV CHANGZHOU
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, updating these rules has become increasingly difficult, tedious and time-consuming due to th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Zombie machine detection method based on alarm association
  • Zombie machine detection method based on alarm association
  • Zombie machine detection method based on alarm association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] Such as figure 1 As shown, a zombie machine detection method based on alarm correlation includes the following modules: an online intrusion detection module, an offline intrusion detection module and an intrusion alarm correlation module, wherein:

[0046] The online intrusion detection module uses existing technical solutions to detect real-time network traffic;

[0047] The offline intrusion detection module uses the improved attack graph technology to evaluate the security status of the virtual machine;

[0048] The intrusion detection alarm association module includes alarm aggregation and alarm verification, which is used to associate the alarms of the online intrusion detection module with the results of the offline intrusion detection module, finally judge whether an intrusion occurs, and output alarm information.

[0049] The above-mentioned online intrusion detection module uses existing technical solutions to detect real-time network traffic; the online intru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a distributed intrusion detection method based on alarm association in a cloud environment. The method comprises the following steps: collecting intrusion evidences; establishing a distributed behavior diagram template; carrying out anomaly detection; carrying out behavior graph template update. Distributed detection in the cloud environment is achieved in a clustering mode, further intrusion detection judgment is achieved based on the thought of alarm association, and the false alarm rate can be reduced. By means of the method, zombie machines in the cloud environmentcan be effectively detected, and therefore cloud computing resources are protected against malicious utilization.

Description

technical field [0001] The invention relates to the field of the Internet of Things, in particular to a method for detecting zombies based on alarm association. Background technique [0002] Botnet is one of the most serious network threats, refers to the computer equipment infected with bot virus, which is controlled by hacker program, is called zombie machine. Hackers can use zombie machines to achieve different purposes, such as launching distributed network attacks and distributed denial of service attacks. [0003] Intrusion Detection System (IDS) is a monitoring system for computers, it monitors the system in real time, and sends out warnings once abnormal conditions are found. Many existing IDSs built for botnets are rule-based, and their performance depends on expert, defined rule sets. Rules-based Botnet ID identifies botnets by examining network traffic and comparing it to known or previously seen botnet signatures, often encoded by security experts. However, up...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F21/57G06K9/62H04L29/06
CPCG06F21/55G06F21/577H04L63/145H04L63/1416H04L63/1433H04L2463/144G06F18/24147
Inventor 孙宁石慧珠韩光洁
Owner HOHAI UNIV CHANGZHOU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap