Port scanning detection method and device
A port scanning and detection method technology, applied in the field of network security, can solve problems such as undetectable, missed negative, false positive, etc., to achieve the effect of avoiding false positives and improving detection accuracy
Active Publication Date: 2021-01-05
北京微步在线科技有限公司
View PDF15 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] Existing port scanning attacks, because its principle is to detect by counting the number of data packets sent in a short period of time, without considering other factors, so there will be two main problems in the detection process: 1. False negative: traditional port scanning It is a full port scan for a single target. Modern port scans often scan a single port for a group of targets. Existing detection methods cannot detect this type of scan
2. False positives: Existing detection methods will produce false positives for some applications that generate a large number of data packets in a short period of time, such as: P2P downloads, etc.
It will also generate false positives for certain types of IP, such as the network egress of the networking area. Since there are many users behind this type of IP, a large number of data packets will also be generated in a short period of time.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0074] Various aspects and features of the present application are described herein with reference to the accompanying drawings.
[0075] It should be understood that various modifications may be made to the embodiments applied for herein. Accordingly, the above description should not be viewed as limiting, but only as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
[0076] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with the general description of the application given above and the detailed description of the embodiments given below, serve to explain the embodiments of the application. principle.
[0077] These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment given as non-limiting examp...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a port scanning detection method and device, which are used for improving the detection accuracy of port scanning. The method comprises the steps of obtaining data packets received by all devices in a group in the operation process of the devices in the group; determining whether the data packets are data packets corresponding to port scanning or not according to the multiple parameters of the data packets; and when the data packets are the data packets corresponding to the port scanning, displaying the source address of the data packet corresponding to the port scanning. By using the scheme provided by the invention, the data packets received by all the devices in the group can be obtained, port scanning detection can be carried out according to the data packets received by all the devices in the group, missing report is avoided, whether the data packets are the data packets corresponding to port scanning or not is determined according to multiple parameters ofthe data packets, and thus the port scanning accuracy is improved. The problem of low port scanning detection accuracy caused by only obtaining the number of the data packets is avoided, and the portscanning detection accuracy is improved.
Description
technical field [0001] The present application relates to the field of network security, in particular to a detection method and device for port scanning. Background technique [0002] Port scanning means that some people with ulterior motives send a set of port scanning messages in an attempt to intrude into a computer and understand the type of computer network services it provides (these network services are all related to port numbers). Often occurs in the early stages of penetration attacks. [0003] Existing port scanning attacks, because its principle is to detect by counting the number of data packets sent in a short period of time, without considering other factors, so there will be two main problems in the detection process: 1. False negative: traditional port scanning It is a full port scan for a single target. Modern port scans are often a single port scan for a group of targets. Existing detection methods cannot detect this type of scan. 2. False positives: Ex...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L61/4511
Inventor 刘斐然
Owner 北京微步在线科技有限公司