Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network intrusion detection method for large flow

A network intrusion detection and large-traffic technology, applied in the field of large-traffic network intrusion detection, can solve problems such as inapplicability to large-traffic application scenarios, and achieve the effects of optimizing processing time, simplifying data processing, and speeding up the data processing process.

Active Publication Date: 2021-02-26
清创网御(合肥)科技有限公司
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the technical defect that the existing traffic protocol analysis technology is not suitable for large traffic application scenarios, the present invention provides a large traffic-oriented network intrusion detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion detection method for large flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] A network intrusion detection method for large traffic, such as figure 1 shown, including the following steps:

[0022] 1. Obtain and divert network traffic.

[0023] 2. Perform IP detection on the diverted traffic, and the traffic whose protocol type can be determined through IP detection, skip to step 6.

[0024] IP detection is aimed at the network layer of the data packet. The IP address of some Internet services is fixed, and the communication protocol adopted by the service is fixed, so the corresponding relationship between the IP address and the communication protocol is formed. The BM algorithm matching library is established through the IP address and the communication protocol adopted by the service. The corresponding relationship between the IP address and the communication protocol is stored in the matching library. Part of the traffic can be directly detected by the IP to complete the protocol analysis and handed over to the distribution device for proces...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network intrusion detection method for large flow and protocol analysis. According to the protocol analysis aspect, an IP, a port and a message of a flow data package in different network structures of a network layer, a transmission layer and an application layer are respectively detected, thereby accelerating the data processing flow, simplifying the unnecessary data processing, optimizing the processing time, and improving the processing efficiency; therefore, the method is suitable for large-flow network intrusion detection. in the aspect of feature matching, partof protocols with clear feature information can use the AC automaton in a targeted manner; if there is no protocol with clear feature information, feature matching of the traffic data payload is realized through a Hyperscan feature library; different analysis methods are used for different protocols, matching hit is effectively accelerated, and resource loss is reduced.

Description

technical field [0001] The invention relates to the technical field of network traffic protocol analysis, in particular to a large traffic-oriented network intrusion detection method. Background technique [0002] With the acceleration of global informationization, network security is becoming more and more important. In the current high-speed switching network environment, network attack methods are becoming more and more complex, and intrusion detection security technology has attracted much attention. Intrusion detection is to collect information from several key points in a computer network or computer system and analyze it to find out whether there are behaviors that violate security policies and signs of being attacked in the network or system. [0003] From the perspective of data analysis methods, intrusion detection can usually be divided into misuse intrusion detection and abnormal intrusion detection. Misuse of intrusion detection technology is to find out possi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L69/18
Inventor 庞文俊陈继汤桂林李小超伊晓强
Owner 清创网御(合肥)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com