Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Filtering Method for Real-time Intrusion Detection System

A technology of intrusion detection system and filtering method, applied in transmission systems, electrical components, etc., can solve problems such as difficulty in ensuring real-time detection and accuracy at the same time, inability to accurately intercept, and inability to quickly detect and access users.

Active Publication Date: 2021-10-26
NANJING UNIV
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In recent years, with the rapid development and application of the Internet, network attacks and frauds have also increased, which greatly increases the risk of intrusion into existing network service systems, especially in high-speed network environments. For some real-time processing systems, usually Because it is necessary to quickly determine whether the access user has malicious attack intentions, it cannot be accurately intercepted
For example, the peak traffic of Distributed Denial of Service (D-Dos) network attacks is constantly surpassed every year. In this type of attack, the attacker disguises a large number of high-frequency malicious requests as normal requests and sends them to the victim machine. Excessive service load Will cause the victim's server to crash
In 2016, five Russian banks were attacked by a distributed denial-of-service attack, which directly caused the service to go offline; Dyn DNS, a dynamic DNS resolution service provider in the United States, was once attacked, causing half of the Internet services in the United States to be paralyzed
In a high-speed network environment, because the data to be analyzed is very large, considering that the existing intrusion detection research is difficult to ensure the real-time and correct rate of detection at the same time, it is impossible to quickly detect each access user while reducing system risk and power consumption
Thus existing work cannot address the goals proposed in the present invention

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Filtering Method for Real-time Intrusion Detection System
  • A Filtering Method for Real-time Intrusion Detection System
  • A Filtering Method for Real-time Intrusion Detection System

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention is described in further detail now in conjunction with accompanying drawing.

[0049] It should be noted that terms such as "upper", "lower", "left", "right", "front", and "rear" quoted in the invention are only for clarity of description, not for Limiting the practicable scope of the present invention, and changes or adjustments in their relative relationships, without substantial changes in the technical content, shall also be regarded as the practicable scope of the present invention.

[0050] The present invention mentions a kind of filtering method for real-time intrusion detection system, and described filtering method comprises the following steps:

[0051] S1, construction of whitelist and blacklist: collect the user lists corresponding to the detection system that are allowed to enter the system and those that are prohibited from entering the system, and define them as whitelist users and blacklist users respectively.

[0052] S2, risk loss...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a filtering method for a real-time intrusion detection system, including: white list and black list construction; risk loss assessment; filter construction and deployment; white list users are assigned an initial hash for inserting a Bloom filter; Column function set; combined with blacklist users and their corresponding degree of harm, adaptively adjust the hash function set of whitelist users, so that blacklist users with high degree of harm have a higher probability of being blocked; the adjusted hash The function set is stored in the preset hash expressor; the whitelist user uses its hash function set to be inserted into the Bloom filter, combined with the hash expressor to obtain a hash adaptive Bloom filter, and then the hash Chi adaptive Bloom filters deployed to detection systems. The invention has the characteristics of high space efficiency and fast detection, can effectively reduce system losses caused by blacklisted users, provides effective theoretical performance guarantee, and can be applied to applications involving real-time intrusion detection.

Description

technical field [0001] The invention relates to the technical field of network intrusion prevention detection, in particular to a filtering method for a real-time intrusion detection system. Background technique [0002] In recent years, with the rapid development and application of the Internet, network attacks and frauds have also increased, which greatly increases the risk of intrusion into existing network service systems, especially in high-speed network environments. For some real-time processing systems, usually Because it is necessary to quickly determine whether the accessing user has malicious attack intentions, it cannot be accurately intercepted. For example, the peak traffic of distributed denial-of-service (D-Dos) network attacks is constantly surpassed every year. In such attacks, attackers disguise a large number of high-frequency malicious requests as normal requests and send them to victim machines. Excessive service load Will cause the victim's server to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/101H04L63/1416
Inventor 郑嘉琦戴海鹏陈贵海谢榕彪李猛
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products