Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal session detection method and device and computer storage medium

A technology of session detection and abnormality, which is applied in the field of information security, can solve problems such as inaccurate judgment of abnormal traffic, and achieve the effects of saving manpower, improving detection efficiency, and accurate detection

Pending Publication Date: 2021-11-16
SHANGHAI GUAN AN INFORMATION TECH
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the above problems, the present invention provides an abnormal session detection method, device and computer storage medium, which determines the white list according to the device interconnection information, divides the sessions that do not exist in the white list into session trees, and extracts each session tree. Leaf node feature information, determine the data type confidence of each leaf node according to multiple feature information, and judge whether the session under the leaf node is an abnormal session according to the data type confidence, so as to solve the problem of inaccurate judgment of abnormal traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal session detection method and device and computer storage medium
  • Abnormal session detection method and device and computer storage medium
  • Abnormal session detection method and device and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0104] As an optional implementation, the device also includes:

[0105] A supplementary module, configured to supplement the latest whitelist into the preset whitelist.

[0106] In this embodiment, the preset whitelist is dynamically updated. When the latest whitelist is obtained, the data in the latest whitelist will be added to the preset whitelist, and the preset whitelist after the supplementary data will be used as the judgment for the next time The basis for whether the session is legitimately connected.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an abnormal session detection method. The method comprises the following steps: extracting a session in a data stream and equipment interconnection information corresponding to the session; judging whether a corresponding session exists in a preset white list or not according to the equipment interconnection information; classifying sessions which do not exist in a preset white list step by step according to session contents to obtain a session tree; calculating the data type confidence of each leaf node in the session tree according to the equipment interconnection information; determining the session set corresponding to the leaf node of which the data type confidence is greater than a preset confidence threshold as a latest white list; and determining the session which does not exist in the latest white list as the abnormal session. Thus, the accuracy of abnormal session detection is improved.

Description

technical field [0001] The invention relates to the field of information security, in particular to an abnormal session detection method, device and computer storage medium. Background technique [0002] There are many ways to discover network security threats in the current network, such as intrusion detection system (IDS) and network traffic analysis system (NTA). As an emerging technology for network threat detection, NTA has emerged in the network security market. [0003] However, if the current detection system does not understand the legitimate business and management traffic in the deployment environment, or does not perform corresponding configurations, it uses extremely high device configurations to perform feature analysis and matching on all data traffic, mainly legal traffic, which will lead to There are a huge number of false alarms in the system, and it is difficult to respond effectively. In addition, the detection system in the prior art needs to invest a l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/31G06F16/332G06F16/2455
CPCG06F16/322G06F16/3329G06F16/24568
Inventor 范海斌王文君
Owner SHANGHAI GUAN AN INFORMATION TECH