Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network abnormal behavior intelligent detection and response method and device and electronic equipment

A technology for intelligent detection and network anomalies, applied in the field of computer networks, can solve problems such as network single point failure, honeypot quantity and management inconvenience, and increase the delay of normal network access, so as to improve response speed, convenience and accuracy, The effect of delaying the attack process

Pending Publication Date: 2021-12-07
极客信安(北京)科技有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, there are technical problems in the existing schemes. For typical honeypot deployment schemes, it brings great inconvenience to the number and management of honeypots. Since network deception is limited to honeypot entities, this kind of deception is also easy to be exploited. attacker identification
The method based on traffic redirection can effectively reduce the number of honeypot deployments, but the serial deployment method is likely to bring a single point of failure risk to the network, and all access requests must be analyzed by serial devices before they can be forwarded, increasing the normal access delay of the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] see figure 1 , the present disclosure provides an intelligent detection and response method for abnormal network behavior, specifically including the following method steps:

[0060] Step S102: collecting mirrored traffic at the session layer through the switch, and extracting traffic characteristics from the mirrored traffic.

[0061] Such as figure 2 As shown in the figure, the network abnormal behavior intelligent detection and response system is connected to the mirror traffic interface of the target network, and the mirror traffic data of the key session layer communicating with the local network is collected through the subnet switch, and the mirror traffic data is received by each server in the normal network service. The mirrored traffic data is exactly the same. On the one hand, the mirrored traffic data is used to generate subsequent detection rules, and on the other hand, it is used for anomaly detection.

[0062] Among them, the traffic characteristics in...

Embodiment 2

[0101] see Figure 7 , the present disclosure provides an intelligent detection and response system for abnormal network behavior, the detection and response system is embedded in the entire network interaction system in the form of hardware or software modules, such as figure 2 As shown, the network access device obtains network data from the public network, forwards the network data to the server through the subnet switch, and distributes the data to the network abnormal behavior intelligent detection and response system. The internal modules of the network abnormal behavior intelligent detection and response system pass the software Or hardware implementation, the same functional modules have the same technical effect as in Embodiment 1, and will not be repeated here. The network abnormal behavior intelligent detection and response system specifically includes:

[0102] The extraction unit 702 is configured to collect mirrored traffic at the session layer through the switc...

Embodiment 3

[0129] The present disclosure provides an electronic device, including a processor and a memory, the memory stores computer program instructions that can be executed by the processor, and when the processor executes the computer program instructions, any one of the first aspects can be realized. The method steps described above.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a network abnormal behavior intelligent detection and response method and device and electronic equipment, and the method comprises the steps of collecting the mirror traffic of a session layer through a switch, and extracting a traffic feature from the mirror traffic; training verification rules based on the traffic characteristics, the verification rules including an internal and external network verification rule, a survival host verification rule, an existing network service verification rule and an existing operating system network fingerprint generation rule; marking each network request according to the verification rule to form a request log; and making a basic response to each network request according to the request log. According to the embodiment of the invention, a bypass network data detection method is adopted to realize network spoofing defense, network should be realized in a session layer, and the network defense efficiency is improved.

Description

technical field [0001] The disclosure relates to the technical field of computer networks, in particular to an intelligent detection and response method, device and electronic equipment for abnormal network behavior. Background technique [0002] Network spoofing defense technology is a new concept that has emerged in recent years, that is, by forging various false hosts, false services and even false users in the protected network to deceive attackers into thinking that there are a large number of stock hosts, services, and active users in the protected network. As a result, the attacker cannot accurately locate the effective attack target. On the one hand, this technology can delay the attack speed, increase the time cost of the attacker, and reduce the accuracy of the attack; on the other hand, it can effectively capture the attacker's attack behavior and traffic content, and provide important clues for tracking investigation and evidence collection. [0003] At present,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L63/1416H04L63/1425Y02D30/50
Inventor 不公告发明人
Owner 极客信安(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com