Network abnormal behavior intelligent detection and response method and device and electronic equipment

A technology for intelligent detection and network anomalies, applied in the field of computer networks, can solve problems such as network single point failure, honeypot quantity and management inconvenience, and increase the delay of normal network access, so as to improve response speed, convenience and accuracy, The effect of delaying the attack process

Pending Publication Date: 2021-12-07
极客信安(北京)科技有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, there are technical problems in the existing schemes. For typical honeypot deployment schemes, it brings great inconvenience to the number and management of honeypots. Since network deception is limited to honeypot entities, this kind of deception is also easy to be exploited. attacker identification
The meth

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment
  • Network abnormal behavior intelligent detection and response method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0058] Example one

[0059] See figure 1 The present disclosure provides a network abnormal behavior intelligent detection and response method, which includes the following method steps:

[0060] Step S102: The mirror flow rate of the session layer is acquired by the switch, and the flow characteristics are extracted from the mirror traffic.

[0061] like figure 2 As shown, the mirror traffic interface of the network abnormal behavior intelligence detection and the response system is connected to the target network, and the mirror traffic data of the key session layer communication with this network is acquired by the subnet switch, and the mirror traffic data is received in the normal network service. The data is exactly the same, the mirror traffic data is used to generate subsequent detection rules and on the other hand for abnormal detection.

[0062] Wherein, the flow characteristics include, but are not limited to, the following types:

[0063] (1) IP / MAC address distribut...

Example Embodiment

[0100] Example 2

[0101] See Figure 7 The present disclosure provides a network abnormal behavior intelligent detection and response system, which is nestled through the entire network interactive system by hardware or software module. figure 2 As shown, the network access device acquires network data from the public network, and forwards network data to the server through the subnet switch to the server, and delivers data to network abnormal behavior intelligent detection and response system, network abnormal behavior intelligent detection and response system internal modules pass software Or the same functional module has the same technical effect as the embodiment, and will not be described herein, and the network abnormal behavior intelligent detection and response system specifically includes:

[0102] The extraction unit 702 is configured to capture the mirror flow of the session layer by the switch and extract flow characteristics from the mirror traffic.

[0103] Wherein,...

Example Embodiment

[0128] Example three

[0129] The present disclosure provides an electronic device including a processor and a memory, the memory stores a computer program command capable of executing by the processor, the processor performs the computer program command, realizing any one of the first aspect Method steps are described.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a network abnormal behavior intelligent detection and response method and device and electronic equipment, and the method comprises the steps of collecting the mirror traffic of a session layer through a switch, and extracting a traffic feature from the mirror traffic; training verification rules based on the traffic characteristics, the verification rules including an internal and external network verification rule, a survival host verification rule, an existing network service verification rule and an existing operating system network fingerprint generation rule; marking each network request according to the verification rule to form a request log; and making a basic response to each network request according to the request log. According to the embodiment of the invention, a bypass network data detection method is adopted to realize network spoofing defense, network should be realized in a session layer, and the network defense efficiency is improved.

Description

technical field [0001] The disclosure relates to the technical field of computer networks, in particular to an intelligent detection and response method, device and electronic equipment for abnormal network behavior. Background technique [0002] Network spoofing defense technology is a new concept that has emerged in recent years, that is, by forging various false hosts, false services and even false users in the protected network to deceive attackers into thinking that there are a large number of stock hosts, services, and active users in the protected network. As a result, the attacker cannot accurately locate the effective attack target. On the one hand, this technology can delay the attack speed, increase the time cost of the attacker, and reduce the accuracy of the attack; on the other hand, it can effectively capture the attacker's attack behavior and traffic content, and provide important clues for tracking investigation and evidence collection. [0003] At present,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L63/1416H04L63/1425Y02D30/50
Inventor 不公告发明人
Owner 极客信安(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap