Abnormal operation detection method and device and electronic equipment

A detection method and abnormal technology, applied in the field of network security, can solve problems such as poor accuracy of detection methods

Pending Publication Date: 2022-02-01
北京顶象技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the object of the present invention is to provide a detection method, device and electronic equipment for abnormal operation, so as to alleviate the technical problem of poor accuracy of the existing detection method for abnormal operation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal operation detection method and device and electronic equipment
  • Abnormal operation detection method and device and electronic equipment
  • Abnormal operation detection method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] According to an embodiment of the present invention, an embodiment of a method for detecting abnormal operations is provided. It should be noted that the steps shown in the flow charts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0049] figure 1 is a flow chart of a method for detecting abnormal operations according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:

[0050] Step S102, acquiring the network data flow and the protocol rule signature, wherein the protocol rule signature carries the information of the protocol to be detected and the abnormal function code corresponding to the protocol to be detected;

[0051]In the embodiment of the present inventi...

Embodiment 2

[0091] The embodiment of the present invention also provides a detection device for abnormal operation. The detection device for abnormal operation is mainly used to implement the detection method for abnormal operation provided in Embodiment 1 of the present invention. The following describes the abnormal operation provided in the embodiment of the present invention The detection device is introduced in detail.

[0092] Figure 4 is a schematic diagram of an abnormal operation detection device according to an embodiment of the present invention, such as Figure 4As shown, the device mainly includes: a first acquisition unit 10, a second acquisition unit 20, an analysis and matching unit 30 and a determination unit 40, wherein:

[0093] The first acquisition unit is used to acquire network data streams and protocol rule signatures, where the protocol rule signatures carry information about the protocol to be detected and an abnormal function code corresponding to the protocol...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an abnormal operation detection method and device, and electronic equipment. The method comprises the steps of obtaining a network data flow and a protocol rule signature; obtaining a to-be-detected network data flow matched with a to-be-detected protocol from the network data flow; calling a target protocol analyzer to analyze the to-be-detected network data flow, and matching an analysis result with an abnormal function code; and if the analysis result is matched with the abnormal function code, determining an operation corresponding to the to-be-detected network data flow as an abnormal operation. According to the method, the to-be-detected network data flow is detected based on the abnormal function code, complex and diversified industrial control system networks can be dealt with, and the detected abnormal operation is more accurate and high in precision.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a detection method, device and electronic equipment for abnormal operation. Background technique [0002] The new infrastructure is an accelerator for the further deepening of digitalization. More and more government and enterprise business operations are based on digitalization. With the gradual integration of informatization and industrialization, the degree of informatization of industrial control systems is getting higher and higher. The widespread use of general-purpose software, hardware, and network facilities has broken the original "isolation protection" of traditional industrial control systems. While continuously promoting the development of the Industrial Internet, the security problems faced by traditional IT networks have gradually penetrated into the Industrial Internet. However, compared with the traditional IT network, the characteristics of the industri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40H04L67/06H04L67/12H04L69/22
CPCH04L63/1425H04L67/06H04L67/12H04L69/22
Inventor 王锐畅董阳史博
Owner 北京顶象技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap