Unlock instant, AI-driven research and patent intelligence for your innovation.

Invasion detecting method

A technology of intrusion detection and intrusion detection system, which is applied in the direction of error detection/correction, instrumentation, digital transmission system, etc., can solve problems such as damage, inability to detect suspicious behavior, and inability to evaluate the damage of protected network or host, and achieve intrusion detection results Accurate, rationality-enhancing effect

Inactive Publication Date: 2006-10-25
LENOVO (BEIJING) CO LTD
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the current intrusion detection system cannot detect suspicious behaviors in combination with the actual network environment, such as the topology of the internal protected network, the system type and service type of the protected host, and other information.
Unable to assess whether the intrusion will actually cause damage to the protected network or host, and how much damage will be caused

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Invasion detecting method
  • Invasion detecting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The invention provides an intrusion detection method combined with network vulnerability scanning, and applies the vulnerability scanning result library to the intrusion detection and analysis process. After an intrusion event is detected, according to the intrusion detection rule base, query the relevant standard vulnerability database to analyze which vulnerability is attacked by the intrusion event, and then retrieve the vulnerability attacked by the event in the vulnerability scanning result database of the network to query whether the network is There is such a loophole to confirm whether the intrusion will be successful.

[0019] In order to facilitate the retrieval of vulnerabilities corresponding to intrusion detection rules in the vulnerability scanning result database, for the standard vulnerability database and the vulnerability scanning result database, internationally recognized vulnerability numbers such as CVE ID or bugtraq ID are used as the vulnerability...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an intrusion detection method. The intrusion detection system detects each event of accessing the protected network or host according to the detection rules, and further includes the following steps: a) judging whether the currently detected event is an intrusion event, if not , return to step a and continue to detect the next event, if so, obtain the intrusion detection rule used to detect the current event; b) determine the target of the currently detected intrusion event according to the preset correspondence between the intrusion detection rule and the vulnerability Vulnerability; c) Retrieve whether the protected network or host has the vulnerability determined in step b in the vulnerability scanning result database obtained by the vulnerability scanning of the protected network or host; and according to the degree of harm of the intrusion event and the vulnerability to be attacked and The risk assessment of intrusion events is carried out based on the matching degree of vulnerability information among the vulnerability scanning result databases. The application of the invention improves the accuracy and practicability of the intrusion detection results.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to an intrusion detection method. Background technique [0002] In the field of computer network security technology, network intrusion detection and network vulnerability scanning are two methods to protect one's own network and data security. [0003] A network vulnerability scan is a program that automatically detects security weaknesses in remote or local target hosts. The principle is to use the form of simulated attacks to check the known security vulnerabilities that may exist in the target host one by one, and collect the vulnerabilities that exist in the target host. For example, by remotely detecting the services of different TCP / IP ports of the target host and recording the answers given by the target host, various information about the target host can be collected, including whether anonymous login is possible, whether there is a writable FTP directory...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/00G06F17/30H04L9/00
Inventor 郑理杨燚徐鹏
Owner LENOVO (BEIJING) CO LTD