Formalized description method of network infection behaviour and normal behaviour

A formalized description and network intrusion technology, applied in user identity/authority verification, timely exchange of telegram messages, digital transmission systems, etc., can solve complex intrusion behaviors, inability to effectively detect intrusion behaviors, information system collapse and denial of service, etc. question

Inactive Publication Date: 2004-02-25
BEIJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (2) Attacks through the network are often mixed among a large number of normal network activities, with strong concealment
[0005] (3) The means of intrusion are more concealed and complex
[0010] (4) Malicious use of normal network operations, such as the use of abnormal frequencies, etc., resulting in the collapse of the information system and the denial of service attack (Denial of Service, DoS) that cannot provide services normally
[0016] As the network intrusion behavior becomes more and more complex, the simple intrusion feature description in the past is no longer suitable for the needs of identifying intrusion behavior, which makes the intrusion detection system and firewall and other security components unable to effectively detect complex intrusion behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Formalized description method of network infection behaviour and normal behaviour
  • Formalized description method of network infection behaviour and normal behaviour
  • Formalized description method of network infection behaviour and normal behaviour

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In the intrusion petri net, the action feature (Action) and the state (State) in the quadruple are respectively represented by T and P sets, which have a good correspondence. The quantitative relationship (Quantity) in the quadruple is well expressed by the identification number in P.

[0037] For the sequence (Sequence) relationship in the quadruple, there is also a good corresponding description with the intrusion petri net, a, b, c∈A (A is the set of intrusion actions), there are the following sequence relationships:

[0038] Sequential relationship such as figure 2

[0039] Partial order relation such as image 3

[0040] Choose a relationship such as Figure 4

[0041] concurrent relations such as Figure 5

[0042] status label

remember

status description

action mark

remember

Action description

p 0

initial listening status

t 1

The server receives the syn request

p 1

recei...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a formalized description method of infection behaviour and normal behaviour in the network. It makes meticulous analysis for infection and aggressive behaviour in thenetwork, specially for distributed infection behaviour, on the basis, provides a formalized description method for infection behaviour and normal behaviour in the network. It uses ASSQ quadruple as theoretical basis, on the basis of existent Petri net model makes redefinition and modification, so that the method can be used for tracking and detecting infection behaviour and separating normal behaviour and infection behaviour.

Description

technical field [0001] The invention belongs to the field of network and information security, specifically relates to a formalized description method of normal network behavior and intrusion behavior, and provides theoretical help for a distributed intrusion detection system. Background technique [0002] With the rapid development of computer network technology, the degree of informatization of the society is constantly improving. While the network brings huge economic and social benefits to people, it is also facing increasingly serious security problems. A major threat to network security is the attack and destruction of the network and the intrusion of the information system through the network. A network intrusion is defined as any collection of network activities that attempt to undermine the integrity, confidentiality, or credibility of an information system. Compared with traditional means of destroying information systems, network intrusion has the following chara...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L9/32H04L9/34
Inventor 褚永刚杨亚飞魏战松杨义先
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap