Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for self-adapting testing access of abnormal files

An adaptive detection and file access technology, applied in data exchange details, data collection and prevention, etc., can solve the problems of failure to propose detection system, time-varying, huge memory overhead, etc., and achieve simple and intuitive file access behavior. The effect of accurate model and easy reporting of results

Inactive Publication Date: 2005-06-15
苏州赛博网垠信息科技发展有限公司
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, due to the complexity and time-varying nature of file access in actual systems, researchers have not been able to propose a comprehensive and effective method for detecting illegal behavior in systems based on file access.
In April 2003, Columbia's research team first described a Bayesian model-based system for detecting abnormal behavior in file access, FWRAP (File Wrapper Anomaly Detection System), in their technical report, but the detection accuracy of the system is not high, and the memory overhead Huge, especially when normal model training still requires a large amount of high-quality normal data, so the system can only be used as a research prototype and is not practical

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for self-adapting testing access of abnormal files
  • Method for self-adapting testing access of abnormal files
  • Method for self-adapting testing access of abnormal files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] See figure 1 The specific implementation of the present invention can be based on an Adaptive Detection System for Abnormal File Accesses (ADSAFA). In ADSAFA, the file access sensor is connected to the monitored system, audit database and preprocessing module at the same time, and is connected to the detection module through the preprocessing module. The detection module is interconnected with the normal file access model, and is connected to the security control terminal and alarm database through the alarm module. Connected, the security control terminal and the alarm module are connected to the monitored system through a manual or automatic response mechanism, and the update module is connected to the normal file access model, and the normal model is automatically or compulsorily corrected under the command of the security control terminal.

[0027] The monitored systems are personal computers, various network servers (such as WWW, DNS, mail, database servers, etc.), an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The method includes following steps: (1) recording request of accessing file resources generated in computer system in real time; (2) carrying out pretreatment for the recorded requests; (3) using relation tree of file access records relation of file access described in access records of normal files; (4) relation tree of file access is divided into two parts of fixed part and variation part based on rarity of time t-Rarity; (5) analyzing records of file access, and selecting normal actions of file access, and reporting abnormal actions of file access to safety officer; (6) updating relation tree of file access periodically, and deleting out outdated relation of file access recorded in relation tree of file access. Mechanisms of selective self-learning and self-adapting forgetting are adopted in the invention. Thus, safe and reliable normal action model is built automatically without manual intervention. The invention detects lots of malicious acts with high precision.

Description

Technical field [0001] The invention relates to the technical field of computer network security, in particular to an adaptive detection method for abnormal file access. Background technique [0002] The widespread use of the Internet has increased the risk of networked computers being attacked. Practice has proven that traditional defensive security measures such as passwords, firewalls, and information encryption are not sufficient to cope with this increasingly severe new security situation. In practice, there is an urgent need for safeguard measures that can dynamically monitor the security of networked computer systems like intrusion detection technology, so as to respond quickly in the event of an attack and minimize the possible loss. Therefore, a large number of intrusion detection systems (IDS) have been put into practical use and have become an essential part of most organizations' security systems. Intrusion detection technologies are mainly divided into two types: mis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/22
Inventor 管晓宏蔡忠闽孙国基彭勤科
Owner 苏州赛博网垠信息科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products