Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network intrusion detection system and method based on application protocol detection engine

A network intrusion detection and application protocol technology, applied in the field of network information security, can solve the problems of lack of automatic upgrade method, easy system scalability and easy maintenance, etc., to achieve convenient development and maintenance, ensure easy scalability, and ensure easy maintenance. sexual effect

Inactive Publication Date: 2006-02-22
PEKING UNIV
View PDF0 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In terms of anomaly detection, only a simple threshold comparison method is used to detect port scanning attacks, and other forms of attacks are not considered.
[0005] Moreover, the existing network intrusion detection system generally adopts a source-code-level modular mechanism when building its detection engine. For example, Snort adopts a source-code-level plug-in mechanism, but the source-code-level modular mechanism leads to support for new feature detection options and The new application protocol requires a lot of code modification, and the system is not easy to expand and maintain. At the same time, the network intrusion detection system constructed from this only supports the upgrade function of the attack signature, but it does not support the analysis of the new application protocol, the new The attack signature option lacks a convenient and quick automatic upgrade method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network intrusion detection system and method based on application protocol detection engine
  • Network intrusion detection system and method based on application protocol detection engine
  • Network intrusion detection system and method based on application protocol detection engine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] Refer to the attached Figures 1 to 5 Describe in detail the network intrusion detection system based on the application protocol detection engine provided by the present invention:

[0040] Such as figure 1 As shown, the network intrusion detection system based on the application protocol detection engine provided by the present invention, wherein the data packet capture module, data packet analysis module, data packet shunt module, output response module and the structural composition, connection relationship and function of the console All are the same as the existing network intrusion detection system. It is characterized in that, as figure 2 As shown, the application protocol detection engine also includes three detection function modules: a protocol analyzer, an anomaly detector and a feature detector. The three modules respectively use a simple component object model to implement the application protocol analysis component, anomaly detection component and The f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network invasion detecting system based on the application protocol detecting engine and its method. The application protocol detecting engine comprises three detector units as a application protocol analyzer, a abnormal detector and a feature detector while these detectors can all or partly use simply components object models and supply uniform calling interface. The character of said network invasion detecting method is that the invention comprises three steps as protocol analysis, abnormal detecting and feature detecting. The invention can solve the defect of present network invasion detecting system that the inability for detecting new invasion type; and the invention realizes components of the application protocol analyzer, the abnormal detector and the feature detector by the components technique, which allows the detecting component after decoding can connect the detecting system directly without decoding again, so the spreading and the maintenance of network invasion detecting system are improved.

Description

technical field [0001] The invention belongs to the field of network information security, and in particular relates to a network intrusion detection system and method based on an application protocol detection engine. Background technique [0002] The Network Intrusion Detection System (NIDS for short) is an important part of the network security defense system. Its basic principle is to collect and analyze data packets on the network to detect whether there are events that violate security policies or When an attack event occurs, an alert is issued for the detected event, so that system administrators and automatic response mechanisms can take effective measures in a timely manner to prevent or reduce the damage caused by the attack. [0003] Intrusion detection techniques can be divided into two categories: feature detection and anomaly detection. Feature detection is to match the detected data based on the features of existing attacks, and if it matches, it will be rega...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
Inventor 诸葛建伟叶志远
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com