Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for detecting network worm

A detection method and worm technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of high false positive rate and false negative rate of detection results, inability to efficiently detect unknown worms and worm virus variants, etc. , to achieve the effect of fewer false alarm records, improved efficiency and accuracy

Inactive Publication Date: 2006-11-08
HUAWEI TECH CO LTD
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0050] The technical problem to be solved by the present invention is: to overcome the problem that the existing network worm detection technology cannot accurately and efficiently detect unknown worms and worm variants, and the detection results have a high rate of false alarms and false alarms, and proposes a Network worm detection system and method for accurately and efficiently detecting unknown worms and worm variants

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for detecting network worm
  • System and method for detecting network worm
  • System and method for detecting network worm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0136] Below according to accompanying drawing and embodiment the present invention will be described in further detail:

[0137] The present invention proposes a worm detection system and method by analyzing the essential characteristics of worms, which can detect whether there is a host infected with network worms in the enterprise internal network, and provide real-time alarm.

[0138] 1. Worm detection system

[0139] The deployment mode of the worm detection system is as follows: figure 2 As shown, the worm detection system includes a detection machine, a database server, and a management machine; the detection machine is equipped with two network cards, and one of the network ports is connected to the egress switch of the enterprise intranet or the mirror port of the router, and the traffic of the port connected to the external network Mapped to the detection machine, it is used to monitor the network data packets at the exit of the enterprise intranet, and the other n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A network worm detection system and method respectively select relevant probability calculation formulae calculating host computer infection worm probability, according to host computer in network originated first connection success or fail status and first connection time interval to IP address not accessed before. It compares the calculated probable value with pre-configured host computer infection worm decision threshold value, if probable value being greater than host computer infection worm decision threshold value then regarding said host computer as abnormal host computer. If it can not be judged then waiting host computer next first connection, and using this conditional probability as next time calculative prior probability, recalculating said host computer infection worm probability. The present invention can accuracy efficiently detect unknown worm virus and worm virus varieties.

Description

technical field [0001] The invention relates to the technical field of computer security protection, in particular to a network worm detection system and method. Background technique [0002] A network worm is a program that can run independently. By scanning the network, it finds a computer system with system vulnerabilities, obtains the control right of the computer system, and spreads it; Resource consumption, network congestion and other serious consequences. [0003] The workflow of network worms can be divided into four stages: vulnerability scanning, attack, infection, and post-processing, such as figure 1 As shown in the figure, after the worm program scans a computer system with vulnerabilities, it migrates the worm body to the target host. The worm then enters the infected system to perform post-mortem processing on the target host. At the same time, the worm program generates multiple copies and repeats the above process. [0004] Analyzing the entire workflow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
Inventor 董亚波涂卫华郑志彬
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com