Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack behavior detection method based on flow abnormity and feature analysis

A feature analysis and traffic anomaly technology, applied in the field of network security, can solve the problems of low interception attack efficiency, inability to prevent unknown vulnerability attacks, etc., and achieve the effect of avoiding volume increase

Inactive Publication Date: 2015-12-02
XIDIAN UNIV
View PDF3 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to propose an attack behavior detection method based on traffic anomalies and feature analysis, so as to solve the problem that the existing detection technology cannot prevent attacks from unknown vulnerabilities and the increase in the size of the attack signature library leads to the reduction of interception attack efficiency.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack behavior detection method based on flow abnormity and feature analysis
  • Attack behavior detection method based on flow abnormity and feature analysis
  • Attack behavior detection method based on flow abnormity and feature analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] refer to figure 1 , the implementation steps of the present invention are as follows:

[0022] Step 1, get network traffic.

[0023] At present, there are many ways to obtain network traffic, such as firewall hooks, divertsocket and NPF-driven interception methods, etc. Among them, the firewall hook method and divertsocket method are both intercepting data packets at the IP layer of the TCP / IP protocol stack and performing Traffic statistics, because these data packets pass through part of the protocol stack, their data integrity cannot be guaranteed, and the interception method based on the NPF driver can directly intercept the data packets on the physical link and perform traffic statistics, so this example uses Based on the NPF-driven Windows network underlying access tool winpcap to perform network traffic statistics, the implementation steps are as follows:

[0024] 1a) Use winpcap to open the network adapter A that needs to be detected, set the statistical mode ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attack behavior detection method based on flow abnormity and feature analysis, mainly solving the problem of low efficiency of the prior art caused by incapability of preventing unknown vulnerability attacks and the increase of an attack feature database. The technical scheme comprises: 1, obtaining network flow; and 2, calculating the Hurst index of the network flow. If the Hurst index is greater than an alarm threshold value, the network flow is determined not to be attacked; if the Hurst index is smaller than an alarm threshold value, attack flow feature string matching is performed on the flow suspected to be attacked and having the Hurst index is smaller than an alarm threshold value; if matching fails, the network flow is determined not to be attacked; and if matching is successful, the network flow is determined to be attacked, and an alarm is given for a user. The method can effectively intercept attacker attacks specific to unknown vulnerabilities, has high efficiency, and is used for protecting network safety.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an attack behavior detection method, which can be used to protect network security. Background technique [0002] In recent years, with the rapid development of Internet technology, surfing the Internet has become an indispensable part of people's daily work and life. Various emerging applications such as e-mail, online shopping, online social networking, online games, etc. have become an important part of people's work and entertainment. choose. While these emerging things bring convenience to users, they also bring new security risks. First of all, all emerging network applications require users to manage their own accounts and passwords. Once this information is stolen, the user's privacy and virtual data will suffer heavy losses; second, in some scenarios that require online payment, users often need to send their own If the bank card information is uploaded by cri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 庞辽军曹潮
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com