Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An intrusion detection data processing method, device, and system

An intrusion detection and data technology, applied in the information field, can solve the problems of difficult to achieve interactive verification between different data, difficult coordination, and more labor and time consumption, so as to improve the efficiency of intrusion detection, reduce the difficulty of coordination, and facilitate automation. Effect

Active Publication Date: 2020-08-04
TENCENT TECH (SHENZHEN) CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the variety of data structures, the analysis logic and data fields written need to be coded into the program. It is difficult to cooperate between different intrusion detection systems, and it is difficult to realize the interactive verification between different data. In addition, the application of detection methods is labor-intensive and time-consuming. many

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An intrusion detection data processing method, device, and system
  • An intrusion detection data processing method, device, and system
  • An intrusion detection data processing method, device, and system

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0117] Example 1. User execution commands collected by the host, standardized process:

[0118] 1. The data collected by the host is as follows: For example, a record is collected from the host 10.123.18.9. as follows:

[0119] Command: cat; parameter: cat / etc / passwd; user: test; execution directory: / root;

[0120] Process id: 3349, parent process: bash. Execution time: "2014-3-10 12:00:00".

[0121] 2. Through the standardization of the standardization center, the host ID "10.123.18.9" is transformed into an unsigned integer: 152206090, parameters: cat / etc / passwd hit rule 110 (check system key files); execution time "2014-3-1012:00 :00", normalized to unixtime:1394424000. After normalization of the whole data:

[0122]

[0123]

[0124] 3. The data records after the aforementioned standards are judged as high-risk access after the intrusion detection system analysis (IDS1). Add an analysis record in the "content" field. After IDS1 analysis, add "ids_name": "IDS...

example 2

[0127] Example 2. Access records httplog collected by network switches, standardized process:

[0128] 1. The httplog data collected by the network switch is as follows: For example, switch 10.123.18.9 collected a Get request. as follows:

[0129] Request time: "2014-3-10 12:00:00".

[0130] reqtype: GET

[0131] "src": "127.0.0.1",

[0132] Access domain name: x.xx.com

[0133] CGI: getinfo

[0134] cookie:**************; Among them, the following parameters:

[0135] para:appVer=1.0.2.5109&b_uid=${((#context["xwork.MethodAccessor.deny MethodExecution"]=new java.lang.Boolean(false), #_memberAccess["allowStaticMethodAccess"]=true,

[0136] #a=@java.lang.Runtime@getRuntime().exec('cat

[0137] / etc / passwd').getInputStream(), #b=new java.io.InputStreamReader(#a), #c=new java.io.BufferedReader(#b), #d=new

[0138] char[51020], #c.read(#d), #kxlzx=@org.apache.struts2.ServletActionContext@getResponse().getWriter(), #kxlzx.println(#d), #kxlzx.close() ))}&cKey=SEWVS43B1D7708...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an intrusion detection data processing method, device and system. The method comprises the steps of: receiving data to be detected, and extracting data source identifiers, data identifiers and data generation time of the data to be detected from the data to be detected; creating base characteristic data objects, wherein the base characteristic data objects includes data source identification fields, data identification fields, data generation time fields and expansion fields; and assigning the extracted data source identifiers to the data source identification fields, assigning the extracted data identifiers to the data identification fields, assigning the extracted data generation time to the data generation time fields, and storing other data information contained in the data to be detected in the expansion fields. According to the invention, the difficulty of cooperation among different intrusion detection systems and the difficulty of interaction confirmation among different data are lowered, the automation of intrusion detection is realized, manual and time consumption is reduced, and the intrusion detection efficiency is improved.

Description

technical field [0001] The present invention relates to the field of information technology, in particular to an intrusion detection data processing method, device, and system. Background technique [0002] An intrusion detection system (IDS) is a network security device that monitors network transmissions in real time, and sends an alarm or takes proactive measures when suspicious transmissions are found. According to different data sources, it can be divided into host-based intrusion detection system (Host IDS, HIDS) and network-based intrusion detection system (Network IDS, NIDS). [0003] With the development of intrusion detection system, network intrusion methods are becoming more and more diversified. An intrusion detection system that relies on a single data dimension cannot meet the needs of intrusion discovery more and more. Therefore, it is necessary to work together with different intrusion detection systems, and conduct correlation analysis and interactive ver...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 孙亚东
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com