Network attack analysis method

A network attack and analysis method technology, applied in the field of network attack analysis, can solve the problems of security management personnel spending processing useless information, intuitively obtaining abnormal behavior, and difficult network attack conditions.

Inactive Publication Date: 2016-12-21
LIUZHOU LONGHUI TECH
View PDF5 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of alarms and many irrelevant alarms, most of the energy of security management personnel is spent on processing useless information, and it is difficult to understand the security threat status of the system
[0005] 2. Most of the existing intrusion detection equipment detects based on a single data packet, which is reflected in the form of expression. The alarm information of the intrusion detection equipment is an isolated intrusion event
In this way, when large-scale network abnormal behavior occurs, it is difficult to intuitively obtain the characteristics of the abnormal behavior from the alarm information, and it is difficult to evaluate the current network attack situation as a whole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0033] figure 1 is a schematic structural diagram of a network attack analysis system according to an embodiment of the present invention. The network attack analysis system 100 according to this embodiment includes an entropy module unit 101 , a triple module unit 102 , a hot event propagation display module unit 103 , and a comprehensive correlation analysis module unit 104 .

[0034] The entropy module unit 101 is used to read the intrusion detection device log within a specified time period, then calculate the entropy distribution value of the source address and the destination address of the intrusion detection device log, determine whether there is a large-scale network attack event, and then provide comprehensive correlation analysis The module unit 104 outputs the judgment result of the address distribution status of the current netwo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack analysis method. Through the method, the current network attack condition can be evaluated and the attack situation deserving most attention currently can be described according to a huge amount of logs produced by an intrusion detection system. The method comprises the following steps: acquiring the logs of an intrusion detection system, and judging whether there is a large-scale network attack event by calculating the distribution of the source addresses and destination addresses of the logs of the intrusion detection system; merging the logs of the intrusion detection system according to three parameters, namely, source address, destination address and event type, and detecting and reporting abnormal addresses and hot events; making a statistical analysis of and displaying the propagation process of the hot events in a specified period of time; and associating the output results, and presenting a comprehensive evaluation of the current network attack condition. The system comprises an entropy module unit, a triple module unit, a hot event propagation display module unit, and a comprehensive association analysis module unit.

Description

technical field [0001] The invention relates to the field of information security, in particular to a network attack analysis method. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but at the same time, human society is facing a huge challenge of information security. In order to alleviate the increasingly serious security problems, intrusion detection equipment (IDS: IntrusionDetectionSystem) has been deployed more and more widely. IDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response to network attack events. At present, IDS generally adopts the misuse detection technology. The detection method is as follows: first, code the identification specific intrusion behavior pattern, establish a misuse pattern library, and then ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441
Inventor 黎健生梁远鸿
Owner LIUZHOU LONGHUI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap