Intrusion detection method, apparatus and system, device and storage medium

A technology for intrusion detection and storage media, applied in transmission systems, electrical components, etc., can solve problems affecting server business operation, increasing CPU, affecting performance, etc., to achieve the effect of improving intrusion detection performance and avoiding CPU consumption

Inactive Publication Date: 2019-04-16
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the way of modifying binary files will affect other normal users. If the test is not sufficient and the considerations are not comprehensive enough, hidden bugs (vulnerabilities) will eventually affect the normal business operation on the server
In the way of regularly scanning key directories, in the case of low scanning frequency, the vacuum period between the two scans is easy to be bypassed, that is, files are modified during this period and restored before the next polling scan. This change is impossible Detected; if the scanning frequency is high, it will definitely increase CPU (Central Processing Unit, Central Processing Unit) consumption and affect performance
Based on this, how to improve the existing intrusion detection performance, no effective solution has been given in this field

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method, apparatus and system, device and storage medium
  • Intrusion detection method, apparatus and system, device and storage medium
  • Intrusion detection method, apparatus and system, device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] An embodiment of the present invention provides an intrusion detection method, such as figure 1 As shown, the method includes:

[0044] S101, monitoring system call information through a configured audit module for monitoring various system calls;

[0045] S102. Perform intrusion detection on the monitored system call information according to the pre-received detection rule.

[0046] The method in the embodiment of the present invention executes the host on the host that needs to be detected. The Linux (an operating system) kernel provides an audit mechanism. The function of the audit module is to monitor various system calls, and when a system call occurs, record the relevant information of the call. The detection rules can be received from the server, and the detection rules include related attributes such as rule identification (id), name, description information, rule type (black and white list), severity level and rule expression. Wherein, the description inform...

Embodiment 2

[0074] Corresponding to the method in Embodiment 1, the embodiment of the present invention provides a corresponding intrusion detection device, such as figure 2 As shown, the device includes:

[0075] A monitoring module 20, configured to monitor system call information through an audit module configured to monitor various system calls;

[0076] The analysis engine module 22 is configured to receive the system call information monitored by the detection module, and perform intrusion detection on the monitored system call information according to the pre-received detection rules.

[0077] In some embodiments, the device also includes:

[0078]A configuration module, configured to configure monitoring information of the audit module; the monitoring information is used to indicate system calls monitored by the audit module.

[0079] In some implementations, the monitoring module 20 is specifically configured to process the monitored system call information into formatted syst...

Embodiment 3

[0084] An embodiment of the present invention provides an intrusion detection system, such as image 3 As shown, the system includes a host and a server device; the host includes the intrusion detection device according to any one of Embodiment 2; the server device is configured to send detection rules to the host.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection method, apparatus and system, a device and a storage medium. The method comprises the following steps: monitoring system call information through a configured audit module for monitoring various system calls; and performing intrusion detection on the monitored system call information according to a pre-received detection rule. By adoption of the intrusion detection method, apparatus and system disclosed by the invention, the intrusion detection performance is effectively improved, and an executable file does not need to be modified, thereby effectively reducing the consumption of a cpu.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to an intrusion detection method, device, system, equipment and storage medium. Background technique [0002] Servers (hosts) that provide external services on the Internet, whether it is a web (World Wide Web, global wide area network) server or a database server, all store important asset data information of everyone. And these servers that expose interfaces for external access often become the targets of attackers. Therefore, it is necessary to monitor the security situation of the host, detect intrusion behavior, detect and deal with it in time, and strengthen the security of the host. [0003] At present, the existing intrusion detection technology will modify some binary files on the server, or modify the loading order of some modules, such as modifying / bin / bash, and inject its own code at the function entry, so as to monitor all commands executed on the terminal. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 王震吴昀灿
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap