Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A network attack defense method based on system events

A system event and network attack technology, applied in the field of defense against remote vulnerability exploit attacks, can solve the problems of slow detection speed, high false negative rate, encryption, obfuscation and other problems of intrusion detection methods, and achieve good scalability and flexibility, The effect of good compatibility

Active Publication Date: 2022-03-18
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A typical filtering method is a firewall, which can detect malware and remote attack traffic in the traffic in a timely manner through the detection of network traffic, and then block the traffic before it reaches the program. However, there are some problems in this method : On the one hand, detecting a large amount of traffic will cause a great burden on performance (storage, computing); on the other hand, detecting attacks through traffic is easy to be bypassed by attackers using encoding, encryption, obfuscation, etc., resulting in weak defense
The intrusion detection method mainly detects attacks through abuse detection and anomaly detection. Abuse detection detects attacks by matching behaviors based on specific attack characteristics. It can only detect some known attacks. Usually, the false positive rate is low and the false negative rate is low. High; anomaly detection hopes to detect some unknown attacks, but attack detection itself is very difficult, and this method usually has a high false positive rate
At the same time, the intrusion detection method still has problems such as slow detection speed and huge software system.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network attack defense method based on system events
  • A network attack defense method based on system events
  • A network attack defense method based on system events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make those skilled in the art better understand the technical scheme of the present invention, take the FTP service in the Linux operating system protected by the present invention as an example. Run for the user of "ftpuser", only use the folder whose path is " / var / ftp / ", and there is only a file named "test" under this folder. The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0054] like figure 2 Shown, the present invention comprises the steps:

[0055] The first step is to build a network attack defense system based on system events. The system as figure 1 As shown, it consists of system event generation module, event filter module and event processor. The system event generation module is connected with the event filtering module and the operating system, and the system event generation module monitors key changes in the operating system (including the addition, deletion, access, and mod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network attack defense method based on system events, aiming at accurate detection and rapid defense of remote loophole exploit attacks. The technical solution is to build a system event-based network attack defense system composed of a system event generation module, an event filtering module, and an event processor. The system event generation module monitors key changes in the operating system, generates system events, and sends system events to Event filtering module; the event filtering module filters and analyzes the system events according to the filtering rules, obtains the processing action for the event, and sends an event processing request with the system event and its corresponding processing action as parameters to the event processor; the event processor according to Event processing requests defense against remote exploit attacks. The invention can capture all remote vulnerability exploit attacks, and avoids the processing of normal system events, and has high efficiency, good compatibility and universality.

Description

technical field [0001] The invention relates to the field of defense against network attacks, in particular to a defense method against remote loophole exploit attacks. Background technique [0002] A remote vulnerability exploit attack refers to a behavior that exploits a software vulnerability to produce unexpected results. This behavior usually includes gaining control of a computer system, denial of service attacks, privilege escalation, etc. Remote vulnerability exploit attacks are network-based and do not require prior login to the attacked system, so they are extremely harmful. Currently, the most common software vulnerabilities include stack overflow vulnerabilities, reuse-after-free vulnerabilities, and format string vulnerabilities. Taking the stack overflow vulnerability as an example, the reason is that when the programmer writes the program, he does not fully consider the buffer capacity on the stack and the actual data size, which may cause an overflow when th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L41/0604
CPCH04L63/1416H04L63/1433H04L41/0604
Inventor 刘波陈鑫益胡乃天马行空陆潼洪学恕刘鹏
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com