Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A protocol stack-based brute force attack identification method and device

An attack identification and protocol stack technology, applied in the field of computer networks, can solve the problems of lack of relevant key indicators and low flexibility, and achieve the effects of flexible protection mechanism, wide application prospects and wide application scope.

Active Publication Date: 2022-06-17
HARBIN INST OF TECH AT WEIHAI +1
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most of the traditional brute force detectors lack the setting of relevant key indicators, and the flexibility is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A protocol stack-based brute force attack identification method and device
  • A protocol stack-based brute force attack identification method and device
  • A protocol stack-based brute force attack identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] like Figure 1-5 As shown, a protocol stack-based brute force attack identification method includes:

[0064] Read user configuration, set time, frequency, industrial control protocol to be monitored, session timestamp map update mode, and initialize session timestamp map;

[0065] Obtain the session information and timestamp in the sent data packet; receive the sent data packet and perform TCP protocol analysis on it, obtain the three fields of the source port, destination ip and destination port of the data packet to form a three-element tuple , and the tuple is used as the identifier of a session; for each session, a timestamp queue is maintained to record the arrival time of the session data packets;

[0066] Preferably, when acquiring session information, the protocol type of the data packet is determined through the destination port, and it matches the protocol information configured by the user; if the protocol is not in the protocol list configured by the user,...

Embodiment 2

[0076] like Image 6 As shown, a protocol stack-based brute force attack identification device includes:

[0077] User configuration initialization module 1, used to read user configuration, set time, frequency, industrial control protocol to be monitored, and session timestamp map update mode;

[0078] User configuration initialization module 1 can be X86_64 server, CPU: above 1GHz, memory: above 1G;

[0079] Protocol parsing initialization module 2, used to create real-time packet capture environment, protocol stack initialization, brute force attack detection module loading and initialization;

[0080] The protocol analysis initialization module 2 can be an X86_64 server, CPU: above 1GHz, memory: above 1G, hard disk: above 20G, and configured with a network environment;

[0081] Session information acquisition module 3, for acquiring session information and timestamp in the sent data packet;

[0082] The session information acquisition module 3 can be an X86_64 server, C...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a method and device for identifying a brute force attack based on a protocol stack. The identification method includes: acquiring session information and timestamps in sent data packets; updating session timestamp maps, and entering new data packet timestamps into the queue; The session queue information identifies the brute force; the session timestamp map is updated twice, and the oldest data packet timestamp is dequeued; the system log is updated. The invention effectively monitors real-time flow for industrial control production enterprises, and the protection mechanism is flexible. The invention realizes the self-definition function of the brute force attack index, and the user only needs to modify the protocol list, the time interval and the highest flow establishment times in the configuration file to define the satisfying conditions of the brute force attack. In addition, the working mode can also be set according to different environments and needs, and the mutual conversion between high-precision and high-performance recognition modes can be realized.

Description

technical field [0001] The invention relates to a method and device for identifying a brute force attack based on a protocol stack, belonging to the technical field of computer networks. Background technique [0002] The rapid development of modern computer networks has made people's lives more convenient. However, many uncertain factors in the network have brought many hidden dangers to people's information security. Information stored on computers by businesses and individuals is vulnerable to brute force attacks by criminals. The same is true for the Industrial Internet. This brute force attack is designed to crack user passwords and steal critical information, putting businesses at risk of taking losses. Therefore, it is very important to identify brute force attacks. [0003] There are also many patent reports on blasting attack identification. For example, Chinese patent document CN110166476A discloses an anti-brute force cracking method and device. By monitoring a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L69/22H04L69/163H04L67/01
CPCH04L63/1441H04L63/1425H04L69/22H04L69/163H04L69/26
Inventor 吕帅亿王佰玲黄俊恒刘扬辛国栋王孝鹏
Owner HARBIN INST OF TECH AT WEIHAI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products