Low-speed port scanning detection method for high-speed network sampling data collection scene

A technology of port scanning and high-speed network, which is applied in the field of network security, can solve the problems of expensive, costly, and port scanning detection methods cannot be applied to high-speed network environments, and achieve good practicability, reduce resource consumption, and reduce the cost of manual labeling.

Pending Publication Date: 2021-12-31
SOUTHEAST UNIV
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The detection method based on machine learning realizes the detection of unknown traffic by training the classification model. This type of method needs to manually mark all or part of the characteristic data in advance. However, in the face of high-speed networks with massive traffic data, manual marking is very expensive. the price of
This strong dependence on labeled data leads to the inability of existing machine learning-based port scan detection methods to be applied in high-speed network environments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Low-speed port scanning detection method for high-speed network sampling data collection scene
  • Low-speed port scanning detection method for high-speed network sampling data collection scene
  • Low-speed port scanning detection method for high-speed network sampling data collection scene

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0049] Specific embodiments: the present invention provides a slow port scanning detection method for high-speed network sampling data collection scenarios, and its overall structure is as follows figure 1 shown, including the following steps:

[0050] Step (1) Obtain a section of high-speed network traffic data continuously collected at the backbone network node for a period of time, which contains part of the port scanning traffic;

[0051] Step (2) Set the sampling ratio to 1 / μ, and systematically sample the obtained public data sets;

[0052] Step (3) uses the scanning detection sketch to carry out feature extraction to the sampled TCP and UDP traffic;

[0053] Step (4) Use the K-means algorithm to cluster the traffic characteristics, and verify and label the traffic in the cluster where the known scanning flow is located based on the rules, and then obtain a training set with complete labels;

[0054] Step (5) uses supervised machine learning algorithm to carry out mode...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a low-speed port scanning detection method for a high-speed network sampling data collection scene, which comprises the following steps of: firstly, carrying out system sampling on a public data set, and then extracting traffic characteristics by utilizing a sketch structure comprising four counters and two hash tables; firstly, adopting a K-means algorithm to cluster traffic characteristics, then verifying and labelling the traffic in a cluster where a known scanning stream is located based on a rule, and then constructing a training set with a complete label; and finally, training a classification model for port scanning detection by using a supervised machine learning algorithm. The classification model detects low-speed port scanning activities of TCP and UDP in a high-speed network under a sampling data collection scene, and the method is still effective for low-speed scanning attacks with the duration time exceeding 50 days. According to the invention, detection of port scanning events in massive high-speed traffic is realized by using a limited memory, and the method is used by a network manager for safety event monitoring in a high-speed network.

Description

technical field [0001] The invention relates to a slow port scanning detection method for high-speed network sampling data collection scenarios, belonging to the technical field of network security. Background technique [0002] Port scanning means that the attacker sends a set of detection messages to the target host and waits for a reply, and obtains the port status of the target host by observing the received response, and then understands the type of network service it provides. Although port scan attacks do not directly cause substantial harm to the victim, they expose the target host's entry points that can be attacked. Therefore, port scan detection is of vital importance to prevent attackers from causing further damage to network systems. [0003] However, some malicious attackers perform slow port scans to avoid detection. In a slow scanning attack, the time interval between scanning detection packets is long (more than 10 seconds), and the traffic characteristics...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N20/00G06K9/62
CPCH04L63/1416H04L63/1425G06N20/00G06F18/23213G06F18/214Y02D30/50
Inventor 吴桦邵梓菱程光
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap