CN104135490A - Intrusion detection system (IDS) analysis method and intrusion detection system - Google Patents
Intrusion detection system (IDS) analysis method and intrusion detection system Download PDFInfo
- Publication number
- CN104135490A CN104135490A CN201410400290.9A CN201410400290A CN104135490A CN 104135490 A CN104135490 A CN 104135490A CN 201410400290 A CN201410400290 A CN 201410400290A CN 104135490 A CN104135490 A CN 104135490A
- Authority
- CN
- China
- Prior art keywords
- packet
- rule
- ids
- analysis device
- command analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an intrusion detection system (IDS) analysis method and an intrusion detection system. The method comprises the following steps: capturing inflow data packets by using a node of the IDS, resolving the data packets according to protocol decoding, and transmitting a data packet resolving result to a command resolver of the IDS; performing rule matching on the received data packet resolving result and a corresponding attack characteristic in a preset rule library by using the command resolver; and if the data packet resolving result and the corresponding attack characteristic in the rule library are matched successfully according to judgment, making an alarm by using the command resolver. By adopting the IDS analysis method and the intrusion detection system, the computation amount can be reduced, and rapid detection of intrusion attacks can be realized.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of intruding detection system analytical method and intruding detection system.
Background technology
Along with the develop rapidly of computer network, network service has been penetrated into the every field of social economy, culture and science.Network makes the obtaining of information, transmits, storage, disposal and utilization becomes more effectively and rapidly, still, network is bringing the huge various safety problems of also having brought easily simultaneously to people.Therefore, be accompanied by the development of network, diverse network safe practice also grows up thereupon.
Conventional network security technology has: the technology such as data encryption, VPN (virtual private network) (VPN, Virtual Private Network), fire compartment wall, antivirus software, digital signature and authentication.The network security technology that these are traditional, the safety of protecting network is played to very important effect, yet also there are many defects in them, for example, although firewall technology provides good authentication and access control for network service, but it can not prevent from the attack of fire compartment wall inside, can not guard against the most emerging threat, can not prevent from walking around the attack of fire compartment wall, and rogue attacks is carried out in the access control that invader can utilize fragility program or system vulnerability to walk around fire compartment wall; Virtual private network technology can only guarantee the safety in transmitting procedure, can not defend common attacks such as Denial of Service attack, buffer overflow; Identity identifying technology, is difficult to the attack meanses such as opposing fragility password, dictionary attack, Trojan Horse, Network sniff device and electromagnetic radiation.In addition, these technology all belong to the category of static security technology, and the shortcoming of static security technology is staticly to invade with negatively defending, and can not active detecting invade with following the tracks of.
Intrusion Detection Technique (IDS, Intrusion Detection System) be a kind of dynamic security technology, it is collected on one's own initiative and comprises system audit data, many-sided information such as network packet and User Activity state, then carry out safety analysis, thereby find in time various invasions and produce response.
Traditional intruding detection system generally adopts mode-matching technique, and event to be analyzed and intrusion rule are matched, for example, from the packet header of network packet, start and attack signature character string comparison.If comparative result is different, moves down a byte and carry out again; If comparative result is identical, a possible attack so just detected.In the face of highspeed network applications such as the gigabit Ethernet that constantly occurred in recent years, G bit optical networkings, it is large and survey two defects the most basic of underaction that this byte-by-byte matching process has computational load, is difficult to realize real-time intrusion detection.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of intruding detection system analytical method and intruding detection system, not only can reduce amount of calculation, and can realize quick detection invasion and attack.
In order to reach the object of the invention, the invention provides a kind of intruding detection system analytical method, comprising: the node of IDS is caught the packet of inflow, according to protocol-decoding, packet is resolved, and packet analysis result is sent to the command analysis device of IDS; Command analysis device carries out rule match by the packet analysis result receiving with attack signature corresponding in the rule base setting in advance; If judge packet analysis result, the match is successful with attack signature corresponding in rule base, and command analysis device is reported to the police.
Further, before the method, also comprise: the memory device of IDS arranges rule base, and rule base comprises attack signature.
Further, the node of IDS is caught the packet of inflow, according to protocol-decoding, described packet is resolved, and analysis result is sent to the command analysis device of IDS, comprise: node is caught the packet of inflow, according to agreement, packet is stipulated, obtained the 3rd layer protocol identifier of packet; According to the 3rd layer protocol identifier, obtain the 4th layer protocol identifier of packet; According to the 4th layer protocol identifier, obtain the port numbers of packet; According to port numbers, obtain the uniform resource position mark URL of packet, and URL is sent to the command analysis device of IDS.
Further, command analysis device by the analysis result receiving with after attack signature corresponding in the rule base setting in advance carries out rule match, the method also comprises: command analysis device judges whether that the match is successful, if judged, the match is successful, and command analysis device is reported to the police; If judged, there is no that the match is successful, whether the rule that judges all correspondences has all mated, if the rule of all correspondences has all been mated, carry out the intrusion detection judgement of next packet, if have corresponding rule not mate, carry out the matching judgment of packet and the next rule of correspondence.
The invention provides a kind of intruding detection system, comprising: node, for catching the packet of inflow, according to protocol-decoding, packet is resolved, and packet analysis result is sent to the command analysis device of IDS; Command analysis device, for carrying out rule match by the packet analysis result the receiving attack signature corresponding with the rule base setting in advance; If packet analysis result is with attack signature corresponding in rule base, the match is successful, and command analysis device is reported to the police.
Further, this system also comprises: memory device, for rule base is set, described rule base comprises attack signature.
Further, point, for catching the packet of inflow, according to protocol-decoding, described packet is resolved, and packet analysis result is sent to the command analysis device of IDS, be specially: node for catching the packet of inflow, is stipulated packet according to agreement, obtained the 3rd layer protocol identifier of packet; According to the 3rd layer protocol identifier, obtain the 4th layer protocol identifier of packet; According to the 4th layer protocol identifier, obtain the port numbers of packet; According to port numbers, obtain the uniform resource position mark URL of packet, and URL is sent to the command analysis device of IDS.
Further, command analysis device, also for: command analysis device judges whether that the match is successful, if judged, the match is successful, and command analysis device is reported to the police; If judged, there is no that the match is successful, whether the rule that judges all correspondences has all mated, if the rule of all correspondences has all been mated, carry out the intrusion detection judgement of next packet, if have corresponding rule not mate, carry out the matching judgment of packet and the next rule of correspondence.
Compared with prior art, the present invention includes: the node of IDS is caught the packet of inflow, according to protocol-decoding, packet is resolved, and packet analysis result is sent to the command analysis device of IDS; Command analysis device carries out rule match by the packet analysis result receiving with attack signature corresponding in the rule base setting in advance; If judge packet analysis result, the match is successful with attack signature corresponding in rule base, and command analysis device is reported to the police.The present invention is by carrying out protocol-decoding to datagram, utilize the existence of the height rule quick detection attack of procotol, to the comparison number of times of each packet, by more than one hundred million, time can be reduced to hundreds of time or tens times, greatly reduced amount of calculation, therefore, IDS can process more packet, and can realize real-time intrusion detection.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of intruding detection system analytical method of the present invention.
Fig. 2 is the schematic flow sheet that the present invention resolves packet according to protocol-decoding.
Fig. 3 is the configuration diagram of intruding detection system of the present invention.
Embodiment
Below with reference to embodiment shown in the drawings, describe the present invention.
Fig. 1 is the schematic flow sheet of intruding detection system analytical method of the present invention, as shown in Figure 1, comprising:
Step 11, the memory device of IDS arranges rule base, and this rule base comprises attack signature.
Step 12, the node of IDS is caught the packet of inflow, according to protocol-decoding, packet is resolved, and analysis result is sent to the command analysis device of IDS.
In this step, the node of IDS is caught each packet of inflow, and according to protocol-decoding, packet is resolved.
Packet is the data unit in network communication and transmission, comprises header and load, and wherein header comprises the explanation to data that packet carries, and load comprises packet text or data, is the real data that packet sends to destination.
Transmission control protocol (TCP, Transmission Control Protocol)/Internet Interconnection agreement (IP, Internet Protocol) packet in protocol communication transmission is in Open System Interconnection (OSI, Open System Interconnection) the three-layer network layer of model, the 4th layer of transport layer.According to protocol-decoding, packet is resolved, wherein can parse the 3rd layer protocol indications, the 4th layer protocol indications, port numbers and the URL(uniform resource locator) (URL, Uniform Resource Locator) of packet.
In the specific embodiment of the invention, the packet of take below describes as example.This packet is specially:
AF7*Hy289s820800B9v5yt$0611tbhk76500801293ugdB2%00397e39
12345678901234567890123456789012345678901234567890123456,
Wherein, AF7*Hy289s820800B9v5yt $ 0611tbhk76500801293ugdB2%00397e39 is the header portion of packet, the 12345678901234567890123456789012345678901234567890123456th, and the loading section of packet.
According to protocol-decoding, packet is resolved specifically and can as shown in Figure 2, be comprised:
Step 121, stipulates packet according to agreement, obtains the 3rd layer protocol identifier of this packet.
Particularly, according to agreement, packet is stipulated, 4 bytes that start at the 13rd byte place of packet have defined the 3rd layer protocol identifier, so the node of IDS skips over front 12 bytes of this packet, directly read the 3rd layer protocol identifier " 0800 ".
Step 122, according to the 3rd layer protocol identifier, obtains the 4th layer protocol identifier of this packet.
Particularly, " 0800 " represents IP agreement, and the 24th byte at packet starts to have defined the 4th layer protocol identifier, so the node of IDS skips over the intermediary bytes of this packet, jumps to the 24th byte and directly reads layer 4 protocol identifier " 06 ".
Step 123, according to the 4th layer protocol identifier, obtains the port numbers of this packet.
Particularly, " 06 " has represented Transmission Control Protocol, and the 35th byte at packet has defined tcp port number, so the node of IDS skips over the intermediary bytes of this packet, jumps to the direct read port of the 35th byte number " 0080 ".
Step 124, according to port numbers, obtains the URL of this packet, and URL is sent to the command analysis device of IDS.
Particularly, " 0080 " represents HTML (Hypertext Markup Language) (HTTP, Hypertext transfer protocol), and the address that URL starts in HTTP is the 55th byte, so the node of IDS skips over the intermediary bytes of this packet, jump to the 55th byte and read URL.
Step 13, command analysis device carries out rule match by the analysis result receiving with attack signature corresponding in rule base.
In this step, according to attack signature corresponding in analysis result search rule storehouse, and analysis result is carried out to rule match with attack signature corresponding in rule base, for example, in the specific embodiment of the invention, command analysis device is analyzed URL, and with in rule base with HTTP relevant attack signature compare.
Step 14, command analysis device judges whether that the match is successful, if not, enters step 15, if so, enters step 16.
Step 15, does not have that the match is successful if judged, and further judges that whether the rule of all correspondences has all mated, and if so, returns to step 12; If not, return to step 13.
Step 16, if judged, the match is successful, command analysis device is reported to the police.
In this step, if judged, the match is successful, represents that this packet matches with attack signature corresponding in rule base, and this packet has attack signature, and therefore, command analysis device is reported to the police.
The present invention is by carrying out protocol-decoding to datagram, utilize the existence of the height rule quick detection attack of procotol, to the comparison number of times of each packet, by more than one hundred million, time can be reduced to hundreds of time or tens times, greatly reduced amount of calculation, therefore, IDS can process more packet, and can realize real-time intrusion detection.
Fig. 3 is the configuration diagram of intruding detection system of the present invention, as shown in Figure 3, comprising:
Memory device, for rule base is set, this rule base comprises attack signature.
Node, for catching the packet of inflow, resolves packet, and analysis result is sent to command analysis device.
Particularly, this node is resolved packet, comprising: according to agreement, packet is stipulated, obtained the 3rd layer protocol identifier of this packet; According to the 3rd layer protocol identifier, obtain the 4th layer protocol identifier of this packet; According to the 4th layer protocol identifier, obtain the port numbers of this packet; According to port numbers, obtain the URL of this packet, and URL is sent to command analysis device.
Command analysis device, for receiving the packet analysis result from node, and carries out rule match by analysis result with attack signature corresponding in rule base.
Particularly, this command analysis device carries out rule match by analysis result with attack signature corresponding in rule base, and judges whether that the match is successful, if judged, the match is successful, and command analysis device is reported to the police; If judged, there is no that the match is successful, whether the rule that judges all correspondences has all mated, if the rule of all correspondences has all been mated, carry out the intrusion detection judgement of next packet, if have corresponding rule not mate, carry out the matching judgment of packet and the next rule of correspondence.
The present invention is by carrying out protocol-decoding to datagram, utilize the existence of the height rule quick detection attack of procotol, to the comparison number of times of each packet, by more than one hundred million, time can be reduced to hundreds of time or tens times, greatly reduced amount of calculation, therefore, IDS can process more packet, and can realize real-time intrusion detection.
Be to be understood that, although this specification is described according to execution mode, but not each execution mode only comprises an independently technical scheme, this narrating mode of specification is only for clarity sake, those skilled in the art should make specification as a whole, technical scheme in each execution mode also can, through appropriately combined, form other execution modes that it will be appreciated by those skilled in the art that.
Listed a series of detailed description is above only illustrating for feasibility execution mode of the present invention; they are not for limiting the scope of the invention, all disengaging within equivalent execution mode that skill spirit of the present invention does or change all should be included in protection scope of the present invention.
Claims (8)
1. an intruding detection system IDS analytical method, is characterized in that, comprising:
The node of IDS is caught the packet of inflow, according to protocol-decoding, described packet is resolved, and packet analysis result is sent to the command analysis device of IDS;
Described command analysis device carries out rule match by the described packet analysis result receiving with attack signature corresponding in the rule base setting in advance;
If judge packet analysis result, the match is successful with attack signature corresponding in rule base, and command analysis device is reported to the police.
2. intruding detection system analytical method according to claim 1, is characterized in that, before the method, also comprises:
The memory device of IDS arranges rule base, and described rule base comprises attack signature.
3. intruding detection system analytical method according to claim 1 and 2, is characterized in that, the node of described IDS is caught the packet of inflow, according to protocol-decoding, described packet is resolved, and analysis result is sent to the command analysis device of IDS, comprising:
Described node is caught the packet of inflow, according to agreement, packet is stipulated, obtains the 3rd layer protocol identifier of described packet; According to described the 3rd layer protocol identifier, obtain the 4th layer protocol identifier of described packet; According to described the 4th layer protocol identifier, obtain the port numbers of described packet; According to described port numbers, obtain the uniform resource position mark URL of described packet, and URL is sent to the command analysis device of IDS.
4. intruding detection system analytical method according to claim 1 and 2, is characterized in that, described command analysis device by the analysis result receiving with after attack signature corresponding in the rule base setting in advance carries out rule match, the method also comprises:
Command analysis device judges whether that the match is successful, if judged, the match is successful, and command analysis device is reported to the police; If judged, there is no that the match is successful, whether the rule that judges all correspondences has all mated, if the rule of all correspondences has all been mated, carry out the intrusion detection judgement of next packet, if have corresponding rule not mate, carry out the matching judgment of packet and the next rule of correspondence.
5. an intruding detection system, is characterized in that, comprising:
Node, for catching the packet of inflow, resolves described packet according to protocol-decoding, and packet analysis result is sent to the command analysis device of IDS;
Command analysis device, for carrying out rule match by the described packet analysis result the receiving attack signature corresponding with the rule base setting in advance; If described packet analysis result is with attack signature corresponding in rule base, the match is successful, and described command analysis device is reported to the police.
6. intruding detection system according to claim 5, is characterized in that, this system also comprises:
Memory device, for rule base is set, described rule base comprises attack signature.
7. according to the intruding detection system described in claim 5 or 6, it is characterized in that, described node, for catching the packet of inflow, resolves described packet according to protocol-decoding, and packet analysis result is sent to the command analysis device of IDS, is specially:
Described node for catching the packet of inflow, is stipulated packet according to agreement, is obtained the 3rd layer protocol identifier of described packet; According to described the 3rd layer protocol identifier, obtain the 4th layer protocol identifier of described packet; According to described the 4th layer protocol identifier, obtain the port numbers of described packet; According to described port numbers, obtain the uniform resource position mark URL of described packet, and URL is sent to the command analysis device of IDS.
8. according to the intruding detection system described in claim 5 or 6, it is characterized in that, described command analysis device, also for:
Described command analysis device judges whether that the match is successful, if judged, the match is successful, and command analysis device is reported to the police; If judged, there is no that the match is successful, whether the rule that judges all correspondences has all mated, if the rule of all correspondences has all been mated, carry out the intrusion detection judgement of next packet, if have corresponding rule not mate, carry out the matching judgment of packet and the next rule of correspondence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400290.9A CN104135490A (en) | 2014-08-14 | 2014-08-14 | Intrusion detection system (IDS) analysis method and intrusion detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400290.9A CN104135490A (en) | 2014-08-14 | 2014-08-14 | Intrusion detection system (IDS) analysis method and intrusion detection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104135490A true CN104135490A (en) | 2014-11-05 |
Family
ID=51808012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410400290.9A Pending CN104135490A (en) | 2014-08-14 | 2014-08-14 | Intrusion detection system (IDS) analysis method and intrusion detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104135490A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105024989A (en) * | 2014-11-26 | 2015-11-04 | 哈尔滨安天科技股份有限公司 | Malicious URL heuristic detection method and system based on abnormal port |
| CN105429963A (en) * | 2015-11-04 | 2016-03-23 | 北京工业大学 | Invasion detection analysis method based on Modbus/Tcp |
| CN105592041A (en) * | 2015-08-04 | 2016-05-18 | 杭州华三通信技术有限公司 | Network attack packet capturing method and device |
| CN106790291A (en) * | 2017-03-09 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of intrusion detection reminding method and device |
| CN107124397A (en) * | 2017-03-29 | 2017-09-01 | 国网安徽省电力公司信息通信分公司 | A kind of mobile interaction platform network bracing means and its reinforcement means |
| CN110535854A (en) * | 2019-08-28 | 2019-12-03 | 南京市晨枭软件技术有限公司 | One kind being used for industrial control system intrusion detection method and system |
| CN112769833A (en) * | 2021-01-12 | 2021-05-07 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN112800356A (en) * | 2021-03-22 | 2021-05-14 | 南京怡晟安全技术研究院有限公司 | Identification method based on abnormal access behavior of polymorphic URL (Uniform resource locator) |
| CN112887274A (en) * | 2021-01-12 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN113806799A (en) * | 2021-08-27 | 2021-12-17 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
| CN114079576A (en) * | 2020-08-18 | 2022-02-22 | 奇安信科技集团股份有限公司 | Security defense method, security defense device, electronic apparatus, and medium |
| CN114710343A (en) * | 2022-03-30 | 2022-07-05 | 新华三信息安全技术有限公司 | Intrusion detection method and detection equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020194469A1 (en) * | 2001-06-14 | 2002-12-19 | International Business Machines Corporation | Intrusion detection in data processing systems |
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN103973684A (en) * | 2014-05-07 | 2014-08-06 | 北京神州绿盟信息安全科技股份有限公司 | Rule compiling and matching method and device |
-
2014
- 2014-08-14 CN CN201410400290.9A patent/CN104135490A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020194469A1 (en) * | 2001-06-14 | 2002-12-19 | International Business Machines Corporation | Intrusion detection in data processing systems |
| CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
| CN103973684A (en) * | 2014-05-07 | 2014-08-06 | 北京神州绿盟信息安全科技股份有限公司 | Rule compiling and matching method and device |
Non-Patent Citations (3)
| Title |
|---|
| 付宇玲: "基于协议分析的网络入侵检测***的研究与设计", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 廖俊云: ""基于协议分析的网络入侵检测***的研究与设计"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 邢文建: "基于TCP/IP协议分析的入侵检测***的实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105024989B (en) * | 2014-11-26 | 2018-09-07 | 哈尔滨安天科技股份有限公司 | A kind of malice URL Heuristic detection methods and system based on abnormal |
| CN105024989A (en) * | 2014-11-26 | 2015-11-04 | 哈尔滨安天科技股份有限公司 | Malicious URL heuristic detection method and system based on abnormal port |
| CN105592041A (en) * | 2015-08-04 | 2016-05-18 | 杭州华三通信技术有限公司 | Network attack packet capturing method and device |
| CN105592041B (en) * | 2015-08-04 | 2019-01-08 | 新华三技术有限公司 | Network attack packet snapping method and device |
| CN105429963A (en) * | 2015-11-04 | 2016-03-23 | 北京工业大学 | Invasion detection analysis method based on Modbus/Tcp |
| CN105429963B (en) * | 2015-11-04 | 2019-01-22 | 北京工业大学 | Intrusion detection analysis method based on Modbus/Tcp |
| CN106790291B (en) * | 2017-03-09 | 2020-04-03 | 腾讯科技(深圳)有限公司 | Intrusion detection prompting method and device |
| CN106790291A (en) * | 2017-03-09 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of intrusion detection reminding method and device |
| CN107124397A (en) * | 2017-03-29 | 2017-09-01 | 国网安徽省电力公司信息通信分公司 | A kind of mobile interaction platform network bracing means and its reinforcement means |
| CN110535854A (en) * | 2019-08-28 | 2019-12-03 | 南京市晨枭软件技术有限公司 | One kind being used for industrial control system intrusion detection method and system |
| CN114079576A (en) * | 2020-08-18 | 2022-02-22 | 奇安信科技集团股份有限公司 | Security defense method, security defense device, electronic apparatus, and medium |
| CN114079576B (en) * | 2020-08-18 | 2024-06-11 | 奇安信科技集团股份有限公司 | Security defense method, security defense device, electronic equipment and medium |
| CN112769833A (en) * | 2021-01-12 | 2021-05-07 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN112887274A (en) * | 2021-01-12 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN112887274B (en) * | 2021-01-12 | 2023-04-14 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
| CN112800356A (en) * | 2021-03-22 | 2021-05-14 | 南京怡晟安全技术研究院有限公司 | Identification method based on abnormal access behavior of polymorphic URL (Uniform resource locator) |
| CN113806799A (en) * | 2021-08-27 | 2021-12-17 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
| CN113806799B (en) * | 2021-08-27 | 2022-06-07 | 北京邮电大学 | Block chain platform safety intensity assessment method and device |
| CN114710343A (en) * | 2022-03-30 | 2022-07-05 | 新华三信息安全技术有限公司 | Intrusion detection method and detection equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104135490A (en) | Intrusion detection system (IDS) analysis method and intrusion detection system | |
| CN112769821B (en) | Threat response method and device based on threat intelligence and ATT & CK | |
| Wang et al. | Attack detection and distributed forensics in machine-to-machine networks | |
| CN107070929A (en) | A kind of industry control network honey pot system | |
| CN109600363A (en) | A kind of internet-of-things terminal network portrait and abnormal network access behavioral value method | |
| CN105024976B (en) | A kind of advanced constant threat attack recognition method and device | |
| CN104967628B (en) | A kind of decoy method of protection web applications safety | |
| US11546295B2 (en) | Industrial control system firewall module | |
| CN104954384B (en) | A kind of url mimicry methods of protection Web applications safety | |
| US20220263823A1 (en) | Packet Processing Method and Apparatus, Device, and Computer-Readable Storage Medium | |
| Ajmal et al. | Last line of defense: Reliability through inducing cyber threat hunting with deception in scada networks | |
| KR20140044970A (en) | Method and apparatus for controlling blocking of service attack by using access control list | |
| Teng et al. | A cooperative intrusion detection model for cloud computing networks | |
| CN105100024B (en) | UDP message bag safety detection method and device | |
| CN113965393A (en) | Botnet detection method based on complex network and graph neural network | |
| CN109474567B (en) | DDOS attack tracing method and device, storage medium and electronic equipment | |
| CN105227540A (en) | A kind of MTD guard system of event-triggered and method | |
| Khan et al. | Lightweight testbed for cybersecurity experiments in scada-based systems | |
| Sukhni et al. | A systematic analysis for botnet detection using genetic algorithm | |
| CN116781412A (en) | Automatic defense method based on abnormal behaviors | |
| CN103281300A (en) | Method and device for identifying whether remote file contains vulnerability or not | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| Nakahara et al. | Machine Learning based Malware Traffic Detection on IoT Devices using Summarized Packet Data. | |
| Ponomarev | Intrusion Detection System of industrial control networks using network telemetry | |
| Ariffin et al. | IoT attacks and mitigation plan: A preliminary study with Machine Learning Algorithms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141105 |