CN1203641C - 网络入侵监测的方法和*** - Google Patents
网络入侵监测的方法和*** Download PDFInfo
- Publication number
- CN1203641C CN1203641C CN 02131143 CN02131143A CN1203641C CN 1203641 C CN1203641 C CN 1203641C CN 02131143 CN02131143 CN 02131143 CN 02131143 A CN02131143 A CN 02131143A CN 1203641 C CN1203641 C CN 1203641C
- Authority
- CN
- China
- Prior art keywords
- protocol
- characteristic
- network
- data
- protocol data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
原始报文 | 协议 | 数据域说明 | 协议变量 | 备注 |
00 50 ba ba 35 d5 | 以太协议 | 目的mac地址 | Dmac | |
00 50 ba 65 6f eb | 源mac地址 | Smac | ||
08 00 | 以太协议类型 | Eth_type | ||
45 00 00 3c 98b6 00 00 80 | IP协议 | …………… | ||
01 | IP协议类型 | Ip_type | ||
17 a4 c0 a8 0418 c0 a8 04 fe | …………… | |||
08 | ICMP协议 | Icmp协议类型 | Icmp_type | Icmp_type=8 |
00 39 5c 02 00 12 00 | …………… | |||
61 62 63 64 6566 67 68 69 6a6b 6c | ICMP数据 | …………… | ||
49 53 53 | 特征数据 | [String.12] | [string.12]=ISS | |
6d 6e 70 71 7273 74 75 76 77 | …………… |
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02131143 CN1203641C (zh) | 2002-10-11 | 2002-10-11 | 网络入侵监测的方法和*** |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02131143 CN1203641C (zh) | 2002-10-11 | 2002-10-11 | 网络入侵监测的方法和*** |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1450757A CN1450757A (zh) | 2003-10-22 |
CN1203641C true CN1203641C (zh) | 2005-05-25 |
Family
ID=28680801
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 02131143 Expired - Fee Related CN1203641C (zh) | 2002-10-11 | 2002-10-11 | 网络入侵监测的方法和*** |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1203641C (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100338915C (zh) * | 2005-08-19 | 2007-09-19 | 杭州华三通信技术有限公司 | 报文镜像方法及具有报文镜像功能的网络设备 |
CN100342692C (zh) * | 2005-09-02 | 2007-10-10 | 杭州华三通信技术有限公司 | 入侵检测装置和入侵检测*** |
CN100429617C (zh) * | 2006-05-16 | 2008-10-29 | 北京启明星辰信息技术有限公司 | 一种自动协议识别方法及*** |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725936B2 (en) * | 2003-10-31 | 2010-05-25 | International Business Machines Corporation | Host-based network intrusion detection systems |
WO2008061483A1 (fr) | 2006-11-24 | 2008-05-29 | Hangzhou H3C Technologies Co., Ltd. | Procédé et appareil d'identification de contenu de données |
CN101005497A (zh) * | 2006-11-27 | 2007-07-25 | 科博技术有限公司 | 一种阻止恶意代码入侵的***及方法 |
CN101035111B (zh) * | 2007-04-13 | 2010-10-13 | 北京启明星辰信息技术股份有限公司 | 一种智能协议解析方法及装置 |
CN101562604B (zh) * | 2008-04-17 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | 一种基于报文流数据的无缓存模式匹配方法 |
CN101562603B (zh) * | 2008-04-17 | 2012-06-20 | 北京启明星辰信息技术股份有限公司 | 一种通过回显解析telnet协议的方法及*** |
CN101753316B (zh) * | 2008-12-02 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | 一种智能特征提取方法及*** |
CN101771575B (zh) * | 2008-12-29 | 2014-04-16 | 华为技术有限公司 | 一种处理ip分片报文的方法、装置及*** |
CN101695031B (zh) * | 2009-10-27 | 2011-12-07 | 成都市华为赛门铁克科技有限公司 | 入侵防御***的升级方法和装置 |
CN102035855B (zh) * | 2010-12-30 | 2014-05-07 | 江苏省电力公司 | 网络安全事件关联分析*** |
EP2560338B1 (en) | 2011-06-13 | 2016-01-13 | Huawei Technologies Co., Ltd. | Method and apparatus for protocol parsing |
CN102244610A (zh) * | 2011-06-24 | 2011-11-16 | 吉林中软吉大信息技术有限公司 | 一种利用捕获数据来解析协议的方法 |
CN104023000A (zh) * | 2013-09-05 | 2014-09-03 | 田玥 | 一种网络入侵检测方法 |
CN104135490A (zh) * | 2014-08-14 | 2014-11-05 | 浪潮(北京)电子信息产业有限公司 | 入侵检测***分析方法和入侵检测*** |
CN106209488B (zh) * | 2015-04-28 | 2021-01-29 | 北京瀚思安信科技有限公司 | 用于检测网站攻击的方法和设备 |
CN105678188B (zh) * | 2016-01-07 | 2019-01-29 | 杨龙频 | 数据库防泄露协议识别方法及装置 |
CN106446720B (zh) * | 2016-09-08 | 2019-02-01 | 上海携程商务有限公司 | Ids规则的优化***及优化方法 |
CN112997467B (zh) * | 2020-09-18 | 2022-08-19 | 华为技术有限公司 | 入侵监控***、方法及相关产品 |
CN112565290B (zh) * | 2020-12-22 | 2022-11-22 | 深信服科技股份有限公司 | 一种入侵防御方法、***及相关设备 |
-
2002
- 2002-10-11 CN CN 02131143 patent/CN1203641C/zh not_active Expired - Fee Related
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100338915C (zh) * | 2005-08-19 | 2007-09-19 | 杭州华三通信技术有限公司 | 报文镜像方法及具有报文镜像功能的网络设备 |
CN100342692C (zh) * | 2005-09-02 | 2007-10-10 | 杭州华三通信技术有限公司 | 入侵检测装置和入侵检测*** |
CN100429617C (zh) * | 2006-05-16 | 2008-10-29 | 北京启明星辰信息技术有限公司 | 一种自动协议识别方法及*** |
Also Published As
Publication number | Publication date |
---|---|
CN1450757A (zh) | 2003-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1203641C (zh) | 网络入侵监测的方法和*** | |
US9848004B2 (en) | Methods and systems for internet protocol (IP) packet header collection and storage | |
US7903566B2 (en) | Methods and systems for anomaly detection using internet protocol (IP) traffic conversation data | |
US8726382B2 (en) | Methods and systems for automated detection and tracking of network attacks | |
US7995496B2 (en) | Methods and systems for internet protocol (IP) traffic conversation detection and storage | |
CN101350745B (zh) | 一种入侵检测方法及装置 | |
US8296842B2 (en) | Detecting public network attacks using signatures and fast content analysis | |
CN1697404A (zh) | 一种交互式的网络蠕虫检测***和方法 | |
CN101656634B (zh) | 基于IPv6网络环境的入侵检测方法 | |
US8762515B2 (en) | Methods and systems for collection, tracking, and display of near real time multicast data | |
US8510791B2 (en) | Method and system for dynamic protocol decoding and analysis | |
CN101018121B (zh) | 日志的聚合处理方法及聚合处理装置 | |
CN112383538B (zh) | 一种混合式高交互工业蜜罐***及方法 | |
CN1269030A (zh) | 自动化网络监视和安全违规干预的方法和装置 | |
CN1909488A (zh) | 一种结合病毒检测与入侵检测的方法及*** | |
CN1529248A (zh) | 网络入侵行为关联事件的检测方法及*** | |
CN107145779B (zh) | 一种离线恶意软件日志的识别方法和装置 | |
CN1881911A (zh) | 对于网络和本地因特网协议业务的综合监测 | |
CN108289093B (zh) | App应用特征码库的构建方法及构建*** | |
CN101640594A (zh) | 一种在网络设备上提取流量攻击报文特征的方法和单元 | |
CN117749535B (zh) | 一种网络流量异常检测方法及装置 | |
CN112507336A (zh) | 基于代码特征和流量行为的服务端恶意程序检测方法 | |
Leita et al. | Exploiting diverse observation perspectives to get insights on the malware landscape | |
CN111770097B (zh) | 一种基于白名单的内容锁防火墙方法及*** | |
CN1317855C (zh) | 一种入侵检测***及其入侵检测方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
C56 | Change in the name or address of the patentee | ||
CP03 | Change of name, title or address |
Address after: No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee after: BEIJING VENUSTECH Inc. Address before: No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee before: Beijing Venus Information Technology Co.,Ltd. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20090320 Address after: Building 100193, building 21, Zhongguancun Software Park, 8 West Wang Xi Road, Beijing, Haidian District Co-patentee after: BEIJING VENUSTECH CYBERVISION Co.,Ltd. Patentee after: BEIJING VENUSTECH Inc. Address before: 12, 100081 South Main Street, Beijing, Haidian District, 188: zip code: Patentee before: BEIJING VENUSTECH Inc. |
|
C56 | Change in the name or address of the patentee |
Owner name: BEIJING QIMINGXINGCHEN INFORMATION TECHNOLOGY CO., Free format text: FORMER NAME: BEIJING QIMING XINGCHEN INFORMATION TECHNOLOGY CO. LTD. |
|
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050525 Termination date: 20141011 |
|
EXPY | Termination of patent right or utility model |