CN107483448A - A kind of network security detection method and detecting system - Google Patents
A kind of network security detection method and detecting system Download PDFInfo
- Publication number
- CN107483448A CN107483448A CN201710732915.5A CN201710732915A CN107483448A CN 107483448 A CN107483448 A CN 107483448A CN 201710732915 A CN201710732915 A CN 201710732915A CN 107483448 A CN107483448 A CN 107483448A
- Authority
- CN
- China
- Prior art keywords
- attack
- secret information
- behavior
- inspection policies
- stolen
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of network security detection method and detecting system.This method is:1) inspection policies that behavior of stealing secret information and divulge a secret is attacked for detecting are received;2) treat matching message according to the priority orders perform detection strategy of the inspection policies to be detected, obtain attack and steal secret information behavior or behavior of divulging a secret;3) behavior is stolen secret information according to the obtained attack or behavior of divulging a secret produces warning information, and report to administrative center.The present invention not only increases attack and stolen secret information and divulge a secret the Detection results of behavior, and is capable of detecting when that new attack is stolen secret information and divulged a secret behavior.
Description
Technical field
The present invention relates to information security and computer network field, more particularly to a kind of network security detection method and detection
System.
Background technology
With the deterioration of form of network security, particularly in the case of gradually increased for the attack of computer system,
How the computer network to be become increasingly complex for bandwidth more and more higher, business, which provides security protection ability, turns into information security and meter
The problem of calculation machine network field emphasis and focus.In order to improve network attack steal secret information detectability and classified information leakage secrecy inspection
Ability is looked into, increasing network detection system is deployed in the Internet exportation of operator, government, army, enterprise etc..Generally,
Network detection system obtains the network traffics of internal network and internet by the method for light splitting or mirror image.System passes through to network
Flow is reformed and analyzed, and is found and is potentially attacked behavior of stealing secret information and divulge a secret, and alarms or take other measures to prevent into one
Step attacks the generation for behavior of stealing secret information and divulge a secret.The network detection system is managed collectively by administrative center, and administrative center is used to collect
The middle attack manage, collect, analyzing, showing each Internet exportation is stolen secret information and the leakage of a state or party secret.
Network traffics are analyzed and detected be network detection system core task, common detection and analysis technology master
To include two kinds:
(1) known detection, also known as feature detection, this detection method is based on such it is assumed that i.e. all attacks are stolen
The close and behavior of divulging a secret has the feature that can be detected.Feature detection refers to by describing these features, construction feature storehouse.Examining
During survey, pattern match is carried out to network traffics, every regular behavior met in feature database is accordingly to be regarded as attack and steals secret information and divulge a secret
Behavior.
(2) unknown detection, also known as abnormality detection, this detection method is based on such it is assumed that i.e. all attacks are stolen secret information
With the behavior of divulging a secret and the having differences property of behavior of normal users.Abnormality detection refers to the method by sampling, builds normal users
The sample of behavior pattern.When detection, if finding, the behavior pattern of network traffics and the difference sample gathered in advance existing for surpass
A certain threshold value is crossed, then it is assumed that be found that attack is stolen secret information and divulged a secret behavior.
At present, the network detection system based on above two detection and analysis technology is all widely present.However, more networks
Two kinds of detection and analysis technologies are combined by detecting system, to improve the degree of accuracy of detection.
Generally, behavioral value flow is stolen secret information and divulged a secret to a complete network attack as shown in figure 1, being divided into following three step
Suddenly:1) Policy receipt.Network detection system receives the strategy that administrative center issues, or is loaded directly into tactful built in manufacturer;2)
Attack detection of stealing secret information and divulge a secret.Network detection system is stolen secret information and divulged a secret feature according to the attack in the strategy of reception, to network flow
Amount is detected, and is obtained attack and is stolen secret information and divulge a secret behavior;3) testing result reports.Network detection system finds that attack is stolen secret information and let out
After space-in is, warning information is produced, and report to administrative center.But the detection method is stolen secret information and divulged a secret to attack the detection of behavior
Effect is poor, and greatly the new attack of missing inspection is stolen secret information and divulged a secret behavior.
The content of the invention
In order to improve the Detection results that behavior of stealing secret information and divulge a secret is attacked in network detection system detection, the present invention provides a kind of net
Network safety detection method and detecting system, the detection method and detecting system not only increase the inspection for attacking behavior of stealing secret information and divulge a secret
Effect is surveyed, and is capable of detecting when that new attack is stolen secret information and divulged a secret behavior.
A kind of network security detection method, its step include:
Receive the inspection policies that behavior of stealing secret information and divulge a secret is attacked for detecting;
Network traffics are parsed, obtain message to be matched, steals secret information and divulges a secret according to the attack of priority from high to low
Behavioral value strategy is treated matching message and detected, and obtains attack and steals secret information behavior or behavior of divulging a secret;I.e. according to inspection policies
Priority orders perform detection strategy is treated matching message and detected, and obtains attack and steals secret information behavior or behavior of divulging a secret;
Warning information is produced according to steal secret information behavior or behavior of divulging a secret of attack, and reports to administrative center.
Further, the inspection policies are divided by function, including steal secret information inspection policies, unknown attack of known attack is stolen secret information
Inspection policies.
Further, the priority of the inspection policies is followed successively by known attack and stolen secret information inspection policies, not from high to low
Know that attack is stolen secret information inspection policies.
Further, the inspection policies are divided by policy-source, including plan built in administrative center's distributing policy, manufacturer
Slightly.
Further, the priority of the inspection policies is followed successively by administrative center's distributing policy, in manufacturer from high to low
Put strategy.
Further, known attack inspection policies of stealing secret information issue plan including known attack detection management center of stealing secret information
Slightly, known attack is stolen secret information tactful built in detection manufacturer.
The unknown attack steal secret information inspection policies including unknown attack steal secret information detection manufacturer built in strategy, white list detection plan
Slightly;Wherein the priority of white list inspection policies is stolen secret information higher than unknown attack and detects priority tactful built in manufacturer.
Further, behavior is stolen secret information and divulged a secret to the attack obtained according to white list inspection policies detection message to be matched not
Reported.
A kind of network security detection system, including memory, receiver and processor;
The memory is used to store the inspection policies for attacking behavior of stealing secret information and divulge a secret and any of the above-described methods described pair
The programmed instruction answered;
The network traffics and above-mentioned attack that the receiver is used to receive between internal network and internet are stolen secret information and let out
The inspection policies that space-in is;
The processor is used to perform programmed instruction corresponding to any of the above-described methods described stored in memory, so that institute
State the step of network security detection system performs any of the above-described methods described.
The present invention mainly has advantages below:
1st, network detection system detection is directly influenced due to attacking the execution sequence for behavioral value strategy of stealing secret information and divulge a secret
The Detection results for behavior of stealing secret information and divulge a secret are attacked, therefore the present invention devises a kind of network security detection method, the detection method
The behavioral value policy priority level order that can steal secret information and divulge a secret according to attack is detected and reported;And the detection method not only may be used
At utmost to meet the needs of user is to detection business, but also the disposal ability of network detection system can be improved, reduced
Unnecessary computes repeatedly.
2nd, stolen secret information the detections of inspection policies according to steal secret information inspection policies, white list inspection policies, unknown attack of known attack
Sequentially, the detection method not only improves network detection system to attacking the Detection results for behavior of stealing secret information and divulge a secret, and reduces
Network detection system burden.
3rd, detection ordering tactful according to built in administrative center's distributing policy, manufacturer, the detection method are able to ensure that management
The newest policy priority that center issues is performed, and is improved new attack and is stolen secret information and divulge a secret the detection efficiency of behavior, avoids
New attack is stolen secret information and divulged a secret the missing inspection of behavior.
Brief description of the drawings
Fig. 1 is that existing network attack is stolen secret information and divulged a secret behavioral value flow chart.
Fig. 2 is a kind of network security detection method flow chart provided by the invention.
Fig. 3 is the flow chart of the inventive method perform detection business.
Fig. 4 is that the inventive method performs the flow chart for attacking detection business of stealing secret information.
Embodiment
To enable the features described above of the present invention and advantage to become apparent, special embodiment below, and coordinate institute's accompanying drawing to make
Describe in detail as follows.
In order to improve the Detection results that behavior of stealing secret information and divulge a secret is attacked in network detection system detection, the invention provides one kind
Network security detection method, the detection method carry out network security detection according to specific inspection policies priority, and it is mainly fitted
For being deployed in the network security detection system at Internet exportation, the network security detection system passes through light splitting or mirror image
Method obtain the network traffics of internal network and internet.
From the perspective of function, network security detection system should possess steal secret information detection, unknown attack of known attack and steal secret information
The major functions such as detection.Every kind of function all corresponds to corresponding inspection policies.Therefore, drawn according to the function of network security detection system
Point, the attack of network security detection system detectio is stolen secret information and divulged a secret, and (following referred to as attacks are stolen secret information and divulged a secret behavior for the strategy of behavior
Inspection policies) steal secret information inspection policies, unknown attack of known attack can be divided into steal secret information inspection policies.In addition, the present invention is unknown
Attack in inspection policies of stealing secret information and also define white list inspection policies, the white list inspection policies are used to realize warning information mistake
Filter, i.e., the warning information to match with white list is without reporting.
Divided according to the policy-source of network security detection system, pipe can be divided into by attacking behavioral value strategy of stealing secret information and divulge a secret
It is tactful built in reason center distributing policy, manufacturer.
Because the order of inspection policies priority directly affects to the Detection results of network security detection system, therefore
Rational priority orders can not only improve Detection results, at utmost meet the needs of user is to detection business, but also
The disposal ability of network security detection system can be improved, reduces unnecessary compute repeatedly.
After designing rational inspection policies priority, correspondingly, a kind of detection operation flow is devised.The detection business
It between each function of network security detection system is no longer not differentiate between priority and interactional relation that the core concept of flow, which is,
But a kind of separate relation, and according to inspection policies priority orders, a kind of rational detection operation flow is combined into,
So as to reach the purpose for improving disposal ability and Detection results.
The attack that the present invention designs behavioral value policy priority level of stealing secret information and divulge a secret follows order below:
1st, the attack for difference in functionality is stolen secret information and divulged a secret behavioral value strategy, and its priority orders is:Known attack is stolen
Close detection>Unknown attack is stolen secret information inspection policies.
2nd, the attack for separate sources is stolen secret information and divulged a secret behavioral value strategy, and its priority orders is:Under administrative center
Hair strategy>It is tactful built in manufacturer.
A specific embodiment is named to illustrate detection method.Fig. 2 is refer to, the embodiment includes following
Step:
1st, Policy receipt.Network security detection system loads attack behavioral value strategy of stealing secret information and divulge a secret.
Attack behavioral value strategy of stealing secret information and divulge a secret is stolen secret information inspection including steal secret information inspection policies, unknown attack of known attack
Survey strategy.
Specifically, the known attack steal secret information inspection policies including known attack steal secret information detection management center distributing policy,
Known attack is stolen secret information tactful built in detection manufacturer.
Specifically, the unknown attack steal secret information inspection policies including unknown attack steal secret information detection manufacturer built in tactful, white name
Single inspection policies.Wherein the priority of white list inspection policies is stolen secret information tactful built in detection manufacturer higher than unknown attack.
2nd, perform detection business.Network security detection system is parsed to obtain message to be matched to network traffics, and right
Message to be matched performs steal secret information detection, unknown attack of known attack and stolen secret information the detection business such as detection, is stolen with attacking corresponding to obtaining
Close and behavior of divulging a secret.
In the step, detection when, treat matching message carry out attack steal secret information and divulge a secret behavioral value strategy pattern matching,
It is every to meet corresponding attack steal secret information and the divulge a secret behavior of behavioral value policy characteristics and be accordingly to be regarded as attack and steal secret information and divulge a secret behavior.
Specifically, as shown in figure 3, the specific implementation flow of the step is:
Step 21:Network traffics are received, and network traffics are parsed to obtain message to be matched, perform step afterwards
22。
Step 22:Attack is performed to steal secret information detection business.
Fig. 4 is refer to, the step specifically includes following sub-step again:
Step 221:Loading includes steal secret information detection management center distributing policy, known attack of known attack and steals secret information and detect manufacturer
The attack tactful built in detection manufacturer of stealing secret information of built-in strategy, white list inspection policies, unknown attack is stolen secret information inspection policies.
Step 222:Obtaining step 21 parses obtained message to be matched.
Step 223:The matched rule stolen secret information according to known attack in the distributing policy of detection management center, extracts report to be matched
Corresponding parameter or message content in text, judge whether to match, if it does, then performing step 224;If it does not match, hold
Row step 225.
Step 224:The alarm regulation stolen secret information according to known attack in the distributing policy of detection management center is stolen secret information thing to attack
Part produces alarm, and records related data, is then back to and performs step 222.
Step 225:Further stolen secret information the matched rule built in detection manufacturer in strategy according to known attack, extraction is to be matched
Corresponding parameter or message content in message, judge whether to match, if it does, then performing step 226;If it does not match,
Perform step 227.
Step 226:Attack is stolen secret information event production according to the alarm regulation that known attack is stolen secret information built in detection manufacturer in strategy
Raw alarm, and related data is recorded, it is then back to and performs step 222.
Step 227:According to the matched rule in white list inspection policies, corresponding parameter or the report in message to be matched are extracted
Literary content, judge whether to match, step 222 is performed if it does, then returning, if it does not match, performing step 228.
Step 228:Stolen secret information the matched rule built in detection manufacturer in strategy, extracted in message to be matched according to unknown attack
Corresponding parameter or message content, judge whether to match, if it does, then perform step 229;If it does not match, directly return
Receipt row step 222.
Step 229:Attack is stolen secret information event production according to the alarm regulation that unknown attack is stolen secret information built in detection manufacturer in strategy
Raw alarm, and related data is recorded, it is then back to and performs step 222.
In above-mentioned steps 223, known attack inspection policies of stealing secret information can steal secret information behavioral value plan including Trojan attack
Slightly, vulnerability exploit attacks steal secret information behavioral value strategy and malicious file dissemination inspection policies etc..
Unknown attack detection of stealing secret information refers to:Network traffics are detected, is stolen secret information according to unknown attack and detects manufacturer
The suspicious heartbeat keep-alive behavior in matched rule identification message to be matched in built-in strategy, remote control behavior, exception are privately owned
Agreement or abnormal general-purpose proxy behavior etc., if the match is successful according to alarm regulation to attack steal secret information event produce alert and record
Related data, specific strategy and the regular behavior that can be stolen secret information according to the unknown attack that each manufacturer finds are set, here no longer
Repeat.
3rd, perform and report filtering.The attack that message to be matched obtains is detected according to white list inspection policies to steal secret information and divulge a secret row
To be filtered, i.e., pair behavior is stolen secret information and divulged a secret with the attack that white list matches without reporting.Plan is detected according to white list
The method slightly filtered, it may be referred to above-mentioned steps 227.And perform other attack behavioral value strategies of stealing secret information and divulge a secret and obtain
Attack behavior of stealing secret information and divulge a secret all report.Specifically, Trojan attack steal secret information behavioral value report wooden horse communicate caused by phase
Close data flow, and the alarm description information such as species, title;Vulnerability exploit attacks behavioral value of stealing secret information and reports vulnerability exploit to produce
Related data flow, and the alarm description information such as species, title;Malicious file dissemination detection reports malicious file, with
And the alarm description information such as species, title;Unknown attack steal secret information detection report attack caused by related data flow, and type,
The alarm description information such as reason.
In terms of hardware realization, network security detection system of the invention includes:Receiver, processor and memory.
Memory is used to store programmed instruction corresponding to any methods described of the present invention, and any attack is stolen secret information and divulged a secret
Behavioral value strategy etc..
Receiver is used to, by the network traffics between optical splitter or mirroring apparatus acquisition internal network and internet, go forward side by side
The dissection process of row physical layer and data link layer, and communicated for network security detection system with administrative center, reception pipe
The related datas such as reason center distributing policy, are handled after parsing for processor, and processor is sent to the number of administrative center
According to after the modulation treatment for carrying out data link layer and physical layer, administrative center is sent to.
Processor is used for programmed instruction corresponding to any methods described of the invention for being stored by performing in memory, completion
Each step in any methods described of the present invention, particular content repeat no more here.
Implement to be merely illustrative of the technical solution of the present invention rather than be limited above, the ordinary skill people of this area
Technical scheme can be modified by member or equivalent substitution, without departing from the spirit and scope of the present invention, this hair
Bright protection domain should be to be defined described in claims.
Claims (10)
1. a kind of network security detection method, its step includes:
1) inspection policies that behavior of stealing secret information and divulge a secret is attacked for detecting are received;
2) treat matching message according to the priority orders perform detection strategy of the inspection policies to be detected, obtain attack and steal
Space-in is or behavior of divulging a secret;
3) behavior is stolen secret information according to the obtained attack or behavior of divulging a secret produces warning information, and report to administrative center.
2. the method as described in claim 1, it is characterised in that the inspection policies are divided by function, including known attack is stolen
Close inspection policies and unknown attack are stolen secret information inspection policies;Wherein, the steal secret information priority of inspection policies of the known attack is higher than institute
Unknown attack is stated to steal secret information the priority of inspection policies.
3. method as claimed in claim 2, it is characterised in that unknown attack inspection policies of stealing secret information are stolen including unknown attack
Strategy and white list inspection policies built in close detection manufacturer;Wherein, the priority of white list inspection policies is stolen higher than unknown attack
Tactful priority built in close detection manufacturer.
4. method as claimed in claim 3, it is characterised in that stolen when performing the inspection policies in step 2) for unknown attack
During close inspection policies, the matched rule in strategy built in detection manufacturer of being stolen secret information according to unknown attack is treated suspicious in matching message
Heartbeat keep-alive behavior, remote control behavior, abnormal proprietary protocol, abnormal general-purpose proxy behavior are matched, if the match is successful
Event of being stolen secret information to attack, which produces, alerts and records related data.
5. method as claimed in claim 3, it is characterised in that stolen when performing the inspection policies in step 2) for unknown attack
During close inspection policies, treat matching message according to white list inspection policies first and filtered, if there is with white list phase
Attack in matching somebody with somebody steals secret information behavior or behavior of divulging a secret then without reporting;Otherwise stolen secret information using the unknown attack built in detection manufacturer
Strategy detects to the message to be matched.
6. method as claimed in claim 2, it is characterised in that known attack inspection policies of stealing secret information are stolen including known attack
Close detection management center distributing policy and known attack are stolen secret information tactful built in detection manufacturer;The detection pipe it is known that attack is stolen secret information
The priority of reason center distributing policy is stolen secret information higher than known attack and detects priority tactful built in manufacturer.
7. the method as described in claim 1, it is characterised in that the inspection policies are divided by policy-source, including in management
It is tactful built in heart distributing policy and manufacturer;Wherein, the priority of administrative center's distributing policy is tactful higher than built in manufacturer
Priority.
8. a kind of network security detection system, it is characterised in that including receiver and processor;Wherein,
The receiver, for receiving network traffics between internal network and internet and being stolen secret information behavior for detecting attack
Or the inspection policies for behavior of divulging a secret;
The processor, for being parsed to obtain message to be matched to network traffics, and according to the excellent of the inspection policies
First level order perform detection strategy is treated matching message and detected, and obtains attack and steals secret information behavior or behavior of divulging a secret;According to obtaining
Steal secret information behavior or behavior of divulging a secret of the attack produce warning information, and report to administrative center.
9. system as claimed in claim 8, it is characterised in that the inspection policies are divided by function, including known attack is stolen
Close inspection policies and unknown attack are stolen secret information inspection policies;Wherein, the steal secret information priority of inspection policies of the known attack is higher than institute
Unknown attack is stated to steal secret information the priority of inspection policies.
10. system as claimed in claim 8, it is characterised in that the inspection policies are divided by policy-source, including in management
It is tactful built in heart distributing policy and manufacturer;Wherein, the priority of administrative center's distributing policy is tactful higher than built in manufacturer
Priority.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710732915.5A CN107483448A (en) | 2017-08-24 | 2017-08-24 | A kind of network security detection method and detecting system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710732915.5A CN107483448A (en) | 2017-08-24 | 2017-08-24 | A kind of network security detection method and detecting system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107483448A true CN107483448A (en) | 2017-12-15 |
Family
ID=60602495
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710732915.5A Pending CN107483448A (en) | 2017-08-24 | 2017-08-24 | A kind of network security detection method and detecting system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483448A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059984A (en) * | 2019-04-30 | 2019-07-26 | 深信服科技股份有限公司 | Security risk recognition methods, device, equipment and storage medium |
CN111565202A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Intranet vulnerability attack defense method and related device |
CN114928476A (en) * | 2022-04-27 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Target file security detection method and detection device |
CN115766079A (en) * | 2022-10-10 | 2023-03-07 | 北京明朝万达科技股份有限公司 | Flow data processing method and device, electronic equipment and readable storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101902337A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for managing network intrusion event |
CN102594783A (en) * | 2011-01-14 | 2012-07-18 | 中国科学院软件研究所 | Network security emergency responding method |
CN102638445A (en) * | 2011-12-27 | 2012-08-15 | 中国航天科工集团第二研究院七〇六所 | Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device |
CN102684944A (en) * | 2012-04-20 | 2012-09-19 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting intrusion |
CN103825888A (en) * | 2014-02-17 | 2014-05-28 | 北京奇虎科技有限公司 | Network threat processing method and apparatus |
CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
CN104811452A (en) * | 2015-04-30 | 2015-07-29 | 北京科技大学 | Data mining based intrusion detection system with self-learning and classified early warning functions |
-
2017
- 2017-08-24 CN CN201710732915.5A patent/CN107483448A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101902337A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method for managing network intrusion event |
CN102594783A (en) * | 2011-01-14 | 2012-07-18 | 中国科学院软件研究所 | Network security emergency responding method |
CN102638445A (en) * | 2011-12-27 | 2012-08-15 | 中国航天科工集团第二研究院七〇六所 | Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device |
CN102684944A (en) * | 2012-04-20 | 2012-09-19 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting intrusion |
CN103825888A (en) * | 2014-02-17 | 2014-05-28 | 北京奇虎科技有限公司 | Network threat processing method and apparatus |
CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
CN104811452A (en) * | 2015-04-30 | 2015-07-29 | 北京科技大学 | Data mining based intrusion detection system with self-learning and classified early warning functions |
Non-Patent Citations (1)
Title |
---|
FRANS DAVID,王建新,王斌: "《基于异常和特征的入侵检测系统模型》", 《计算技术与自动化》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059984A (en) * | 2019-04-30 | 2019-07-26 | 深信服科技股份有限公司 | Security risk recognition methods, device, equipment and storage medium |
CN111565202A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Intranet vulnerability attack defense method and related device |
CN111565202B (en) * | 2020-07-15 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Intranet vulnerability attack defense method and related device |
CN114928476A (en) * | 2022-04-27 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Target file security detection method and detection device |
CN115766079A (en) * | 2022-10-10 | 2023-03-07 | 北京明朝万达科技股份有限公司 | Flow data processing method and device, electronic equipment and readable storage medium |
CN115766079B (en) * | 2022-10-10 | 2023-12-05 | 北京明朝万达科技股份有限公司 | Traffic data processing method and device, electronic equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10645110B2 (en) | Automated forensics of computer systems using behavioral intelligence | |
CN109711171B (en) | Method, device and system for positioning software bugs, storage medium and electronic device | |
CN105264861B (en) | Method and apparatus for detecting multistage event | |
US8418247B2 (en) | Intrusion detection method and system | |
US8196204B2 (en) | Active computer system defense technology | |
CN103294950B (en) | A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system | |
CN107483448A (en) | A kind of network security detection method and detecting system | |
US20160055335A1 (en) | Method and apparatus for detecting a multi-stage event | |
CN106650436A (en) | Safety detecting method and device based on local area network | |
US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
CN110912855A (en) | Block chain architecture security assessment method and system based on permeability test case set | |
US20140344931A1 (en) | Systems and methods for extracting cryptographic keys from malware | |
CN108234426B (en) | APT attack warning method and APT attack warning device | |
CN107666464B (en) | Information processing method and server | |
Almarri et al. | Optimised malware detection in digital forensics | |
CN113472789B (en) | Attack detection method, attack detection system, storage medium and electronic device | |
Nasr et al. | ChargePrint: A Framework for Internet-Scale Discovery and Security Analysis of EV Charging Management Systems. | |
US20210084061A1 (en) | Bio-inspired agile cyber-security assurance framework | |
CN105933186A (en) | Security detection method, device and system | |
CN106934290B (en) | Vulnerability detection method and device | |
Apel et al. | Towards early warning systems–challenges, technologies and architecture | |
Flaglien et al. | Identifying malware using cross-evidence correlation | |
CN111786980A (en) | Behavior-based privileged account threat alarm method | |
KR101754964B1 (en) | Method and Apparatus for Detecting Malicious Behavior | |
CN108171052A (en) | A kind of guard method of Linux server safety and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171215 |
|
RJ01 | Rejection of invention patent application after publication |