CN113812116A - 网络行为模型构建方法、装置和计算机可读介质 - Google Patents
网络行为模型构建方法、装置和计算机可读介质 Download PDFInfo
- Publication number
- CN113812116A CN113812116A CN201980096254.9A CN201980096254A CN113812116A CN 113812116 A CN113812116 A CN 113812116A CN 201980096254 A CN201980096254 A CN 201980096254A CN 113812116 A CN113812116 A CN 113812116A
- Authority
- CN
- China
- Prior art keywords
- sequence
- network node
- dfa
- network
- deterministic finite
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010276 construction Methods 0.000 title claims abstract description 22
- 238000004891 communication Methods 0.000 claims abstract description 106
- 238000000034 method Methods 0.000 claims abstract description 66
- 238000005516 engineering process Methods 0.000 claims abstract description 53
- 230000003993 interaction Effects 0.000 claims abstract description 51
- 230000006399 behavior Effects 0.000 claims description 180
- 238000013507 mapping Methods 0.000 claims description 18
- 238000012216 screening Methods 0.000 claims description 15
- 238000004458 analytical method Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000012163 sequencing technique Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 11
- 230000007704 transition Effects 0.000 description 11
- 101001112293 Homo sapiens Retinoic acid receptor alpha Proteins 0.000 description 10
- 102100023606 Retinoic acid receptor alpha Human genes 0.000 description 10
- 230000002159 abnormal effect Effects 0.000 description 9
- 230000000737 periodic effect Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000001514 detection method Methods 0.000 description 8
- 230000003595 spectral effect Effects 0.000 description 5
- 238000006467 substitution reaction Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 101100139909 Danio rerio raraa gene Proteins 0.000 description 3
- 101150066717 Rara gene Proteins 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000010183 spectrum analysis Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 101000836720 Dictyostelium discoideum Aldose reductase A Proteins 0.000 description 1
- 102100021084 Forkhead box protein C1 Human genes 0.000 description 1
- 101000986621 Homo sapiens ATP-binding cassette sub-family C member 6 Proteins 0.000 description 1
- 101000818310 Homo sapiens Forkhead box protein C1 Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 102000003702 retinoic acid receptors Human genes 0.000 description 1
- 108090000064 retinoic acid receptors Proteins 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
网络行为模型构建方法、装置和计算机可读介质,该网络行为模型构建方法包括:从运营技术系统的网络流量中获取第一网络节点和第二网络节点之间通过目标通信协议和目标应用层数据通道传输的至少一个第一数据报文;根据至少一个第一数据报文确定至少一个序列模式,其中,每一个序列模式用于表征第一网络节点和第二网络节点之间的一种信息交互逻辑;针对每一个序列模式,利用文法推断构建与该序列模式相对应的确定有限自动机DFA;将构建出的各个确定有限自动机DFA进行组合,获得第一网络节点和第二网络节点之间通过目标通信协议和目标应用层数据通道进行通信时的网络行为模型。上述方法能够降低所构建网络行为模型的复杂性。
Description
PCT国内申请,说明书已公开。
Claims (14)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/091581 WO2020252635A1 (zh) | 2019-06-17 | 2019-06-17 | 网络行为模型构建方法、装置和计算机可读介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113812116A true CN113812116A (zh) | 2021-12-17 |
Family
ID=74036978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201980096254.9A Pending CN113812116A (zh) | 2019-06-17 | 2019-06-17 | 网络行为模型构建方法、装置和计算机可读介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113812116A (zh) |
WO (1) | WO2020252635A1 (zh) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124854B (zh) * | 2021-11-29 | 2024-02-09 | 天融信雄安网络安全技术有限公司 | 报文处理方法、装置、电子设备及可读存储介质 |
US11956117B1 (en) | 2023-05-22 | 2024-04-09 | Google Llc | Network monitoring and healing based on a behavior model |
CN117097628B (zh) * | 2023-10-19 | 2023-12-22 | 中国电子科技集团公司第五十四研究所 | 一种基于信号物理特征参数的组网通信行为识别方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110167030A1 (en) * | 2010-01-07 | 2011-07-07 | Interdisciplinary Center Herliya | State machine compression for scalable pattern matching |
CN103036730A (zh) * | 2011-09-29 | 2013-04-10 | 西门子公司 | 一种对协议实现进行安全测试的方法及装置 |
CN104348677A (zh) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | 一种深度报文检测方法、设备及协处理器 |
US20150310342A1 (en) * | 2014-04-25 | 2015-10-29 | Board Of Trustees Of Michigan State University | Overlay automata approach to regular expression matching for intrusion detection and prevention system |
CN108833195A (zh) * | 2018-09-26 | 2018-11-16 | 河南大学 | 一种基于进程的网络数据流量分析方法 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103716288B (zh) * | 2012-09-29 | 2018-08-07 | 西门子公司 | 用于数据处理的系统和方法 |
CN103491069A (zh) * | 2013-09-05 | 2014-01-01 | 北京科能腾达信息技术股份有限公司 | 网络数据包的过滤方法 |
CN103825888A (zh) * | 2014-02-17 | 2014-05-28 | 北京奇虎科技有限公司 | 网络威胁处理方法及设备 |
CN106161098B (zh) * | 2016-07-21 | 2019-04-30 | 四川无声信息技术有限公司 | 一种网络行为检测方法及装置 |
-
2019
- 2019-06-17 CN CN201980096254.9A patent/CN113812116A/zh active Pending
- 2019-06-17 WO PCT/CN2019/091581 patent/WO2020252635A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110167030A1 (en) * | 2010-01-07 | 2011-07-07 | Interdisciplinary Center Herliya | State machine compression for scalable pattern matching |
CN103036730A (zh) * | 2011-09-29 | 2013-04-10 | 西门子公司 | 一种对协议实现进行安全测试的方法及装置 |
CN104348677A (zh) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | 一种深度报文检测方法、设备及协处理器 |
US20150310342A1 (en) * | 2014-04-25 | 2015-10-29 | Board Of Trustees Of Michigan State University | Overlay automata approach to regular expression matching for intrusion detection and prevention system |
CN108833195A (zh) * | 2018-09-26 | 2018-11-16 | 河南大学 | 一种基于进程的网络数据流量分析方法 |
Non-Patent Citations (2)
Title |
---|
SANJEEV DAS;等: "Online malware defense using attack behavior model", 《2016 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS (ISCAS)》, 11 August 2016 (2016-08-11) * |
陈中育;缪淮扣;: "基于场景规约的系统行为建模", 应用科学学报, no. 04, 15 July 2009 (2009-07-15) * |
Also Published As
Publication number | Publication date |
---|---|
WO2020252635A1 (zh) | 2020-12-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113812116A (zh) | 网络行为模型构建方法、装置和计算机可读介质 | |
CN111163043B (zh) | 一种源网荷系统实时交互协议深度解析方法和系统 | |
CN112636979B (zh) | 一种集群告警方法及相关装置 | |
US20110307219A1 (en) | Method for diagnostic monitoring | |
US10833889B2 (en) | Method and device for monitoring control systems | |
CN104022907A (zh) | 一种校园网的故障侦测系统与方法 | |
JP2022510687A (ja) | ノードの機能不全を決定及び報告するためのシステム及び方法 | |
CN101753456B (zh) | 一种对等网络流量检测方法及其系统 | |
CN113259367A (zh) | 工控网络流量多级异常检测方法及装置 | |
CN112350844B (zh) | 用于数据传输的方法和装置 | |
CN111885009A (zh) | 在智能家居环境中通过误导网络嗅探工具从而保护用户隐私的系统及方法 | |
US20220390929A1 (en) | Method, A System And A Computer Program Product For Monitoring An Industrial Ethernet Protocol Type Network | |
CN107222359B (zh) | 一种is-is网络中的链路异常检测方法及系统 | |
US20150227126A1 (en) | Communication configuration analysis in process control systems | |
Tcholtchev et al. | Scalable Markov chain based algorithm for fault-isolation in autonomic networks | |
CN111787110B (zh) | 一种Socks代理发现方法及系统 | |
CN115001774A (zh) | 一种告警事件的关联分析方法、装置和设备 | |
CN111064637B (zh) | NetFlow数据去重方法及装置 | |
CN113542052A (zh) | 一种节点故障确定方法、装置和服务器 | |
KR102037192B1 (ko) | 계층적 구조 학습을 통한 네트워크 트래픽의 지속적인 신호 트래픽 탐지 장치 및 방법 | |
CN112217785A (zh) | 用于在通信网络中的异常识别的设备和方法 | |
CN116319468B (zh) | 网络遥测方法、装置、交换机、网络、电子设备和介质 | |
RU2801825C2 (ru) | Способ, комплекс обработки информации об отказах устройств беспроводных сенсорных сетей передачи данных и связанных сетей | |
WO2022118427A1 (ja) | 異常検知支援装置、異常検知支援方法及びプログラム | |
CN116471045A (zh) | 针对基于profibus-DP协议的工业总线网络的攻击检测方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |