CN114070899B - 一种报文检测方法、设备及可读存储介质 - Google Patents
一种报文检测方法、设备及可读存储介质 Download PDFInfo
- Publication number
- CN114070899B CN114070899B CN202010732006.3A CN202010732006A CN114070899B CN 114070899 B CN114070899 B CN 114070899B CN 202010732006 A CN202010732006 A CN 202010732006A CN 114070899 B CN114070899 B CN 114070899B
- Authority
- CN
- China
- Prior art keywords
- target
- key value
- value pair
- message
- target key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 285
- 238000000034 method Methods 0.000 claims abstract description 62
- 230000005856 abnormality Effects 0.000 claims abstract description 35
- 230000002159 abnormal effect Effects 0.000 claims description 38
- 238000004590 computer program Methods 0.000 claims description 12
- 230000014509 gene expression Effects 0.000 claims description 4
- 238000012549 training Methods 0.000 abstract description 24
- 230000000694 effects Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 230000008859 change Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000013136 deep learning model Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Debugging And Monitoring (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Train Traffic Observation, Control, And Security (AREA)
- Management Or Editing Of Information On Record Carriers (AREA)
Abstract
Description
Claims (10)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010732006.3A CN114070899B (zh) | 2020-07-27 | 2020-07-27 | 一种报文检测方法、设备及可读存储介质 |
PCT/CN2021/081440 WO2022021897A1 (zh) | 2020-07-27 | 2021-03-18 | 一种报文检测方法、设备及可读存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010732006.3A CN114070899B (zh) | 2020-07-27 | 2020-07-27 | 一种报文检测方法、设备及可读存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114070899A CN114070899A (zh) | 2022-02-18 |
CN114070899B true CN114070899B (zh) | 2023-05-12 |
Family
ID=80037457
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010732006.3A Active CN114070899B (zh) | 2020-07-27 | 2020-07-27 | 一种报文检测方法、设备及可读存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114070899B (zh) |
WO (1) | WO2022021897A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114884883B (zh) * | 2022-06-16 | 2024-01-30 | 深圳星云智联科技有限公司 | 一种流量转发方法、装置、设备及存储介质 |
CN116910631B (zh) * | 2023-09-14 | 2024-01-05 | 深圳市智慧城市科技发展集团有限公司 | 数组对比方法、装置、电子设备及可读存储介质 |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187411A (zh) * | 2015-08-18 | 2015-12-23 | 福建省海峡信息技术有限公司 | 一种分布式异常检测网络数据流的方法 |
CN106060043A (zh) * | 2016-05-31 | 2016-10-26 | 北京邮电大学 | 一种异常流量的检测方法及装置 |
CN107154950A (zh) * | 2017-07-24 | 2017-09-12 | 深信服科技股份有限公司 | 一种日志流异常检测的方法及系统 |
CN108958217A (zh) * | 2018-06-20 | 2018-12-07 | 长春工业大学 | 一种基于深度学习的can总线报文异常检测方法 |
CN109391624A (zh) * | 2018-11-14 | 2019-02-26 | 国家电网有限公司 | 一种基于机器学习的终端接入数据异常检测方法及装置 |
CN109391599A (zh) * | 2017-08-10 | 2019-02-26 | 蓝盾信息安全技术股份有限公司 | 一种基于https流量特征分析的僵尸网络通讯信号的检测系统 |
CN110011999A (zh) * | 2019-03-29 | 2019-07-12 | 东北大学 | 基于深度学习的IPv6网络DDoS攻击检测系统及方法 |
CN110300127A (zh) * | 2019-07-31 | 2019-10-01 | 广东电网有限责任公司 | 一种基于深度学习的网络入侵检测方法、装置以及设备 |
CN110365648A (zh) * | 2019-06-14 | 2019-10-22 | 东南大学 | 一种基于决策树的车载can总线异常检测方法 |
CN111078488A (zh) * | 2018-10-18 | 2020-04-28 | 杭州海康威视数字技术股份有限公司 | 数据采集方法、装置、存储介质及系统 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101895521B (zh) * | 2009-05-22 | 2013-09-04 | 中国科学院研究生院 | 一种网络蠕虫检测与特征自动提取方法及其系统 |
US9319423B2 (en) * | 2013-11-04 | 2016-04-19 | At&T Intellectual Property I, L.P. | Malware and anomaly detection via activity recognition based on sensor data |
KR20160002058A (ko) * | 2014-06-30 | 2016-01-07 | 한국전자통신연구원 | 모드버스 통신 패턴 학습에 기반한 비정상 트래픽 탐지 장치 및 방법 |
KR101714520B1 (ko) * | 2015-10-30 | 2017-03-09 | 현대자동차주식회사 | 차량 내 네트워크 공격 탐지 방법 및 장치 |
US10389741B2 (en) * | 2016-03-24 | 2019-08-20 | Cisco Technology, Inc. | Edge-based detection of new and unexpected flows |
US10432661B2 (en) * | 2016-03-24 | 2019-10-01 | Cisco Technology, Inc. | Score boosting strategies for capturing domain-specific biases in anomaly detection systems |
US10764310B2 (en) * | 2016-03-25 | 2020-09-01 | Cisco Technology, Inc. | Distributed feedback loops from threat intelligence feeds to distributed machine learning systems |
US10733530B2 (en) * | 2016-12-08 | 2020-08-04 | Resurgo, Llc | Machine learning model evaluation in cyber defense |
US10944770B2 (en) * | 2018-10-25 | 2021-03-09 | EMC IP Holding Company LLC | Protecting against and learning attack vectors on web artifacts |
CN109462521B (zh) * | 2018-11-26 | 2020-11-20 | 华北电力大学 | 一种适用于源网荷互动工控系统的网络流量异常检测方法 |
-
2020
- 2020-07-27 CN CN202010732006.3A patent/CN114070899B/zh active Active
-
2021
- 2021-03-18 WO PCT/CN2021/081440 patent/WO2022021897A1/zh active Application Filing
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187411A (zh) * | 2015-08-18 | 2015-12-23 | 福建省海峡信息技术有限公司 | 一种分布式异常检测网络数据流的方法 |
CN106060043A (zh) * | 2016-05-31 | 2016-10-26 | 北京邮电大学 | 一种异常流量的检测方法及装置 |
CN107154950A (zh) * | 2017-07-24 | 2017-09-12 | 深信服科技股份有限公司 | 一种日志流异常检测的方法及系统 |
CN109391599A (zh) * | 2017-08-10 | 2019-02-26 | 蓝盾信息安全技术股份有限公司 | 一种基于https流量特征分析的僵尸网络通讯信号的检测系统 |
CN108958217A (zh) * | 2018-06-20 | 2018-12-07 | 长春工业大学 | 一种基于深度学习的can总线报文异常检测方法 |
CN111078488A (zh) * | 2018-10-18 | 2020-04-28 | 杭州海康威视数字技术股份有限公司 | 数据采集方法、装置、存储介质及系统 |
CN109391624A (zh) * | 2018-11-14 | 2019-02-26 | 国家电网有限公司 | 一种基于机器学习的终端接入数据异常检测方法及装置 |
CN110011999A (zh) * | 2019-03-29 | 2019-07-12 | 东北大学 | 基于深度学习的IPv6网络DDoS攻击检测系统及方法 |
CN110365648A (zh) * | 2019-06-14 | 2019-10-22 | 东南大学 | 一种基于决策树的车载can总线异常检测方法 |
CN110300127A (zh) * | 2019-07-31 | 2019-10-01 | 广东电网有限责任公司 | 一种基于深度学习的网络入侵检测方法、装置以及设备 |
Non-Patent Citations (2)
Title |
---|
"FADM: DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking";Dingwen Hu等;《 GLOBECOM 2017 - 2017 IEEE Global Communications Conference》;20180115;全文 * |
"基于HTTP POST报文算法分析";符运辉;《电脑知识与技术》;20190417;第15卷(第3期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
WO2022021897A1 (zh) | 2022-02-03 |
CN114070899A (zh) | 2022-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10855700B1 (en) | Post-intrusion detection of cyber-attacks during lateral movement within networks | |
EP3547635B1 (en) | Method and device for detecting webshell | |
US10305919B2 (en) | Systems and methods for inhibiting attacks on applications | |
US9081961B2 (en) | System and method for analyzing malicious code using a static analyzer | |
EP1849090B1 (en) | Detecting vulnerabilities in web applications using client-side application interfaces | |
EP3646218A1 (en) | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators | |
EA037617B1 (ru) | Способ и система для обнаружения несанкционированного вторжения в трафик данных в сети передачи данных | |
CN108390864B (zh) | 一种基于攻击链行为分析的木马检测方法及系统 | |
CN110730175A (zh) | 一种基于威胁情报的僵尸网络检测方法及检测系统 | |
US20170353434A1 (en) | Methods for detection of reflected cross site scripting attacks | |
US12069076B2 (en) | System and method for detecting and classifying malware | |
CN112788034B (zh) | 对抗网络攻击的处理方法、装置、电子设备和存储介质 | |
CN114070899B (zh) | 一种报文检测方法、设备及可读存储介质 | |
CN112688930A (zh) | 暴力破解检测方法、系统、设备及介质 | |
CN113079151B (zh) | 一种异常处理方法、装置、电子设备及可读存储介质 | |
Mathews et al. | A collaborative approach to situational awareness for cybersecurity | |
CN106911665B (zh) | 一种识别恶意代码弱口令入侵行为的方法及系统 | |
Wei et al. | Comparing malware attack detection using machine learning techniques in IoT network traffic | |
KR20200092508A (ko) | IoT 기기 악성코드 분석을 위한 대규모 허니팟 시스템 | |
CN114553513A (zh) | 一种通信检测方法、装置及设备 | |
Joshi et al. | Enhanced Network Security against SQL Injection Attack Using Machine Learning | |
Drakos | Implement a security policy and identify Advance persistent threats (APT) with ZEEK anomaly detection mechanism | |
Yadav et al. | Identification of network threats using live log stream analysis | |
Tylman | Detecting computer intrusions with Bayesian networks | |
Hollingworth | Towards threat, attack, and vulnerability taxonomies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A message detection method, device, and readable storage medium Effective date of registration: 20231212 Granted publication date: 20230512 Pledgee: Shenzhen Branch of China Merchants Bank Co.,Ltd. Pledgor: SANGFOR TECHNOLOGIES Inc. Registration number: Y2023980070863 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20220218 Assignee: Shenzhen zhongyun Data Technology Co.,Ltd. Assignor: SANGFOR TECHNOLOGIES Inc. Contract record no.: X2024980004449 Denomination of invention: A message detection method, device, and readable storage medium Granted publication date: 20230512 License type: Common License Record date: 20240416 |