CN1450757A - Method and system for monitoring network intrusion - Google Patents
Method and system for monitoring network intrusion Download PDFInfo
- Publication number
- CN1450757A CN1450757A CN 02131143 CN02131143A CN1450757A CN 1450757 A CN1450757 A CN 1450757A CN 02131143 CN02131143 CN 02131143 CN 02131143 A CN02131143 A CN 02131143A CN 1450757 A CN1450757 A CN 1450757A
- Authority
- CN
- China
- Prior art keywords
- protocol
- characteristic
- data
- module
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Original message | Agreement | The data field explanation | The agreement variable | Remarks |
?00?50?ba?ba?35?d5 | The ether agreement | Purpose mac address | Dmac | |
?00?50?ba?65?6f?eb | Mac address, source | Smac | ||
?08?00 | The ether protocol type | Eth_type | ||
?45?00?00?3c?98 ?b6?00?00?80 | The IP agreement | ?????????????……………… | ||
?01 | IP protocol type | Ip_type | ||
?17?a4?c0?a8?04 ?18?c0?a8?04?fe | ?????????????……………… | |||
?08 ?00?39?5c?02 | The ICMP agreement | The Icmp protocol type | Icmp_type | ??????Icmp_type=8 |
?00?12?00 | ?????????????……………… | |||
?61?62?63?64?65 ?66?67?68?69?6a ?6b?6c | The ICMP data | ?????????????……………… | ||
?49?53?53 | Characteristic | [String.12] | ??????[string.12]=ISS | |
?6d?6e?70?71?72 ?73?74?75?76?77 | ?????????????……………… |
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02131143 CN1203641C (en) | 2002-10-11 | 2002-10-11 | Method and system for monitoring network intrusion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02131143 CN1203641C (en) | 2002-10-11 | 2002-10-11 | Method and system for monitoring network intrusion |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1450757A true CN1450757A (en) | 2003-10-22 |
CN1203641C CN1203641C (en) | 2005-05-25 |
Family
ID=28680801
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 02131143 Expired - Fee Related CN1203641C (en) | 2002-10-11 | 2002-10-11 | Method and system for monitoring network intrusion |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1203641C (en) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008064551A1 (en) * | 2006-11-27 | 2008-06-05 | Coobol Technologis Co. Ltd. | A system and method for preventing the intrusion of malicious code |
CN101035111B (en) * | 2007-04-13 | 2010-10-13 | 北京启明星辰信息技术股份有限公司 | Intelligent protocol parsing method and device |
CN102035855A (en) * | 2010-12-30 | 2011-04-27 | 江苏省电力公司 | Network security incident association analysis system |
CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
US8060633B2 (en) | 2006-11-24 | 2011-11-15 | Hangzhou H3C Technologies Co., Ltd. | Method and apparatus for identifying data content |
CN102244610A (en) * | 2011-06-24 | 2011-11-16 | 吉林中软吉大信息技术有限公司 | Method for resolving protocol by using capture data |
CN101695031B (en) * | 2009-10-27 | 2011-12-07 | 成都市华为赛门铁克科技有限公司 | Upgrading method and device of intrusion prevention system |
CN101562603B (en) * | 2008-04-17 | 2012-06-20 | 北京启明星辰信息技术股份有限公司 | Method and system for parsing telnet protocol by echoing |
CN101753316B (en) * | 2008-12-02 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | Method and system for intelligently extracting features |
CN101562604B (en) * | 2008-04-17 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | Non-cache model matching method based on message flow data |
CN1612532B (en) * | 2003-10-31 | 2013-01-23 | 国际商业机器公司 | Host-based network intrusion detection systems |
CN101771575B (en) * | 2008-12-29 | 2014-04-16 | 华为技术有限公司 | Method, device and system for processing IP partitioned message |
CN104023000A (en) * | 2013-09-05 | 2014-09-03 | 田玥 | Network intrusion detection method |
CN104135490A (en) * | 2014-08-14 | 2014-11-05 | 浪潮(北京)电子信息产业有限公司 | Intrusion detection system (IDS) analysis method and intrusion detection system |
CN102217281B (en) * | 2011-06-13 | 2016-11-30 | 华为技术有限公司 | protocol analysis method and device |
CN106209488A (en) * | 2015-04-28 | 2016-12-07 | 北京瀚思安信科技有限公司 | For detecting the method and apparatus that website is attacked |
CN106446720A (en) * | 2016-09-08 | 2017-02-22 | 上海携程商务有限公司 | IDS rule optimization system and optimization method |
CN105678188B (en) * | 2016-01-07 | 2019-01-29 | 杨龙频 | The leakage-preventing protocol recognition method of database and device |
CN112565290A (en) * | 2020-12-22 | 2021-03-26 | 深信服科技股份有限公司 | Intrusion prevention method, system and related equipment |
CN112997467A (en) * | 2020-09-18 | 2021-06-18 | 华为技术有限公司 | Intrusion monitoring system, method and related product |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100338915C (en) * | 2005-08-19 | 2007-09-19 | 杭州华三通信技术有限公司 | Message mirroring method and network equipment with message mirroring function |
CN100342692C (en) * | 2005-09-02 | 2007-10-10 | 杭州华三通信技术有限公司 | Invasion detecting device and invasion detecting system |
CN100429617C (en) * | 2006-05-16 | 2008-10-29 | 北京启明星辰信息技术有限公司 | Automatic protocol recognition method and system |
-
2002
- 2002-10-11 CN CN 02131143 patent/CN1203641C/en not_active Expired - Fee Related
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1612532B (en) * | 2003-10-31 | 2013-01-23 | 国际商业机器公司 | Host-based network intrusion detection systems |
US8060633B2 (en) | 2006-11-24 | 2011-11-15 | Hangzhou H3C Technologies Co., Ltd. | Method and apparatus for identifying data content |
WO2008064551A1 (en) * | 2006-11-27 | 2008-06-05 | Coobol Technologis Co. Ltd. | A system and method for preventing the intrusion of malicious code |
CN101035111B (en) * | 2007-04-13 | 2010-10-13 | 北京启明星辰信息技术股份有限公司 | Intelligent protocol parsing method and device |
CN101562604B (en) * | 2008-04-17 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | Non-cache model matching method based on message flow data |
CN101562603B (en) * | 2008-04-17 | 2012-06-20 | 北京启明星辰信息技术股份有限公司 | Method and system for parsing telnet protocol by echoing |
CN101753316B (en) * | 2008-12-02 | 2012-08-08 | 北京启明星辰信息技术股份有限公司 | Method and system for intelligently extracting features |
CN101771575B (en) * | 2008-12-29 | 2014-04-16 | 华为技术有限公司 | Method, device and system for processing IP partitioned message |
CN101695031B (en) * | 2009-10-27 | 2011-12-07 | 成都市华为赛门铁克科技有限公司 | Upgrading method and device of intrusion prevention system |
CN102035855A (en) * | 2010-12-30 | 2011-04-27 | 江苏省电力公司 | Network security incident association analysis system |
CN102035855B (en) * | 2010-12-30 | 2014-05-07 | 江苏省电力公司 | Network security incident association analysis system |
CN102217281B (en) * | 2011-06-13 | 2016-11-30 | 华为技术有限公司 | protocol analysis method and device |
CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
WO2012171166A1 (en) * | 2011-06-13 | 2012-12-20 | 华为技术有限公司 | Method and apparatus for protocol parsing |
US9112915B2 (en) | 2011-06-13 | 2015-08-18 | Huawei Technologies Co., Ltd. | Method and apparatus for protocol parsing |
CN102244610A (en) * | 2011-06-24 | 2011-11-16 | 吉林中软吉大信息技术有限公司 | Method for resolving protocol by using capture data |
CN104023000A (en) * | 2013-09-05 | 2014-09-03 | 田玥 | Network intrusion detection method |
CN104135490A (en) * | 2014-08-14 | 2014-11-05 | 浪潮(北京)电子信息产业有限公司 | Intrusion detection system (IDS) analysis method and intrusion detection system |
CN106209488A (en) * | 2015-04-28 | 2016-12-07 | 北京瀚思安信科技有限公司 | For detecting the method and apparatus that website is attacked |
CN105678188B (en) * | 2016-01-07 | 2019-01-29 | 杨龙频 | The leakage-preventing protocol recognition method of database and device |
CN106446720A (en) * | 2016-09-08 | 2017-02-22 | 上海携程商务有限公司 | IDS rule optimization system and optimization method |
CN106446720B (en) * | 2016-09-08 | 2019-02-01 | 上海携程商务有限公司 | The optimization system and optimization method of IDS rule |
CN112997467A (en) * | 2020-09-18 | 2021-06-18 | 华为技术有限公司 | Intrusion monitoring system, method and related product |
CN112997467B (en) * | 2020-09-18 | 2022-08-19 | 华为技术有限公司 | Intrusion monitoring system, method and related product |
CN112565290A (en) * | 2020-12-22 | 2021-03-26 | 深信服科技股份有限公司 | Intrusion prevention method, system and related equipment |
Also Published As
Publication number | Publication date |
---|---|
CN1203641C (en) | 2005-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1203641C (en) | Method and system for monitoring network intrusion | |
US9848004B2 (en) | Methods and systems for internet protocol (IP) packet header collection and storage | |
US7903566B2 (en) | Methods and systems for anomaly detection using internet protocol (IP) traffic conversation data | |
US7995496B2 (en) | Methods and systems for internet protocol (IP) traffic conversation detection and storage | |
US8726382B2 (en) | Methods and systems for automated detection and tracking of network attacks | |
CN101656634B (en) | Intrusion detection method based on IPv6 network environment | |
CN101018121B (en) | Log convergence processing method and convergence processing device | |
US8762515B2 (en) | Methods and systems for collection, tracking, and display of near real time multicast data | |
US8296842B2 (en) | Detecting public network attacks using signatures and fast content analysis | |
CN1697404A (en) | System and method for detecting network worm in interactive mode | |
US20030084318A1 (en) | System and method of graphically correlating data for an intrusion protection system | |
CN1269030A (en) | Method and apparatus for automated network surveillance and security breanch intervention | |
US20030083847A1 (en) | User interface for presenting data for an intrusion protection system | |
CN1909488A (en) | Virus detection and invasion detection combined method and system | |
CN1529248A (en) | Network invasion related event detecting method and system | |
CN101640594A (en) | Method and unit for extracting traffic attack message characteristics on network equipment | |
CN112532642B (en) | Industrial control system network intrusion detection method based on improved Suricata engine | |
CN112507336A (en) | Server-side malicious program detection method based on code characteristics and flow behaviors | |
CN1848745A (en) | Worm virus detecting method based on network flow characteristic | |
CN111770097B (en) | Content lock firewall method and system based on white list | |
CN1317855C (en) | Invasion detecting system and its invasion detecting method | |
KR101078851B1 (en) | Botnet group detecting system using group behavior matrix based on network and botnet group detecting method using group behavior matrix based on network | |
CN115333915B (en) | Heterogeneous host-oriented network management and control system | |
CN104023000A (en) | Network intrusion detection method | |
CN1477811A (en) | Formalized description method of network infection behaviour and normal behaviour |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
C56 | Change in the name or address of the patentee | ||
CP03 | Change of name, title or address |
Address after: No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee after: BEIJING VENUSTECH Inc. Address before: No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee before: Beijing Venus Information Technology Co.,Ltd. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20090320 Address after: Building 100193, building 21, Zhongguancun Software Park, 8 West Wang Xi Road, Beijing, Haidian District Co-patentee after: BEIJING VENUSTECH CYBERVISION Co.,Ltd. Patentee after: BEIJING VENUSTECH Inc. Address before: 12, 100081 South Main Street, Beijing, Haidian District, 188: zip code: Patentee before: BEIJING VENUSTECH Inc. |
|
C56 | Change in the name or address of the patentee |
Owner name: BEIJING QIMINGXINGCHEN INFORMATION TECHNOLOGY CO., Free format text: FORMER NAME: BEIJING QIMING XINGCHEN INFORMATION TECHNOLOGY CO. LTD. |
|
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050525 Termination date: 20141011 |
|
EXPY | Termination of patent right or utility model |