EA201490333A1 - Способ и система для классифицирования сообщения протокола в сети передачи данных - Google Patents

Способ и система для классифицирования сообщения протокола в сети передачи данных

Info

Publication number
EA201490333A1
EA201490333A1 EA201490333A EA201490333A EA201490333A1 EA 201490333 A1 EA201490333 A1 EA 201490333A1 EA 201490333 A EA201490333 A EA 201490333A EA 201490333 A EA201490333 A EA 201490333A EA 201490333 A1 EA201490333 A1 EA 201490333A1
Authority
EA
Eurasian Patent Office
Prior art keywords
model
protocol
protocol field
transmission network
data transmission
Prior art date
Application number
EA201490333A
Other languages
English (en)
Other versions
EA037617B1 (ru
Inventor
Эммануэле Цамбон
Original Assignee
Секьюрити Мэттерс Б.В.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Секьюрити Мэттерс Б.В. filed Critical Секьюрити Мэттерс Б.В.
Publication of EA201490333A1 publication Critical patent/EA201490333A1/ru
Publication of EA037617B1 publication Critical patent/EA037617B1/ru

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

Предлагаемый способ обнаружения вторжения для обнаружения вторжения в трафике данных сети передачи данных содержит этапы, на которых синтаксически анализируют трафик данных для извлечения по меньшей мере одного поля протокола сообщения протокола трафика данных; ассоциируют извлеченное поле протокола с моделью для данного поля протокола, причем модель выбирают из набора моделей; оценивают, находится ли содержимое извлеченного поля протокола в безопасной области, как определено моделью; и генерируют сигнал обнаружения вторжения в случае, когда установлено, что содержимое извлеченного поля протокола находится за пределами безопасной области. Набор моделей может содержать соответствующую модель для каждого поля протокола из набора полей протокола.
EA201490333A 2011-07-26 2012-07-26 Способ и система для обнаружения несанкционированного вторжения в трафик данных в сети передачи данных EA037617B1 (ru)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201161511685P 2011-07-26 2011-07-26
NL2007180A NL2007180C2 (en) 2011-07-26 2011-07-26 Method and system for classifying a protocol message in a data communication network.
PCT/NL2012/050537 WO2013015691A1 (en) 2011-07-26 2012-07-26 Method and system for classifying a protocol message in a data communication network

Publications (2)

Publication Number Publication Date
EA201490333A1 true EA201490333A1 (ru) 2014-06-30
EA037617B1 EA037617B1 (ru) 2021-04-22

Family

ID=47601337

Family Applications (1)

Application Number Title Priority Date Filing Date
EA201490333A EA037617B1 (ru) 2011-07-26 2012-07-26 Способ и система для обнаружения несанкционированного вторжения в трафик данных в сети передачи данных

Country Status (11)

Country Link
US (4) US9628497B2 (ru)
EP (1) EP2737683B1 (ru)
JP (1) JP6117202B2 (ru)
CN (1) CN103748853B (ru)
BR (1) BR112014001691B1 (ru)
CA (1) CA2842465C (ru)
EA (1) EA037617B1 (ru)
ES (1) ES2581053T3 (ru)
IL (2) IL230440A (ru)
NL (1) NL2007180C2 (ru)
WO (1) WO2013015691A1 (ru)

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL2007180C2 (en) * 2011-07-26 2013-01-29 Security Matters B V Method and system for classifying a protocol message in a data communication network.
US9292688B2 (en) * 2012-09-26 2016-03-22 Northrop Grumman Systems Corporation System and method for automated machine-learning, zero-day malware detection
US11126720B2 (en) * 2012-09-26 2021-09-21 Bluvector, Inc. System and method for automated machine-learning, zero-day malware detection
EP2901346A4 (en) * 2012-09-28 2016-06-08 Hewlett Packard Development Co SAFETY TESTING OF AN APPLICATION
JP6273834B2 (ja) * 2013-12-26 2018-02-07 富士通株式会社 情報処理装置及びロギング方法
CN104270275B (zh) * 2014-10-14 2018-04-10 广东小天才科技有限公司 一种异常原因的辅助分析方法、服务器以及智能设备
CN105704103B (zh) * 2014-11-26 2017-05-10 中国科学院沈阳自动化研究所 基于OCSVM双轮廓模型的Modbus TCP通信行为异常检测方法
US10572811B2 (en) * 2015-01-29 2020-02-25 Splunk Inc. Methods and systems for determining probabilities of occurrence for events and determining anomalous events
US9953158B1 (en) * 2015-04-21 2018-04-24 Symantec Corporation Systems and methods for enforcing secure software execution
TWI562013B (en) * 2015-07-06 2016-12-11 Wistron Corp Method, system and apparatus for predicting abnormality
US10015188B2 (en) * 2015-08-20 2018-07-03 Cyberx Israel Ltd. Method for mitigation of cyber attacks on industrial control systems
CN105306436B (zh) * 2015-09-16 2016-08-24 广东睿江云计算股份有限公司 一种异常流量检测方法
US10033747B1 (en) * 2015-09-29 2018-07-24 Fireeye, Inc. System and method for detecting interpreter-based exploit attacks
CN106657545B (zh) * 2015-10-29 2021-06-15 中兴通讯股份有限公司 拦截推送信息的方法、装置及终端
US10955810B2 (en) * 2015-11-13 2021-03-23 International Business Machines Corporation Monitoring communications flow in an industrial system to detect and mitigate hazardous conditions
WO2017119888A1 (en) * 2016-01-07 2017-07-13 Trend Micro Incorporated Metadata extraction
US10419401B2 (en) * 2016-01-08 2019-09-17 Capital One Services, Llc Methods and systems for securing data in the public cloud
US9998487B2 (en) * 2016-04-25 2018-06-12 General Electric Company Domain level threat detection for industrial asset control system
CN106022129B (zh) * 2016-05-17 2019-02-15 北京江民新科技术有限公司 文件的数据特征提取方法、装置及病毒特征检测系统
CN106209843A (zh) * 2016-07-12 2016-12-07 工业和信息化部电子工业标准化研究院 一种面向Modbus协议的数据流异常分析方法
CN106603531A (zh) * 2016-12-15 2017-04-26 中国科学院沈阳自动化研究所 一种基于工业控制网络的入侵检测模型的自动建立方法及装置
CN106790108B (zh) * 2016-12-26 2019-12-06 东软集团股份有限公司 协议数据解析方法、装置和系统
RU2659482C1 (ru) * 2017-01-17 2018-07-02 Общество с ограниченной ответственностью "СолидСофт" Способ защиты веб-приложений при помощи интеллектуального сетевого экрана с использованием автоматического построения моделей приложений
US11960844B2 (en) * 2017-05-10 2024-04-16 Oracle International Corporation Discourse parsing using semantic and syntactic relations
US10839154B2 (en) * 2017-05-10 2020-11-17 Oracle International Corporation Enabling chatbots by detecting and supporting affective argumentation
US10796102B2 (en) 2017-05-10 2020-10-06 Oracle International Corporation Enabling rhetorical analysis via the use of communicative discourse trees
US10817670B2 (en) * 2017-05-10 2020-10-27 Oracle International Corporation Enabling chatbots by validating argumentation
US11165802B2 (en) * 2017-12-05 2021-11-02 Schweitzer Engineering Laboratories, Inc. Network security assessment using a network traffic parameter
JP2021515498A (ja) * 2018-03-08 2021-06-17 フォアスカウト テクノロジーズ インコーポレイテッド 完全性監視及びネットワーク侵入検出のための属性ベースのポリシー
NL2020552B1 (en) * 2018-03-08 2019-09-13 Forescout Tech B V Attribute-based policies for integrity monitoring and network intrusion detection
US11475370B2 (en) * 2018-11-29 2022-10-18 Microsoft Technology Licensing, Llc Providing custom machine-learning models
FR3090153B1 (fr) * 2018-12-17 2022-01-07 Commissariat Energie Atomique Procédé et système de détection d’anomalie dans un réseau de télécommunications
HUE059270T2 (hu) * 2018-12-28 2022-11-28 Nozomi Networks Sagl Módszer és eszköz egy adott rendszer rendellenességeinek észlelésére
US10802937B2 (en) * 2019-02-13 2020-10-13 United States Of America As Represented By The Secretary Of The Navy High order layer intrusion detection using neural networks
KR102204290B1 (ko) * 2019-08-23 2021-01-18 고려대학교 세종산학협력단 통계적 분석 기반 비공개 프로토콜의 구분자 및 정적필드 추출방법
US11621970B2 (en) * 2019-09-13 2023-04-04 Is5 Communications, Inc. Machine learning based intrusion detection system for mission critical systems
CN110912908B (zh) * 2019-11-28 2022-08-02 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) 网络协议异常检测方法、装置、计算机设备和存储介质
US11363059B2 (en) * 2019-12-13 2022-06-14 Microsoft Technology Licensing, Llc Detection of brute force attacks
CN111126627B (zh) * 2019-12-25 2023-07-04 四川新网银行股份有限公司 基于分离度指数的模型训练系统
CN111585993B (zh) * 2020-04-27 2022-08-09 深信服科技股份有限公司 一种隐蔽信道通信检测方法、装置及设备
CN111885059B (zh) * 2020-07-23 2021-08-31 清华大学 一种工业网络流量异常检测定位的方法
CN111865723A (zh) * 2020-07-25 2020-10-30 深圳市维度统计咨询股份有限公司 一种基于大数据的网络数据采集系统
US20240028010A1 (en) * 2020-09-29 2024-01-25 Fanuc Corporation Network relay device
CN112887280B (zh) * 2021-01-13 2022-05-31 中国人民解放军国防科技大学 一种基于自动机的网络协议元数据提取系统及方法
US11363050B1 (en) 2021-03-25 2022-06-14 Bank Of America Corporation Information security system and method for incompliance detection in data transmission
US11792213B2 (en) 2021-05-18 2023-10-17 Bank Of America Corporation Temporal-based anomaly detection for network security
US11799879B2 (en) 2021-05-18 2023-10-24 Bank Of America Corporation Real-time anomaly detection for network security
US11588835B2 (en) 2021-05-18 2023-02-21 Bank Of America Corporation Dynamic network security monitoring system
CN113742475A (zh) * 2021-09-10 2021-12-03 绿盟科技集团股份有限公司 一种office文档检测方法、装置、设备及介质

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09153924A (ja) * 1995-11-28 1997-06-10 Nec Corp 通信制御システムの手順誤り検出方式
US6078874A (en) * 1998-08-04 2000-06-20 Csi Technology, Inc. Apparatus and method for machine data collection
US6925454B2 (en) * 2000-12-12 2005-08-02 International Business Machines Corporation Methodology for creating and maintaining a scheme for categorizing electronic communications
US6898737B2 (en) * 2001-05-24 2005-05-24 Microsoft Corporation Automatic classification of event data
US7225343B1 (en) * 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
US8370936B2 (en) * 2002-02-08 2013-02-05 Juniper Networks, Inc. Multi-method gateway-based network security systems and methods
US8205259B2 (en) * 2002-03-29 2012-06-19 Global Dataguard Inc. Adaptive behavioral intrusion detection systems and methods
US7039702B1 (en) * 2002-04-26 2006-05-02 Mcafee, Inc. Network analyzer engine system and method
US7349917B2 (en) * 2002-10-01 2008-03-25 Hewlett-Packard Development Company, L.P. Hierarchical categorization method and system with automatic local selection of classifiers
US7305708B2 (en) * 2003-04-14 2007-12-04 Sourcefire, Inc. Methods and systems for intrusion detection
EP1629651A1 (en) * 2003-05-30 2006-03-01 International Business Machines Corporation Detecting network attacks
EP1682990B1 (en) * 2003-11-12 2013-05-29 The Trustees of Columbia University in the City of New York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US8656488B2 (en) * 2005-03-11 2014-02-18 Trend Micro Incorporated Method and apparatus for securing a computer network by multi-layer protocol scanning
US7860006B1 (en) * 2005-04-27 2010-12-28 Extreme Networks, Inc. Integrated methods of performing network switch functions
US8631483B2 (en) * 2005-06-14 2014-01-14 Texas Instruments Incorporated Packet processors and packet filter processes, circuits, devices, and systems
US7757283B2 (en) * 2005-07-08 2010-07-13 Alcatel Lucent System and method for detecting abnormal traffic based on early notification
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US20070150574A1 (en) * 2005-12-06 2007-06-28 Rizwan Mallal Method for detecting, monitoring, and controlling web services
WO2008055156A2 (en) 2006-10-30 2008-05-08 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for detecting an anomalous sequence of function calls
US8448234B2 (en) * 2007-02-15 2013-05-21 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for deep packet inspection for network intrusion detection
US20080295173A1 (en) * 2007-05-21 2008-11-27 Tsvetomir Iliev Tsvetanov Pattern-based network defense mechanism
US7966660B2 (en) * 2007-05-23 2011-06-21 Honeywell International Inc. Apparatus and method for deploying a wireless network intrusion detection system to resource-constrained devices
US9100319B2 (en) * 2007-08-10 2015-08-04 Fortinet, Inc. Context-aware pattern matching accelerator
CN100531073C (zh) 2007-08-24 2009-08-19 北京启明星辰信息技术股份有限公司 一种基于状态检测的协议异常检测方法及系统
CN101399710B (zh) * 2007-09-29 2011-06-22 北京启明星辰信息技术股份有限公司 一种协议格式异常检测方法及系统
US8844033B2 (en) * 2008-05-27 2014-09-23 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for detecting network anomalies using a trained probabilistic model
EP2200249A1 (en) * 2008-12-17 2010-06-23 Abb Research Ltd. Network analysis
FI20096394A0 (fi) * 2009-12-23 2009-12-23 Valtion Teknillinen Tunkeutumisen havaitseminen viestintäverkoissa
US9100425B2 (en) * 2010-12-01 2015-08-04 Cisco Technology, Inc. Method and apparatus for detecting malicious software using generic signatures
NL2007180C2 (en) * 2011-07-26 2013-01-29 Security Matters B V Method and system for classifying a protocol message in a data communication network.
US9092802B1 (en) * 2011-08-15 2015-07-28 Ramakrishna Akella Statistical machine learning and business process models systems and methods
ES2755780T3 (es) * 2011-09-16 2020-04-23 Veracode Inc Análisis estático y de comportamiento automatizado mediante la utilización de un espacio aislado instrumentado y clasificación de aprendizaje automático para seguridad móvil
US9189746B2 (en) * 2012-01-12 2015-11-17 Microsoft Technology Licensing, Llc Machine-learning based classification of user accounts based on email addresses and other account information
US9292688B2 (en) * 2012-09-26 2016-03-22 Northrop Grumman Systems Corporation System and method for automated machine-learning, zero-day malware detection
WO2014144893A1 (en) * 2013-03-15 2014-09-18 Jones Richard B Dynamic analysis of event data
US10476742B1 (en) * 2015-09-24 2019-11-12 Amazon Technologies, Inc. Classification of auto scaling events impacting computing resources

Also Published As

Publication number Publication date
US11012330B2 (en) 2021-05-18
ES2581053T3 (es) 2016-08-31
US20210344578A1 (en) 2021-11-04
EP2737683B1 (en) 2016-03-02
NL2007180C2 (en) 2013-01-29
IL230440A0 (en) 2014-03-31
IL254829A0 (en) 2017-12-31
CN103748853A (zh) 2014-04-23
JP2014522167A (ja) 2014-08-28
WO2013015691A1 (en) 2013-01-31
CN103748853B (zh) 2017-03-08
US20170195197A1 (en) 2017-07-06
US20140090054A1 (en) 2014-03-27
CA2842465A1 (en) 2013-01-31
US11902126B2 (en) 2024-02-13
CA2842465C (en) 2021-05-04
BR112014001691B1 (pt) 2022-06-21
IL230440A (en) 2017-10-31
EP2737683A1 (en) 2014-06-04
JP6117202B2 (ja) 2017-04-19
IL254829B (en) 2018-06-28
BR112014001691A2 (pt) 2020-10-27
US9628497B2 (en) 2017-04-18
EA037617B1 (ru) 2021-04-22
US20140297572A1 (en) 2014-10-02

Similar Documents

Publication Publication Date Title
EA201490333A1 (ru) Способ и система для классифицирования сообщения протокола в сети передачи данных
WO2014107438A3 (en) Methods and systems of dynamically generating and using device-specific and device-state-specific classifier models for the efficient classification of mobile device behaviors
IL226747B (en) A system and method for studying malware detection
WO2014149120A3 (en) Method and system for intelligent jamming signal generation
GB2527455A (en) Providing alerts based on unstructured information methods and apparatus
WO2016094182A3 (en) Network device predictive modeling
EP3014813A4 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
WO2012058486A3 (en) Automated policy builder
EP2863309A3 (en) Contextual graph matching based anomaly detection
GB201319306D0 (en) Detection and filtering of malware based on traffic observations made in a distributed mobile traffic management system
WO2014028648A3 (en) System and method for forming predictions using event-based sentiment analysis
WO2012116236A3 (en) System and method for analyzing messages in a network or across networks
WO2014093497A3 (en) System and method for improved communication on a wireless network
WO2014018590A3 (en) Method and system for collecting and providing application usage analytics
MX2015014916A (es) Metodos y sistemas para la generacion de oraciones flexibles en un sistema de redes sociales.
EA201490172A1 (ru) Система и способ для формирования геостатистической модели интересующего геологического объема, ограниченной процесс-ориентированной моделью интересующего геологического объема
MX340010B (es) Metodo y aparato para compartir ajustes de conectividad a traves de redes sociales.
GB2515663A (en) Dynamically scanning a web application through use of web traffic information
GB2527009A (en) Simulation of production systems
IN2014MN02481A (ru)
GB201217271D0 (en) Traffic sensor management
IN2015MN00444A (ru)
EP2372571A3 (en) Related search system and method based on resource description framework network
WO2014066166A3 (en) Method and apparatus for monitoring network traffic
WO2014058283A3 (ko) 기기간 통신을 수행하는 기기 및 그 방법