CN1909488A - Virus detection and invasion detection combined method and system - Google Patents
Virus detection and invasion detection combined method and systemDownload PDFInfo
- Publication number
- CN1909488A CN1909488ACN 200610112692CN200610112692ACN1909488ACN 1909488 ACN1909488 ACN 1909488ACN 200610112692CN200610112692CN 200610112692CN 200610112692 ACN200610112692 ACN 200610112692ACN 1909488 ACN1909488 ACN 1909488A
- Authority
- CN
- China
- Prior art keywords
- application protocol
- virus
- detection
- data
- engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Technical field
The present invention relates to computer network security field, is a kind of in conjunction with the method and system of virus detection with intrusion detection.The inventive method has realized the combination of IDS attack detecting technology and internet worm detection technique, detects at not appreciable impact IDS under the situation of engine performance, significantly improves the viral detectability of IDS system.
Background technology
Network Intrusion Detection System (Network-based Intrusion Detection System, abbreviate NIDS as) be an important component part of network security defense system, its basic function is exactly to insert to detect in the network with bypass mode the packet in the network is caught, by characteristic matching or anomaly analysis, thereby detect behavior or the attack that whether has breach of security strategy in the network.Because characteristic matching has the high characteristic of accuracy, be the most practical at present detection method, anomaly analysis is usually as auxiliary detection method.And the matching rule base that pre-defines on the detection efficiency of characteristic matching and the IDS engine is directly proportional relation, that is to say that the regular number that pre-defines is exactly the maximum different event number that IDS can quote.Too much regular number also directly has influence on the treatment effeciency of NIDS engine simultaneously.
ICP/IP protocol is one four a layer protocol system, application layer protocol is in the superiors of protocol system, directly provide service for application program, wherein agreements such as FTP, HTTP, SMTP, POP3, IMAP provide file transfer services. and we can be divided into this quasi-protocol communication channel control channel and data channel, control channel mainly carries out the transmission of control command and echo reply thereof, and data channel mainly is the transmission of carrying out data such as file.More typically be exactly File Transfer Protocol, its 21 port is exactly a control channel, and 20 ports then are data channels.For agreements such as POP3, SMTP, HTTP, its control channel is connected with the multiplexing same TCP of data channel, needs to adopt the application protocol analytic technique to implement to separate.
NIDS mainly be by network packet catch, data flow reorganization, application protocol resolve attack knowledge storehouse coupling, analyze the current network behavioural characteristic with technology such as abnormality detection and whether have aggressiveness, its more attention is the control channel of communications protocol, and ignored detection to various typical application protocol data channels, so traditional NIDS can only detect the attack that network worm viroid, wooden horse etc. have the rogue program of network behavior feature, and just powerless for each viroid (as: macrovirus etc.) of carrying in the application protocol data channel data stream.At present, there is a big chunk to have aggressive virus (such as bot program) by the application protocol data dissemination channel; Obviously, the virus of ignoring this class application protocol data channel detects and will bring potential safety hazard to protected network.And, increasing along with aggressive Virus, traditional NIDS lacks will become to the problem of using protocol data channel virus detectability and becomes increasingly conspicuous, and also is difficult to satisfy demand for security day by day.
The present invention has solved the problems referred to above effectively by introduce the virus detection techniques at typical application protocol data channel in existing NIDS.The inventive method has realized the combination of IDS attack detecting technology and internet worm detection technique, detects at not appreciable impact IDS under the situation of engine performance, significantly improves the viral detectability of IDS system.
Summary of the invention
The invention provides the viral detection of a kind of combination and intrusion method for testing and system, under with situation about the IDS engine performance not being affected greatly, significantly improve the viral detectability (number and the accuracy that comprise detection) of nids system.
What the present invention relates to detects the method that combines with intrusion detection in conjunction with virus, may further comprise the steps:
(1): be used for reorganization and application protocol parsing are caught, flowed to network packet according to the condition of setting, typical application protocol is decomposed into control channel and data channel, then communication data in the control channel is submitted to IDS and detected engine, data flow in the data channel is submitted to stream reorganization and the application protocol analyzing step that internet worm detects engine;
(2): be used to receive the flow automatically reorganization and the application protocol control channel data of application protocol resolution unit, misapply detection based on IDS application protocol attack rule base, the IDS application protocol that further adopts protocol anomaly to detect the anomalous event that takes place in the recognition network communication detects step;
(3): be used to receive the flow automatically reorganization and the application protocol data channel data stream of application protocol resolution unit, viral knowledge base Network Based is carried out the internet worm detection step that virus detects;
(4): be used for attack or the Virus Name that reports to user's display engine, the alarm indication step of be correlated with IP, risk class;
(5): be used for the operating state of using protocol detection engine and internet worm detection engine is managed, controls and inquires about, engine issued rule base and virus characteristic storehouse, the system management step of system's online upgrading.
A kind of combination virus detects and intrusion method for testing, introduces virus detection techniques in Network Intrusion Detection System, by strengthening reorganization of NIDS data flow and application protocol analytic ability, the data flow that typical application protocol carries is carried out virus detection and alarm; Its concrete course of work is as follows: at first, the data message of catching is flowed reorganization and application protocol parsing, application protocol is decomposed into control channel and data channel; Misapply detection based on the attack knowledge storehouse to using agreement control channel communication data then, further can adopt the abnormal behaviour that takes place in the abnormality detection technology identification current network; At last, virus base Network Based carries out the virus detection to data flow in the application protocol data channel.
The present invention has designed a cover can realize above-mentioned system (VIDS) in conjunction with virus detection and intrusion detection method, and it not only can be reported to the police to the intrusion behavior in the network, and can report to the police to transmission in the network and the virus of propagating.Native system comprises:
(1) stream reorganization and application protocol resolution unit: reorganization and application protocol parsing are caught, flowed to network packet according to the condition of setting, typical application protocol is decomposed into control channel and data channel, then communication data in the control channel is submitted to IDS and detected engine, data flow in the data channel is submitted to internet worm detect engine.
(2) IDS application protocol detecting unit: receive the application protocol control channel data of flow automatically reorganization and application protocol resolution unit, misapply detection, further carry out protocol anomaly simultaneously and detect based on IDS application protocol attack rule base;
(3) network virus checking unit: receive the application protocol data channel data stream of flow automatically reorganization and application protocol resolution unit, viral knowledge base Network Based is carried out virus and is detected;
(4) alarm indication unit: attack that reports to user's display engine or Virus Name, relevant IP, risk class;
(5) System Management Unit (control centre): user oriented provides the usefulness of administration configuration.Control centre is a high performance management system, and it can control the activity of a plurality of network detection engines that are positioned at Local or Remote, concentrates and formulates and collocation strategy, and unified data management is provided.Management control center can be set to main, minor structure, main management control centre can receive, transmit the warning information of sub-control centre in real time, the log information of sub-control centre is extracted in classification, issues various configuration files, strategy is configured its belonging network detection engine for the son control.
Virus detection that the present invention relates to and intrusion detection associated methods and system have the following advantages:
1, NIDS Intrusion Detection Technique and virus detection techniques are organically combined, what solved effectively that existing NIDS can't realize carries out the problem that virus detects to typical application protocol data channel.
2, detect under the situation of engine performance at not appreciable impact IDS, significantly improve the viral detectability of IDS system.
Description of drawings
Fig. 1 is the implementation framework figure of VIDS system;
Fig. 2 is the realization flow figure of VIDS system;
Fig. 3 is a VIDS virus detection sub-module frame diagram.
Embodiment
Below in conjunction with accompanying drawing the intrusion detection that the present invention relates to and the concrete implementation step of method for detecting virus are further specified:
As shown in Figure 1, the VIDS system that the present invention relates to comprises with lower module and realizes;
1. original message is caught the bag module in real time, supports raw-sock and network interface card to drive and catches the bag dual mode;
2. the MAC layer of original message, IP layer protocol are resolved and the fragment recombination module;
3. transport layer protocol is resolved and the stream recombination module, promptly based on (source IP, order IP, source port, eye end mouth, transport layer protocol) five-tuple original message is flowed reorganization;
4. the application protocol parsing module promptly carries out application protocol to representative network agreement (FTP, HTTP, SMTP, POP3, IMAP etc.) and resolves, and isolates agreement control channel and data channel;
5.IDS detection module, promptly the isolated control channel data of protocol analysis module are misapplied detection or protocol anomaly detects to using;
6. the virus characteristic detection module promptly carries out the scanning of virus characteristic coupling to using the isolated data channel signal of protocol analysis module;
7. the reporting events module promptly receives the alert data from IDS detection module and virus characteristic detection module, reports control desk then;
8. management control center promptly receives and the affair alarm of presented event reporting module; Be responsible for editing and issuing the management strategy of whole system simultaneously.
As shown in Figure 2, VIDS workflow involved in the present invention comprises the steps;
1, the VIDS engine is caught the bag module by message and is caught data flow in the network;
2, call the network data that MAC protocol analysis subprogram is resolved mac-layer protocol;
3, the ARP/RARP agreement is then called ARP/RARP protocol analysis subprogram and was resolved and directly enter the 6th step in this way; Otherwise call IP protocol analysis and ip fragmentation reorganization program;
4 if ICMP or IGMP agreement are then called ICMP respectively and the 6th step was resolved and directly entered to IGMP protocol analysis subprogram; Transport layer protocol is resolved and stream recon program otherwise call;
5, call application layer protocol parsing subprogram protocol data is reduced, isolate control channel and data channel for typical application protocol;
6, based on attack signature library call rule match subprogram the control channel data are carried out pattern matching, if the match is successful then the incident of calling produces subprogram and the reporting events subprogram reports the VIDS incident; Carry out abnormality detection simultaneously, exist abnormal behaviour then to report this anomalous event in the communication as finding.
7, detect subprogram based on virus characteristic library call virus and carry out virus and detect, if the match is successful then call incident generation subprogram and the reporting events subprogram reports the VIDS incident to using the protocol data channel data.
As shown in Figure 3, the virus in the VIDS of the present invention system detects engine and comprises following submodule:
1, virus characteristic library module, it has comprised all virus signatures among the VIDS, and sets up index based on quick Hash table;
2, preliminary treatment submodule is responsible for data stream is carried out preliminary treatment before the virus scan, comprises that data flow decompresses, decoding and grand extraction operation;
3, fast the multi-mode matching module, be responsible for pretreated data flow is carried out quick multi-mode coupling, thereby identify common virus with obvious virus signature;
4, virtual machine Executive Module is responsible for the suspicious instruction stream from executable file is carried out virtual execution, observes its real behavior, thereby identifies various variant virus.
Claims (3)
1. a combination virus detects and intrusion method for testing, it is characterized in that:
(1): be used for reorganization and application protocol parsing are caught, flowed to network packet according to the condition of setting, typical application protocol is decomposed into control channel and data channel, then communication data in the control channel is submitted to IDS and detected engine, data flow in the data channel is submitted to stream reorganization and the application protocol analyzing step that internet worm detects engine;
(2): be used to receive the flow automatically reorganization and the application protocol control channel data of application protocol resolution unit, misapply detection based on IDS application protocol attack rule base, the IDS application protocol that further adopts protocol anomaly to detect the anomalous event that takes place in the recognition network communication detects step;
(3): be used to receive the flow automatically reorganization and the application protocol data channel data stream of application protocol resolution unit, viral knowledge base Network Based is carried out the internet worm detection step that virus detects;
(4): be used for attack or the Virus Name that reports to user's display engine, the alarm indication step of be correlated with IP, risk class;
(5): be used for the operating state of using protocol detection engine and internet worm detection engine is managed, controls and inquires about, engine issued rule base and virus characteristic storehouse, the system management step of system's online upgrading.
2. a combination virus detects and intrusion method for testing, it is characterized in that: in Network Intrusion Detection System, introduce virus detection techniques, by strengthening reorganization of NIDS data flow and application protocol analytic ability, the data flow that typical application protocol carries is carried out virus detection and alarm; Its concrete course of work is as follows: at first, the data message of catching is flowed reorganization and application protocol parsing, application protocol is decomposed into control channel and data channel; Misapply detection based on the attack knowledge storehouse to using agreement control channel communication data then, further can adopt the abnormal behaviour that takes place in the abnormality detection technology identification current network; At last, virus base Network Based carries out the virus detection to data flow in the application protocol data channel.
3. one kind is detected system with intrusion detection in conjunction with virus, and it is characterized in that: this system comprises plurality of units:
(1) according to the condition of setting reorganization and application protocol parsing are caught, flowed to network packet, typical application protocol is decomposed into control channel and data channel, then communication data in the control channel is submitted to IDS and detected engine, data flow in the data channel is submitted to stream reorganization and the application protocol resolution unit that internet worm detects engine;
(2) receive the application protocol control channel data of flow automatically reorganization and application protocol resolution unit, misapply detection based on IDS application protocol attack rule base, further adopt protocol anomaly to detect the IDS application protocol detecting unit of the anomalous event that takes place in the recognition network communication;
(3): receive the application protocol data channel data stream of flow automatically reorganization and application protocol resolution unit, viral knowledge base Network Based is carried out the network virus checking unit that virus detects;
(4) the alarm indication unit of attack or the Virus Name that reports to user's display engine, be correlated with IP, risk class;
(5) operating state of using protocol detection engine and internet worm detection engine is managed, controls and inquires about, engine is issued rule base and virus characteristic storehouse, the System Management Unit of system's online upgrading.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101126924ACN100450046C (en) | 2006-08-30 | 2006-08-30 | Virus detection and invasion detection combined method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101126924ACN100450046C (en) | 2006-08-30 | 2006-08-30 | Virus detection and invasion detection combined method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1909488Atrue CN1909488A (en) | 2007-02-07 |
| CN100450046C CN100450046C (en) | 2009-01-07 |
Family
ID=37700483
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101126924AExpired - Fee RelatedCN100450046C (en) | 2006-08-30 | 2006-08-30 | Virus detection and invasion detection combined method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100450046C (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051966B (en)* | 2007-05-22 | 2010-06-09 | 网御神州科技(北京)有限公司 | A network intrusion behavior detection system and detection method |
| CN101060492B (en)* | 2007-05-29 | 2010-08-11 | 杭州华三通信技术有限公司 | Talk detection method and talk detection system |
| WO2010139223A1 (en)* | 2009-06-02 | 2010-12-09 | 中兴通讯股份有限公司 | Data download method and device for wireless terminal |
| CN101388763B (en)* | 2007-09-12 | 2011-02-02 | 北京启明星辰信息技术股份有限公司 | SQL injection attack detection system supporting multiple database types |
| CN101388768B (en)* | 2008-10-21 | 2011-03-23 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting malicious HTTP request |
| CN101465738B (en)* | 2007-12-17 | 2011-05-11 | 北京启明星辰信息技术股份有限公司 | Real time monitoring method and system for document transmission |
| CN101399710B (en)* | 2007-09-29 | 2011-06-22 | 北京启明星辰信息技术股份有限公司 | Detection method and system for protocol format exception |
| CN101425937B (en)* | 2007-11-02 | 2011-07-20 | 北京启明星辰信息技术股份有限公司 | SQL injection attack detection system suitable for high speed LAN environment |
| CN101547126B (en)* | 2008-03-27 | 2011-10-12 | 北京启明星辰信息技术股份有限公司 | Network virus detecting method based on network data streams and device thereof |
| CN101442518B (en)* | 2007-11-22 | 2011-12-28 | 北京启明星辰信息技术股份有限公司 | Protocol analysis method and system for abnormal detection |
| CN102325134A (en)* | 2011-08-29 | 2012-01-18 | 浙江中烟工业有限责任公司 | Three-system safety interconnection component subsystem of multi-level safety interconnection platform |
| CN102483783A (en)* | 2009-09-03 | 2012-05-30 | Inca网络有限公司 | Method for blocking execution of hacking process |
| CN102571719A (en)* | 2010-12-31 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Invasion detection system and detection method thereof |
| CN102624721A (en)* | 2012-03-02 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | Feature code verification platform system and feature code verification method |
| CN101605074B (en)* | 2009-07-06 | 2012-09-26 | 中国人民解放军信息技术安全研究中心 | Method and system for monitoring Trojan Horse based on network communication behavior characteristic |
| CN102833263A (en)* | 2012-09-07 | 2012-12-19 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for intrusion detection and intrusion protection |
| CN103248606A (en)* | 2012-02-02 | 2013-08-14 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
| CN103888282A (en)* | 2013-08-19 | 2014-06-25 | 中广核工程有限公司 | Network intrusion alarm method and system based on nuclear power plant |
| CN104573508A (en)* | 2013-10-22 | 2015-04-29 | 中国银联股份有限公司 | Method for detecting compliance of payment applications under virtualization environment |
| CN105577670A (en)* | 2015-12-29 | 2016-05-11 | 南威软件股份有限公司 | Warning system of database-hit attack |
| CN103795709B (en)* | 2013-12-27 | 2017-01-18 | 北京天融信软件有限公司 | Network security detection method and system |
| CN109413088A (en)* | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
| CN110620785A (en)* | 2019-09-30 | 2019-12-27 | 深圳市永达电子信息股份有限公司 | Parallel detection method, system and storage medium based on message marking data stream |
| CN111641589A (en)* | 2020-04-30 | 2020-09-08 | 中国移动通信集团有限公司 | Advanced sustainable threat detection method, system, computer and storage medium |
| CN112232881A (en)* | 2020-10-22 | 2021-01-15 | 腾讯科技(深圳)有限公司 | A data detection method, device, electronic device and storage medium |
| CN112532614A (en)* | 2020-11-25 | 2021-03-19 | 国网辽宁省电力有限公司信息通信分公司 | Safety monitoring method and system for power grid terminal |
| CN112637840A (en)* | 2020-12-25 | 2021-04-09 | 广东卓维网络有限公司 | Information network virus intrusion detection system and method thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7327690B2 (en)* | 2002-08-12 | 2008-02-05 | Harris Corporation | Wireless local or metropolitan area network with intrusion detection features and related methods |
| CN1738257A (en)* | 2004-12-31 | 2006-02-22 | 北京大学 | Network intrusion detection system and method based on application protocol detection engine |
- 2006
- 2006-08-30CNCNB2006101126924Apatent/CN100450046C/ennot_activeExpired - Fee Related
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051966B (en)* | 2007-05-22 | 2010-06-09 | 网御神州科技(北京)有限公司 | A network intrusion behavior detection system and detection method |
| CN101060492B (en)* | 2007-05-29 | 2010-08-11 | 杭州华三通信技术有限公司 | Talk detection method and talk detection system |
| CN101388763B (en)* | 2007-09-12 | 2011-02-02 | 北京启明星辰信息技术股份有限公司 | SQL injection attack detection system supporting multiple database types |
| CN101399710B (en)* | 2007-09-29 | 2011-06-22 | 北京启明星辰信息技术股份有限公司 | Detection method and system for protocol format exception |
| CN101425937B (en)* | 2007-11-02 | 2011-07-20 | 北京启明星辰信息技术股份有限公司 | SQL injection attack detection system suitable for high speed LAN environment |
| CN101442518B (en)* | 2007-11-22 | 2011-12-28 | 北京启明星辰信息技术股份有限公司 | Protocol analysis method and system for abnormal detection |
| CN101465738B (en)* | 2007-12-17 | 2011-05-11 | 北京启明星辰信息技术股份有限公司 | Real time monitoring method and system for document transmission |
| CN101547126B (en)* | 2008-03-27 | 2011-10-12 | 北京启明星辰信息技术股份有限公司 | Network virus detecting method based on network data streams and device thereof |
| CN101388768B (en)* | 2008-10-21 | 2011-03-23 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting malicious HTTP request |
| WO2010139223A1 (en)* | 2009-06-02 | 2010-12-09 | 中兴通讯股份有限公司 | Data download method and device for wireless terminal |
| CN101605074B (en)* | 2009-07-06 | 2012-09-26 | 中国人民解放军信息技术安全研究中心 | Method and system for monitoring Trojan Horse based on network communication behavior characteristic |
| CN102483783A (en)* | 2009-09-03 | 2012-05-30 | Inca网络有限公司 | Method for blocking execution of hacking process |
| CN102571719A (en)* | 2010-12-31 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Invasion detection system and detection method thereof |
| CN102325134A (en)* | 2011-08-29 | 2012-01-18 | 浙江中烟工业有限责任公司 | Three-system safety interconnection component subsystem of multi-level safety interconnection platform |
| CN102325134B (en)* | 2011-08-29 | 2014-04-02 | 浙江中烟工业有限责任公司 | Three-system safety interconnected part sub-system of multi-stage safety interconnected platform |
| CN103248606A (en)* | 2012-02-02 | 2013-08-14 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
| CN102624721A (en)* | 2012-03-02 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | Feature code verification platform system and feature code verification method |
| CN102624721B (en)* | 2012-03-02 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Feature code verification platform system and feature code verification method |
| CN102833263A (en)* | 2012-09-07 | 2012-12-19 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for intrusion detection and intrusion protection |
| CN102833263B (en)* | 2012-09-07 | 2015-04-22 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for intrusion detection and intrusion protection |
| CN103888282A (en)* | 2013-08-19 | 2014-06-25 | 中广核工程有限公司 | Network intrusion alarm method and system based on nuclear power plant |
| GB2532630B (en)* | 2013-08-19 | 2018-04-25 | China Nuclear Power Eng Co Ltd | Network intrusion alarm method and system for nuclear power plant |
| WO2015024315A1 (en)* | 2013-08-19 | 2015-02-26 | 中广核工程有限公司 | Network intrusion alarm method and system for nuclear power station |
| GB2532630A (en)* | 2013-08-19 | 2016-05-25 | China Nuclear Power Eng Co Ltd | Network intrusion alarm method and system for nuclear power station |
| CN104573508B (en)* | 2013-10-22 | 2017-06-23 | 中国银联股份有限公司 | The compliance detection method of application is paid under virtualized environment |
| CN104573508A (en)* | 2013-10-22 | 2015-04-29 | 中国银联股份有限公司 | Method for detecting compliance of payment applications under virtualization environment |
| US10445746B2 (en) | 2013-10-22 | 2019-10-15 | China Unionpay Co., Ltd. | Method for checking compliance of payment application in virtualized environment |
| CN103795709B (en)* | 2013-12-27 | 2017-01-18 | 北京天融信软件有限公司 | Network security detection method and system |
| CN105577670A (en)* | 2015-12-29 | 2016-05-11 | 南威软件股份有限公司 | Warning system of database-hit attack |
| CN105577670B (en)* | 2015-12-29 | 2019-03-22 | 南威软件股份有限公司 | A kind of warning system hitting library attack |
| CN109413088A (en)* | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
| CN110620785A (en)* | 2019-09-30 | 2019-12-27 | 深圳市永达电子信息股份有限公司 | Parallel detection method, system and storage medium based on message marking data stream |
| CN111641589A (en)* | 2020-04-30 | 2020-09-08 | 中国移动通信集团有限公司 | Advanced sustainable threat detection method, system, computer and storage medium |
| CN112232881A (en)* | 2020-10-22 | 2021-01-15 | 腾讯科技(深圳)有限公司 | A data detection method, device, electronic device and storage medium |
| CN112532614A (en)* | 2020-11-25 | 2021-03-19 | 国网辽宁省电力有限公司信息通信分公司 | Safety monitoring method and system for power grid terminal |
| CN112637840A (en)* | 2020-12-25 | 2021-04-09 | 广东卓维网络有限公司 | Information network virus intrusion detection system and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100450046C (en) | 2009-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100450046C (en) | Virus detection and invasion detection combined method and system | |
| US10917417B2 (en) | Method, apparatus, server, and storage medium for network security joint defense | |
| US7152242B2 (en) | Modular system for detecting, filtering and providing notice about attack events associated with network security | |
| CN101350745B (en) | Intrude detection method and device | |
| Yegneswaran et al. | Using honeynets for internet situational awareness | |
| EP2106085B1 (en) | System and method for securing a network from zero-day vulnerability exploits | |
| US7444679B2 (en) | Network, method and computer readable medium for distributing security updates to select nodes on a network | |
| US20030084326A1 (en) | Method, node and computer readable medium for identifying data in a network exploit | |
| US20060191008A1 (en) | Apparatus and method for accelerating intrusion detection and prevention systems using pre-filtering | |
| US20030084319A1 (en) | Node, method and computer readable medium for inserting an intrusion prevention system into a network stack | |
| US20030084328A1 (en) | Method and computer-readable medium for integrating a decode engine with an intrusion detection system | |
| CN109922048B (en) | A serial distributed hidden threat intrusion attack detection method and system | |
| CN100542176C (en) | Method and system for analyzing and processing data packet content | |
| CN1203641C (en) | Method and system for monitoring network intrusion | |
| CN1697404A (en) | System and method for detecting network worm in interactive mode | |
| US7836503B2 (en) | Node, method and computer readable medium for optimizing performance of signature rule matching in a network | |
| CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
| CN110958231A (en) | Industrial control safety event monitoring platform and method based on Internet | |
| CN1578227A (en) | Dynamic IP data packet filtering method | |
| CN1175621C (en) | A Method for Detecting and Monitoring Malicious User Host Attacks | |
| CN111859374B (en) | Method, device and system for detecting social engineering attack event | |
| CN108989336A (en) | A kind of emergency disposal system and emergence treating method for network safety event | |
| US20030084344A1 (en) | Method and computer readable medium for suppressing execution of signature file directives during a network exploit | |
| US11792212B2 (en) | IOC management infrastructure | |
| CN101068168A (en) | Main machine invading detecting method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address | Address after:No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee after:Beijing Venus Information Technology Co., Ltd. Address before:No 12, No. 188 South Main Street, Beijing, Haidian District, Zhongguancun Patentee before:Beijing Qiming Xingchen Information Technology Co., Ltd. | |
| C56 | Change in the name or address of the patentee | Owner name:BEIJING QIMINGXINGCHEN INFORMATION TECHNOLOGY CO., Free format text:FORMER NAME: BEIJING QIMING XINGCHEN INFORMATION TECHNOLOGY CO. LTD. | |
| ASS | Succession or assignment of patent right | Owner name:BEIJING QIMINGXINCHEN INFORMATION SECURITY TECHNOL | |
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data | Free format text:CORRECT: ADDRESS; FROM: 100081 NO 188, NO.12, ZHONGGUANCUN SOUTH AVENUE, HAIDIAN DISTRICT, BEIJING CITY TO: 100193 QIMINGXINGCHEN BUILDING, BUILDING 21, ZHONGGUANCUN SOFTWARE PARK, NO.8, DONGBEIWANG WEST ROAD, HAIDIAN DISTRICT, BEIJING CITY | |
| TR01 | Transfer of patent right | Effective date of registration:20100507 Address after:100193 Beijing city Haidian District Dongbeiwang qimingxingchenmansionproject Building No. 21 West Road No. 8 Zhongguancun Software Park Co-patentee after:Beijing Venusense Information Security Technology Co., Ltd. Patentee after:Beijing Venus Information Technology Co., Ltd. Address before:100081 No. 12 South Avenue, Haidian District, Zhongguancun, No. 188, Beijing Patentee before:Beijing Venus Information Technology Co., Ltd. | |
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20090107 Termination date:20150830 | |
| EXPY | Termination of patent right or utility model |