NIDS network penetration detection method, computer and storage medium

NIDS network penetration detection method, computer and storage medium

The invention provides an NIDS network penetration detection method, a computer and a storage medium, and belongs to the technical field of intelligent detection. The method specifically comprises the following steps: firstly, detecting a TTL field value from an NIDS to a server in a TCP state machi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZHAO YUE, SHI KAIYU, CHE JIAZHEN, FENG SHUAI, SHI JIANTAO, YANG XIAOXUAN, WEI XIANKUI, LIU LIKUN, SONG YUNZU, GE MENGMENG, LI JINGWEI, WANG JIUJIN, YU XIANGZHAN, YE LIN, TAN TONGHAI
Format: Patent
Sprache:chi ; eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides an NIDS network penetration detection method, a computer and a storage medium, and belongs to the technical field of intelligent detection. The method specifically comprises the following steps: firstly, detecting a TTL field value from an NIDS to a server in a TCP state machine attack model; secondly, judging the type of the received message data packet, executing control message data attack detection when the message data packet is a control message, and executing data message attack detection when the message data packet is a data message; secondly, detecting a control message in the TCP state machine attack model; and finally, detecting a data message data packet in the TCP state machine attack model. According to the method and the device, the technical problem of TCP state machine attack bypassing NIDS detection is solved by identifying the TCP state machine attack pseudo data packet. 本发明提出一种NIDS网络渗透检测方法、计算机及存储介质,属于智能检测技术领域。具体包括,首先,检测TCP状态机攻击模型中的NIDS到服务端的TTL字段值;其次,判断接收报文数据包的类型,当报文