Firewall intrusion data analysis method and device

Firewall intrusion data analysis method and device

The invention provides a firewall intrusion data analysis method and device. The method comprises an initialization stage: collecting historical user access data through a firewall; organizing the access data into a state transition diagram; screening out transfer edges with transfer times smaller t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZHAO XUEMEI, DENG HAN, WU ZHONGMING, WANG YOURUI, YIN XIAOQIONG
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a firewall intrusion data analysis method and device. The method comprises an initialization stage: collecting historical user access data through a firewall; organizing the access data into a state transition diagram; screening out transfer edges with transfer times smaller than a first threshold value; modifying the intranet system according to the screened transfer edge of which the transfer frequency is smaller than a first threshold value; in the operation stage, time T is used as a mobile window, and user access data is collected through a firewall; forming the user access data in the time window T into a running period state transition diagram; and comparing the operation period state transition diagram with the initial state transition diagram to obtain a state transition edge with a deviation greater than a second threshold value, and determining the corresponding access data as suspicious intrusion access. The technical problem that a common firewall cannot detect hacker dynam