Firewall intrusion data analysis method and device
The invention provides a firewall intrusion data analysis method and device. The method comprises an initialization stage: collecting historical user access data through a firewall; organizing the access data into a state transition diagram; screening out transfer edges with transfer times smaller t...
Saved in:
Main Authors | , , , , |
---|---|
Format | Patent |
Language | Chinese English |
Published |
12.04.2022
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The invention provides a firewall intrusion data analysis method and device. The method comprises an initialization stage: collecting historical user access data through a firewall; organizing the access data into a state transition diagram; screening out transfer edges with transfer times smaller than a first threshold value; modifying the intranet system according to the screened transfer edge of which the transfer frequency is smaller than a first threshold value; in the operation stage, time T is used as a mobile window, and user access data is collected through a firewall; forming the user access data in the time window T into a running period state transition diagram; and comparing the operation period state transition diagram with the initial state transition diagram to obtain a state transition edge with a deviation greater than a second threshold value, and determining the corresponding access data as suspicious intrusion access. The technical problem that a common firewall cannot detect hacker dynam |
---|---|
Bibliography: | Application Number: CN202210188955 |