Firewall intrusion data analysis method and device

• Main Authors: ZHAO XUEMEI, DENG HAN, WU ZHONGMING, WANG YOURUI, YIN XIAOQIONG
• Format: Patent
• Language: Chinese; English
• Published: 12.04.2022
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention provides a firewall intrusion data analysis method and device. The method comprises an initialization stage: collecting historical user access data through a firewall; organizing the access data into a state transition diagram; screening out transfer edges with transfer times smaller than a first threshold value; modifying the intranet system according to the screened transfer edge of which the transfer frequency is smaller than a first threshold value; in the operation stage, time T is used as a mobile window, and user access data is collected through a firewall; forming the user access data in the time window T into a running period state transition diagram; and comparing the operation period state transition diagram with the initial state transition diagram to obtain a state transition edge with a deviation greater than a second threshold value, and determining the corresponding access data as suspicious intrusion access. The technical problem that a common firewall cannot detect hacker dynam