基本信息:
- 专利标题: 基于IP终端异常流量及黑白名单库的网络入侵识别方法
- 专利标题(英):Network intrusion identification method based on anomaly flow and black-white list library of IP terminal
- 申请号:CN201410852491.2 申请日:2014-12-31
- 公开(公告)号:CN104468631A 公开(公告)日:2015-03-25
- 发明人: 夏飞 , 崔恒志 , 张明明 , 丁一新 , 徐晓海 , 梅沁 , 郑海雁 , 官国飞 , 葛崇慧
- 申请人: 国家电网公司 , 江苏省电力公司 , 江苏方天电力技术有限公司 , 江苏省电力公司信息通信分公司
- 申请人地址: 江苏省南京市江宁科学园天元中路19号
- 专利权人: 国家电网公司,江苏省电力公司,江苏方天电力技术有限公司,江苏省电力公司信息通信分公司
- 当前专利权人: 国家电网公司,江苏省电力公司,江苏方天电力技术有限公司,江苏省电力公司信息通信分公司
- 当前专利权人地址: 江苏省南京市江宁科学园天元中路19号
- 代理机构: 南京纵横知识产权代理有限公司
- 代理人: 董建林; 许婉静
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
The invention discloses a network intrusion identification method based on anomaly flow and a black-white list library of an IP terminal. The network intrusion identification method includes the steps that a flow preset threshold is set for early warning with a base line analysis method, anomaly flow features are extracted for early warning, the black-white list library is built, early warning is carried out when a server is accessed by a non-white-list IP, and in the monitoring process, a flow analysis library, an anomaly flow feature library and the black-white list library are continuously updated and perfected. When network intrusion to the electric system server is processed with the network intrusion identification method, an alarm can be given in time, a network operation and maintenance person can be reminded to carry out attention and processing in time, and big losses, caused by system crash and network complete paralysis which are caused by network intrusion, of a power grid can be avoided.