WIPO logo
Mobile | Deutsch | Español | Français | 日本語 | 한국어 | Português | Русский | 中文 | العربية |
PATENTSCOPE

Search International and National Patent Collections
World Intellectual Property Organization
Search
 
Browse
 
Translate
 
Options
 
News
 
Login
 
Help
 
Machine translation
1. (WO2009132552) INTRUSION DETECTION METHOD, SYSTEM AND APPARATUS
Latest bibliographic data on file with the International Bureau   

Pub. No.:    WO/2009/132552    International Application No.:    PCT/CN2009/071289
Publication Date: 05.11.2009 International Filing Date: 16.04.2009
IPC:
H04L 12/24 (2006.01)
Applicants: HUAWEI TECHNOLOGIES CO., LTD. [CN/CN]; Huawei Administration Building,Bantian, Longgang Shenzhen, Guangdong 518129 (CN) (For All Designated States Except US).
JIN, Meijuan [CN/CN]; (CN) (For US Only).
ZHANG, Bo [CN/CN]; (CN) (For US Only).
WANG, Xiaoqiong [CN/CN]; (CN) (For US Only)
Inventors: JIN, Meijuan; (CN).
ZHANG, Bo; (CN).
WANG, Xiaoqiong; (CN)
Agent: BEIJING TINGLI PATENT AGENCY; Room 804, 805, 806 Jinyu Mansion No.129 Xuanwumen Xidajie, Xicheng Beijing 100031 (CN)
Priority Data:
200810093831.2 30.04.2008 CN
Title (EN) INTRUSION DETECTION METHOD, SYSTEM AND APPARATUS
(FR) PROCÉDÉ, SYSTÈME ET APPAREIL DE DÉTECTION D'INTRUSION
(ZH) 一种入侵检测方法、系统和装置
Abstract: front page image
(EN)An intrusion detection method, system and apparatus are disclosed in the present invention. The method includes the steps of: acquiring (201) abnormal behavior characteristics of messages; extracting (202) preliminary abnormal intrusion rules according to the abnormal behavior characteristics; performing matching and searching (203) to messages received subsequently according to the preliminary abnormal intrusion rules, if they are matching, then it is regarded that the intrusion behavior is existing (205). By the embodiments of the present invention, the detection response time for abnormal intrusion is shorted, the probability of discovering intrusion is enhanced, and the adaptive capacity of variation intrusion behavior is strengthened.
(FR)Cette invention se rapporte à un procédé, à un système et à un appareil de détection d'intrusion. Le procédé comprend les étapes consistant à : acquérir (201) des caractéristiques de comportement anormal de messages; extraire (202) des règles d'intrusion anormale préliminaire selon les caractéristiques de comportement anormal; effectuer une mise en concordance et une recherche (203) avec des messages reçus par la suite, selon les règles d'intrusion anormale préliminaire et s'il y a concordance, alors on considère que le comportement d'intrusion existe (205). Grâce aux modes de réalisation de la présente invention, le temps de réponse de détection d'une intrusion anormale est raccourci, la probabilité de découvrir une intrusion est améliorée et la capacité de variation adaptative du comportement d'intrusion est renforcée.
Designated States: AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BR, BW, BY, BZ, CA, CH, CN, CO, CR, CU, CZ, DE, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IS, JP, KE, KG, KM, KN, KP, KR, KZ, LA, LC, LK, LR, LS, LT, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PG, PH, PL, PT, RO, RS, RU, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW.
African Regional Intellectual Property Organization (BW, GH, GM, KE, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Organization (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM)
European Patent Office (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, SE, SI, SK, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, ML, MR, NE, SN, TD, TG).
Publication Language: Chinese (ZH)
Filing Language: Chinese (ZH)