The present invention relates to a method for anomaly detection, a WEB service includes: analysis of the establishment of the Web server (4) corresponding relationship between the state and the message communication behavior; real-time detection and analysis of network communication and message communication message according to the behavior of informed Web server (4) and the change of state; according to the Web server (4) change of state judgment and report whether the unknown denial of service attack. This method, by analyzing the corresponding relationship between the state and the establishment of Web server communication messages by message behavior, real-time detection and the corresponding Web server state transition analysis, can be found the abnormal state of the Web server, compared with the current method for unknown denial of service attack alarm, stop and extraction and record network packets with attack the characteristics of the.
【技术实现步骤摘要】
【技术保护点】
一种WEB服务异常检测方法,其特征在于,包括以下步骤: 1.1)分析建立Web服务器(4)状态和通讯报文行为之间的对应关系; 1.2)实时检测和分析网络通讯报文并根据通讯报文行为获知Web服务器(4)状态及其变迁; 1.3)根据Web 服务器(4)状态变迁情况判断并报告是否受到未知拒绝服务攻击。
【技术特征摘要】
【专利技术属性】
技术研发人员:赵海峰,牛妍萍,
申请(专利权)人:北京启明星辰信息技术股份有限公司,北京启明星辰信息安全技术有限公司,
类型:发明
国别省市:11[中国|北京]
还没有人留言评论。发表了对其他浏览者有用的留言会获得科技券。