Online recognition method for network multi-step attack intension

An identification method and network technology, applied in digital transmission systems, secure communication devices, electrical components, etc., can solve the problems of relying on prior knowledge, difficulty in discovering new attacks, and inability to effectively guarantee real-time performance, and achieve the effect of real-time online detection

Inactive Publication Date: 2008-08-13
HUAZHONG UNIV OF SCI & TECH
View PDF0 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are still some unresolved problems in the existing multi-step attack association research, such as: too much reliance on prior knowledge, complex association rules need to be defined, only scene fragments can be excavated, new types of attacks are difficult to discover, and effective guarantees cannot be guaranteed. real-time, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Online recognition method for network multi-step attack intension
  • Online recognition method for network multi-step attack intension
  • Online recognition method for network multi-step attack intension

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] First of all, it is necessary to mine the multi-step attack sequence pattern set from the historical security event alarm database. The attack behavior sequence pattern set includes multiple feature sequences, and each feature sequence reflects the multi-step attack relationship between features, which provides a pattern matching basis for attack recognition, as follows:

[0021] 1. Extract the attack behavior characteristic SID in each historical security event alarm, sort according to the time of occurrence, and construct a global attack sequence.

[0022] 2. Use the attack scenario time window W T Divide the global attack sequence into multiple candidate attack sequences.

[0023] Attack scenario time window (attack scenario time window) W T The meaning of is: the time interval of multi-step attack, that is, the entire time period from the occurrence of the first multi-step attack step to the completion of the last multi-step attack step. suppose a 1 and a l are...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an online identification method for a network multi-step attacking intention, wherein the method extracts characters of the received security incident warning message, carries out a pattern matching based on a character and attacking action happening sequence pattern collection. If the pattern matching is success, degree of association between fore and aft security incident warning messages according to the pattern matching is computed, and the network multi-step attacking relation between the security incident warning messages is recorded based on a compared result of the degree of association and a threshold value thereof. The invention filters the security incident with pattern matching but without association relation by computing the degree of association, and the real time online detect is realized by real time reporting a matching process and result.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a method for online identification of network multi-step attack intentions. Background technique [0002] With the continuous development of information technology and the rapid advancement of information construction, the development of information security industry has shown an increasingly active trend in recent years. Most organizations and institutions connected to the Internet use security products such as IDS (Intrusion Detection Systems), firewalls, and virtual private network VPN (Virtual Private Network), which have formed part of the network architecture. These security products or systems generate a large amount of security event data such as alarms and logs in the application. Users hope that these security event data can become an important basis for network attack detection, defense and response, but in practice, they are huge and redundant, scattered ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/36H04L9/10
Inventor 王莉李之棠陈琳李伟明朱晓林汪洋
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap