Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack-graph-based intrusion response mode

An attack graph and attacker's technology, applied to electrical components, transmission systems, etc., to achieve the effect of enhancing accuracy

Inactive Publication Date: 2011-11-02
JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED +1
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002]Since James Anderson first proposed the concept of intrusion detection in the 1980s, intrusion detection system (IDS) as a component of network security has achieved great development. But with Compared with security components such as firewalls and VPNs that play an increasingly important role, the role of IDS has not been truly reflected. The main reason is that the problem of alarm response has not been well resolved. Because with the improvement of attack methods, the attack becomes more and more serious. This asymmetry makes the work in the field of intrusion detection and response fall into a passive situation. In order to solve this problem, people began to use automatic or semi-automatic response
[0003] If it is considered that the response method starts from the static mapping type, that is, attacks are classified according to certain principles, and each alarm is mapped to a pre-set In terms of well-defined response measures, many current intrusion response systems (IRS) are based on this response method. Static mapping intrusion response largely solves the problems of long manual response time and heavy burden, but it also has Some obvious shortcomings, on the one hand, it is easy to be exploited by attacks, on the other hand, it does not fully consider the adaptability of intrusion response, the choice of response measures should be different with the network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack-graph-based intrusion response mode
  • Attack-graph-based intrusion response mode
  • Attack-graph-based intrusion response mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] 1. Attack the subsequent attack set of p

[0034]

[0035] 2. Through the game situation Profits to Computing Systems and Profits to Attackers

[0036]

[0037]

[0038] 3. Calculation of the next attack predicted by the attack system a. The loss of the system on each security scale caused by the attack p reported by the alarm

[0039]

[0040] 4. When the attacker uses a as the next attack action, the income of the attacker and the system are respectively

[0041]

[0042]

[0043] 5. Calculate the attacker's best next attack action as

[0044]

[0045] 6. Calculate the best response of the system

[0046]

[0047] 7. After the system’s best response action, the attacker’s next best response action in the whole game process is

[0048]

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attach-graph-based dynamic intrusion response method, which comprises the following steps of: presenting three kinds of cost comprising operation cost, response cost and loss cost for intrusion detection and response according to an intrusion detection and response reference mode which is an intrusion response based on attack graph (IRAG) model, and selecting a response measure on the basis of combining the three kinds of cost; defining the types of attackers executing attacks with certain aims by utilizing the preference of the attackers in security scales, and describing the attack aims of the attackers by using the types of the attackers; establishing two information sets which are an attacker information set and a system information set, wherein the attacker information set mainly comprises information obtained by the footprinting, sniffing and scanning of the attackers and according to the response information of a system, and information in the system information set comprises the alarming and log information from components comprising an intrusion detection system (IDS), a firewall, a host and the like in the system; and determining the action spaces of participation parties, wherein the system actually may determine a response set according to different attack types when giving the response.

Description

technical field [0001] The invention relates to a method for network intrusion detection response. Background technique [0002] Since James Anderson first proposed the concept of intrusion detection in the 1980s, intrusion detection system (IDS) as a component of network security has achieved great development. However, with firewalls, VPNs and other security components playing an increasingly important role For example, the role of IDS is not really reflected, the main reason is that the problem of alarm response has not been well resolved. Because with the improvement of attack methods, attacks are becoming more and more automated and complex, and the current response It is mainly manual, this asymmetry makes the work in the field of intrusion detection and response into a passive situation, in order to solve this problem, people began to study automatic or semi-automatic response methods. [0003] If it is considered that the static mapping response method starts first...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 石进张辰高为刘建邦潘健翔
Owner JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com