Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security detection method and system based on attack association

A technology of security detection and association relationship, applied in the field of network security, it can solve problems such as interception of hidden attack behavior, inability to know intranet penetration behavior, and difficulty in troubleshooting, and achieve the effect of efficient network management.

Active Publication Date: 2015-07-29
SANGFOR TECH INC
View PDF5 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is that if an attacker in the prior art has broken through the network security device before the security device is put on the shelf, it is impossible to know its penetration behavior on the intranet, and when the attacker attacks an enterprise network with a lot of business , it is very difficult to troubleshoot and cannot effectively intercept the hidden attack behavior. A security detection method and system based on attack correlation is provided.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security detection method and system based on attack association
  • Security detection method and system based on attack association
  • Security detection method and system based on attack association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to have a clearer understanding of the technical features, purposes and effects of the present invention, the corresponding specific implementation modes of the present invention when the input traffic has an attack behavior and the corresponding specific implementation modes of the present invention when the input traffic hides the attack behavior are described in detail with reference to the accompanying drawings .

[0042] figure 1 It is a flow chart of the security detection method when the input traffic has an attack behavior according to an embodiment of the present invention. Such as figure 1 As shown, the method includes the following steps:

[0043] Step S1: Detect whether the input traffic has attack behavior. Understandably, the input traffic can be divided into those with attack behavior and those without attack behavior. In this embodiment, assuming that the incoming traffic is detected to have an attack behavior, the following steps are perfor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security detection method and system based on attack association. The method includes the steps of detecting whether input flow has attack behaviors or not, extracting information of the input flow with the attack behaviors, storing the information in an attack source set, conducting different types of analysis on log records according to the detection result through the combination with the attack source, finding out all the attack behaviors of the input flow, and finding attack behaviors possibly hidden in the input flow. The association between the input flow and the log records is analyzed, and therefore all the attack behaviors and the hidden attack behaviors of the input flow are conveniently and efficiency mined, and the network management can be more efficiency and reliable.

Description

technical field [0001] The invention relates to a detection and protection system in the field of network security, in particular to an attack correlation-based security detection method and system. Background technique [0002] With the increasing awareness of network security, more and more enterprises are protecting against attacks by purchasing security devices such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). When hackers conduct infiltration attacks on enterprises, they are usually intercepted by security devices in the enterprise network. By auditing the log records in the devices, administrators can clearly see the attacker's IP, attack time, attack target and other information. This greatly simplifies the work of network administrators. [0003] However, although most of the existing security products realize real-time traffic attack detection and interception, they do not correlate and analyze historical events or real-t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L63/1416
Inventor 林泽辉
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com