A method for locating intrusion infected areas based on computer timing dependent network

A technology for computers and computer objects, applied in computer security devices, computing, instruments, etc., can solve problems such as information dependency explosion, information dependency false positives, and difficulty in locating intrusion sources, achieving high accuracy and applicability. Effect

Active Publication Date: 2017-12-12
XI AN JIAOTONG UNIV
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In reality, due to the explosion of information dependencies caused by the complexity of information flow in the computer, it is very difficult to accurately locate the source of intrusion.
In addition, even with byte-level fine-grained information flow tracking technology, it is difficult to establish accurate information dependencies. For example, technologies related to dynamic taint analysis may miss some information dependencies due to the problem of "taint bleaching". Pollution" problem will cause false positives of information dependencies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for locating intrusion infected areas based on computer timing dependent network
  • A method for locating intrusion infected areas based on computer timing dependent network
  • A method for locating intrusion infected areas based on computer timing dependent network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] Below in conjunction with specific embodiment and appended Figures 1 to 4 The present invention is further described:

[0039] In one embodiment, such as figure 1 As shown: the present invention discloses a method for locating an intrusion infection area based on computer timing dependent network, and the method includes the following steps:

[0040]S100. Construct a timing dependent network of some objects;

[0041] The time series dependency network of the object is constructed based on the access records of all processes in the computer system to be analyzed;

[0042] The computer system to be analyzed includes: a computer system that was infected by an attacker's intrusion at a certain point in the past and has not detected part of the infected objects until the current moment;

[0043] S200. According to the known infected objects, prune the object time-series dependent network, and extract the object time-series dependent sub-network related to the intrusion i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an invading infection region positioning method based on a computer time sequence dependence network. The method includes the steps of constructing the complete object time sequence dependence network according to an access record, collected in a computer system, of all processes to computer objects; pruning the complete time sequence dependence network, and extracting an object time sequence dependence sub-network related to invading; constructing a Bayesian network according to the object time sequence dependence sub-network; carrying out probabilistic reasoning through the Bayesian network, calculating and quantizing the possibility that other unknown objects in the system suffer from invading infection, and obtaining an invading infection region of the computer system. The method has the advantages that the time-information-combined object dependence network is constructed, and the time sequence dependence relation among the objects and the characteristic that the object infection state is changed along with the time change can be more accurately described; a probabilistic reasoning method is provided for positioning the invading infection region.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method for locating an intrusion infection area based on a computer timing dependent network. Background technique [0002] With the advancement of social informatization, the application of computers has penetrated into all aspects of people's lives. However, the subsequent computer-related security problems also seriously affect people's production and life. Although there are endless security protection measures for computer systems, computer systems are still inevitably invaded and destroyed by attackers. Therefore, after the computer system is invaded and destroyed, it is very important to quickly and accurately locate the infected area of ​​the intrusion. At the same time, this also provides an important basis for intrusion recovery and system vulnerability repair. [0003] Most of the existing methods and technologies are based on causal analysis, which establishes the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 蔡忠闽杨渊
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap