Attack chain obtaining method and system in network environment

A network environment and acquisition method technology, applied in the field of attack chain acquisition in the network environment, can solve problems such as difficult restoration, and achieve the effect of improving recognition

Inactive Publication Date: 2016-07-13
HARBIN ANTIY TECH
View PDF5 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to track down the identity of hackers faster, it is essential to detect network attack behavior, and threat detection is usually the detection of single-point rules, that is, only detect the threat events that meet a certain rule at any point in time and save them in the same way Threat events, viewing the detection results also lists the capture events at different time points of the same detection rule, so it is difficult to restore the entire attack chain from a single point of event

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack chain obtaining method and system in network environment
  • Attack chain obtaining method and system in network environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0031] The present invention provides an embodiment of a method for acquiring an attack chain in a network environment, such as figure 1 shown, including:

[0032] S101: Acquiring network data of a specified time period under the network environment;

[0033] S102: Detect data packets and data traffic in the acquired network data;

[0034] S103: Determine whether there is an attack event, if so, enter S104, if not, do not process;

[0035] S104: Locate the behavior object of the attack event, and acquire and save the sliding window associated with the behavior object and t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention brings forward an attack chain obtaining method and system in a network environment. According to a specified time period, network data is obtained, whether the obtained network data includes an attack event is detected, if the attack event is included, active window data associated with the attack event within a period before and after the time when the attack event takes place is obtained and stored at an attack end or a victim end, according to the active window data, an attack chain is obtained, furthermore, denoising processing is also performed on the obtained attack chain, a high-threat event attack chain is obtained, and according to an event taking place taking place at the earliest time in the attack chain, an attack source is traced back. The method and system provided by the invention make up for the technical defect of difficult restoration of an attack chain due to single-point detection frequently employed in conventional network threat detection technologies.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for acquiring an attack chain in a network environment. Background technique [0002] Driven by interests, the hacker team is growing and the attack methods are becoming more and more complex. This makes tracking hackers' attack chains and locking hackers an effective way to stop cybercrime from the source. In order to track down the identity of hackers faster, it is essential to detect network attack behavior, and threat detection is usually the detection of single-point rules, that is, only detect the threat events that meet a certain rule at any point in time and save them in the same way Threat events, viewing the detection results also lists events captured at different time points of the same detection rule, which makes it difficult to restore the entire attack chain from a single point of event. Contents of the invention [0003] Aiming at t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466H04L63/1483
Inventor 康学斌徐艺航肖新光
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap