Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack behavior real-time tracking and analysis method for cyber range

An analysis method and real-time tracking technology, applied in electrical components, transmission systems, etc., can solve the problems of high false negative or false positive rate, inability to score, long time for matching judgment, etc. High efficiency and high accuracy

Inactive Publication Date: 2016-08-31
重庆洞见信息技术有限公司
View PDF1 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] First, the traditional intrusion detection technology relies heavily on the feature library or normal behavior library, which needs to be updated in time, and as time goes by, the data in the library will become larger and larger, and the matching judgment time will also be longer and longer , which greatly reduces the efficiency of intrusion detection;
[0011] Second, the traditional intrusion detection technology can only judge whether the intrusion behavior is yes or no, but cannot record or judge the attack process, nor can it score according to the entire process of the attack behavior;
[0012] Third, the traditional intrusion detection technology uses a mode that matches the relevant data of the event with the database, and the rate of false positives or false negatives is relatively high, which poses a severe challenge to the accuracy of the detection results.
[0013] Therefore, the traditional intrusion detection technology used in the network shooting range will not be able to track, analyze and score the intrusion behavior in real time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack behavior real-time tracking and analysis method for cyber range

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention will be further described below in conjunction with accompanying drawing:

[0033] Such as figure 1 As shown, the attack behavior real-time tracking analysis method for network shooting range described in the present invention comprises the following steps:

[0034] (1) Data collection 101: Collect the link layer, network layer, and application layer data of all users in the network shooting range, and convert them into syslog format;

[0035] (2) Data Analysis 102: Use the "Program Behavior Algorithm" to analyze the collected data, find out the relationship between these data, mine the aggressive behavior with mutual relationship, and judge whether it is an intrusion or the Intrusion behavior is the basis for the first few steps in the attack kill chain;

[0036] (3) Determine whether the attack is the first step in the attack kill chain, that is, whether it is the detection stage 103, if yes, determine that the attack has reached the first step...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attack behavior real-time tracking and analysis method for a cyber range. The method comprises the following steps: data are collected; the data are analyzed; whether an attack behavior is the first step for an attack kill chain is judged; whether the attack behavior is the second step for the attack kill chain is judged, and recording and scoring are carried out; whether the attack behavior is the third step for the attack kill chain is judged, and recording and scoring are carried out; whether the attack behavior is the fourth step for the attack kill chain is judged, and recording and scoring are carried out; whether the attack behavior is the fifth step for the attack kill chain is judged, and recording and scoring are carried out; whether the attack behavior is the sixth step for the attack kill chain is judged, and recording and scoring are carried out; and whether the attack behavior is the seventh step for the attack kill chain is judged, and recording and scoring are carried out, the attack is blocked or recording and scoring are carried out, and the process is over. Thus, the efficiency for judging whether to be the attack behavior is high, the attack behavior process can be tracked, and the accuracy for judging whether to be the attack behavior is high.

Description

technical field [0001] The invention relates to an intrusion detection technology of a network shooting range, in particular to a real-time tracking and analysis method for an attack behavior of a network shooting range. Background technique [0002] The importance of information security has been raised to the level of national strategy. In China's informatization development strategy, "building a credible, manageable, and controllable cyberspace" has been included in the overall goal of information security development. China has established the National Security Commission to improve the national security system and national security strategy to ensure national security. For this reason, it is a very urgent task and requirement at the current national security strategy level to strive to cultivate information security professionals and become the main guarantee of the national security strategy. [0003] In addition to mastering a large amount of theoretical knowledge, i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1416H04L63/1441
Inventor 赵象元
Owner 重庆洞见信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com