Method and device for determining an attack surface of a terminal

Abstract

The invention discloses a method and equipment for determining attack surfaces of terminals. The method comprises the steps of acquiring checking and killing records of N terminals, wherein the checking and killing records are used for recording the checking and killing situations of the N terminals on a malicious sample group, and N is a positive integer; and determining an attack surface, attacked by the malicious sample group, of each terminal among the N terminals according to the checking and killing records, wherein the attack surface is used for characterizing the threatening degree of the malicious sample group on the terminal. The method and the equipment can solve the technical problem that a data determination method fitter to a personalized network environment of an enterprise lacks in malicious sample defense of the enterprise in the prior art so that more specific defensive measures are difficult to make. Provided is a data determination method capable of directly exposing the weak link attacked by malicious samples most easily.

Description

technical field [0001] The present invention relates to the field of Internet security, in particular to a method and equipment for determining an attack surface of a terminal. Background technique [0002] It is self-evident that malicious samples such as viruses are harmful to individual users. However, for enterprise users, the harm caused by malicious sample intrusion is more serious. It can not only lead to the paralysis of electronic equipment in the enterprise, but also affect the work efficiency of enterprise employees. It may also lead to the leakage of confidential business information or the loss of key documents, resulting in serious economic losses. [0003] In order to strengthen the enterprise's ability to defend and control malicious samples, the current prevention and control measures are mainly: analyze the data of the attack channel of malicious samples, and take measures according to the analysis results. For example, when the main attack channel of malic...

AI Technical Summary

Problems solved by technology

[0002] It is self-evident that malicious samples such as viruses are harmful to individual users. However, for enterprise users, the harm caused by malicious sample intrusion is more serious. It can not only lead to the paralysis of electronic equipment in the enterprise, but also affect the work efficiency of enterprise employees. It may also lead to the leakage of confidential business information or the loss of key documents, resulting in serious economic losses

[0003] In order to strengthen the enterprise's ability to defend and control malicious samples, the current prevention and control measures are mainly: analyze the data of the attack channel of malicious samples, and take measures according to the analysis results. For example, when the main attack channel of malicious samples is email, Restrict the use of mailboxes of internal personnel in the enterprise, or strengthen the monitoring of emails; when the main attack channel of malicious samples is the website, restrict the permission of employees to use the external network

[0004] However, due to the changeable and diverse attack channels of malicious samples, taking defensive measures by analyzing the attack channel data of malicious samples often limits the working conditions of employees, and does not conform to the personalized network environment of the enterprise. sex

[0005] It can be seen that the existing technology for the defense of malicious samples of enterprises lacks a data determination method that is more suitable for the personalized network environment of enterprises, making it difficult to formulate more targeted defense measures

Images