Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof

An attack detection and attacker technology, applied in the field of network security, can solve the problems of lack of response means, error consistent output, increase of defense cost, etc., to achieve the effect of reducing defense cost, ensuring robustness, and improving mimic defense efficiency

Active Publication Date: 2017-02-15
THE PLA INFORMATION ENG UNIV
View PDF2 Cites 69 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the effectiveness of the mimic defense mechanism, the defender can tolerate the existence of vulnerabilities in the execution body, and does not need to frequently patch the vulnerabilities in the heterogeneous execution body, which leads to the existence of vulnerabilities, that is, the threat of zero-day attacks continues to exist, especially for those Critical bug that could lead to incorrectly consistent output
Although the continuous switching of the online heterogeneous redundant executive body set in the mimic defense mechanism can block the attacker and confuse the attacker's next move, the attacker who may have obtained the internal information of the mimic defense system can still rely on some of the vulnerabilities he has mastered. Information launches repeated attacks on the mimic defense system, or even coordinated attacks among attackers, which will lead to frequent abnormal output and executive switching, which will greatly increase the defense cost and lead to the de facto loss of meta-functions. It is slightly passive to zero-day attacks and lacks the means to further respond to attacks. At the same time, the simple principle of majority unanimous voting may also lead to the occurrence of majority consensus error output of non-meta functions, which will bring serious errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof
  • Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof
  • Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Embodiment one, see figure 1As shown, a zero-day attack detection, analysis and response system based on the mimic defense architecture includes an input agent unit, a zero-day attack detection unit, a dynamic online execution body set, a voting and meta-function inspection unit, a dynamic scheduling and management unit, Execution body pool, exception statistics and analysis unit, among which,

[0038] The input proxy unit conducts a preliminary inspection of the request data packet, including: processing the request data packet according to the requirements of the intrusion response, and dynamically changing the network attributes and configuration at the same time;

[0039] The zero-day attack detection unit detects, analyzes and abnormally judges the input request data according to the zero-day attack database;

[0040] Dynamic online execution body collection, including honeypot execution body and M heterogeneous execution bodies, M heterogeneous execution bodies i...

Embodiment 2

[0047] Embodiment 2 is basically the same as Embodiment 1, the difference is that it also includes a vulnerability discovery and repair unit, which analyzes the attacker’s attack process according to the abnormal statistical analysis results, digs out the cause of the abnormal output, and feeds back the found zero-day attack Go to the dynamic scheduling and management unit, and repair the related execution bodies in the execution body pool.

[0048] As mentioned above, the meta-function inspection checks whether the output of the executive body conforms to its design function, checks and blocks the output of non-meta-functions; the honeypot type executive body intentionally leaks the information of the executive body to lure attackers to attack it, At the same time, the detected abnormal input is analyzed to obtain attacker information.

Embodiment 3

[0049] Embodiment three, see Figure 1~2 As shown, a zero-day attack detection, analysis and response method based on the zero-day attack detection, analysis and response system based on the mimic defense architecture described in Embodiment 1 includes the following steps:

[0050] Step 1. Perform a preliminary inspection of the data packet on the input request of the input agent, including: perform preliminary processing on the input request according to the intrusion response requirements, and dynamically change network attributes and configurations at the same time;

[0051] Step 2. The input request is detected according to the zero-day attack database. If there is data in the input request that conforms to the rules in the zero-day attack database, it is determined that the input request is an abnormal input, and abnormal processing is performed on it, and other input requests are treated as Normal input, assigning normal input to all the execution bodies of the dynamic o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a mimicry defense architecture based zero-day attack detection, analysis and response system and a method thereof. The method comprises the steps of performing attack detection and processing on the input, cheating and inducing an attacker through honeypot type executing bodies, and performing meta-function inspection on the output of each executing body; performing statistical analysis on abnormal output by combining abnormal information, updating a zero-day attack database, feeding back an analysis result to an intrusion response module, and preventing persistent attacks of the attacker; performing dynamic adjustment and management on an online executing body by combining voting conditions, executing body dispatching, the executing body with abnormal output and the like, and selecting executing bodies from an executing body resource pool to get into a dynamic online executing body set; and analyzing a zero-day vulnerability in the executing body with abnormal output according to an anomaly statistical analysis result, and repairing the related executing bodies in the executing body pool. According to the invention, functions and the flexibility of mimicry defense architecture are enhanced, values of the abnormal output are sufficiently utilized, and the threat and the defense cost of zero-day attacks are reduced.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a zero-day attack detection, analysis and response system and method based on a mimic defense framework. Background technique [0002] With the continuous updating of network technology, the problem of network security is becoming more and more serious. Because it is impossible to be 100% error-free in the coding process of operating systems or applications, the ubiquitous zero-day attacks have become an urgent and severe challenge to the security of information systems. Attacks launched by attackers against certain vulnerabilities in various operating systems and application software that are not known to developers or not patched in time are often extremely destructive, and are becoming a disaster for most enterprises and seriously endangering national security. Today, profit-driven attackers are creating specialized and sophisticated malware designed to e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1433H04L63/1441
Inventor 刘文彦邬江兴季新生陈福才扈红超程国振霍树民齐超杨超张淼
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap