Network attack target prediction method based on neighbor similarity

A technology of neighbor similarity and network attack, applied in the field of network security, can solve problems such as restricting administrators' response strategies, attack target prediction, and insufficient prediction results, and achieve the effect of improving security

Active Publication Date: 2017-02-22
ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY +1
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the threat prediction methods mentioned in these literatures are all for predicting and analyzing attack behaviors, and do not predict further attack targets, so the prediction results obtained are not perfect, which limits the administrator to make better response strategies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack target prediction method based on neighbor similarity
  • Network attack target prediction method based on neighbor similarity
  • Network attack target prediction method based on neighbor similarity

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The technical solution of the present invention will be described in further detail below in conjunction with the examples. The following examples are implemented on the premise of the technical solutions of the present invention, and detailed implementation methods and processes are given, but the protection scope of the present invention is not limited to the following examples.

[0033]In order to better understand the method proposed in this embodiment, five hosts H1, H2, H3, H4, H5, and H6 under a network installed with an intrusion detection device are selected. Among them, H1 has a trust relationship with H3, H5, and H6, and H2 has a trust relationship with H1, H3, and H6, as shown in the table below. H4, H2, and H1 are the three hosts involved in a complete attack, and their connection relationship diagram is shown in the host relationship diagram ( figure 2 ) shown.

[0034] attack path H4->H2->H1 trust relationship H2->H1,H3,H6 trust...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack target prediction method based on neighbor similarity. In the existing threat prediction methods, prediction and analysis are performed based on attack behaviors, and an attack target is not further predicted. The technical scheme adopted in the invention is as follows: firstly, preprocessing a safety event, performing normalization processing, and removing redundancy and misinformation; then matching the preprocessed safety event with a pre-defined rule library, performing correlation analysis, and reconstructing an attack scene; and finally calculating the similarity of a host address, an open port and an operating system of the attack target with these attributes of a neighbor host, and predicting the next step network attack target. The network attack target prediction method disclosed by the invention provides reference for an administrator to prepare handling strategies, achieves a prediction function of network attacks and improves the overall safety of the network.

Description

technical field [0001] The invention belongs to the field of network security, in particular to a network attack target prediction method based on the similarity of neighbors. Background technique [0002] Security products deployed in the existing network environment, such as firewalls and intrusion detection systems, help administrators identify network attacks and understand network security status from different perspectives. However, when these products are deployed on the network, a series of new problems are introduced, such as: multi-source security products have different log semantics and expressions; a large number of security alarms prevent administrators from identifying real attacks, and so on. Many researchers conduct alarm correlation analysis by constructing attack models, and correlate alarms through a pre-defined rule base, thereby mining potential threat intelligence and controlling the overall security situation. However, this method can only grasp the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433
Inventor 卢新岱戴桦孙歆李沁园韩嘉佳李景周辉姚影
Owner ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap