Warning association method and device

An attacker and behavior technology, applied in the field of data security, can solve problems such as being unfavorable to discover the attacker's attack intention

Active Publication Date: 2017-06-30
CHINA MOBILE COMM GRP CO LTD
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

This patented system uses advanced techniques like analyzing network traffic data or detecting attacks on computer networks by collecting specific types of alarms that can be used for analysis purposes. These systems use this collected feature vector(s) along with previous patterns about these events to create new models called threat model (TMM). By comparing them against existing ones, it becomes possible to identify potential security risks based upon their impact level.

Problems solved by technology

Technological Problem addressed in this patents relates to improving the efficiency and accuracy of associating alaracters or suspicious activity patterns onto URLs during denialofings campaigns like Honeypass® attacks. Current solutions involve analyzing logs collected over time and manually grouping these events together. These techniques cannot efficiently associate them without previous knowledge about specific threat types being attacked.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Warning association method and device
  • Warning association method and device
  • Warning association method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, the following will describe in detail with reference to specific embodiments and accompanying drawings.

[0077] The embodiment of the present invention provides an alarm association method and device, which solves the problem that WAF alarms only focus on a single attack behavior, and cannot combine multiple scattered but logically related fine-grained attack behaviors into a coarse-grained attack process, thereby It is not conducive to discovering the real attack intention of the attacker.

[0078] Such as figure 1 As shown, the alarm correlation method in the embodiment of the present invention includes:

[0079] Step 11: According to the application firewall WAF alarm log, get the attack behavior information.

[0080] Here, the attack behavior information may specifically include: domain name information of the attacked, attack time informatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a warning association method and device. The problems that the real attack intention of an attacker cannot be easily discovered since the existing network attack frequently combines multiple tools and methods to implement multistep attack in a certain time and space span, but the WAF warning only aims at the single attack behavior is solved. The method comprises the following steps: obtaining attack behavior information according to a WAF warning log of an application firewall; acquiring attack mode information of the attacker according to the attack behavior information, wherein the attack mode information comprises attack type information corresponding to each attack behavior in an attack process of the attacker; associating the different attackers according to the similarity between the attack mode information of different attackers. By use of the warning association method provided by the invention, multiple disperse fine-grained attack behaviors in a logic relation are combined as a coarse-grained attack process, thereby providing basis and convenience for eliminating redundant warning, reappearing an attack scene, analyzing the attack intention of the attacker and other related works.

Description

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Owner CHINA MOBILE COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap