Internal threat real-time detection method based on agent

A technology of real-time detection and detection system, applied in the field of information system security, can solve problems such as difficulty in guaranteeing practicability, improve agility and reliability, enhance intelligence and adaptive ability, and facilitate real-time detection and operational intervention. Effect

Inactive Publication Date: 2017-07-25
王振辉
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In these studies, without exception, prior knowledge of malicious internal users is the premise. Only by fully mastering the knowledge of internal attackers can it be possible to detect resource abuse. However, in practical applications, before successful detection Obtaining the attacker's prior knowledge is a difficult problem, so the practicality of these methods is difficult to guarantee

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Internal threat real-time detection method based on agent
  • Internal threat real-time detection method based on agent
  • Internal threat real-time detection method based on agent

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The specific embodiment of the present invention is described below:

[0026] The specific design idea of ​​the present invention is, before the user accesses the business data on the database server mainframe, the identity and authority of the user are judged by the Agent agent program, and only the user who has passed the authentication can access the data; During the process, the Agent agent monitors the user's behavior in real time and records the user's behavior in the log file; The processing part is signed, so that the user's modification of the business data is non-repudiable.

[0027] system structure

[0028] Logical structure:

[0029] The logical structure of the Agent agent program is divided into three layers: the first layer is the interface between the detection system and the customer business host, which realizes the communication and data collection with the client; the second layer is the collection of internal security modules of the detection sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an internal threat real-time detection method based on an agent, belongs to the technical field of information system security and aims at ensuring the internal network data security through adoption of a detection assembly based on an agent technology. The internal threat real-time detection method based on the agents comprises the specific steps that a client agent program is installed, before a user accesses service data on a database server host, the agent program judges an identity and authority of the user, and only the user passing through authentication can access data; in a process of processing licensed service data by the user, the agent program monitors behaviors of the user in real time and records the behaviors of the user in a log file; and after the user finishes processing the licensed service data, the agent program calls a corresponding signing mechanism according to a demand of the user to sign a part processed the user, so the modification of the user for the service data has non-repudiation.

Description

technical field [0001] The invention specifically relates to an Agent-based real-time detection method for internal threats, which belongs to the technical field of information system security. Background technique [0002] Among the various security threats faced by information systems, although the number of internal threats is far less than that of external attacks, the losses and harms caused are greater. In recent years, the WikiLeaks incident has once again aroused widespread attention from all walks of life to the issue of insider threats. The endless incidents of insider threats have made this topic enduring. Because internal employees know better than external personnel which data is worth stealing and which data is not valuable after being stolen. Moreover, internal malicious operations are more likely to be ignored by enterprise organizations. Therefore, the internal threat problem has gradually become the focus of research by security experts at home and abroad...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0876H04L63/0884H04L63/10H04L63/1416H04L63/1425H04L63/1433H04L63/20
Inventor 王振辉王振铎
Owner 王振辉
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap