Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Host-oriented suspicious network connection identification method

A network connection and identification method technology, which is applied in the field of suspicious network connection identification, and can solve problems such as false positives

Inactive Publication Date: 2017-08-18
CHINA ELECTRONICS STANDARDIZATION INST
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, many APT attack detection methods use malicious code detection, that is, to detect APT attacks by detecting the spread of malicious code in APT attacks. However, many APT attacks use methods such as social engineering to implant Trojan horses. Detection of code propagation can lead to false negatives
[0004] Although APT attacks have no obvious attack characteristics, we have found through research on existing APT attacks that an APT attack often Causes a lot of suspicious network connections

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0016] A host-oriented suspicious network connection identification method, which uses the characteristics of various types of abnormal network connections during the attack process of an APT attack, and these suspicious network connections and normal network connections related to the normal business of the host have different feature, by using the clustering method, it is easy to distinguish suspicious network connections related to APT attacks from normal network connections related to normal business of the host, so as to detect various suspicious network connections related to APT attacks and lay a solid foundation for subsequent APT attacks. The continuous tracking provided an important breakthrough.

[0017] A host-oriented suspicious network connection identification method includes the following steps:

[0018] A) determining each network connection feature used to realize network connection type clustering, and constructing a network connection multidimensional space...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a host-oriented suspicious network connection identification method. The host-oriented suspicious network connection identification method comprises the steps of: (A), determining various network connection characteristics used for realizing network connection type clustering, and constructing a multi-dimensional space based on the network connection characteristics, so that each network connection is mapped into one point in the multi-dimensional space; and (B), collecting all in and out network flow of an appointed host within a unit time period, mapping all network connections in the flows to the points in the multi-dimensional space constructed in the step (A) one by one, clustering the mapped points to obtain multiple sub-types composed of the points corresponding to the network connections, and judging that all the network connections corresponding to the sub-types, the point number of which is less than the appointed threshold value, as suspicious network connections. By means of the host-oriented suspicious network connection identification method disclosed by the invention, the suspicious network connections are continuously tracked, so that detection and continuous tracking of all kinds of APT attacks can be realized.

Description

technical field [0001] The invention belongs to the field of methods for identifying abnormal network traffic, and in particular relates to a host-oriented method for identifying suspicious network connections. Background technique [0002] At present, APT (Advanced Persistent Threat) attack has become an important attack method that seriously threatens the security of information systems. It has the characteristics of rapid changes and no obvious attack characteristics. Attackers can use it to steal and tamper with information systems. and destruction purposes. The detection of APT attacks is a current difficulty. [0003] At present, many APT attack detection methods use malicious code detection, that is, to detect APT attacks by detecting the spread of malicious code in APT attacks. Detection of code propagation can lead to false negatives. [0004] Although APT attacks have no obvious attack characteristics, we found through research on existing APT attacks that an AP...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441H04L63/30
Inventor 叶润国刘贤刚范科峰蔡磊胡影任泽君
Owner CHINA ELECTRONICS STANDARDIZATION INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com