Attack detection method and system based on threat intelligence and electronic equipment

An attack detection and intelligence technology, applied in the field of network security, which can solve the problems of long detection time and poor accuracy

Active Publication Date: 2018-03-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the purpose of the present invention is to provide an attack detection method, system and electronic equipment based on threat intelligence, so as to alleviate the problems of long detection time and poor detection accuracy when the existing attack detection method detects new threat attacks. technical problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack detection method and system based on threat intelligence and electronic equipment
  • Attack detection method and system based on threat intelligence and electronic equipment
  • Attack detection method and system based on threat intelligence and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] An attack detection method based on threat intelligence, refer to figure 1 , the method includes:

[0046] S102. Obtain a threat intelligence database, which includes multiple pieces of threat intelligence information obtained in real time, and the threat intelligence information is used to represent the attack threat of the attacker attacking the attacked;

[0047] In the embodiment of the present invention, the method is executed by a graph data engine in the cloud. The graph data engine in the cloud obtains multiple threat intelligence information in real time, and the multiple threat intelligence information is sent by multiple local map data engines in real time. Multiple local map data engines are installed on multiple user terminals. The user terminal can be a local common user terminal or a third-party terminal, such as a specific terminal of some companies. In this way, the map data engine in the cloud can not only Obtaining threat intelligence information of...

Embodiment 2

[0085] The embodiment of the present invention also provides an attack detection system based on threat intelligence, refer to Figure 4 , the system consists of:

[0086] The acquiring module 20 is configured to acquire a threat intelligence database, the threat intelligence database includes a plurality of threat intelligence information acquired in real time, and the threat intelligence information is used to represent the attack threat of the attacker attacking the attacked;

[0087] The processing module 21 is configured to process a plurality of threat intelligence information in the threat intelligence library to obtain a plurality of association graphs, and the association graph is used to represent the association relationship between the attacker and the attacked;

[0088] The sending module 22 is used to determine the target correlation graph corresponding to the target local map data engine in multiple correlation graphs, and send the target correlation graph to th...

Embodiment 3

[0106] An embodiment of the present invention provides an electronic device, referring to Figure 5 , the electronic device includes: a processor 30, a memory 31, a bus 32 and a communication interface 33, the processor 30, the communication interface 33 and the memory 31 are connected through the bus 32; the processor 30 is used to execute the executable module stored in the memory 31, For example a computer program. The processor implements the steps of the methods described in the method embodiments when the processor executes the program.

[0107] Wherein, the memory 31 may include a high-speed random access memory (RAM, Random Access Memory), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication connection between the system network element and at least one other network element is realized through at least one communication interface 33 (which may be wired or wireless), and the Internet, wide area network, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an attack detection method and system based on threat intelligence and electronic equipment. The method includes the steps of obtaining a threat intelligence library; processingmultiple pieces of threat intelligence information in the threat intelligence library to obtain multiple association diagrams; in the association diagrams, determining a target association diagram corresponding to a target local image data engine, and sending the target association diagram to the target local image data engine to enable the target local image data engine to detect new attack threats according to the target association diagram. According to the method, the threat intelligence information in the image data engine of a cloud terminal is updated in real time, the correspondinglyobtained association diagrams are more comprehensive, the corresponding target association diagram can be sent to the target local image data engine to achieve the effects that when the target local image data engine detects the new attack threats according to the target association diagram, the detection efficiency and the accuracy are high. The technical problems can be solved that when existingdetection methods are used for detecting new threat attacks, the detection time is long, and the detection accuracy is poor.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to an attack detection method, system and electronic equipment based on threat intelligence. Background technique [0002] With the rapid development of the Internet, every aspect of life is inseparable from Internet technology. However, with the development of the Internet, network attacks have gradually become a potential huge problem, so network security has attracted more and more attention. At present, there are many tools to resist network attacks on the market, such as firewalls, network shields, network bodyguards, security guards, etc., which can protect network security to a certain extent. [0003] However, the current common network attack defense tools mainly passively detect malicious scripts and illegal data access based on preset interception rules. As time accumulates, the number and complexity of preset interception rules will increase, and new T...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30
CPCG06F16/951H04L63/1416H04L63/302
Inventor 董铃捷范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap