Attack link based website backdoor use event identifying method

An identification method and website technology, applied in electrical components, transmission systems, etc., can solve the problems of inability to determine the attack stage, difficult to determine website intrusion events, and inability to attack correlation analysis, and achieve the effect of improving the ability of security response.

Active Publication Date: 2018-04-13
上海安恒智慧城市安全技术有限公司
View PDF6 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional IDS (Intrusion Detection Systems, Intrusion Detection System) products rely on signatures to detect attack behaviors, but they can only detect a single attack behavior, and cannot further correlate the attack to determine the impact of the attack
SOC (Security Operations Center, Security Management Center) product is a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack link based website backdoor use event identifying method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0021] The present invention will be further described in detail below in conjunction with embodiments, but the protection scope of the present invention is not limited thereto.

[0022] The invention relates to a method for identifying a website backdoor utilization event based on an attack chain. The method includes the following steps.

[0023] Step 1: Obtain the log data in the background and analyze it.

[0024] Step 2: If it is confirmed as an attack, discard the log data of normal access, keep the log involving the attack, and proceed to the next step; otherwise, return to step 1.

[0025] In the step 2, if a false alarm is found, the log data is directly discarded, and step 1 is returned.

[0026] Step 3: Identify the attack behavior and classify and merge the attack types at the same time to obtain the latitude and attack type of the IP carried by the attack behavior.

[0027] Step 4: Divide the attack behavior into several stages according to the IP latitude and attack type.

[...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an attack link based website backdoor use event identifying method. Background logs are analyzed. If attack behaviors are determined, normal access log data is abandoned and logs relating to the attack behaviors are kept. At the same time, the attack behaviors are identified and the attack types are classified and combined. Latitudes of IPs carried by the attack behaviorsand the attack types are acquired. The attack behaviors are divided into a plurality of phases. If the attack behaviors include at least three phases, whether the attack behaviors contain website backdoor access behaviors or not is detected. If the attack behaviors include at least three phases and the attack behaviors contain website backdoor access behaviors, website intrusion success is judgedand identification on the website backdoor use event and the server intrusion is implemented. According to the invention, judgment is made on influence caused by attack and complete intrusion analysisis formed. Attack behaviors from different sources are confirmed and classified and the original attack behavior validness is ensured. Further mining and attack chain analysis are performed, attack analysis difficulty is reduced and attack analysis efficiency is improved. Abnormal intrusion can be found quickly and safety response capability is improved.

Description

technical field [0001] The present invention relates to the transmission of digital information, such as the technical field of telegram communication, and in particular to an attack chain-based website backdoor utilization event identification method that can analyze the impact on intrusion events. Background technique [0002] Backdoor programs generally refer to program methods that bypass security controls to gain access to programs or systems. During the development phase of software, programmers often create backdoors in the software so that defects in the program design can be modified, but if these backdoors are known to others, or if the backdoors are not removed before the software is released, then it becomes a It is easy to be attacked by hackers as loopholes. [0003] Attacks can be detected. Traditional IDS (Intrusion Detection Systems, Intrusion Detection System) products rely on signatures to detect attack behaviors, but they can only detect a single attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441H04L63/30
Inventor 王辉范渊
Owner 上海安恒智慧城市安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap