Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, device and system for locating controlled host in intranet

An intranet host and intranet technology, applied in the field of network security, can solve problems such as poor compatibility, low efficiency, and poor real-time performance, and achieve the effects of good real-time performance, high processing efficiency, and large degrees of freedom

Active Publication Date: 2020-09-04
HUAWEI TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The embodiment of the present application provides a method, device and system for locating a controlled host in an intranet, which are used to solve the problems of low efficiency, poor real-time performance and problems existing in the method for locating a controlled host in an intranet provided by the prior art. The problem of poor compatibility

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for locating controlled host in intranet
  • Method, device and system for locating controlled host in intranet
  • Method, device and system for locating controlled host in intranet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the embodiments of the present application will be described below in conjunction with the accompanying drawings.

[0040] Before introducing and explaining the technical solution provided by this application, a brief introduction to "external network" and "intranet" is firstly made. The extranet is also called the public network, which refers to the wide area network, also known as the Internet (Internet). Intranet is also called a private network, which refers to a local area network. Compared with a wide area network, a local area network mainly refers to a small-scale computer interconnection network, such as the internal network established by governments, enterprises, government agencies, universities, shopping malls, and families. The external network and the internal network can use different address spaces. Generally speaking, the pack...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method, device and system for locating a controlled host in an intranet. The method includes: the detection device on the external network obtains the target domain name carried in the DNS request message sent by the internal network host to the DNS server in the external network and the identification replacement information of the internal network host; when the detection device detects that the target domain name is malicious domain name and the intranet host is a controlled intranet host, send a query request to the query device in the intranet, the query request includes the target domain name and the identity replacement information of the controlled intranet host; the query device The identification information of the internal network host is replaced by querying the mapping table to obtain the identification information of the controlled internal network host, and sending the identification information of the controlled internal network host to the detection device. On the premise of ensuring the security of the private data of the intranet, the present application realizes the rapid positioning and acquisition of the identification information of the controlled intranet host.

Description

technical field [0001] The embodiments of the present application relate to the technical field of network security, and in particular to a method, device and system for locating a controlled host in an intranet. Background technique [0002] Advanced Persistent Threat (APT) attack refers to an attack method in which some professional and organized hackers use advanced attack methods to carry out long-term persistent network attacks on specific targets. After the networks of some key institutions (such as governments, enterprises, agencies, etc.) are attacked by APT, the control hosts located on the external network can use command and control (Command and Control, C&C) instructions to the controlled hosts in the internal network (the following It is called "controlled intranet host") for control, such as controlling the controlled intranet host to update local files, detecting other hosts in the intranet, and so on. [0003] The C&C anomaly detection method based on domain...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0236H04L63/1466H04L61/4511
Inventor 杨延城王雨晨李鹏华
Owner HUAWEI TECH CO LTD