Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network attack identification method and system

A network attack and identification method technology, applied in the field of network attack identification method and system, can solve the problem of high operation and maintenance processing costs

Active Publication Date: 2018-10-19
360 TECH GRP CO LTD
View PDF10 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] What the present invention aims to solve is the problem of high operation and maintenance processing costs of the traditional network attack detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack identification method and system
  • Network attack identification method and system
  • Network attack identification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0147] This embodiment provides a network attack identification method, figure 1 is a schematic flowchart of the network attack identification method, and the network attack identification method includes:

[0148] Step S11, detecting whether the target host is under network attack;

[0149] Step S12, if the target host is subjected to the network attack, extracting features to be compared from the network data corresponding to the network attack;

[0150] Step S13, comparing the feature to be compared with more than one attack response rule, wherein the attack response rule is formed according to the first response data, and the first response data is used for the attacked host to successfully attack the request answer;

[0151] Step S14, if the feature to be compared matches the attack response rule, it is determined that the network attack is successful.

[0152] The target host may be a server providing various services, a personal computer capable of realizing specific...

Embodiment 2

[0191] This embodiment provides another method for identifying a network attack. Compared with the method for identifying a network attack provided in Embodiment 1, after comparing the features to be compared with more than one attack response rule, an alarm message may also be generated, Wherein, the alarm information includes the attack type of the network attack, whether the network attack is successful, and the attack action of the successful network attack. For example, when the target host is attacked by SQL injection but the attack is unsuccessful, the alarm information can be "under SQL injection attack, the attack is invalid"; when the target host is attacked by SQL injection and the attack is successful, the specific attack action It uses the floor() function to report an error injection, and the alarm information can be "under SQL injection attack, the attack is successful, and the floor() function reports an error injection".

[0192]Further, after the alarm inform...

Embodiment 3

[0195] Embodiment 2 adopts a warning method in which one network attack corresponds to one warning message, that is, a corresponding warning message is generated when a network attack is detected. However, isolated alarm information cannot accurately reflect the security status of the target host, and this kind of attack display cannot grasp the attack process as a whole. Therefore, this embodiment provides another network attack identification method. Compared with the network attack identification method provided in Embodiment 2, after the alarm information is generated, this embodiment further includes:

[0196] Add a corresponding attack chain label to the alarm information according to the alarm content of the alarm information, where the attack chain label is used to represent the attack stage of the network attack in the attack chain;

[0197] Count each attack chain label of the same attack event, and obtain the total number of network attacks, the number of successfu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network attack identification method and system. The network attack identification method comprises the steps of detecting whether a target host bears a network attack or not; extracting a to-be-compared feature from network data corresponding to the network attack if the target host bears the network attack; comparing the to-be-compared feature with more than one attackresponse rules, wherein the attack response rules are formed according to first response data, and the first response data is used for an attacked host to respond to a successful attack request; and judging that the network attack is successful if the to-be-compared feature matches the attack response rule. According to the network attack identification method and system provided by the invention,the successful network attack can be precisely identified, and the effective network attack information is provided for a network manager.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network attack identification method and system. Background technique [0002] With the continuous development of computer technology and the continuous popularization of the Internet, there are endless forms of network attacks, network security issues are becoming more and more prominent, causing social impact and economic losses are increasing, and new requirements and challenges are put forward for network threat detection and defense. Abnormal network traffic is one of the major network security threats at present, and it is also a key object of network security monitoring. Quickly and accurately discovering abnormal network traffic, timely and accurately capturing, analyzing, tracking and monitoring malicious code can provide knowledge support for network security situation index assessment and immunization decision-making, thereby improving the overall response c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L63/1416H04L63/1425H04L63/1433
Inventor 蒋劭捷张鑫
Owner 360 TECH GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products