A network attack identification method and system

A network attack and identification method technology, which is applied in the field of network attack identification methods and systems, can solve the problem of high operation and maintenance processing costs, and achieve the effect of improving operation and maintenance efficiency

Active Publication Date: 2021-08-10
北京鸿享技术服务有限公司
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] What the present invention aims to solve is the problem of high operation and maintenance processing costs of the traditional network attack detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network attack identification method and system
  • A network attack identification method and system
  • A network attack identification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0147] This embodiment provides a network attack identification method, figure 1 is a schematic flowchart of the network attack identification method, and the network attack identification method includes:

[0148] Step S11, detecting whether the target host is under network attack;

[0149] Step S12, if the target host is subjected to the network attack, extracting features to be compared from the network data corresponding to the network attack;

[0150] Step S13, comparing the feature to be compared with more than one attack response rule, wherein the attack response rule is formed according to the first response data, and the first response data is used for the attacked host to successfully attack the request answer;

[0151] Step S14, if the feature to be compared matches the attack response rule, it is determined that the network attack is successful.

[0152] The target host may be a server providing various services, a personal computer capable of realizing specific...

Embodiment 2

[0191] This embodiment provides another method for identifying a network attack. Compared with the method for identifying a network attack provided in Embodiment 1, after comparing the features to be compared with more than one attack response rule, an alarm message may also be generated, Wherein, the alarm information includes the attack type of the network attack, whether the network attack is successful, and the attack action of the successful network attack. For example, when the target host is attacked by SQL injection but the attack is unsuccessful, the alarm information can be "under SQL injection attack, the attack is invalid"; when the target host is attacked by SQL injection and the attack is successful, the specific attack action It uses the floor() function to report an error injection, and the alarm information can be "under SQL injection attack, the attack is successful, and the floor() function reports an error injection".

[0192]Further, after the alarm inform...

Embodiment 3

[0195] Embodiment 2 adopts a warning method in which one network attack corresponds to one warning message, that is, a corresponding warning message is generated when a network attack is detected. However, isolated alarm information cannot accurately reflect the security status of the target host, and this kind of attack display cannot grasp the attack process as a whole. Therefore, this embodiment provides another network attack identification method. Compared with the network attack identification method provided in Embodiment 2, after the alarm information is generated, this embodiment further includes:

[0196] Add a corresponding attack chain label to the alarm information according to the alarm content of the alarm information, where the attack chain label is used to represent the attack stage of the network attack in the attack chain;

[0197] Count each attack chain label of the same attack event, and obtain the total number of network attacks, the number of successfu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack identification method and system. The network attack identification method includes: detecting whether a target host is under a network attack; if the target host is under the network attack, obtaining network data corresponding to the network attack from the network Extract the features to be compared from the data; compare the features to be compared with one or more attack response rules, wherein the attack response rules are formed according to the first response data, and the first response data is used for the attacked host to The response to the successful attack request; if the feature to be compared matches the attack response rule, it is determined that the network attack is successful. The network attack identification method and system provided by the present invention can accurately identify successful network attacks and provide effective network attack information for network managers.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network attack identification method and system. Background technique [0002] With the continuous development of computer technology and the continuous popularization of the Internet, there are endless forms of network attacks, network security issues are becoming more and more prominent, causing social impact and economic losses are increasing, and new requirements and challenges are put forward for network threat detection and defense. Abnormal network traffic is one of the major network security threats at present, and it is also a key object of network security monitoring. Quickly and accurately discovering abnormal network traffic, timely and accurately capturing, analyzing, tracking and monitoring malicious code can provide knowledge support for network security situation index assessment and immunization decision-making, thereby improving the overall response c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L63/1416H04L63/1425H04L63/1433
Inventor 蒋劭捷张鑫
Owner 北京鸿享技术服务有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap