Method and device for predicting network attack

A network attack and prediction method technology, applied in the field of network security, can solve the problems of inability to predict attacks and not distinguish between attack behavior and attack results

Active Publication Date: 2018-11-16
360 TECH GRP CO LTD
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] What the present invention aims to solve is the problem that the existing network attack detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for predicting network attack
  • Method and device for predicting network attack
  • Method and device for predicting network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0149] This embodiment provides a network attack prediction method, figure 1 It is a schematic flow diagram of the network attack prediction method, and the network attack prediction method includes:

[0150] Step S11: Determine more than one attack chain according to the published network attack events, and the attack chain includes more than two attack stages arranged in sequence;

[0151] Step S12: Determine the current attack stage according to the alarm content of the alarm information corresponding to the network attack currently suffered by the target host;

[0152] Step S13: Determine the attack stage that is adjacent to the current attack stage and located after the current attack stage in the one or more attack chains as the next attack stage.

[0153] Specifically, the attack chain refers to a series of cyclic processing processes from detection to destruction of the attacked host by the attacker, usually composed of several different attack stages, and each attack stage ach...

Embodiment 2

[0164] This embodiment provides another network attack prediction method. Compared with the network attack prediction method provided in Embodiment 1, this embodiment determines the current attack stage according to the alarm content of the alarm information corresponding to the network attack currently suffered by the target host. Before, the alarm information was also obtained. Figure 4 It is a schematic diagram of the process of obtaining the alarm information in this embodiment, and the obtaining the alarm information includes:

[0165] Step S41: Detect whether the target host is under the network attack and determine the attack type of the network attack;

[0166] Step S42, if the target host is attacked by the network, detect whether the network attack is successful and determine the attack action of the successful network attack;

[0167] Step S43: If the network attack is successful, the first alarm sub-information is generated, otherwise, the second alarm sub-information is...

Embodiment 3

[0211] This embodiment provides a network attack prediction system. The network attack prediction system includes: a first determination module configured to determine more than one attack chain according to a published network attack event, and the attack chain includes two or more in sequence The second determining module is used to determine the current attack stage according to the alarm content of the alarm information corresponding to the network attack currently suffered by the target host; the third determining module is used to compare the one or more attack chains with the current The attack stage adjacent to and located after the current attack stage is determined to be the next attack stage.

[0212] Further, the second determining module includes: a first determining unit, configured to determine an attack chain tag corresponding to the alarm information from a pre-established tag library according to the alarm content of the alarm information, wherein the tag Each a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for predicting a network attack, and the method comprises the steps: determining more than one attack chain according to a disclosed network attack event, wherein the attack chain comprises two or more attack stages arranged in sequence; determining a current attack stage according to the alarm content of the alarm information corresponding to a networkattack currently suffered by a target host computer; and determining the attack stage, which is adjacent to the current attack stage and is located after the current attack phase, in the attack chainsas the next attack stage. The method and device provided by the invention can predict the next attack stage, so as to predict the network attack behavior that an attacker is about to initiate, and toremind a defense party to timely repair the undetected network vulnerability.

Description

Technical field [0001] The invention relates to the technical field of network security, in particular to a network attack prediction method and device. Background technique [0002] With the continuous development of computer technology and the continuous popularization of the Internet, the forms of network attacks have emerged one after another, and network security issues have become increasingly prominent. The social impact and economic losses caused are increasing, and new requirements and challenges are put forward for network threat detection and defense. The study of cyber attacks cannot only start from the individual attacking, but also requires an overall understanding of the entire cyber attack process. [0003] However, most of the existing network attack detection focuses on summarization, classification of vulnerabilities and attack methods. For example, using the description method of the attack tree model, the tree is used to represent the association between attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0631H04L41/145H04L41/147H04L63/1416H04L63/1433H04L63/1441
Inventor 蒋劭捷张鑫
Owner 360 TECH GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap