Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack source IP portrait generation method and device based on network attack behavior

A network attack and attack source technology, applied in the field of network security, can solve problems such as limited access to attack source information and inability to understand attack source IP

Active Publication Date: 2018-11-23
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF8 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the purpose of the present invention is to provide a method and device for generating IP portraits of attack sources based on network attack behaviors, so as to solve the problem in the prior art that the attack source information of network attack behaviors is obtained in a limited way, and it is impossible to analyze network attack behaviors. The technical issue of effectively understanding the attack source IP

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack source IP portrait generation method and device based on network attack behavior
  • Attack source IP portrait generation method and device based on network attack behavior
  • Attack source IP portrait generation method and device based on network attack behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] An embodiment of the present invention provides a method for generating an attack source IP portrait based on network attack behavior, such asfigure 1 As shown, the method includes:

[0052] S11: Determine the target attack source.

[0053] S12: Extract all data recording target attack sources from the network security alarm database to obtain target alarm data.

[0054] In this step, the network security alarm database includes alarm data of multiple attack sources. The alarm data may be an alarm log and / or an alarm record.

[0055] S13: Obtain the attack attribute information of the target attack source based on the target alarm data statistics.

[0056] S14: Generate an IP profile of the target attack source according to the attack attribute information.

[0057] In this embodiment, the "image" of malicious IP addresses in the network space can be realized by using the network security alarm database to count the attack attribute information of the target attack s...

Embodiment 2

[0059] An embodiment of the present invention provides a method for generating an attack source IP portrait based on network attack behavior, such as figure 2 As shown, the method includes:

[0060] S21: Obtain network security alarm information from multiple servers, extract IP addresses of attack sources from the network security alarm information, and generate an IP address list based on the IP addresses.

[0061] As a preferred solution, the network security alarm information is alarm logs and records related to network security. In this step, the attack source IP address is extracted from the network security alarm information, and an IP address object list is generated.

[0062] S22: Determine the target attack source based on the IP address list.

[0063] It should be noted that the IP address list includes IP addresses of several attack sources. In this step, the target attack source is determined from the IP address list, and of course, the IP objects can also be ...

Embodiment 3

[0085] An attack source IP portrait generation device based on network attack behavior provided by an embodiment of the present invention, such as image 3 As shown, the attack source IP profile generation device 3 based on network attack behavior includes: a determination module 31 , an extraction module 32 , an acquisition module 33 and a generation module 34 .

[0086] Preferably, the determination module is used to determine the target attack source. The extracting module is used to extract all data recording target attack sources from the network security alarm database to obtain target alarm data, wherein the network security alarm database includes alarm data of multiple attack sources.

[0087] As a preferred solution, the acquisition module is used to obtain the attack attribute information of the target attack source based on statistics of the target alarm data. The generation module is used to generate the IP portrait of the target attack source according to the at...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an attack source IP portrait generation method and device based on a network attack behavior, and relates to the field of network security technology. The attack source IP portrait generation method based on a network attack behavior comprises: determining a target attack source; extracting all data recording the target attack source from a network security alarm database toobtain target alarm data, wherein the network security alarm database comprises alarm data of multiple attack sources; obtaining attack attribute information of the target attack source based on statistics on the target alarm data; generating an IP portrait of the target attack source according to the attack attribute information. The method and the device solve the technical problems that the existing attack source information acquisition method for a network attack behaviors in the prior art is limited and cannot effectively understand the attack source IP of the network attack behavior.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a method and device for generating an attack source IP portrait based on network attack behavior. Background technique [0002] Network attack refers to the attack on the hardware, software and data in the network system by using the loopholes and security flaws in the network. [0003] At present, the methods of network attack mainly include: password intrusion, Trojan horse, email, node attack, network monitoring, network deception, hacking software, security holes, port scanning and many other types. [0004] The existing methods of obtaining information on the attack source of network attacks are limited, and it is impossible to effectively understand that the attack source IP of network attacks is the address IP of your computer in the network. Contents of the invention [0005] In view of this, the object of the present invention is to provide a method a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/145H04L2463/146
Inventor 王世晋范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com