Collapsed host computer detection method

A detection method and host technology, applied in the field of network security, can solve problems such as inability to prevent in advance, large losses, etc., and achieve the effect of ensuring long-term visibility and network security

Inactive Publication Date: 2018-12-07
SHANGHAI UNIV OF ENG SCI
View PDF4 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Utilizing the 0-day vulnerability of the system, it is impossible to prevent in advance, the target is clear, and the targeted attack will cause huge and irreparable losses.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Collapsed host computer detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] see figure 1 In order to better understand the technical solution of the present invention, the inventors of the present invention will describe in detail below through specific embodiments in conjunction with the accompanying drawings:

[0026] A kind of lost host detection method of the present invention comprises the following steps:

[0027] Log upload steps: Each border security probe device uploads the log data generated by the traffic between security domains, including application access logs, URL access logs, file transfer logs, and threat logs to the security cloud early warning platform. The role of border security probes is to continuously upload and summarize valuable log data to the security cloud early warning platform based on its own perception of user behavior and threat information in the network.

[0028] Data extraction steps: the security cloud early warning platform aggregates the log data reported by each border security probe device to the clou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a collapsed host computer detection method. The method comprises: a log upload step: boundary security probe equipment uploads log data including an application access log, a URL access log, a file transmission log and a threat log generated by the traffic between security domains to a security cloud early warning platform; a data extraction step: the security cloud early warning platform aggregates log data reported by the boundary security probe equipment to a cloud big data analysis engine, the cloud big data analysis engine mines the abnormal behaviors of a user whose host deviates from a normal baseline in a network, generates abnormal behavior data, and aggregates the threat log into threat information; and a data matching steps: the security cloud early warning platform performs matching collision on the threat information and the abnormal behaviors of the user whose host deviates from the normal baseline in the network through the cloud big data analysisengine, and predicts a suspected collapsed host computer.

Description

technical field [0001] The invention relates to a method for detecting a lost host in the field of network security. Background technique [0002] In the past, most attackers tended to have an "opportunistic" mentality when choosing attack targets, and would extensively scan targets with known vulnerabilities for infiltration in the form of "blossom everywhere". Theoretically speaking, if the protection strength of an enterprise exceeds the average level, it can obtain relative security. Systems with weak protection measures are often discovered and compromised by attackers before they are. [0003] Therefore, traditional network security focuses on "prevention", always follows the P2DR strategy, and establishes a protection-detection-response model, that is, first conducts a comprehensive assessment of the risks of the information system, and then formulates corresponding protection strategies, including: at key risk points Deploy access control devices, such as firewalls,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1433H04L63/1441
Inventor 李荣正孙玮泽袁鹏闫旭东陈学军戴国银
Owner SHANGHAI UNIV OF ENG SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap