An attack path reconstruction method based on similarity computation

A similarity calculation and attack path technology, applied in complex mathematical operations, platform integrity maintenance, file system types, etc., can solve the problems of insufficient real-time processing of network threats and backward analysis methods

Inactive Publication Date: 2019-02-05
STATE GRID HUNAN ELECTRIC POWER +2
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In order to solve the technical problem of insufficient real-time processing of network threats due to the relatively backward analysis methods for network attacks in complex situations, the present invention provides an attack path reconstruction method based on similarity calculation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An attack path reconstruction method based on similarity computation
  • An attack path reconstruction method based on similarity computation
  • An attack path reconstruction method based on similarity computation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] see Figure 1-Figure 4 , the present invention comprises the following steps:

[0042] Step 1, build an attack path reconstruction system including log collection subsystem, log fusion subsystem and attack path reconstruction subsystem;

[0043] Step 2, start the attack path reconstruction system;

[0044] Step 3, the log collection subsystem collects network logs, host logs and application program logs; then judges whether there is an attack alarm in the log records according to feature matching, and stores the attack alarm in the attack alarm queue AA. The log collection subsystem includes a log collection client and a log collection server. The log collection client collects network logs, host logs, and application logs to the log collection server through the syslog protocol; the log server judges whether there is an attack alarm in the log records based on the feature matching method, and stores the attack alarm in the attack alarm In queue AA.

[0045] In this...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack path reconstruction method based on similarity calculation, the invention forms an attack event by integrating multiple attacks in an attack event, Then by forming amultiple attack steps into an attack path, the originally complex network attack process is clarified and organized effectively, which helps to accurately detect the attack behavior, track the attacksource and find the weak links of the network system.

Description

technical field [0001] The invention relates to an attack path reconstruction method based on similarity calculation. Background technique [0002] With the rapid development of Web technology, network attacks are increasing day by day. Cyber ​​attacks pose a great threat to national security and social order. Network security situational analysis reflects current situational threats by detecting attack alerts from different security devices. Threat situation analysis must consider the following two questions. In the first case, a single attack in multiple logging devices can result in a large number of repeated attack alerts. The second is that cyber attacks are becoming more and more complex. Attack behavior can include multiple attack steps, and each attack step can generate alarms on different devices. In order to accurately detect attack behaviors, track attack sources, and discover weak links in network systems, it is necessary to integrate attack alerts and recons...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F16/18G06F17/16
CPCG06F17/16G06F21/55
Inventor 田建伟朱宏宇乔宏田峥黎曦刘洁
Owner STATE GRID HUNAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products