Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, apparatus and device for network attack behaviors prediction, and storage medium

A network attack and behavior technology, applied in the field of network security, can solve the problems of inability to effectively ensure the security of network equipment, low identification efficiency, and inability to predict network attack behaviors, so as to avoid network attack behaviors, ensure security, and improve analysis and performance. The effect of recognition efficiency

Active Publication Date: 2019-02-15
NEUSOFT CORP
View PDF8 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Embodiments of the present invention provide a method, device, device, and storage medium for network attack behavior prediction, which are used to solve the problem that the network attack behavior recognition method in the prior art needs to select and re-select regular expressions before each recognition. Therefore, the identification efficiency is low, and the network attack behavior cannot be predicted, and the security of network equipment cannot be effectively guaranteed.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and device for network attack behaviors prediction, and storage medium
  • Method, apparatus and device for network attack behaviors prediction, and storage medium
  • Method, apparatus and device for network attack behaviors prediction, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 It is a flowchart of a method for network attack behavior prediction provided by Embodiment 1 of the present invention. The embodiment of the present invention aims at the network attack behavior recognition method in the existing technology, because the selection of the regular expression is performed before each recognition, so the recognition efficiency is low, and the network attack behavior cannot be predicted. The problem that the security of network equipment cannot be guaranteed effectively provides a method for predicting network attack behavior.

[0031] Such as figure 1 As shown, the specific steps of the method are as follows:

[0032] Step S101 , perform feature extraction and identification on the log to be processed according to the log parsing model, so as to obtain feature data and equipment information of the log to be processed.

[0033] In this embodiment, when it is necessary to detect the security of the network device, the log of the n...

Embodiment approach

[0049] A feasible implementation manner is: the aggregation condition is the generation time of the log, and among the pending logs whose generation time is within a preset time range, duplicate logs with the same characteristic data and device information are merged into one piece of data. Wherein, the preset time range may be set by technicians according to actual needs, which is not specifically limited in this embodiment. For example, the preset time range may be the latest 5 minutes.

[0050] Another feasible implementation mode is: the aggregation condition is the number of aggregation entries, and among the logs to be processed, the duplicate logs with the same characteristic data and the information of their devices that do not exceed the number of aggregation entries are merged into one piece of data. Wherein, the number of aggregated items can be set by technicians according to actual needs, which is not specifically limited in this embodiment. For example, the numb...

Embodiment 2

[0061] figure 2 It is a flow chart of a method for network attack behavior prediction provided by Embodiment 2 of the present invention. On the basis of the first embodiment above, in this embodiment, the characteristic data of the log to be processed includes the generation time, and predicts whether a network attack occurs according to the security event data and the attack prediction model, specifically including: The order of generation time is input into the attack prediction model, so that the attack prediction model can determine the probability of network attack behavior according to the correlation of multiple security event data; compare the probability of network attack behavior with the preset attack threshold; if it occurs If the probability of network attack behavior is greater than the preset attack threshold, the prediction result of network attack behavior will be output; if the probability of network attack behavior is less than or equal to the preset attack...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method, an apparatus and a device for network attack behaviors prediction, and a storage medium. The method provided by the embodiment of the invention comprises the following steps: performing feature extraction and identification for a to-be-processed log according to a log parsing model, thereby obtaining feature data of the to-be-processed log and information of the device to which the to-be-processed log; according to the feature data of the to-be-processed log and the information of the device to which the to-be-processed log, determining security event data; and according to the security event data and an attack prediction model, predicting whether network attack behaviors happen. Thus, parsing and identification efficiency for the log is improved, the network attack behaviors which are going to happen can be predicted before the network attack behaviors happen, a base is provided for effectively avoiding the network attack behaviors, and security of a network device can be guaranteed effectively.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a method, device, equipment and storage medium for network attack behavior prediction. Background technique [0002] Network security means that the hardware and software of the network system and the data in the system are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system runs continuously and reliably, and the network service is uninterrupted. [0003] Currently, it is possible to identify whether a network device is under network attack by analyzing the logs generated by the network device. Since logs are unstructured data, the format is not uniform, and there are many types of network devices, there is no unified log parsing format for different network devices. In the prior art, a regular expression matched with a log format is set through a regular matching algorithm to identify whether a network attack has...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 阎俊达
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products