Threat alarm method, device and equipment via target perception

A target and target host technology, applied in the field of network security, can solve the problems of not knowing the security-related information of the protected host, not knowing the protected host, misjudgment and omission, etc., to achieve easy implementation and use, reduce the number of alarms, and improve effect of effectiveness

Inactive Publication Date: 2019-04-05
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method also has obvious shortcomings. In addition to the tediousness of manually entering information, some users actually do not know the security-related information of the protected hosts, or even how many protected hosts there are. The protected host and its security-related information often change dynamically. If it is not updated synchronously in time, it is easy to cause misjudgment and omission of threat alarms.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat alarm method, device and equipment via target perception
  • Threat alarm method, device and equipment via target perception
  • Threat alarm method, device and equipment via target perception

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] The embodiment of the present invention provides a method for threat alarm through target perception, such as figure 2 shown, including:

[0060] Step S201: preset attack target information;

[0061] Attack detection devices or systems are usually preset with a large number of known threat fingerprints to discover attack events. For each threat, there is usually descriptive text information, such as threat name, detailed description, risk level, target system, workarounds and more. However, these text messages only help users recognize threats and guide defense measures, and have no technical significance for detection itself.

[0062] The preset attack-targeted information is to reorganize the applicable environment and target for each threat, and define and solidify it with a program-identifiable information structure, so that this information can be used for attack detection. The preset attack targeting information and the preset threat fingerprint feature are up...

Embodiment 2

[0121] The implementation of the present invention provides a device for threat alarm through target perception, such as Figure 8 shown, including:

[0122] Presetting module 801: used to preset attack target information;

[0123] Perception module 802: used to perform target perception on the received data message, so as to obtain security-related information of the target host;

[0124] Comparison module 803: used to compare the preset attack target information with the security-related information, so as to determine whether to issue a threat alarm.

[0125] As a specific implementation of the present invention, as Figure 9 As shown, the preset module 801 includes:

[0126] Information acquisition module 901: used to acquire the applicable environment of the threat and information on the target;

[0127] Definition module 902: used to define and solidify the applicable environment and target-targeted information in an identifiable information structure, so as to obtai...

Embodiment 3

[0153] An embodiment of the present invention provides an electronic device, the electronic device includes: a memory, a processor, and a computer program stored on the memory and executable on the processor, the computer program being executed by the processor When executed, the method steps of Embodiment 1 are implemented.

[0154] The processor may be a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU), or a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or configured form one or more integrated circuits implementing embodiments of the invention. Wherein, the memory is used for storing executable instructions of the processor; the memory is used for storing program codes and transmitting the program codes to the processor. The memory may include volatile memory (Volatile Memory), such as random access memory (Random Access Memory,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a threat alarm method, device and equipment via target perception. The method comprises that information aimed at attack is preset; target perception is carried out on a received data message, and security related information of a target host is obtained; and the preset attacked aimed information is compared with the security related information to determine whether to raise threat alarm. The preset attack aimed information is used to senses target threats in the network environment, the attack aimed information is compared with the security related information of target perception, and whether threat alarm is raised is determined according to a comparison result; and thus, alarm is reduced, threat alarm is more effective, possible omission is avoided, a user needsnot to log in the security related information of the protected host manually, instead, possible change of the security related information of the target host is adapted to automatically, and the method is easy to enforce and use and more practical.

Description

technical field [0001] The present invention relates to the field of network security, and in particular, to a method, device and device for threat alarming through target perception. Background technique [0002] Traditional attack detection devices or systems receive network data packets in real time, parse and analyze their data protocols, and compare the data content with the internal preset known threat fingerprints to detect attack events and alarm. Although this method has the characteristics of real-time detection and precise matching, and seems to have a high attack detection accuracy, it does not actually solve the problem of the effectiveness of threat alarms that users are really concerned about. For example, the attack detection device or system detects and alarms an attack event against host A. The event does exist in the network data packet requesting the service of host A, and it is found after accurate matching. For the attack detection device or system, it ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441
Inventor 刘彤武军强
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap