Captured host automatic judgment method and device, electronic equipment and memory medium

An automatic determination and host technology, applied in the field of network security, can solve the problem of not being able to automatically determine whether the host has been compromised, and achieve the effect of reducing losses and saving human resources.

Active Publication Date: 2019-04-12
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF13 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Embodiments of the present invention provide a method, device, electronic device and storage medium for automatically determining whether a host

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Captured host automatic judgment method and device, electronic equipment and memory medium
  • Captured host automatic judgment method and device, electronic equipment and memory medium
  • Captured host automatic judgment method and device, electronic equipment and memory medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.

[0023] For the convenience of understanding, the nouns involved in the embodiments of the present invention are explained below:

[0024] Assets are network devices used in an organization's internal network, such as servers, network devices, personal computers, etc.

[0025] Host refers to network devices, including but not limited to the following types: servers, mobile terminals, notebooks, and gateways.

[0026] A zombie host refers to a computer device infected with a bot virus and controlled by a hacker program. It can launch a denial of service (DoS) attack or send spam at any time according to the hacker's command and control (C&C, command and control)...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security and discloses a captured host automatic judgment method and device, electronic equipment and a memory medium. The method comprises thesteps of generating security incidents according to logs output by security equipment, wherein the security incidents are incidents which describe activities of attackers, and the security incidents comprise destination IP addresses and attack phases; aggregating the security incidents with the same destination IP address, and obtaining attack chains of hosts corresponding to the destination IP address according to the attack phases of the aggregated security incidents; searching the security incidents of which source IP addresses are the IP addresses of the hosts, and correcting the attack chains according to the searched security incidents; and judging whether the hosts are captured or not according to the corrected attack chains. According to the technical scheme provided by the embodiment of the invention, a function of automatically judging whether the hosts are captured or not is realized, the problem that judgment of whether the hosts are captured or not must depend on a safetyengineer is solved, the captured hosts are alarmed timely, and losses resulting from the fact that the hosts are captured are reduced.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method, device, electronic equipment and storage medium for automatically judging a compromised host. Background technique [0002] When the security device monitors network activities, it will generate a large number of logs, but for ordinary users who have network status monitoring, these logs have a huge amount of data and unclear meanings, and cannot intuitively tell users what happened. Therefore, most of the methods for judging whether a host has been compromised are manually judged by security engineers, which requires human resources and has high requirements for the professionalism of human resources, and there is also the possibility of serious losses if the judgment is not timely. Contents of the invention [0003] Embodiments of the present invention provide a method, device, electronic device and storage medium for automatically determining whether a hos...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/06H04L41/069H04L63/1416H04L63/1425
Inventor 陈军吴浪胡启明潘登
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap