Method, device and system for capturing network attack behavior, equipment and medium

A network attack and behavioral technology, applied in the network field, can solve the problems that relational databases are not suitable for query and analysis, and achieve the effects of increasing availability, reducing IO consumption, and solving downtime

Inactive Publication Date: 2019-05-28
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] To store the collected data, the traditional relational database is not suitable for query analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for capturing network attack behavior, equipment and medium
  • Method, device and system for capturing network attack behavior, equipment and medium
  • Method, device and system for capturing network attack behavior, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] An embodiment of the present invention provides a method for capturing network attack behavior, such as figure 1 As shown, the method includes:

[0050] S101, transmitting the proxy log of at least one honeypot proxy server to the distributed cluster;

[0051] S102. Transmitting the proxy log to a search server for distributed full-text retrieval through the distributed cluster for storage;

[0052] S103, capturing and analyzing network attack behaviors on the proxy logs stored in the search server.

[0053] Among them, the proxy log is used to access the data source of the honeypot proxy server; for example, the IP of the host computer accessing the honeypot proxy server, HTTP request header, response header, POST content, resources and parameters of URL requests, etc. Distributed clusters can be Kafka clusters. Network attack behaviors may include web crawler behaviors and credential stuffing behaviors.

[0054]Web crawler: This is a kind of "friendly" behavior. I...

Embodiment 2

[0083] An embodiment of the present invention provides a device for capturing network attack behavior, such as image 3 As shown, the device is a device embodiment corresponding to Embodiment 1, which includes:

[0084] The log transmission module 10 is used to transmit the proxy log of at least one honeypot proxy server to the distributed cluster;

[0085] A log storage module 12, configured to transmit the proxy log to a search server for distributed full-text retrieval through the distributed cluster for storage;

[0086] The behavior analysis module 14 is configured to capture and analyze network attack behaviors on the proxy logs stored in the search server.

[0087] In some embodiments, the device may also include:

[0088] The proxy management module is used to manage the operation of the honeypot proxy service of each honeypot proxy server through the supervisor of the server proxy service program.

[0089] Wherein, the agent management module is specifically used t...

Embodiment 3

[0099] An embodiment of the present invention provides a proxy honeypot system, which includes at least one honeypot proxy server, a distributed cluster, a search server for distributed full-text search, and the capturing device according to claim 9 .

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, device and system for capturing network attack behavior, equipment and a medium. The capturing method comprises the following steps: transmitting an agent log of at least one honeypot agent server to a distributed cluster; Transmitting the agent log to a search server for distributed full-text retrieval for storage through the distributed cluster; And capturing and analyzing the network attack behavior of the agent log stored in the search server. The problem of downtime of the honeypot proxy server is effectively solved, IO consumption is effectively reduced,and the availability of the honeypot proxy server is effectively improved.

Description

technical field [0001] The present invention relates to the field of network technology, in particular to a method, device, system, equipment and medium for capturing network attack behavior. Background technique [0002] The common behaviors of crawlers and credential stuffing are very frequent, and it is easy to trigger the ban based on IP (Internet Protocol Address, Internet Protocol address). Therefore, attackers need to use some public and private proxies to complete their attacks. The Web (World Wide Web, Global Wide Area Network) proxy honeypot is to lure the "attacker" to carry out attacks through the honeypot by setting up a Web proxy server in the network, thereby capturing network traffic, analyzing its behavior, and helping the defender Carry out targeted defense against attacks. [0003] At present, the Web proxy honeypot system has the following defects, and the Web proxy honeypot can also be briefly described as a proxy honeypot: [0004] The server is prone...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
Inventor 吴昀灿
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap