Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for detecting network attacks based on threat intelligence

A network attack and intelligence technology, applied in the field of network security, can solve the problems of high performance consumption of network security equipment and large data volume of threat intelligence offline database, and achieve the effect of small size, less bandwidth occupation, and reduced matching pressure

Active Publication Date: 2021-07-13
武汉思普崚技术有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a method and device for detecting network attacks based on threat intelligence to solve the problem of excessive consumption of network security equipment performance caused by the large amount of data in the offline threat intelligence database in the existing detection methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting network attacks based on threat intelligence
  • A method and device for detecting network attacks based on threat intelligence
  • A method and device for detecting network attacks based on threat intelligence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] In order to solve the problem of excessive consumption of network security equipment performance due to the large amount of data in the threat intelligence offline library in the existing detection methods, this application provides a method and device for detecting network attacks based on threat intelligence.

[0063] see figure 1 , figure 1 A work flow diagram of a method for detecting network attacks based on threat intelligence provided by the embodiment of the present application. The embodiment of the present application is applied to network security devices, and includes the following steps:

[0064] Step 101 , obtaining a threat intelligence collision library delivered from the cloud, the threat intelligence collision library is a collection of first mapping results obtained after the threat intelligence keyword information in the threat intelligence is calculated by a first mapping algorithm.

[0065] In the embodiment of this application, the network securi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides a method and device for detecting network attacks based on threat intelligence. In the method, the threat intelligence collision library is a collection of first mapping results calculated by the first mapping algorithm for threat intelligence keyword information. Compared with the existing Technically speaking, when a network security device detects whether network traffic is threatening traffic, it first matches the information to be detected in the network traffic with the threat intelligence collision library, and after determining that the network traffic corresponding to the information to be detected is the threat traffic generated by a network attack , upload the information to be detected to the cloud, and the cloud will query the details of threats corresponding to the information to be detected. The information to be detected is matched with the threat intelligence collision library, that is, it is judged whether the information to be detected matches the first mapping result. Since the keyword information of the threat intelligence is calculated by the first mapping algorithm, the first mapping result is relatively small in size. Compared with the prior art, the matching pressure of network security equipment is reduced.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for detecting network attacks based on threat intelligence. Background technique [0002] With the increasing complexity and diversification of network attacks, the security of traditional network security devices (such as firewalls, intrusion prevention systems, and anti-virus software, etc.) is constantly being challenged. In order to achieve the purpose of the attack, attackers of network attacks will constantly change the existing network attack methods, while traditional network security devices may not be able to detect the ever-changing network attacks through the detection methods of malicious program signatures or attack technical reports. [0003] In order to detect ever-changing network attacks, existing technologies provide a method for detecting network attacks using threat intelligence. In this method, the cloud collects a larg...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/2455
Inventor 韩阳
Owner 武汉思普崚技术有限公司