Anti-attack method based on threat intelligence

An anti-attack and intelligence technology, applied in the field of anti-attack based on threat intelligence, can solve the problems of high hysteresis, low efficiency, false negatives, etc., and achieve the effect of low false positive rate, reduced server traffic, and low cost.

Active Publication Date: 2019-07-02
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention solves the immeasurable threat to customers caused by long-term and persistent IP attacks in the prior art. Traditional web security protection mainly blocks IP access behaviors in real time by identifying these attack types, and there are false positives and delays. The problem of high degree and low efficiency provides an optimized threat intelligence-based attack defense method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-attack method based on threat intelligence
  • Anti-attack method based on threat intelligence
  • Anti-attack method based on threat intelligence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0025] The present invention relates to an attack prevention method based on threat intelligence. The main principle is: regularly obtain high-level threat IPs, and distribute them to each HAProxy server node, establish high-level threat IP tables through ipset and iptables, and use iptables to detect high-level threat IPs in real time. IP access behavior is blocked, and the blocking log is sent to the ElasticSearch platform, so as to achieve the function of blocking IP at the source of the network layer; in simple terms, the methods include obtaining advanced threat IP, issuing advanced threat IP, updating and blocking IP, There are 5 parts: data return and blocking attack source.

[0026] The high-level threat IP refers to the IP that appears in the scanning IP database and attacking IP database f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an anti-attack method based on threat intelligence. An HAProxy server obtains a high-level threat IP from an ElasticSearch platform, if the access frequency of the updated advanced threat IP to the HAProxy server exceeds a threshold value, network layer blocking is performed, an access log is not recorded, otherwise, the access behavior of the client is recorded in the network layer, an access log marked is generated based on any access behavior of updating the advanced threat IP, the access log is analyzed and fed back to the node of the corresponding HAProxy server.The invention discloses a distributed synchronization advanced threat IP. The method has the advantages that the advanced threat IP is directly blocked on the network layer from the source, the accessflow of the client is reduced, the protection effect is achieved, the flow of the server is reduced, the function of directly blocking the malicious IP is achieved, the flow occupied by unnecessary data packets in the network is avoided, and the method is high in accuracy, low in false alarm rate and low in cost.

Description

technical field [0001] The present invention relates to the transmission of digital information, such as the technical field of telegram communication, and in particular to an attack defense method based on threat intelligence. Background technique [0002] With the rapid development and increasing attention in the field of computer security, the term "threat intelligence" has rapidly emerged in this field, which is evidence-based knowledge about existing or potential threats to IT and information assets, including situations, mechanisms , indicators, inferences and feasible suggestions. These knowledge can provide decision-making basis for threat response. Therefore, many security companies are providing threat intelligence services, and the security emergency response centers of many enterprises have also begun to receive threat intelligence, and the proportion of business is gradually increasing. The purpose of helping enterprises judge the current development status and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1441H04L63/1466
Inventor 唐其彪范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap