Intrusion response measure determination method and device

A technology for determining methods and measures, applied in the field of determining methods and devices for intrusion response measures, can solve the problems that response measures are difficult to meet the needs of multiple attack paths, ignore mutual influence, and increase the possibility of success, so as to avoid double counting, Improve overall security utility and optimal response

Inactive Publication Date: 2019-09-13
INST OF INFORMATION ENG CAS
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method ignores the fact that the attacker may achieve the intrusion of the target through multiple attack paths, thereby increasing the probability of success
[0003] Since a single response measure is difficult to meet the needs of responding to multiple attack paths, we need to select a reaso...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion response measure determination method and device
  • Intrusion response measure determination method and device
  • Intrusion response measure determination method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0015] The current production method of multi-path intrusion response measures responds to attacks by selecting the optimal response measures for each path independently, and this method ignores the mutual influence between the response measures of multiple attack paths. To solve this problem, an embodiment of the present invention provides a meth...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides an intrusion response measure determination method and device, and the method comprises the steps: determining one or more attack paths according to each nodein an attack tree and a node relationship; determining the security utility of candidate response measures which can be used for blocking the attack path; based on multiple iterations of a greedy algorithm, selecting candidate response measures with the maximum security effectiveness for each attack path to form a measure set so as to realize intrusion prevention; wherein in each iteration process, the candidate response measure with the maximum safety effect is selected from the candidate response measures of the attack path to be blocked, the response measure selected this time serves as a deployed measure, and the safety effects of the candidate response measures of the remaining attack path to be blocked are recalculated and used for next iteration selection. According to the method, the overall security effectiveness when a plurality of attack paths are coped can be improved to the maximum extent, and the optimal coping for multi-path attacks is realized.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and device for determining an intrusion response measure. Background technique [0002] Network attack techniques are becoming more and more complex and diverse, making it possible for attackers to use multiple paths to invade targets. For example, to steal data, attackers can use both SQL injection attacks and man-in-the-middle attacks. Therefore, it is extremely important to design a suitable Intrusion Response System (IRS) to deal with complex attacks. Since countermeasures will bring both positive effects (such as improving safety performance) and negative effects (such as service quality degradation), how to choose response measures is very important. Traditional intrusion response measures dynamically identify optimal response measures by weighing attack loss and response cost. However, this method ignores the fact that the attacker may achi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1441
Inventor 李凤华李勇俊郭云川杨正坤房梁冷斯远
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products