Threat alarm generation method and device based on systematic attacks

A system and data technology, applied in the field of network security, can solve problems such as unproposed solutions, and achieve the effect of reducing repeated alarms and reducing the amount of alarms

Inactive Publication Date: 2020-01-10
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, because advanced persistent attacks will attack multiple times for a long time, a large number of attack alarms will be generated for the same network attack behavior
[0004] For the above problems, no effective solution has been proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat alarm generation method and device based on systematic attacks
  • Threat alarm generation method and device based on systematic attacks
  • Threat alarm generation method and device based on systematic attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] According to an embodiment of the present invention, an embodiment of a method for generating a threat warning based on a systematic attack is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be implemented in a computer system such as a set of computer-executable instructions and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0037] figure 1 is a flow chart of a method for generating a threat warning based on a systematic attack according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:

[0038] Step S102, acquiring log data of the network to be detected, wherein the log data is used to characterize the attack behavior of the network to be detected, and the log data includes at least one of the following: detection log data of secur...

Embodiment 2

[0067] The present invention also provides a threat warning generation device based on a systematic attack, which is used to execute the method for generating a threat warning based on a systematic attack provided by the above-mentioned content of the embodiment of the present invention. A detailed introduction to the threat alarm generation device for systematic attacks.

[0068] Such as image 3 As shown, the above-mentioned threat warning generation device based on systematic attack includes: an acquisition unit 10 , a processing unit 20 , a merging unit 30 , a judging unit 40 and an execution unit 50 .

[0069] The acquiring unit 10 is configured to acquire log data of the network to be detected, wherein the log data is used to characterize the attack behavior of the network to be detected, and the log data includes at least one of the following: Detection log data, performance log data, fault log data, EDR log data, NDR log data;

[0070] The processing unit 20 is confi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a threat alarm generation method and device based on systematic attacks, and relates to the technical field of network security, and the method comprises the steps: obtaining log data of a to-be-detected network; performing data processing on the log data to obtain standardized log data; merging the standardized log data based on the attribute information of the standardizedlog data to obtain an initial event; judging whether the historical alarm contains a target event or not; and if it is judged that the historical alarm contains the target event, merging the event tothe target event, thereby solving the technical problem that a large number of attack alarms can be generated for advanced sustainable attacks in the prior art.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for generating threat alarms based on systematic attacks. Background technique [0002] When cyberspace becomes a part of national security, all countries are actively preparing for cyberwar attacks and defenses for political and economic interests. Some organizations or groups use advanced attack methods to carry out long-term continuous network attacks on specific targets in order to achieve the purpose of stealing core information. [0003] However, because advanced persistent attacks will attack multiple times for a long time, a large number of attack alarms will be generated for the same network attack behavior. [0004] For the above problems, no effective solution has been proposed yet. Contents of the invention [0005] In view of this, the purpose of the present invention is to provide a method and device for generating threat alarms base...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0604H04L41/069H04L63/1425H04L63/1441
Inventor 汪霞范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap