Collaborative defense method based on IOC intelligent extraction and sharing

Abstract

The invention provides a collaborative defense method based on IOC intelligent extraction and sharing. The collaborative defense method comprises the following steps: S1) an IOC extraction and uploading module on a single detection device uploads extracted latest IOC data to an IOC acquisition and filtering module of a cloud IOC information center module; S2) the IOC acquisition and filtering module of the cloud IOC information center module allows the latest IOC data to match the existing IOC in the cloud IOC information center module, updates or newly adds a shared distribution IOC information library, and notifies the IOC to change data to an IOC shared distribution module of the cloud IOC information center module; S3) the IOC synchronization module of the single detection device synchronizes the latest IOC from the IOC shared distribution module of the cloud IOC intelligence center; and S4) the IOC detection module of the single detection device performs matching detection on thenetwork behavior according to the IOC to generate an alarm. According to the invention, a collaborative defense system with higher detection capability and less resource consumption can be formed.

Description

technical field [0001] The invention relates to an IOC intelligent extraction and sharing method, in particular to a collaborative defense method based on IOC intelligent extraction and sharing. Background technique [0002] Network attacks tend to be professionalized and industrialized, and intrusion methods are becoming more diverse and complex. New network attack methods and unknown threats make the defense system gradually adopt detection methods such as deep machine learning and behavior analysis. [0003] Whether it is deep machine learning or behavior analysis detection, compared with the traditional detection method based on known rules, it will consume more hardware resources. On the same single detection device, it will be reflected in poorer detection performance. At the same time, due to various reasons such as untimely maintenance, unsmooth upgrade of new and old versions, and different hardware specifications on different single detection devices of the same ty...

AI Technical Summary

Problems solved by technology

[0005] Whether it is deep machine learning or behavior analysis and detection, because it involves a large number of calculations such as classification and clustering, it requires high hardware resources; and in order to discover and capture more abnormal behaviors, it is necessary to correlate various network or system behaviors in a long period of time. Analysis, there are characteristics of relatively low detection performance and efficiency

[0006] At the same time, on different individual detection devices of the same type, due to various reasons such as untimely maintenance, inability to upgrade the new and old versions smoothly, and different hardware specifications, there are widespread problems of inconsistent versions and detection strategies, and great differences in detection capabilities. All detection capabilities of a single detection device come from the computing power of the device itself. The detection capabilities of old versions and old devices are weak, and there are problems of high false negative rate or easy bypassing

Images