Fingerprint database establishing method based on WEB attack tool characteristic

A technology for establishing methods and tools, applied in the field of network security, can solve problems such as inability to block and dispose of, inability to block network attacks quickly, timely and effectively, and inability to complete intelligence collection work early or in advance, so as to reduce hidden dangers. Risks and the effect of enhancing forensic capabilities

Active Publication Date: 2020-01-31
STATE GRID INFORMATION & TELECOMM BRANCH
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Generally, the handling of network attack behaviors is generally carried out after the attack characteristics, intercepted attacks or attack events have been discovered, and then effective handling is carried out. It is a passive protection and early warning. This processing method cannot be fast, timely and effective Blocking network attacks, there are still hidden dangers and risks such as being attacked, penetrated, and emergency delays
[0003] At present, practitioners related to network and information security can analyze network behavior through traffic and logs, discover attack behavior and attack events, and check the trigger time and event content of the event through source tracing. The intelligence collection of offensive network behaviors cannot be quickly blocked and disposed of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fingerprint database establishing method based on WEB attack tool characteristic
  • Fingerprint database establishing method based on WEB attack tool characteristic
  • Fingerprint database establishing method based on WEB attack tool characteristic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] The following combination figure 1 with figure 2 Embodiment 1 will be described.

[0030] Such as figure 1 As shown, the present embodiment provides a method for establishing a fingerprint library based on the characteristics of WEB attack tools, including:

[0031] Step 1. Set up the feature capture environment of WEB attack tools. The feature capture environment includes the WEB attack tool host and the feature capture target machine. Attack and / or scanning tools are running on the WEB attack tool host. Feature capture There is a traffic grabbing tool running on the target machine.

[0032] Specifically, the WEB attack tool host is mainly installed with mainstream WEB attack and scanning tools, such as: system-type BT5, kali, Parrot, BackBox and other web-scanning attack systems; scanning-type Nikto, WebInspect, Burpsuite, Acunetix Web Vulnerability Scanner (AWVS ), AppScan, NMAP, SQLMAP and other scanning attack applications;

[0033] Feature Capture The target...

Embodiment 2

[0050] Such as image 3 As shown, the present embodiment provides a fingerprint library system based on the features of WEB attack tools, including: an environment building module 10, a feature capture module 20, and a fingerprint library building module 30;

[0051] The environment building module 10 is used to set up the feature capture environment of WEB attack tool, feature capture environment includes WEB attack tool host and feature capture target machine, attacking and / or scanning tools run on the WEB attack tool host, The traffic capture tool is running on the feature capture target machine;

[0052] Specifically, the WEB attack tool host is mainly installed with mainstream WEB attack and scanning tools, such as: system-type BT5, kali, Parrot, BackBox and other web-scanning attack systems; scanning-type Nikto, WebInspect, Burpsuite, Acunetix Web Vulnerability Scanner (AWVS ), AppScan, NMAP, SQLMAP and other scanning attack applications;

[0053] Feature Capture The t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fingerprint database establishment method based on WEB attack tool characteristics. The method comprises: 1, establishing a feature capturing environment of WEB attack toolsand instruments, the feature capturing environment comprising a WEB attack tool and instrument host and a feature capturing target machine, attack and/or scanning tools and instruments running on theWEB attack tool and instrument host, and a flow capturing tool running on the feature capturing target machine; 2, using a WEB attack tool host for carrying out packet capture analysis on the featurecapture target drone, determining feature information of the feature capture target drone, and the feature information comprising a tool frame name of an attack and/or scanning tool; and 3, associating the feature information with an attack and/or scanning tool, and establishing a fingerprint library. According to the technical scheme, a practical and effective fingerprint database is established,so that the functions of automatic early warning, analysis and evidence collection before network attacks are realized, the working pressure of data analysis and safety personnel is reduced, the hidden danger risk of the network is reduced, and the monitoring, early warning and evidence collection capabilities are improved.

Description

technical field [0001] This application relates to the technical field of network security, in particular, to a method for establishing a fingerprint library based on the characteristics of WEB attack tools, a fingerprint library system based on the characteristics of WEB attack tools, a network security server, and a computer readable storage media. Background technique [0002] Generally, the handling of network attack behaviors is generally carried out after the attack characteristics, intercepted attacks or attack events have been discovered, and then effective handling is carried out. It is a passive protection and early warning. This processing method cannot be fast, timely and effective As a result, there are still hidden dangers and risks such as being attacked, penetrated, and emergency delays. [0003] At present, practitioners related to network and information security can analyze network behavior through traffic and logs, discover attack behavior and attack eve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 尚智婕魏桂臣程杰许放李静庞进郭邯黄星杰
Owner STATE GRID INFORMATION & TELECOMM BRANCH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap