Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A fingerprint database establishment method based on the characteristics of web attack tools

A technology for establishing methods and tools, applied in the field of network security, can solve problems such as the inability to block network attacks quickly, timely and effectively, block and dispose of, and complete intelligence collection work early or in advance, so as to improve monitoring. The effect of early warning and evidence collection capabilities and reducing hidden risks

Active Publication Date: 2021-11-16
STATE GRID INFORMATION & TELECOMM BRANCH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Generally, the handling of network attack behaviors is generally carried out after the attack characteristics, intercepted attacks or attack events have been discovered, and then effective handling is carried out. It is a passive protection and early warning. This processing method cannot be fast, timely and effective Blocking network attacks, there are still hidden dangers and risks such as being attacked, penetrated, and emergency delays
[0003] At present, practitioners related to network and information security can analyze network behavior through traffic and logs, discover attack behavior and attack events, and check the trigger time and event content of the event through source tracing. The intelligence collection of offensive network behaviors cannot be quickly blocked and disposed of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A fingerprint database establishment method based on the characteristics of web attack tools
  • A fingerprint database establishment method based on the characteristics of web attack tools
  • A fingerprint database establishment method based on the characteristics of web attack tools

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] The following combination figure 1 and figure 2 Embodiment 1 will be described.

[0030] Such as figure 1 As shown, the present embodiment provides a method for establishing a fingerprint library based on the characteristics of WEB attack tools, including:

[0031] Step 1. Set up the feature capture environment of WEB attack tools. The feature capture environment includes the WEB attack tool host and the feature capture target machine. Attack and / or scanning tools are running on the WEB attack tool host. Feature capture There is a traffic grabbing tool running on the target machine.

[0032] Specifically, the WEB attack tool host is mainly installed with mainstream WEB attack and scanning tools, such as: system-type BT5, kali, Parrot, BackBox and other web-scanning attack systems; scanning-type Nikto, WebInspect, Burpsuite, Acunetix Web Vulnerability Scanner (AWVS ), AppScan, NMAP, SQLMAP and other scanning attack applications;

[0033] Feature Capture The target ...

Embodiment 2

[0050] Such as image 3 As shown, the present embodiment provides a fingerprint library system based on the features of WEB attack tools, including: an environment building module 10, a feature capture module 20, and a fingerprint library building module 30;

[0051] The environment building module 10 is used to set up the feature capture environment of WEB attack tool, feature capture environment includes WEB attack tool host and feature capture target machine, attacking and / or scanning tools run on the WEB attack tool host, The traffic capture tool is running on the feature capture target machine;

[0052] Specifically, the WEB attack tool host is mainly installed with mainstream WEB attack and scanning tools, such as: system-type BT5, kali, Parrot, BackBox and other web-scanning attack systems; scanning-type Nikto, WebInspect, Burpsuite, Acunetix Web Vulnerability Scanner (AWVS ), AppScan, NMAP, SQLMAP and other scanning attack applications;

[0053] Feature Capture The t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This application discloses a method for establishing a fingerprint library based on the characteristics of WEB attack tools, including: step 1, building a feature capture environment for WEB attack tools, where the feature capture environment includes a WEB attack tool host and a feature capture target machine , there are attack and / or scanning tools running on the WEB attack tool host, and traffic grabbing tools are running on the feature capture target machine; Step 2, use the WEB attack tool host to perform packet capture analysis on the feature capture target machine, and determine The feature captures the feature information of the target machine, and the feature information includes the name of the tool framework of the attack and / or scanning tool; step 3, associate the feature information with the attack and / or scan tool, and establish a fingerprint database. Through the technical solution in this application, a practical and effective fingerprint database is established to realize the functions of automatic early warning and analysis and evidence collection before network attacks, reduce the work pressure of data analysis and security personnel, reduce the hidden dangers of the network, and improve monitoring and early warning Forensics capabilities.

Description

technical field [0001] This application relates to the technical field of network security, in particular, to a method for establishing a fingerprint library based on the characteristics of WEB attack tools, a fingerprint library system based on the characteristics of WEB attack tools, a network security server, and a computer readable storage media. Background technique [0002] Generally, the handling of network attack behaviors is generally carried out after the attack characteristics, intercepted attacks or attack events have been discovered, and then effective handling is carried out. It is a passive protection and early warning. This processing method cannot be fast, timely and effective As a result, there are still hidden dangers and risks such as being attacked, penetrated, and emergency delays. [0003] At present, practitioners related to network and information security can analyze network behavior through traffic and logs, discover attack behavior and attack eve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 尚智婕魏桂臣程杰许放李静庞进郭邯黄星杰
Owner STATE GRID INFORMATION & TELECOMM BRANCH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com