Breach host detection method, device and equipment and readable storage medium

A detection method and host technology, applied in the field of network security, can solve the problems of low accuracy of detection results, difficult perception of lost hosts, and strong concealment, so as to improve network security and reliability, solve problems, and improve comprehensiveness. Effect

Active Publication Date: 2020-02-21
杭州安恒信息安全技术有限公司
View PDF8 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the development of advanced viruses, it is often difficult to find rules and strong concealment for the compromised hosts to be controlled or initiate malicious behaviors, so that some compromised hosts are difficult to be perceived
[0003] The existing technology usually determines the compromised host based on known viruses or known malicious traffic, and the entire process only analyzes the single-dimensional data of the compromised host, which is somewhat one-sided, and there are missed and false positives, so the accuracy of the detection results low, may also lose the opportunity to detect and solve problems in advance, leading to larger-scale network security incidents

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Breach host detection method, device and equipment and readable storage medium
  • Breach host detection method, device and equipment and readable storage medium
  • Breach host detection method, device and equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0046] Existing technologies usually determine the compromised host based on known viruses or known malicious traffic, and the entire process only analyzes the single-dimensional data of the compromised host, which is somewhat one-sided, and there are omissions and misreporting events, so the accuracy of the detection results If it is low, it may also lose the opportunity to detect and solve problems in advance, leading to larger-scale network security incidents. For this reason, th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a breach host detection method, device and equipment and a readable storage medium. The method disclosed by the invention comprises the following steps: acquiring target information in network equipment, wherein the target information is a combination of at least two of process information, communication information, file information and login information; judging whether the target information is abnormal or not; and if yes, determining an abnormal behavior index of the network equipment according to the abnormal information, and if the abnormal behavior index is not smaller than a preset threshold, determining the network equipment as a breach host. The abnormal behavior index of the network equipment is analyzed based on the multi-dimensional information, the comprehensiveness and accuracy of the detection result are improved, the network equipment can be detected before becoming a breach host, occurrence of network security events on a larger scale can be avoided, and network security and reliability can be achieved. Correspondingly, the breach host detection device and equipment and the readable storage medium disclosed by the invention also have the above technical effects.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method, device, equipment and readable storage medium for detecting a compromised host. Background technique [0002] A compromised host refers to a host in the intranet that has been successfully invaded by an attacker and controlled remotely or has malicious behavior. With the development of advanced viruses, it is often difficult to find rules and strong concealment for the compromised hosts to be controlled or initiate malicious behaviors, so that some compromised hosts are difficult to be perceived. [0003] Existing technologies usually determine the compromised host based on known viruses or known malicious traffic, and the entire process only analyzes the single-dimensional data of the compromised host, which is somewhat one-sided, and there are omissions and misreporting events, so the accuracy of the detection results If it is low, it may also lose...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 李华生吴相东
Owner 杭州安恒信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap