Network attack display method and device

Abstract

The invention discloses a network attack display method and device, and the method comprises the steps: obtaining event basic information of a security alarm event, wherein the event basic informationcomprises the address of an event generation place, the address of an attack source, and the address of an attack target; according to the event basic information, determining an attack path from theattack source to the attack target through an event occurrence site corresponding to the security alarm event; and displaying the attack path in the form of a visual link. According to the embodimentof the invention, causes and effects of the security alarm event is displayed to an operator, so that security-related personnel can perform security analysis more conveniently to discover a securitythreat attack.

Description

technical field

[0001] The present application relates to the technical field of information security, in particular to a network attack display method and device. Background technique

[0002] With the rapid rise of emerging technologies such as cloud computing, big data, and mobile Internet, the information security environment has become more complex, and the challenges of enterprise information security have become more prominent.

[0003] Today's global hacker community is creating advanced malware and infiltrating organizations through various attack vectors. This multifaceted, targeted attack can evade even the best point-in-time detection tools. These optimal point-in-time detection tools inspect traffic and files at the point of entry, but struggle to detect threat activity that seeks to evade initial inspection. This leaves security professionals in the dark about the extent of a potential compromise and unable to quickly respond and contain malware before it cau...

Images