Method, device and system for detecting multiple attack behaviors

A behavior and attacker technology, applied in transmission systems, electrical components, etc., can solve the problems of restoring the attack timeline and the inability to record the background technology.

Pending Publication Date: 2020-06-19
北京长亭未来科技有限公司
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The technical solution disclosed in the present invention enables the attacker to monitor and record the intrusion records of the honeypot system on a unified monitoring platform to solve the problem that the background technology cannot completely record and restore the attack timeline under the condition of multi-node management

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for detecting multiple attack behaviors
  • Method, device and system for detecting multiple attack behaviors
  • Method, device and system for detecting multiple attack behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiment of the application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiment of the application. Obviously, the described embodiment is only It is an embodiment of a part of the application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the scope of protection of this application.

[0029] It should be noted that the terms "first" and "second" in the description and claims of the present application and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method for acquiring multiple pieces of attack behavior information. The method comprises the following steps: receiving at least one piece of attacker information, attacker flow information and corresponding attacker identification information created according to the attacker information; forwarding the attacker flow information to the honeypot throughthe first port; sending the mapping relationship between the attacker identification information and the first port to the honeypot through the second port and temporarily storing the relationship; and enabling a honeypot to send the flow analysis result to the system service module according to the temporarily stored mapping relationship between the attacker identification information and the first port. According to the technical scheme disclosed by the invention, the effect of completely recording and restoring the attack timeline under the condition of multi-node management can be achieved.

Description

technical field [0001] The invention relates to the technical field of attack detection, in particular to a method, device and system for detecting multiple attack behaviors. Background technique [0002] Masquerade and deception technology in the field of network security is a means of deception and deception to prevent attackers from invading. The typical implementation form is a honeypot. By running highly simulated services, without affecting any real business, it lures attackers into the honeypot to achieve the effects of delaying attacks, recording behavior paths, and analyzing attack methods and intentions. Camouflage and deception technology has attracted much attention in recent years, but there are still some difficulties when the technical concept is actually implemented. [0003] From a technical point of view, the most important purpose of a honeypot is to deceive attackers, record behavior, and analyze attack intentions, so the more simulated the honeypot and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1491
Inventor 刘超朱文雷王龙泽万雄波罗晶晶王大鼎刘玉仙樊骏张嘉欢
Owner 北京长亭未来科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap