A network attack defense method based on system events

A system event and network attack technology, applied in the field of defense against remote vulnerability exploit attacks, can solve the problems of slow detection speed, high false negative rate, encryption, obfuscation and other problems of intrusion detection methods, and achieve good scalability and flexibility, The effect of good compatibility
CN111464546BActive Publication Date: 2022-03-18NAT UNIV OF DEFENSE TECH
3 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
NAT UNIV OF DEFENSE TECH
Publication Date
2022-03-18

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a network attack defense method based on system events, aiming at accurate detection and rapid defense of remote loophole exploit attacks. The technical solution is to build a system event-based network attack defense system composed of a system event generation module, an event filtering module, and an event processor. The system event generation module monitors key changes in the operating system, generates system events, and sends system events to Event filtering module; the event filtering module filters and analyzes the system events according to the filtering rules, obtains the processing action for the event, and sends an event processing request with the system event and its corresponding processing action as parameters to the event processor; the event processor according to Event processing requests defense against remote exploit attacks. The invention can capture all remote vulnerability exploit attacks, and avoids the processing of normal system events, and has high efficiency, good compatibility and universality.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of defense against network attacks, in particular to a defense method against remote loophole exploit attacks. Background technique

[0002] A remote vulnerability exploit attack refers to a behavior that exploits a software vulnerability to produce unexpected results. This behavior usually includes gaining control of a computer system, denial of service attacks, privilege escalation, etc. Remote vulnerability exploit attacks are network-based and do not require prior login to the attacked system, so they are extremely harmful. Currently, the most common software vulnerabilities include stack overflow vulnerabilities, reuse-after-free vulnerabilities, and format string vulnerabilities. Taking the stack overflow vulnerability as an example, the reason is that when the programmer writes the program, he does not fully consider the buffer capacity on the stack and the actual data size, which may cause an overflow when th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More