Unlock instant, AI-driven research and patent intelligence for your innovation.

Attack behavior detection method and device, computer equipment and storage medium

A detection method and attack detection technology, applied in the network field, can solve problems such as being unable to cope with large-scale network environment applications, and achieve the effects of reducing labor costs, improving analysis efficiency, and improving accuracy

Inactive Publication Date: 2020-09-29
BEIJING YOUTEJIE INFORMATION TECH
View PDF6 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the above-mentioned tools rely on the manual experience of security personnel to deal with security issues, and cannot cope with large-scale network environment applications.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack behavior detection method and device, computer equipment and storage medium
  • Attack behavior detection method and device, computer equipment and storage medium
  • Attack behavior detection method and device, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] figure 1 It is a flowchart of an attack behavior detection method in Embodiment 1 of the present invention. This embodiment is applicable to detecting whether there is an attack behavior in the network, and the method can be executed by the attack behavior detection device provided in the embodiment of the present invention. The device can be implemented in the form of software and / or hardware, and generally can be integrated with computer equipment, specifically, it can be a node in the target network. Such as figure 1 As shown, the method of this embodiment specifically includes:

[0024] S110. Acquire log information of nodes in a target network, and collect continuous log data from the log information, where the target network includes at least one node.

[0025] The target network may consist of at least one node, where a node may be a physical device. If the number of nodes is at least two, each node performs network communication with at least one other node. ...

Embodiment 2

[0054] figure 2 It is a flow chart of an attack behavior detection method in Embodiment 2 of the present invention. This embodiment is embodied on the basis of the above-mentioned embodiments, and the continuous log data matched by each node will be correlated and analyzed according to the preset attack database. , to determine the attack behavior data, embodied as: select the attack means included in the attack database as the target attack means, and determine the detection conditions matching the target attack means; in the continuous log data matched by each node, query Abnormal log data matching the detection condition; if it is determined that the abnormal log data in each of the continuous log data satisfies the detection condition, the detection condition matches the target attack means as the attack behavior data.

[0055] Such as figure 2 As shown, the method of this embodiment specifically includes:

[0056] S210. Acquire log information of nodes in a target net...

Embodiment 3

[0085] image 3 It is a schematic diagram of an attack behavior detection device in Embodiment 3 of the present invention. Embodiment 3 is a corresponding device for implementing the attack behavior detection method provided by the above embodiments of the present invention. The device can be implemented by software and / or hardware, and can generally be integrated with computer equipment.

[0086] Correspondingly, the device of this embodiment may include:

[0087] A log information acquisition module 310, configured to acquire log information of nodes in a target network, and count continuous log data from the log information, where the target network includes at least one node;

[0088] The attack behavior data acquisition module 320 is used to correlate and analyze the continuous log data matched by each node according to the preset attack database, and determine the attack behavior data;

[0089] The attack detection result generation module 330 is configured to generate...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an attack behavior detection method and device, computer equipment and a storage medium. The method comprises the steps that log information of nodes in a target network is acquired, continuous log data is counted from the log information, and the target network comprises at least one node; according to a preset attack database, the continuous log data matched with each node are correlated and analyzed, and attack behavior data are determined; and an attack detection result is generated according to the attack behavior data. According to the embodimentof the invention, the labor cost of attack behavior detection can be reduced, and the attack behavior detection efficiency is improved.

Description

technical field [0001] The embodiments of the present invention relate to the network field, and in particular to an attack behavior detection method, device, computer equipment, and storage medium. Background technique [0002] In recent years, the information construction of various industries has been continuously improved, and the business has become more and more dependent on information systems. However, the defects and threats of the network and information system itself make the operation of the information system have potential risks. How to quickly and correctly discover the network security problems encountered by the information system has become one of the priorities of security personnel. [0003] At present, the framework of MITER ATT&CK can be used to match the pre-stated attack behaviors and display possible attack behaviors. In this way, enterprises can discover attacking organizations that intend to intrude in the framework of MITER ATT&CK, which is conve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 施泽寰梁玫娟
Owner BEIJING YOUTEJIE INFORMATION TECH