Network attack tracing method, device and equipment
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A network attack and attack source technology, applied in the computer field, can solve problems such as poor reliability and low efficiency
Active Publication Date: 2020-10-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 16 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0006]
The purpose of this application is to provide a network attack source tracing method, device, equipment and readable storage medium to solve the current monitoring work of security incidents and the analysis work of network attack routes mainly through manual processing, resulting in low efficiency and reliability poor problem
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0053] The following is an introduction to Embodiment 1 of a network attack source tracing method provided by this application, see figure 1 , embodiment one includes:
[0054] S101, monitor the target network, and generate an alarm log when an attack event occurs;
[0055] S102. According to the alarm log, respectively judge whether the attack source and the attack target belong to the intranet, and obtain the attack direction of the attack event;
[0056] S103. Store the attack direction and quintuple information of the attack event in a database, wherein the quintuple information includes the IP address of the attack source and the IP address of the attack target;
[0057] S104. If the attack direction of the attack event is that the internal network attacks the external network or the internal network attacks the internal network, match the quintuple information in the database with the attack source of the attack event as the attack target;
[0058] S105. Generate a net...
Embodiment 2
[0071] see figure 2 , embodiment two specifically includes:
[0072] S201. Monitor the target network, and generate an alarm log when an attack event occurs;
[0073] S202. According to the alarm log and the geographic database, respectively determine whether the attack source and the attack target belong to the intranet, and obtain the attack direction of the attack event;
[0074] S203. If the attack target belongs to the intranet, judge whether the attack target is a server, and obtain the attack target type of the attack event, and the attack target type includes an intranet server and a personal PC;
[0075] S204. Determine the attack phase of the attack event according to the attack operation records in the alarm log, where the attack phase includes vulnerability detection, penetration intrusion, authority acquisition, command control, and data theft;
[0076] This embodiment traces the attack process, and divides the threat activities of the attack process into five ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention discloses a network attack tracing method. According to the network attack tracing method, attack events in a network can be automatically monitored, an attack source and an attack target are distinguished according to an intranet or an extranet, an attack direction of a security event is determined, then the attack direction, an IP address of the attack source and an IP address of the attack target are stored in a database, finally, information related to the attack event is matched from the database, and a network attack path is generated according to a matching result. The purposes of automatically monitoring the attack event and analyzing the network attack path related to the attack event are achieved, and the network security is remarkably improved. In addition, the invention further provides a network attack tracing device, equipment and a readable storage medium, which have the technical effects corresponds to that of the network attack tracing method.
Description
technical field [0001] The present application relates to the field of computer technology, and in particular to a network attack source tracing method, device, equipment and readable storage medium. Background technique [0002] With the widespread use of the network, the safe, stable and reliable operation of the network system is becoming more and more important. Therefore, the problem of network security has attracted more and more users' attention. [0003] At present, manual management is generally based on the security protection center, which requires manual statistics of network security incidents and manual processing of security incidents. Due to the unreliability brought by manual processing, it may lead to problems such as network paralysis and data leakage. [0004] In addition, for the various attack methods of the attacker, for example, most attackers will use forged IP addresses, so that the target of the attack cannot determine the unknown of the attacker,...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more