Unlock instant, AI-driven research and patent intelligence for your innovation.

Social engineering attack event detection method, device and system

A technology of attack events and detection methods, which is applied in the detection field of social engineering attack events, and can solve the problems of restricting the detection ability of detection tools, poor detection effect of attack events, and inability to detect information, etc.

Pending Publication Date: 2020-10-30
EVERSEC BEIJING TECH
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, traditional security detection tools mainly detect viruses, Trojan horses, worms, botnets, malicious emails, malicious links, malicious websites, etc., and cannot detect information related to people, while the targets of social engineering attacks are The difference between people and objects greatly restricts the detection ability of traditional detection tools
Secondly, traditional security detection tools are generally deployed at specific locations at the entrances and exits of enterprises and business systems, which cannot be applied to large-scale network environments. Moreover, each detection point is independent of each other, and the data is exclusively shared. Usually, attacks are detected based on the detection results of a certain detection point. Events are evaluated, attack events are poorly detected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Social engineering attack event detection method, device and system
  • Social engineering attack event detection method, device and system
  • Social engineering attack event detection method, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] figure 1 It is a flowchart of a method for detecting social engineering attack events in the first embodiment of the present invention. This embodiment can be applied to the detection of social engineering attack events. The method can be implemented by a social engineering attack event detection device. To execute, the device can be implemented by software and / or hardware, and generally can be integrated in a honeypot system. Such as figure 1 As shown, the method includes:

[0047] Step 110: Capture the network attack event.

[0048] Among them, the honeypot system is essentially a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker can be induced to attack them, so that the attack behavior can be captured and analyzed. Understand the tools and methods used by the attacker, and speculate on the intent and motivation of the attack, so as to enhance the security protection capabilities of the defender.

[0049] In...

Embodiment 2

[0068] figure 2 It is a schematic structural diagram of a device for detecting social engineering attacks in the second embodiment of the present invention. This embodiment may be suitable for detecting social engineering attack events. The device may be implemented by software and / or hardware, and may generally be integrated in a honeypot system. Such as figure 2 As shown, the device is applied to a honeypot system, including:

[0069] The capture module 210 is used to capture network attack events;

[0070] The matching module 220 is used to perform feature matching on network attack events according to the social engineering knowledge base and the social engineering detection rule library;

[0071] The determining module 230 is configured to determine whether the network attack event is a social engineering attack event according to the matching result.

[0072] According to the technical scheme of the embodiment of the present invention, the honeypot system captures the network...

Embodiment 3

[0085] Figure 3a It is a schematic structural diagram of a social engineering attack event detection system in the third embodiment of the present invention. This embodiment may be suitable for detecting social engineering attack events. Such as Figure 3a As shown, the system includes: a preset number of honeypot systems 310, a controller 320, an event analysis system 330, and a data storage system 340;

[0086] The honeypot system 310 is used to capture network attack events; according to the social engineering knowledge base and social engineering detection rule base, the network attack events are matched with features; according to the matching results, it is determined whether the network attack event is a social engineering attack event, And send the detected social engineering attack event to the controller 320;

[0087] The controller 320 is configured to store the social engineering attack events sent by each honeypot system 310 in the data storage system 340, and issue a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a social engineering attack event detection method, device and system. The method is applied to a honeypot system and comprises the following steps: capturinga network attack event; performing feature matching on the network attack event according to a social engineering knowledge base and a social engineering detection rule base; and determining whetherthe network attack event is a social engineering attack event or not according to a matching result. According to the technical scheme of the embodiment of the invention, the social engineering attackevent can be efficiently and accurately detected.

Description

Technical field [0001] The embodiments of the present invention relate to the field of network security technology, and in particular to a method, device, and system for detecting social engineering attack events. Background technique [0002] The high-speed popularization of the Internet and mobile Internet has made it easier for ordinary people to access the Internet. While people enjoy the convenience of the Internet, due to lack of network security awareness, they use phishing websites, emails, social networks and other methods through the Internet Attacking users has become the first choice of social engineering attackers. [0003] At present, the detection technology for social engineering attacks is mainly realized by using traditional security detection tools, such as intrusion detection systems, virus detection systems, and spam filtering systems. However, traditional security detection tools mainly detect viruses, Trojan horses, worms, botnets, malicious emails, maliciou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 冯福伟李鹏超尚程张振涛何能强梁彧田野傅强王杰杨满智蔡琳金红陈晓光
Owner EVERSEC BEIJING TECH