Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for discovering intranet attacker based on windows login information

A technology for login information and attackers, applied in the field of network security, which can solve problems such as low efficiency, high labor cost, and large business volume.

Inactive Publication Date: 2020-10-30
广州锦行网络科技有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Large-scale enterprise intranet protection usually sends its own logs to the log server for log backup. The log server needs to maintain a large amount of log information, with a large business volume and a long protection line. The summary and analysis of data is complex and difficult. ,low efficiency
[0006] 2. The honeypot itself may be used as a springboard to attack other users, causing irreparable losses and legal liability issues;
[0007] 3. Anti-virus software may be killed by hackers, and there are still problems of file accidental killing and data destruction during the virus killing process
At the same time, anti-virus software cannot kill all viruses, and the timely update of the virus database is an existing problem;
[0008] 4. EDR requires a dedicated security operation team to manually investigate event alerts, and the labor cost is high
The console screens massive amounts of information for abnormal login logs and sends out alerts. Security teams are often bombarded with massive alerts from multiple security consoles. Investigation decisions may be made with insufficient information, or Hasty summary judgments and imprecise decision-making;
[0009] 5. The processing methods of existing technologies depend more on the technical level of the attacker, and there is a possibility of being bypassed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for discovering intranet attacker based on windows login information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] A method for discovering attackers in an intranet based on windows login information, in which each server is installed with a windows operating system in the internal network, select a server to be set as an agent server; install an agent client in each server within the protection range program.

[0037] Wherein, the Agent server maintains the login information whitelist list, and sends the login information whitelist list to the agent client program in each server within the protection range. The Agent server maintains the login information whitelist list, specifically stores the whitelist list, and modifies the whitelist list correspondingly if there is a modification. The agent server sends the login information whitelist to the agent client program in each server within the protection range, and the agent client program in the server obtains the login information corresponding to the server.

[0038] The agent client program of each server within the protection r...

Embodiment 2

[0057] A method for discovering intranet attackers based on windows login information of the present invention is described in conjunction with specific examples, such as figure 1 As shown in , it is specifically described by taking one agent server and three servers within the protection range as an example.

[0058] In the internal network, the server Agent-server, server server01, server server02 and server server03 are all installed with windows operating system.

[0059] In the internal network, select the server Agent-server and set it as the agent server. The servers within the protection scope are server server01, server server02 and server server03, and lightweight agent client programs are installed in server server01, server server02 and server server03 respectively.

[0060] Agent server Agent-server is responsible for maintaining the white list of login information. The white list includes the IP addresses of server server01, server02 and server03, and the allowe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for discovering an intranet attacker based on windows login information, which comprises the following steps that: in an enterprise intranet, each server is provided with a windows operating system, an agent server is set, and an agent client program is installed in each server in a protection range; the agent server is responsible for maintaining a login information white list and respectively issuing the login information white list to agent client programs in servers in each protection range; the agent client program in each server within the protection rangeis responsible for detecting login information of the agent client program, if the login information is not in the white list and is judged to be an attacker, login is refused, and alarm informationis pushed to the agent server at the first time. According to the method, an attacker is found by maintaining a login information white list, massive log analysis is not needed, and the method is simple, high in efficiency and good in safety.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for discovering attackers in an internal network based on windows login information. Background technique [0002] With the rapid development of global informatization and the in-depth research of information technology, network security has become an important issue that people pay more and more attention to. Whether it is an individual or an enterprise, cyber attacks are potential threats that exist all the time. If the enterprise intranet is illegally invaded, it may cause immeasurable losses. There are generally the following methods for detecting intranet attacks: honeypots, antivirus software, and EDR. In essence, honeypot technology is specially set up to lure attackers to attack it. By capturing and analyzing the attack behavior, we can understand the tools and methods used by the attacker, and speculate on the attack intention and motivation. You can also coll...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/55
Inventor 吴建亮胡鹏吴岸宏
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com