Network attack event traceability processing method and device, equipment and storage medium

A network attack and event technology, applied in the field of network security, can solve the problems of single traceability analysis dimension, inability to trace the source of network attack events, etc., and achieve the effect of accurate traceability.

Active Publication Date: 2020-11-13
TENCENT TECH (SHENZHEN) CO LTD
View PDF11 Cites 57 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the traceability processing method of the above-mentioned network attack incidents cannot accurately

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack event traceability processing method and device, equipment and storage medium
  • Network attack event traceability processing method and device, equipment and storage medium
  • Network attack event traceability processing method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0081] Example 1, for the network attack clues of log data belonging to the time dimension, it usually records the attacker’s attack behavior on the victim device. Network attacks are generally linear, and usually have contextual information and attack strategy models. This dimension is mainly from TTPS intelligence for analysis. Since the series of attack behaviors of the attackers belonging to the same attack group on the victim device and the order of each attack behavior are relatively similar, based on the log data and the network threat correlation model constructed based on the The attack behavior and attack time are related to the similar attack source, so as to dig out the attack organization associated with the similar attack source. For example, the record of a targeted network attack event records that the attack source first uses the white file to load the malicious PE file, then operates the cmd command, then checks netstat-ano to check the network status, and fi...

example 2

[0084]Example 2, for IOC intelligence network attack clues belonging to the space dimension, such as IP address, domain name, URL, in addition to basic information such as the operator of the IP address, IP open port, ASN, registration information of the domain name, etc., it also includes the domain name The registration information, similarity of domain names, etc., whether the URL is a malicious URL, detailed information of the URL, and similarity of the URL also include the association relationship between the IP address, domain name, URL, and MD5. Malicious network attackers are also in line with the inertia of human thinking. They have certain preferences when creating or selecting domain names. There are certain similarities in the domain names or URLs of the same group or organization. These infrastructures also have certain short-term invariance, so when malicious groups attack, the infrastructures used by similar incidents have one or more IOCs that are the same or si...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security, in particular to a network attack event traceability processing method and device, equipment and a storage medium. The method comprises the steps of obtaining a network attack clue related to a to-be-traced network attack event; performing intelligence mining on the network attack clue based on the constructed network threat association model to obtain threat intelligence related to the network attack event; taking the network attack clue and the threat intelligence as attack behavior elements corresponding to the network attackevent, and constructing a traceability analysis model containing an association relationship between the attack behavior elements; and determining a traceability path according to the association relationship between the target attack behavior elements in the traceability analysis model, and performing traceability on the network attack event based on the traceability path to obtain a traceability result of the network attack event. By adopting the method, accurate tracking and tracing of the network attack event can be realized, so that the security of a computer communication network is improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method, device, device and storage medium for tracing and processing network attack events. Background technique [0002] With the development of network technology, network security technology has emerged. Network security technology is used to maintain the security of computer communication networks, mainly including the normal operation of network hardware and software, and the security of data and information exchange. In practical applications, the frequent occurrence of network attacks often poses hidden dangers to the network security of the system. Tracing the source of network attack events is a common and effective means to combat network attacks. [0003] At present, the traceability processing methods for network attack events mainly include: analyzing the IP address used by the attacker, analyzing the domain name information used by the attacker,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441
Inventor 张婵娟廖湘平邓永董文辉杨耀荣
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap