Network attack tracing method based on behavior portraits

A network attack and behavior technology, applied in the computer field, can solve the problem of defense situation lag and other problems

Active Publication Date: 2020-11-24
THE 28TH RES INST OF CHINA ELECTRONICS TECH GROUP CORP
View PDF4 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, its perception of the network security situation does not include the perception of the attacker's

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack tracing method based on behavior portraits
  • Network attack tracing method based on behavior portraits
  • Network attack tracing method based on behavior portraits

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0085] refer to figure 1 , figure 2 with image 3 , further describe the implementation steps of the present invention.

[0086] Step 1, extract network traffic and log files in real time.

[0087] (1a) Deploy a shunt at the specific port used by the business system, use port mirroring technology to bypass the business traffic, and at the same time, read the login log of the business system, firewall and IDS (Intrusion Detection System, intrusion detection system) detection log.

[0088] The extraction of network traffic and log files not only collects information from the current network status and traffic, but also extracts from related historical records such as access logs and firewall logs. The sources of original data include service login logs, real-time network situation data, System load, firewall log, virus database file status word, network traffic, access log, etc.

[0089] (1b) Deploy a load balancer on the periphery of the splitter in (1a), distribute a lar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network attack tracing method based on a behavior portrait. The network attack tracing method comprises the following steps: 1) extracting network traffic and a log file in real time; 2) extracting metadata in the network flow and the log file; 3) counting and analyzing the key fields in the metadata of the same network behavior main body, and marking security labels for the network behaviors according to the security events corresponding to different key fields; 4) according to the network attack model, clustering the security tags describing the same network attack latitude to form a structured tag, namely a network attack behavior single latitude portrait; 5) aggregating and correlating portrait results of a plurality of latitudes to form a network attack behavior portrait, and 6) repeating the steps 1) to 5) to continuously extract real-time traffic and log information and enrich the network behavior portrait. The method improves the perception ability of the network security situation, enhances the analysis and defense ability of an attacker, and is used for network security.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a method for tracing the source of network attacks based on behavior portraits. Background technique [0002] As cyberspace confrontation becomes increasingly severe, in order to gain an advantage in cyberspace confrontation, countries have vigorously enhanced cyberspace comprehensive defense capabilities and offensive and defensive confrontation capabilities by improving the analysis and traceability of cyberattack behavior. The traditional method is to realize the identification and analysis of network attack behavior through regular expressions and feature matching, and to conduct single-dimensional defense against network attack behavior. Due to the large span of time and space, a single latitude analysis cannot fully describe cyber attacks; on the other hand, the rise of the field of artificial intelligence has provided both offensive and defensive cyber securi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1425H04L63/145H04L2463/146H04L67/535Y02D30/50
Inventor 司杨涛付军涛王彬蒋铭初
Owner THE 28TH RES INST OF CHINA ELECTRONICS TECH GROUP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap