Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network killing chain detection method, prediction method and system

A detection method and network technology, applied in the field of network security, can solve the problems such as the underlying implementation of the analysis method not given, the lack of visualization effect, and the difficulty in obtaining

Active Publication Date: 2020-12-15
XIDIAN UNIV
View PDF7 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First of all, many researchers only proposed a theoretical framework to solve the problem of network kill chain at the macro level, and did not give direct analysis methods and specific underlying implementations.
Secondly, the algorithms proposed by some researchers for the kill chain model belong to the category of supervised learning and require labeled data sets as input, which is difficult to obtain in actual scenarios.
Finally, only a few researchers have applied the results of cyber kill chain analysis to cyber situational awareness scenarios, and there is a lack of intuitive visualization

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network killing chain detection method, prediction method and system
  • Network killing chain detection method, prediction method and system
  • Network killing chain detection method, prediction method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] This embodiment provides a specific kill chain detection and prediction method, which is implemented according to the following steps:

[0069] Step 1, construct a d-dimensional feature vector:

[0070] (1.1) Count all attack event types in the IDS alarm log data, divide the attack events into seven stages of the kill chain model according to their characteristics, and add the number of stages as a new field to the IDS alarm log data. Among them, the IDS alarm log data is used to record the detailed information of the host or server being attacked;

[0071] (1.2) select the d fields relevant to the kill chain analysis in the IDS alarm log data;

[0072] (1.3) Suppose a f and a g Represent two records or two pieces of data in the IDS alarm log data respectively, the subscripts f and g represent the sorting numbers of the data, and n≥g>f>0. Then define the similarity measure of each field, as follows:

[0073] (1) The date and time reflect the contextual relationship...

specific example

[0128] Step 1, construct a 9-dimensional feature vector:

[0129] (1.1) Count all attack event types in the IDS alarm log data, divide the attack events into seven stages of the kill chain model according to their characteristics, and add the number of stages as a new field to the IDS alarm log data. The specific attack events are divided into the following table:

[0130]

[0131] (1.2) Select 9 fields related to network kill chain analysis in the IDS alarm log data, as shown in the following table:

[0132] field illustrate LocalDateTime date and time RequestMethod HTTP request method IP IP address SeverPort server port number ClientPort client port number ClientEnv client environment HTTPCode HTTP response code Locate geographic location event The stage in the kill chain of the attack

[0133] (1.3) Suppose a f and a g Represent two records or two pieces of data in the IDS alarm log data re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network killing chain detection method, a network killing chain prediction method and a network killing chain detection and prediction system. The network killing chain detection method specifically comprises the following steps of: (1) constructing a d-dimensional feature vector; (2) screening and subtracting the d-dimensional feature vector into a k-dimensional featurevector by using an unsupervised feature selection algorithm; (3) acquiring a network kill chain attack event sequence set through utilizing the k-dimensional feature vector, wherein in a real scene inwhich IDS alarm log data is subjected to killing chain mining, aiming at the problem that the number of killing chains contained in the data cannot be known in advance, an improved spectral clustering algorithm disclosed by the invention not only can realize unsupervised learning, but further can automatically identify the clustering number compared with other supervised learning methods; (4) based on the obtained network killing chain sequences, performing prediction analysis by adopting a Markov theory and three network killing chain variant models; and (5) realizing the killing chain detection and prediction system based on theoretical analysis.

Description

technical field [0001] The invention belongs to the field of network security, and further relates to the mining of log data, specifically a machine learning-based network kill chain detection method, prediction method and system. Background technique [0002] With the development of mobile technology and the popularity of social networking, the ubiquitous role and contribution of the Internet in daily life has made computers more vulnerable to cyber attacks. According to the 2018 Cyber ​​Attack Overview Statistics released by Symantec in April 2019, the proportion of banking Trojan attacks has risen from 4% to 16%, and new types of attacks are emerging in an endless stream. The motives for these cyber attacks vary, including but not limited to financial gain, personal injury, intellectual property theft, and political damage. Even with traditional security defenses with multiple layers of security defenses, attackers are able to infiltrate the network and remain persistent...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62G06N20/00
CPCH04L63/1416H04L63/1425G06N20/00G06F18/2323
Inventor 杨晗权义宁苗启广宋建锋戚玉涛谢琨孙鹏岗
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com