Multi-step attack tracing method and system, terminal and readable storage medium

A relational and algorithmic technology, applied in the field of network security, can solve problems such as the intricate relationship between logs, achieve good scalability, improve accuracy, and reduce bad connections

Active Publication Date: 2021-01-05
XIDIAN UNIV
View PDF7 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a multi-step attack traceability method, system, Terminals and readable storage media can build a complete and accurate attack process by extracting events from multiple logs and establishing reasonable correlations, improving the accuracy of detection and analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-step attack tracing method and system, terminal and readable storage medium
  • Multi-step attack tracing method and system, terminal and readable storage medium
  • Multi-step attack tracing method and system, terminal and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0038] see figure 1 , the multi-step attack source tracing method of the present invention, through multi-log event correlation, uses the enhanced Louvain algorithm to divide the community, and builds the attack process based on the attack community. The main body is divided into four parts: the first part is the construction of the relationship graph, extracting event features, establishing event connections, and constructing event relationship graphs through event relationship vectors; the second part is state optimization, obtaining weight vectors through logistic regression algorithms, and using weight vectors Weight the relationship graph to solve the problem of state explosion; the third part is community division, using the enhanced Louvain algorithm to divide the weighted graph into relationship, so as to obtain the attack community that needs to be ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-step attack tracing method and system, a terminal and a readable storage medium. The tracing method comprises the following steps: formatting a log, extracting event features from the log, establishing a feature relationship, and constructing an event relationship graph according to the feature relationship; weighting the event relation graph through the weight vector to obtain a weighted relation graph; transmitting the weighted relation graph to a community detection module, performing relation division on the weighted relation graph through a community discovery algorithm, and discovering an attack community; after the community is found, based on the obtained attack community, according to the event logic relationship, establishing a sequence, and constructing an attack process. The invention also provides a system, a terminal and a readable storage medium for realizing the method, the problem of state explosion caused by relationship connection canbe solved by utilizing multiple log association analysis, the attack process of multi-step attack can be effectively analyzed, and the method can be used for multi-log-based attack analysis in varioussystems.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a multi-step attack source tracing method, system, terminal and readable storage medium. Background technique [0002] In the era of network information, information security has become the most important technical goal. However, while the network provides convenience, it also brings many security risks. At present, governments and companies all over the world are frequently suffering from cyber attacks. Among all kinds of network attacks, multi-step attacks are more difficult to discover and analyze, and the harm caused by them is also more serious. For example, APT attacks are highly concealed and often go through long-term management and planning. They target commercial information and political security. In the past ten years, there have been more than 6,000 serious incidents, resulting in tens of billions of The economic loss has brought huge negative impact on a global scale...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F16/951G06F16/901G06F16/18G06K9/62
CPCG06F21/55G06F16/951G06F16/9024G06F16/1815G06F18/214
Inventor 李腾乔伟王晓萌尹思薇林杨旭温子祺张翔宇魏大卫沈玉龙马建峰
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap