Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Evidence obtaining and tracing method and device for terminal attack and computer equipment

A terminal and attack graph technology, applied in the computer field, can solve the problems of high computing and storage cost, high space consumption, high time consumption, and achieve the effect of large amount of calculation, high storage consumption and small amount of calculation.

Active Publication Date: 2021-01-29
杭州奇盾信息技术有限公司 +1
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] However, the above works all aim to restore the complete attack steps, so they consume a lot of space when storing events, and consume a lot of time when calculating
Most importantly, because the problem of relying on explosion cannot be solved by existing methods, that is, the huge calculation and storage costs can only alleviate the problem, so it is currently impossible to obtain a complete attack graph that does not involve misjudgment; at the same time , in an enterprise environment, hundreds or even more warnings will be generated every day, and security managers need to manually determine whether it is a real attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Evidence obtaining and tracing method and device for terminal attack and computer equipment
  • Evidence obtaining and tracing method and device for terminal attack and computer equipment
  • Evidence obtaining and tracing method and device for terminal attack and computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

[0054] The forensics and source tracing method for terminal attacks provided by this application can also be applied to an environment that only has a terminal, and the entire forensics and source tracing method is all implemented on the terminal. The terminal may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and the like.

[0055] The forensic traceability method for terminal attacks provided by this application can be applied to such as figure 1 In the shown application environment, the terminal 102 communicates ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an evidence obtaining and tracing method and device for terminal attacks and computer equipment. The evidence obtaining and tracing method comprises the steps: obtaining an evidence obtaining and tracing request; according to the evidence obtaining and tracing request, obtaining an object corresponding to a process, a file or an event to be subjected to evidence obtaining and tracing, all tags of the object and event information of the event related to each tag, and adding the object to a pre-constructed attack graph; adding all labels corresponding to the object into apre-established label set; traversing the label set; for each label, obtaining an object corresponding to the label and adding the object into the attack graph, and meanwhile, obtaining an associatedlabel of the label and adding the associated label into the label set for traversing. According to the forensic traceability method, the forensic traceability device and the computer equipment, the sources of all the labels on the object are explained, traceability is carried out according to the generation process of the labels, so that a relatively complete attack graph is rapidly constructed,the storage consumption and the calculated amount are greatly reduced, and the application universality of the forensic traceability method is improved.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a method, device, and computer equipment for obtaining evidence and traceability for terminal attacks. Background technique [0002] APT attack, that is, advanced persistent threat attack, also known as targeted threat attack, refers to a continuous and effective attack activity launched by an organization against a specific target. This kind of attack is highly concealed and targeted, and usually uses various means such as infected media, supply chain and social engineering to carry out advanced, persistent and effective threats and attacks. The increasingly complex Advanced Persistent Threat (APT) has become a major topic of enterprise IT security. Over the past decade, more than 6,000 serious APT incidents have been reported. Large businesses, in particular, such as Target and HomeDepot, have suffered significant financial and reputational damage. [0003] Attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/55
CPCG06F21/56G06F21/552
Inventor 熊春霖阮琳琦宋哲陈焰王昆
Owner 杭州奇盾信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com