Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Forensic traceability method, device and computer equipment for terminal attack

A terminal and attack graph technology, applied in the computer field, can solve the problems of high computing and storage cost, high space consumption, and high time consumption, and achieve the effect of large amount of calculation, high storage consumption and small amount of calculation.

Active Publication Date: 2022-05-27
杭州奇盾信息技术有限公司 +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] However, the above works all aim to restore the complete attack steps, so they consume a lot of space when storing events, and consume a lot of time when calculating
Most importantly, because the problem of relying on explosion cannot be solved by existing methods, that is, the huge calculation and storage costs can only alleviate the problem, so it is currently impossible to obtain a complete attack graph that does not involve misjudgment; at the same time , in an enterprise environment, hundreds or even more warnings will be generated every day, and security managers need to manually determine whether it is a real attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Forensic traceability method, device and computer equipment for terminal attack
  • Forensic traceability method, device and computer equipment for terminal attack
  • Forensic traceability method, device and computer equipment for terminal attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.

[0054] The forensic source tracing method for terminal attacks provided by this application can also be applied to an environment with only terminals, and the entire forensic source tracing method is implemented on the terminal. The terminal can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and the like.

[0055] The forensic source tracing method for terminal attacks provided by this application can be applied to such as figure 1 In the application environment shown, the terminal 102 communicates with the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device, and computer equipment for obtaining evidence and tracing sources for terminal attacks, including: acquiring a request for obtaining evidence and tracing sources; And the event information of the event related to each label, add the object to the pre-built attack graph; add all the labels corresponding to the object to the pre-established label collection; traverse the label collection, for each label, get the The object corresponding to the label is added to the attack graph, and the associated label of the label is obtained and added to the label collection for traversal. The method, device, and computer equipment of the present invention explain the source of all tags on the object and trace the source according to the tag generation process to quickly construct a relatively complete attack graph, greatly reducing storage consumption and calculation, and improving evidence collection. The universality of the application of traceability methods.

Description

technical field [0001] The present application relates to the field of computer technology, and in particular, to a method, device, and computer equipment for forensics and traceability for terminal attacks. Background technique [0002] APT attack, that is, advanced persistent threat attack, also known as targeted threat attack, refers to the continuous and effective attack activities carried out by an organization on a specific object. This kind of attack is highly concealed and targeted, and usually uses various infected media, supply chains and social engineering to implement advanced, persistent and effective threats and attacks. The increasingly sophisticated Advanced Persistent Threats (APTs) have become a major issue in enterprise IT security. Over the past decade, more than 6,000 serious APT incidents have been reported. Large businesses in particular, such as Target and HomeDepot, have suffered significant financial and reputational damage. [0003] Attacks agai...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/55
CPCG06F21/56G06F21/552
Inventor 熊春霖阮琳琦宋哲陈焰王昆
Owner 杭州奇盾信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products