Attack event tracing method and device, electronic equipment and storage medium

An attack event and attacker technology, applied in the field of network security management, can solve the problems such as the inability to effectively trace the source of APT attacks, the difficulty of accurately locating the attacker, and the ability to save equipment for a long time.
CN112333196AActive Publication Date: 2021-02-05EVERSEC BEIJING TECH
7 Cites 7 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
EVERSEC BEIJING TECH
Publication Date
2021-02-05

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The embodiment of the invention discloses an attack event tracing method and device, electronic equipment and a storage medium. The method comprises the steps that a historical attack event database is constructed, and the historical attack event database comprises a plurality of historical attack events, dimension information of each historical attack event and known attackers; obtaining a to-be-traced attack event; and calculating the similarity between the to-be-traced attack event and historical attack events in a database, and determining an attacker of the to-be-traced attack event according to a calculation result. According to the invention, the database is constructed in advance according to a plurality of known historical attack events of an attacker, and the attacker of the attack event to be traced is determined by calculating the similarity between the attack event to be traced and the historical attack events in the database, so that the attacker corresponding to the attack event to be traced is accurately and efficiently determined.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] Embodiments of the present invention relate to the technical field of network security management, and in particular to an attack event source tracing method, device, electronic equipment, and storage medium. Background technique

[0002] Advanced persistent threats (Advanced Persistent Threat, APT) are significantly different from traditional network attacks in attack methods and purposes. Through elaborate camouflage, targeted attacks, long-term latency, continuous penetration, etc., they steal the core data and various information of network information systems. an intelligence attack. In order to trace the source of APT attacks and determine the attackers, the current traceability methods usually include: traceability based on the characteristics of malicious proxy purchases in APT attack events, and traceability based on attack IP / domain name analysis.

[0003] However, for the first traceability method, due to the large number of malicious codes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More