Attack event tracing method and device, electronic equipment and storage medium

An attack event and attacker technology, applied in the field of network security management, can solve the problems such as the inability to effectively trace the source of APT attacks, the difficulty of accurately locating the attacker, and the ability to save equipment for a long time.

Active Publication Date: 2021-02-05
EVERSEC BEIJING TECH
View PDF7 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, for the first traceability method, due to the large number of malicious codes, the traditional malware detection technology based on signatures and signatures can no longer meet the emerging malicious code detection requirements, and new variants can appear with a slight modification of the code, so it is difficult Accurate positioning of attackers; for the second method, due to unf

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack event tracing method and device, electronic equipment and storage medium
  • Attack event tracing method and device, electronic equipment and storage medium
  • Attack event tracing method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] Figure 1(a) is a flow chart of the method for tracing the source of an attack event provided by Embodiment 1 of the present invention. This embodiment is applicable to the case of tracing the source of an APT attack event. This method can be implemented by the device for tracing the source of an attack event in the embodiment of the present invention. For execution, the device may be implemented in software and / or hardware. As shown in Figure 1(a), the method specifically includes the following operations:

[0025] Step 101, constructing a database of historical attack events.

[0026] Wherein, the historical attack event database includes multiple historical attack events, and the dimension information of each historical attack event and known attackers.

[0027] Specifically, in this embodiment, a historical attack event database can be constructed based on recently captured historical attack events, and the dimension information and attackers of each historical even...

Embodiment 2

[0049] figure 2 The flow chart of the method for tracing the source of an attack event provided by Embodiment 2 of the present invention is based on the above-mentioned embodiment in Embodiment 1. In this embodiment, after the attacker of the attack event to be traced is determined, the attack event to be traced is also included. attackers to defend against. Correspondingly, the method in this embodiment specifically includes the following operations:

[0050] Step 201, constructing a database of historical attack events.

[0051] Step 202, acquiring the attack event to be traced.

[0052] Step 203, calculating the similarity between the attack event to be traced and the historical attack events in the database, and determining the attacker of the attack event to be traced according to the calculation result.

[0053] Step 204, defend against the attacker of the attack event to be traced.

[0054] Specifically, after the attacker corresponding to the attack event to be tra...

Embodiment 3

[0057] image 3 It is a structural schematic diagram of an attack event source tracing device provided by Embodiment 3 of the present invention, the device includes: a historical attack event database construction module 310 , an attack event acquisition module 320 to be traced and an attacker source tracing module 330 .

[0058] The historical attack event database construction module 310 is used to construct the historical attack event database, wherein the historical attack event database contains a plurality of historical attack events, and the dimension information of each historical attack event is known to the attacker; the attack event acquisition module to be traced 320, used to obtain the attack event to be traced; the attacker source tracing module 330, used to calculate the similarity between the attack event to be traced and the historical attack events in the database, and determine the attacker of the attack event to be traced according to the similarity calculat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an attack event tracing method and device, electronic equipment and a storage medium. The method comprises the steps that a historical attack event database is constructed, and the historical attack event database comprises a plurality of historical attack events, dimension information of each historical attack event and known attackers; obtaining a to-be-traced attack event; and calculating the similarity between the to-be-traced attack event and historical attack events in a database, and determining an attacker of the to-be-traced attack event according to a calculation result. According to the invention, the database is constructed in advance according to a plurality of known historical attack events of an attacker, and the attacker of the attack event to be traced is determined by calculating the similarity between the attack event to be traced and the historical attack events in the database, so that the attacker corresponding to the attack event to be traced is accurately and efficiently determined.

Description

technical field [0001] Embodiments of the present invention relate to the technical field of network security management, and in particular to an attack event source tracing method, device, electronic equipment, and storage medium. Background technique [0002] Advanced persistent threats (Advanced Persistent Threat, APT) are significantly different from traditional network attacks in attack methods and purposes. Through elaborate camouflage, targeted attacks, long-term latency, continuous penetration, etc., they steal the core data and various information of network information systems. an intelligence attack. In order to trace the source of APT attacks and determine the attackers, the current traceability methods usually include: traceability based on the characteristics of malicious proxy purchases in APT attack events, and traceability based on attack IP / domain name analysis. [0003] However, for the first traceability method, due to the large number of malicious codes...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L2463/146
Inventor 孟娟张园王晶晶李鹏超尚程张振涛薛强陈振华宋亮亮陈百祥梁彧田野傅强王杰杨满智蔡琳金红陈晓光
Owner EVERSEC BEIJING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap