Network threat detection method and device based on dictionary tree, equipment and storage medium

A threat detection and dictionary technology, applied in the field of network security, can solve the problem of missing the best time to prevent attacks, and achieve the effect of preventing attacks in time and improving the efficiency of network threat detection.

Pending Publication Date: 2021-03-12
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, a truly threatening attack may be overlooked, and the best time to stop the attack may be missed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network threat detection method and device based on dictionary tree, equipment and storage medium
  • Network threat detection method and device based on dictionary tree, equipment and storage medium
  • Network threat detection method and device based on dictionary tree, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] see figure 1 , figure 1 It is an implementation flowchart of a network threat detection method based on a dictionary tree in an embodiment of the present invention, and the method may include the following steps:

[0046] S101: Analyze the collected target network access traffic to obtain a target network identifier.

[0047] When the target network access traffic is collected, the collected target network access traffic is analyzed to obtain the target network identifier. The target network identifier may include domain name information, IP address information, etc. of the network to be visited.

[0048] S102: Traverse the threat intelligence dictionary tree pre-established according to the threat intelligence database to see if there is a target network identifier, if yes, perform step S103, if not, do not process.

[0049] A threat intelligence library is pre-established, which stores pre-collected threat intelligence information, and each threat intelligence info...

Embodiment 2

[0057] see figure 2 , figure 2 It is another implementation flowchart of a network threat detection method based on a dictionary tree in an embodiment of the present invention, and the method includes the following steps:

[0058] S201: Analyze the collected target network access traffic to obtain a target network identifier.

[0059] S202: Traverse the threat intelligence dictionary tree pre-established according to the threat intelligence database to see if there is a target network identifier, if yes, perform step S203, if not, do not process.

[0060] S203: Find a target threat intelligence node corresponding to the target network identifier from the threat intelligence dictionary tree.

[0061] see image 3 and Figure 4 , image 3 It is a structural diagram of a threat intelligence dictionary tree in an embodiment of the present invention, Figure 4 It is a structure diagram of another threat intelligence dictionary tree in the embodiment of the present invention...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network threat detection method based on a dictionary tree, and the method comprises the following steps: carrying out the analysis of collected target network access flow, and obtaining a target network identification; traversing whether a target network identifier exists in a threat information dictionary tree pre-established according to the threat information libraryor not; if so, searching a target threat intelligence node corresponding to the target network identifier from the threat intelligence dictionary tree; and obtaining a network threat detection resultcorresponding to the target network access flow from the target threat information node. By applying the network threat detection method based on the dictionary tree provided by the invention, the influence of the performance of the server on network threat information detection is avoided, the network threat detection efficiency is improved, and attacks can be prevented in time. The invention further discloses a network threat detection device and equipment based on the dictionary tree and a storage medium, and the corresponding technical effects are achieved.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a network threat detection method, device, equipment and computer-readable storage medium based on a dictionary tree. Background technique [0002] With the popularization of the Internet and the gradual growth of advanced threats and attacks typified by APT, enterprises and system organizations increasingly need to rely on sufficient and effective security threat intelligence as a support in the process of defending against external attacks to help them better address these new threats. [0003] The demand for network threat intelligence detection and filtering is increasing day by day. In the face of high traffic and sudden peak traffic, there is a problem of insufficient performance of server equipment in a normal operating environment. At the same time, the number of alarms is huge, resulting in low threat detection efficiency and a high rate of false alarms...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416
Inventor 李影范渊杨勃
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap