Method and device for detecting ticket fake behavior

A ticket and behavioral technology, applied in the field of information security, can solve problems such as hazards and achieve high accuracy

Pending Publication Date: 2021-03-26
SANGFOR TECH INC
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

After the hacker steals the ticket of the account, he pretends to be an intranet device to log in to the account within the validity period of the t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting ticket fake behavior
  • Method and device for detecting ticket fake behavior
  • Method and device for detecting ticket fake behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0062] The inventor found in the research that after the attacker compromises the internal network device in the AD domain, the compromised internal network device becomes a "broiler", and the attacker can manipulate the "broiler" to obtain an account with a higher authority level tickets to impersonate the account. Usually ticket impersonation behavior can be summarized into the following three types:

[0063] The first one is to impersonate the ticket by stealing the transfer tic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for detecting a ticket pretending behavior, and the method comprises the steps: obtaining the authentication flow between internal network equipment and domain control equipment, and executing at least one of the detection of a transmitted ticket pretending behavior, the detection of a gold ticket pretending behavior and the detection of an MS14-068 vulnerability utilization behavior. According to the method and the device, the detection of the transmitted ticket counterfeit behavior, the detection of the gold ticket counterfeit behavior and the detection of the MS14-068 vulnerability utilization behavior are determined according to the attack means adopted by the attacker, so each of the executed detection methods for detecting the transferred ticket fake behavior, detecting the gold ticket fake behavior and detecting the MS14068 vulnerability utilization behavior has relatively high accuracy, and furthermore, the detection result of the embodiment has relatively high accuracy (the possibility of missing detection and false detection is relatively low).

Description

technical field [0001] The present application relates to the field of information security, and in particular to a method and device for detecting ticket counterfeiting. Background technique [0002] At present, in order to facilitate the management of intranet devices, an Active Directory (AD) domain is usually built for the intranet, such as figure 1 shown. exist figure 1 , including domain control devices and intranet devices, where the domain control device can be a domain control host or a domain control server (in practice, domain control devices in an AD domain can include multiple, figure 1 In this example, the AD domain includes a domain controller device as an example). The intranet device can be an intranet host or an intranet server. Centralized management of intranet devices in the AD domain can be realized through the domain controller device. [0003] During the login process of the intranet device, the domain control device needs to authenticate the acc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1416H04L63/1408
Inventor 孟翔张斌
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap