Method and device for detecting account stealing behavior

A behavior and account technology, applied in the field of information security, can solve the problem of low accuracy of detection results, achieve the effect of good detection rate, reduced missed detection rate, and strong pertinence

Pending Publication Date: 2021-03-26
SANGFOR TECH INC
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a method and device for detecting account theft, with the pur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting account stealing behavior
  • Method and device for detecting account stealing behavior
  • Method and device for detecting account stealing behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] After the hacker compromises the intranet device in the AD domain, the compromised intranet device becomes a "broiler", and the hacker can manipulate the "broiler" to obtain an account with a higher authority level.

[0062] The inventor of the present application found in the research that when hackers steal accounts with higher authority levels by manipulating "broilers", the stealing methods usually used can be summarized into the following three types:

[0063] The first one is password blasting.

[0064] Password blasting refers to the brute force cracking of the password of the account to be stolen. Specifically, when the hacker manipulates the "broiler" to log in to the account to be stolen, the program can be used to enter different passwords by enumerating different strings in a short period of time until the domain control device successfully authenticates the entered account. Stealing accounts in this way is the least difficult and is the easiest way for hac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for detecting an account stealing behavior. The method comprises the steps of obtaining authentication flow between intranet equipment and domain control equipment in an AD domain and flow passing through a target port of the domain control equipment, and executing at least one of password blasting behavior detection, password hash stealing behavior detection and process injection behavior detection. The password blasting behavior detection, the password hash stealing behavior detection and the process injection behavior detection provided by the invention are all determined for typical behaviors of account stealing performed by attackers, so that the pertinence of the password blasting behavior detection, the password hash stealing behavior detection and the process injection behavior detection provided by the invention is stronger, and therefore, the method for detecting the account stealing behavior in the AD domain provided by the invention has a better detection rate, so that the omission ratio can be effectively reduced, and the false detection rate can also be effectively reduced.

Description

technical field [0001] The present application relates to the field of information security, in particular to a method and device for detecting account theft. Background technique [0002] At present, in order to facilitate the management of intranet devices, an AD (Active Directory, active directory) domain is usually built for the intranet, such as figure 1 shown. exist figure 1 , including domain control devices and intranet devices, where the domain control device can be a domain control host or a domain control server (in practice, domain control devices in an AD domain can include multiple, figure 1 The AD domain includes a domain control device as an example), and the intranet device can be an intranet host or an intranet server. Centralized management of intranet devices in the AD domain can be realized through the domain controller device. For example, it is only necessary to perform a certain setting on the domain controller device to implement this setting on ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1408H04L63/1416G06F18/23Y02D30/50
Inventor 孟翔张斌
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap