Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Lateral movement attack detection method and system based on heterogeneous graph network

A lateral movement, attack detection technology, applied in neural learning methods, biological neural network models, digital data authentication, etc., can solve problems to be studied, high false alarm rate, high concealment, etc. The effect of reporting

Pending Publication Date: 2021-07-09
INST OF INFORMATION ENG CAS
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In summary, lateral movement attacks usually operate by stealing user credentials and pretending to be normal users, which is highly concealed and difficult to detect
Existing research methods for lateral movement attack detection usually convert it to the detection of abnormal users or hosts in the intranet, but there are still the following shortcomings and deficiencies: First, the massive multi-source security logs make the false positives of existing methods rate is usually higher
Second, in the actual network environment, it is often impossible or only a small part of abnormal users or hosts can be observed, and this part of abnormal users or hosts has not been fully utilized; third, the intranet is essentially a network composed of users and hosts. The association graph of the graph, and the detection of lateral movement attacks on the graph remains to be studied

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Lateral movement attack detection method and system based on heterogeneous graph network
  • Lateral movement attack detection method and system based on heterogeneous graph network
  • Lateral movement attack detection method and system based on heterogeneous graph network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to better understand the technical solutions in the embodiments of the present invention, the objects, features and advantages of the present invention can be further understood, and the techniques of the present invention will be further detailed in connection with the accompanying drawings and examples. instruction of.

[0034] In the present invention, a method of detecting a transverse moving attack based on a heterogeneous diagram network is disclosed, such as figure 1 As shown, this method is mainly composed of data acquisition, safety log chart, and is based on unwaver login behavior detection and the four parts: the main steps based on the horizontal mobile attack detection of semi-supervising learning. The main steps are as follows:

[0035] Step 100 is extracted for data set, that is, collecting the authentication log generated by the network device for a period of time, constitutes a data set.

[0036] Step 200 is structured for the security log chart, m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a lateral movement attack detection method and system based on a heterogeneous graph network. According to the method, based on an authentication log of an intranet, a login behavior graph between a user and a host is structured, a user login graph and a source host path graph are constructed, and then two-stage anomaly detection is performed on the graphs. In the first stage, based on a user login graph, a mutual information maximization graph neural network algorithm is used to learn a behavior pattern of a host, and then a partial abnormal sample is calculated through a local abnormal factor algorithm; and in the second stage, based on the source host path diagram and the labeled sample obtained in the first stage, semi-supervised learning is performed by using a heterogeneous diagram attention network algorithm, and a lateral movement attack behavior is detected. According to the method, the lateral movement attack behavior can be simply and effectively detected without sample labels, the effect exceeds that of most supervised learning methods, and the method has a high recall rate and a low false alarm rate.

Description

Technical field [0001] The present invention relates to the field of computer network security, and is used to counter the lateral moving attack behavior implemented in advanced persistent threats, more specifically, a transverse moving attack detection method and system based on heterogeneous network. Background technique [0002] In recent years, with the rapid development of the Internet, the network environment has become increasingly complex, and the network attack is increasingly presenting a high-frequency situation. Among them, Advanced Persistent Threat, APT benefits from the progress of the attack technique and the improvement of attack organizationality, and the attack is increasingly frequent. Compared to other attacks, APT attacks have longer latent cycles and greater destructive power, such as intervention in US elections, destroying grids. Its attack technique is also more comprehensive and able to develop customized attack tools through long-term observation of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/55G06F21/44G06N3/04G06N3/08
CPCG06F21/566G06F21/552G06F21/44G06N3/088G06N3/045
Inventor 卢志刚王天姜波刘俊荣刘松董璞
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com