Unlock instant, AI-driven research and patent intelligence for your innovation.

Attack behavior detection method and device and attack detection equipment

A behavioral and detection model technology, applied in the field of network security, can solve the problems of host performance degradation, violation of user privacy, large processor resources and memory resources, etc., and achieve the effect of low risk of violation of user privacy

Active Publication Date: 2021-08-27
HUAWEI TECH CO LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the collected script code usually contains the user's private data, so there is a risk of violating the user's privacy
Moreover, the processor resources and memory resources consumed by parsing the script code are very large, which will cause the performance of the host to degrade

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack behavior detection method and device and attack detection equipment
  • Attack behavior detection method and device and attack detection equipment
  • Attack behavior detection method and device and attack detection equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0115] In order to make the purpose, technical solution and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.

[0116] figure 1 It is a system architecture diagram involved in an attack behavior detection method provided by an embodiment of the present application. see figure 1 , the system architecture includes a host 101 , an HTTP proxy device 102 , a firewall 103 and an attack detection device 104 . The host 101 can communicate with the HTTP proxy device 102 in a wireless or wired manner. The HTTP proxy device 102 can communicate with the firewall 103 in a wireless or wired manner. The HTTP proxy device 102 can also communicate with the attack detection device 104 in a wireless or wired manner.

[0117] The host 101 is used to transmit (send or receive) HTTP message flow data. The HTTP proxy device 102 is used to proxy the host 101...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attack behavior detection method and device and attack detection equipment, and belongs to the technical field of network safety. The method comprises the following steps: acquiring HTTP message stream data transmitted by a host within a reference time period, determining a plurality of initial probability values through a plurality of behavior detection models, determining a comprehensive probability value according to the plurality of initial probability values, If the comprehensive probability value is greater than a preset probability threshold, determining that an attack behavior of an EK is detected. Since the plurality of behavior detection models are respectively used for describing different stages in the attack behavior trajectory of the EK, the scheme can completely describe the attack behavior trajectory of the EK, and the attack behavior of the EK can be more accurately detected by synthesizing the initial probability values of the stages. Besides, the scheme does not seriously consume resources of the host, and the acquired data only contains conventional data specified by a network protocol, so that compared with a method for acquiring script code analysis, the scheme has the advantage that the risk of invading user privacy is very low.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to an attack behavior detection method, device and attack detection equipment. Background technique [0002] Currently, malicious actors can use exploit kits (exploit kits, EKs) to spread malicious software to achieve the purpose of attacking hosts such as user terminals. EK is a set of tools, which can also be considered as an attack method for distributing malware based on downloading. When the host accesses a malicious website containing EK, EK will use the vulnerability information in the host's Internet environment to select the corresponding malicious software to attack the host. And if the attack behavior of EK can be detected in time, the user can be reminded to take timely measures to deal with the attack of EK, and the loss of users can be minimized. [0003] In a related technology, a host can collect and detect script codes of the website during a pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L63/1433H04L63/145H04L63/02H04L67/02H04L63/1416
Inventor 唐玉宾
Owner HUAWEI TECH CO LTD