Unlock instant, AI-driven research and patent intelligence for your innovation.

Attack behavior detection method, device and attack detection device

A behavior and detection model technology, applied in the field of network security, can solve the problems of host performance degradation, violation of user privacy, large processor resources and memory resources, etc., to achieve the effect of low risk of violation of user privacy

Active Publication Date: 2022-08-09
HUAWEI TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the collected script code usually contains the user's private data, so there is a risk of violating the user's privacy
Moreover, the processor resources and memory resources consumed by parsing the script code are very large, which will cause the performance of the host to degrade

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack behavior detection method, device and attack detection device
  • Attack behavior detection method, device and attack detection device
  • Attack behavior detection method, device and attack detection device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0115] In order to make the objectives, technical solutions and advantages of the present application clearer, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.

[0116] figure 1 It is a system architecture diagram involved in an attack behavior detection method provided by an embodiment of the present application. see figure 1 , the system architecture includes a host 101 , an HTTP proxy device 102 , a firewall 103 and an attack detection device 104 . The host 101 can communicate with the HTTP proxy device 102 in a wireless or wired connection. The HTTP proxy device 102 can communicate with the firewall 103 in a wireless or wired connection. The HTTP proxy device 102 is also capable of communicating with the attack detection device 104 in a wireless or wired connection.

[0117] The host 101 is used to transmit (send or receive) HTTP message stream data. The HTTP proxy device 102 is used to p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application discloses an attack behavior detection method, device and attack detection device, which belong to the technical field of network security. The method includes: acquiring HTTP message flow data transmitted by a host within a reference time period, determining a plurality of initial probability values ​​through a plurality of behavior detection models, and determining a comprehensive probability value according to the plurality of initial probability values, if the comprehensive probability value is greater than If the probability threshold is preset, it is determined that the attack behavior of the EK is detected. Since the multiple behavior detection models are used to describe different stages of the EK's attack behavior trajectory, this scheme can completely describe the EK's attack behavior trajectory, and integrate the initial probability values ​​of each stage to more accurately detect the EK's attack behavior. . In addition, this solution will not seriously consume the resources of the host itself, and because the acquired data only contains the regular data specified by the network protocol, therefore, compared with the method of obtaining script code parsing, the risk of infringing user privacy in this solution is very high. Low.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to an attack behavior detection method, device, and attack detection device. Background technique [0002] Currently, malicious actors can use exploit kits (EKs) to spread malware to attack hosts such as user terminals. EK is a set of tools, which can also be considered as a download-based attack method for spreading malware. When a host accesses a malicious website containing an EK, the EK will use the vulnerability information in the host's online environment to select the corresponding malware to attack the host. If the attack of the EK can be detected in time, the user can be reminded to take measures to deal with the attack of the EK in time to minimize the loss of the user. [0003] In the related art, in the process of visiting a website, the host can collect and detect the script codes of the website, parse the script codes, and generate the signatu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/02
CPCH04L63/1425H04L63/1433H04L63/145H04L63/02H04L67/02H04L63/1416
Inventor 唐玉宾
Owner HUAWEI TECH CO LTD