Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method of real-time detection and backtracking of compromised hosts

A real-time detection and host technology, applied in machine learning, computer parts, instruments, etc., can solve the problems of inability to analyze a large amount of data, lack of effective correlation, and large amount of data, and achieve good generalization ability, high precision, and prediction. Accurate and efficient results

Active Publication Date: 2021-11-26
COLASOFT
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the fact that a large amount of security data such as security events and operation logs are generated on traditional security devices every day, the data volume may be very large, and there is no effective correlation between each device and the data of the same device, which will form an information island. It is impossible to conduct overall correlation analysis on a large amount of data, so it is difficult to accurately analyze and identify host loss information under new attack situations through traditional security detection methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method of real-time detection and backtracking of compromised hosts

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] As a specific implementation of the present invention, this embodiment provides the real-time detection of compromised hosts and backtracking method, such as figure 1 As shown, it includes the preprocessing steps of massive network logs, the real-time detection steps of massive IOCs, and the backtracking analysis steps of compromised hosts.

[0034] Specifically, in the massive network log preprocessing step, the log data generated by the traffic between each security domain is uploaded to the intelligent analysis and detection platform through the security probe device, and the intelligent analysis and detection platform includes a big data processing engine, an IOC real-time The detection engine and the kafka cluster deployed in the customer network, the big data processing engine is a tool for data processing, the kafka cluster is a message middleware, equivalent to a warehouse, and a part of the intelligent analysis platform, mainly used for caching data, probes Aft...

Embodiment 2

[0039] As a more detailed implementation of the present invention, the real-time detection and backtracking method of a compromised host provided in this embodiment includes a massive network log preprocessing step, a massive IOC real-time detection step, and a compromised host retrospective analysis step.

[0040] Specifically, the massive network log preprocessing steps:

[0041] First, upload the log data generated by the traffic between security domains to the intelligent analysis and detection platform through the security probe device. The intelligent analysis and detection platform includes a data acquisition engine, a big data processing engine, an IOC real-time detection engine, and an event aggregation engine , a threat intelligence center, a forensic system, and a kafka cluster deployed in the customer network, the data collection engine includes a security probe device, which is used to collect the log data generated by the traffic between security domains and uploa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of big data network security, and specifically relates to a method for real-time detection and backtracking of lost hosts, including massive network log preprocessing steps, massive IOC real-time detection steps, and lost host backtracking analysis steps. A lost host detection and backtracking method and device for log real-time detection performance and compromised host backtracking analysis.

Description

technical field [0001] The invention belongs to the technical field of big data network security, and in particular relates to a method for real-time detection of a compromised host and backtracking. Background technique [0002] With the rapid development of information technology, the forms of enterprise internal network threats are diversified and complex, and they are also facing the challenge of a new generation of threats such as APT attacks. This type of threat not only spreads faster, but also uses attacks In the normal state of this threat, only relying on traditional firewalls, intrusion detection and other security protection equipment can no longer fully meet the network security protection needs of enterprise users. From the perspective of the PDR model of network security, traditional network security still focuses on "protection (P)". Therefore, in order to meet the security protection needs of enterprises in response to new threats, it is necessary to streng...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06N20/00G06K9/62
CPCH04L63/1425G06N20/00H04L2463/146G06F18/241
Inventor 田红伟杨俊萍徐文勇
Owner COLASOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products