Unlock instant, AI-driven research and patent intelligence for your innovation.

A network attack path tracing method and device

A network attack and path tracing technology, applied in secure communication devices, digital transmission systems, electrical components, etc., can solve the problem that static blacklist strategies cannot be flexibly expanded, and achieve the goal of reducing cost of ownership, improving labeling capabilities, and improving network security. Effect

Active Publication Date: 2022-02-15
北京金睛云华科技有限公司 +1
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

CN110290116B, a malicious domain name detection method based on knowledge graph, the inventor aims at the problem that the existing static blacklist strategy cannot be flexibly expanded, and proposes to use the association ability of knowledge graph to predict the domain name with malicious behavior, which does not belong to the same technology as the present invention field
[0012] Due to the shortcomings of the above methods in the field of network attack path tracking and source tracing, these methods cannot really meet the needs of network security researchers to track and trace advanced threats based on the existing data accumulation, and conveniently implement network attack detection. Operational attack path and attack scene replay

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network attack path tracing method and device
  • A network attack path tracing method and device
  • A network attack path tracing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] In order to achieve the purpose in the background technology, the present invention provides a network attack path tracking method, the system flow chart and the system framework schematic diagram are as follows figure 1 with figure 2 As shown, the method includes the following steps:

[0077] Step 1), threat events, host process communication data acquisition, use network traffic analysis sensors to analyze real-time network traffic, and obtain a collection of threat events containing various types of network traffic; use host behavior capture sensors to analyze host process behavior, and obtain white list processes The set of process communication data;

[0078] Step 2), data preprocessing, cleans, filters, and enriches network traffic threat events and host process communication behavior data to obtain data sets related to threat alarms;

[0079] Step 3), attack knowledge graph construction, propose AttackGraph algorithm to construct network attack knowledge graph...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the fields of computer security technology, advanced threat detection and artificial intelligence technology, and specifically relates to a network attack path tracking method and device: using a network traffic analysis sensor to obtain a collection of various types of network traffic threat events, using a host behavior capture sensor to obtain white Process communication data collections other than the list process; perform data cleaning, filtering, and enrichment operations to obtain data collections related to threat alarms; use the AttackGraph algorithm to build a network attack knowledge graph; use the AttackCampaign algorithm to analyze and identify the knowledge graph in the database Attack actions; use attack actions and attack entity threat weights to restore and track attack paths, and restore attack scenarios. The present invention can meet the requirements of tracking and tracing the source of advanced threats based on the existing data accumulation, and realize the replay of the attack path and attack scene of the network attack action.

Description

technical field [0001] The invention belongs to the fields of computer security technology, advanced threat detection and artificial intelligence technology, and specifically relates to a network attack path tracking method and device, which can satisfy network security researchers to trace the source of advanced threats based on existing data accumulation, and realize conveniently Review the attack paths and attack scenarios of cyber attacks. Background technique [0002] With the rapid development of network innovation and application, the chain of black interests carried in it is getting bigger and bigger, and the attack forms are also diverse and innovative, and the difficulty of network attack detection is increasing. Among them, the advanced threat has become one of the fastest changing forms, the most complex and sophisticated technology, the most targeted, highly concealed, and the most serious direct harm network threats. Advanced threats consist of three elements:...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1458
Inventor 曲武
Owner 北京金睛云华科技有限公司