Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for determining the success of an attack

A judging method and a successful technology, applied in the field of network security, can solve the problems of inability to judge the success of network attacks, threats, and reduce the work efficiency of security operators.

Active Publication Date: 2022-07-22
北京微步在线科技有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in practice, it is found that the alarm information of the existing technology cannot judge whether the network attack is successful or not, and will generate a large number of threat alarms, which seriously reduces the work efficiency of security operators

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for determining the success of an attack
  • A method and device for determining the success of an attack
  • A method and device for determining the success of an attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] see figure 1 , figure 1 This embodiment of the present application provides a schematic flowchart of a method for determining the success of an attack. Among them, the attack success determination method includes:

[0063]S101. Acquire network traffic data to be detected.

[0064] In the embodiment of the present application, the method is applied to the detection scenario of network attacks in network traffic.

[0065] In this embodiment of the present application, the execution body of the method may be an attack success determination device.

[0066] In the embodiment of the present application, when the attack successfully determines that the device is a hardware device, it may be a computing device such as a computer and a server, or a smart device such as a smart phone and a tablet computer, which is not limited in this embodiment.

[0067] In the embodiment of the present application, when the attack success determination device is software-based deployment, ...

Embodiment 2

[0094] see figure 2 , figure 2 This is a schematic flowchart of another attack success determination method provided by the embodiment of the present application. like figure 2 As shown, wherein, the attack success determination method includes:

[0095] S201. Acquire network traffic data to be detected.

[0096] S202. Acquire a request data packet in the network traffic data.

[0097] S203. Perform attack feature detection on the request data packet to obtain a detection result.

[0098] As an optional implementation manner, performing attack feature detection on the request data packet to obtain the detection result may include the following steps:

[0099] Perform parsing processing on the request data packet to obtain the parsing data packet;

[0100] Obtain the feature meta information of the parsed data packet;

[0101] Obtain the preset attack feature metabase, and determine whether the feature meta information matches the attack feature metabase;

[0102] If...

example 1

[0153] Example 1: Suppose a threat program is a Web command execution tool, which can implement hackers to attack the Web system, and transmit commands and command execution results through HTTP requests and HTTP responses.

[0154] When attack detection is performed by the method provided in this embodiment, attack features are first detected from the HTTP request, wherein the attack features included in the HTTP request include: URL path shell.jsp, content of the Accept field, HTTP request body, etc. This attack is characterized by full Base64 encoding, which can be judged as attacking HTTP requests. Then determine whether the attack is successful according to the HTTP response data packet, first determine the HTTP response associated with the attacking HTTP request, and then when it is determined that the response code in the HTTP response is 200, and the garbled form of the HTTP response body conforms to the response characteristics of the threat program , it can be determ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiments of the present application provide a method and device for judging the success of an attack, which relate to the technical field of network security. The method for judging the success of an attack includes: acquiring network traffic data to be detected; acquiring an attack request data packet in the network traffic data and the attack request data The response data packet associated with the packet; perform in-depth analysis and processing on the response data packet to obtain the in-depth analysis result; judge whether the attack is successful according to the in-depth analysis result; when it is judged that the attack is successful, output the attack success prompt information, which can detect whether the network attack is attacked If successful, a large number of threat alerts can be avoided, thereby improving the work efficiency of security operators.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to a method and apparatus for determining the success of an attack. Background technique [0002] With the rapid development of information technology, computers and networks have become necessary tools and approaches for daily office, communication and collaboration, and information security has become more and more important. As an important topic in the field of information security, threat detection is getting more and more attention. In the prior art, network equipment collects traffic to NIDS or NDR, and then NIDS or NDR equipment analyzes and detects attack characteristics from traffic data packets, and then issues threat alarms. Generally, rules and regular expressions are written to match attack characteristics, and an attack occurs. The feature generates an alert. However, in practice, it is found that the alarm information of the existing technol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1433H04L63/1441
Inventor 赵林林童兆丰薛锋
Owner 北京微步在线科技有限公司