Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for judging attack success through reverse connection

A successful, attacked technique used in cybersecurity

Active Publication Date: 2022-01-21
北京微步在线科技有限公司
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the embodiments of the present application is to provide a method and device for judging the success of an attack through reverse connection, which can solve the problem of judging the success of a network attack, avoid generating a large number of threat alarms, and thus help improve the efficiency of security protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for judging attack success through reverse connection
  • Method and device for judging attack success through reverse connection
  • Method and device for judging attack success through reverse connection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Please see figure 1 , figure 1 The embodiment of the present application provides a schematic flowchart of a method for determining the success of an attack through reverse connection. Among them, the method for determining the success of an attack through reverse connection includes:

[0039] S101. Obtain attack traffic to be detected.

[0040] In the embodiment of the present application, the method is applied in a network security scenario, and is specifically applied in a scenario of determining whether the attack is successful after the host is attacked.

[0041] S102. Identify the attacked host address from the attack traffic according to a preset feature detection algorithm, and extract the attack payload in the attack traffic.

[0042] In the embodiment of the present application, when detecting the attack traffic to identify the attacked host address, first detect the specific attack characteristics in the attack traffic, and then extract the attacked host a...

Embodiment 2

[0092] Please see figure 2 , figure 2 It is a schematic structural diagram of an apparatus for determining the success of an attack through reverse connection provided in the embodiment of the present application. Such as figure 2 As shown, the device for judging the success of the attack through reverse connection includes:

[0093] An acquisition unit 210, configured to acquire attack traffic to be detected;

[0094] The attacked address extracting unit 220 is used to extract the attack load in the attack traffic and the attacked host address corresponding to the attack traffic;

[0095] In the embodiment of the present application, when detecting the attack traffic to identify the attacked host address, the specific attack characteristics in the attack traffic are detected first, and then the attacked host address is identified according to the attack characteristics, and the attacked host address is cached.

[0096] In this embodiment of the present application, the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method and device for judging attack success through reverse connection, and the method comprises the steps: obtaining to-be-detected attack traffic, and extracting an attack load in the attack traffic and an attacked host address corresponding to the attack traffic; then extracting a suspected reverse connection address in the attack load; judging whether a connection request corresponding to the suspected reverse connection address is detected or not according to the address of the attacked host and a preset judgment condition; and if yes, determining that the attacked host address is successfully attacked, so that the problem of judging the success of the network attack can be solved, a large number of threat alarms are avoided, and the security protection efficiency is improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular, to a method and device for judging the success of an attack through reverse connection. Background technique [0002] With the rapid development of information technology, computers and networks have become necessary tools and means for daily office work, communication and interaction, and information security is becoming more and more important. Existing technologies usually match attack features by writing rules and regular expressions, and when an attack feature is detected, an alarm is generated. However, in practice, it is found that the existing methods can only detect whether there are network threat events in the traffic data, but cannot determine whether the attack is successful, and will generate a large number of alarm information, which seriously reduces the efficiency of security protection. Contents of the invention [0003] The purpose of the em...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40
CPCH04L63/1408H04L63/1416H04L63/1441
Inventor 赵林林童兆丰薛锋
Owner 北京微步在线科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com