Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for tracing the source of a network attack

A network attack, attacker technology, applied in the field of network security, can solve the problem of low tracking accuracy

Active Publication Date: 2022-03-08
北京微步在线科技有限公司
View PDF17 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in practice, it is found that in the existing method, the honeypot server can only simulate the normal service, which is different from the actual service scenario, resulting in low traceability accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for tracing the source of a network attack
  • A method and device for tracing the source of a network attack
  • A method and device for tracing the source of a network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] Please see figure 1 , figure 1 A schematic flowchart of a method for tracing the source of a network attack is provided for the embodiment of the present application. Among them, the network attack traceability method includes:

[0055] S101. Obtain an access log of a target network service, and detect a first malicious file in the target network service.

[0056] In the embodiment of the present application, the target network service may specifically be a WEB service, etc., which is not limited in the embodiment of the present application.

[0057] In the embodiment of this application, this method can be applied to the network attack traceability system, such as image 3 As shown, the traceability system includes three parts: malicious file detection, log analysis, and traceability. The malicious file detection system can detect the first malicious file in the target network service.

[0058] In the embodiment of the present application, the traceability system may...

Embodiment 2

[0111] Please see figure 2 , figure 2 It is a schematic structural diagram of a network attack traceability system provided in the embodiment of this application. like figure 2 As shown, the network attack traceability system includes:

[0112] An acquisition unit 210, configured to acquire an access log of a target network service in the target terminal;

[0113] A detection unit 220, configured to detect a first malicious file in the target network service;

[0114] An extracting unit 230, configured to extract attacker information of the target attacker according to the access log and the first malicious file;

[0115] The determining unit 240 is configured to determine other files accessed by the target attacker according to the access log and the attacker information, as the file to be detected;

[0116] The portrait construction unit 250 is used to construct the attacker portrait of the target attacker according to the file to be detected, the access log, the fir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiments of the present application provide a network attack traceability method and device, which relate to the field of network security technology. The network attack traceability method includes: first obtaining the access log of the target network service, and detecting the first malicious file in the target network service; Then, according to the access log and the first malicious file, extract the attacker information of the target attacker; then, determine other files accessed by the target attacker according to the access log and the attacker information, as the file to be detected; further, according to the file to be detected, Access logs, the first malicious file, and attacker information to construct an attacker portrait of the target attacker; finally, trace the source of the network attack based on the attacker portrait, and obtain the traceability results, which can track network attacks in real service scenarios Traceability, fully fits the actual service scenario, which is conducive to improving the accuracy of traceability and ensuring network security.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to a method and device for tracing the source of a network attack. Background technique [0002] At present, with the rapid development of computer network technology, more and more enterprises provide targeted network services. At the same time, the security protection of network servers, the main body of network services, is becoming more and more important. The existing network attack traceability method usually first obtains the access log in the pre-deployed honeypot server; then extracts the attacker’s information from the access log; Storage for the record. However, in practice, it is found that in the existing method, the honeypot server can only simulate normal services, which are different from actual service scenarios, resulting in low traceability accuracy. Contents of the invention [0003] The purpose of the embodiments of the present applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/55G06F21/56
Inventor 孙立博卢胜樊兴华薛锋
Owner 北京微步在线科技有限公司