Attack organization identification method based on industrial control flow and threat intelligence association analysis

A technology of association analysis and organization identification, applied in digital transmission systems, secure communication devices, electrical components, etc., can solve the problems of low practicality and reference, low accuracy, etc., and achieve strong scalability, flexible identification, The effect of improving recognition accuracy

Active Publication Date: 2022-05-03
NORTHEASTERN UNIV
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing identification methods for attacking organizations have low accuracy, and are not very practical and informative

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack organization identification method based on industrial control flow and threat intelligence association analysis
  • Attack organization identification method based on industrial control flow and threat intelligence association analysis
  • Attack organization identification method based on industrial control flow and threat intelligence association analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The following in conjunction with the accompanying drawings and embodiments, the specific embodiments of the present invention will be further described in detail.

[0038] The present embodiment elaborates an algorithm flow of the present invention based on the analysis of industrial control traffic and threat intelligence correlation analysis of the attack organization when implemented in the case of implementation and application, the application of the industrial control honeypot attack IP organization identification problem in the field of network security.

[0039] Accurately identifying the attack organization to which the attacker belongs in the industrial control network can help the network security personnel to defend against the distributed attack of the attacking organization in a timely manner and ensure the safe and stable operation of the industrial control network. An attack organization identification method based on correlation analysis of industrial cont...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security and machine learning, and provides an attack organization identification method based on industrial control traffic and threat intelligence association analysis, which comprises the following steps of: obtaining traffic data, threat intelligence information, targeted characteristics and a scanning tool of an industrial control attacker; aiming at the obtained data characteristics of the threat intelligence characteristics and the industrial control traffic characteristics of the attacker, respectively adopting different similarity measurement methods to construct a similarity matrix, fusing to construct a composite weighted similarity matrix, and mapping data points in an original high-dimensional space to a low-dimensional space; clustering the obtained data sample points to obtain an industrial control attack organization; according to the method, the recognition precision of the attack organization is improved, the expandability is high, and the method can be used for monitoring network intruders in real time and actively defending distributed attacks of the attack organization in time. The number of clusters does not need to be specified, the bandwidth can be adaptively calculated, and industrial control attack organizations can be identified more accurately and flexibly.

Description

Technical field [0001] The present invention relates to the field of network security and machine learning techniques, specifically to an attack organization identification method based on industrial control traffic and threat intelligence correlation analysis. Background [0002] In recent years, cyberattacks against critical infrastructure have become increasingly severe, especially advanced persistent threats (APTs), which are highly targeted, well-organized, long-lasting, highly concealed, and indirect attacks compared to traditional cyber attacks. Successful APT attacks can often generate huge profits, so attackers often exist as an organization, consisting of a highly skilled group of hackers, collaborating on attacks and planning their attacks in advance. APT attacks can cause huge losses to businesses and even countries through multi-attacker collaborative attacks that disrupt the critical infrastructure of specific targets, steal confidential data, or encrypt user files...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/1408H04L63/1416H04L63/1425H04L63/1491
Inventor 姚羽林小李魏鑫杨巍焦轩琦聂鑫宇刘莹盛川李凤来张晨周子业杨道青刘鹏杰
Owner NORTHEASTERN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap