Attack user identification method and device based on test machine, and storage medium

A user identification and testing machine technology, applied in the field of network security, can solve the problems of defense lag and emergency response team's difficulty in tracking and tracing attack attribution, etc., and achieve the effect of rapid identification

Pending Publication Date: 2022-05-13
三六零数字安全科技集团有限公司
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Existing solutions for identifying advanced threat actors mainly rely on malicious code, commercial company assets, and open-source intelligence. When advanced threat actors change their technical strategies or lack intelligence, it is difficult for emergency response teams to trace the source of the attack to the attribution. resulting in a defensive lag

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack user identification method and device based on test machine, and storage medium
  • Attack user identification method and device based on test machine, and storage medium
  • Attack user identification method and device based on test machine, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0084] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0085] refer to figure 1 , figure 1 It is a schematic structural diagram of an attacking user identification device based on a test machine in the hardware operating environment involved in the solution of the embodiment of the present invention.

[0086] Such as figure 1 As shown, the attacking user identification device based on the testing machine may include: a processor 1001 , such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002 , a user interface 1003 , a network interface 1004 , and a memory 1005 . Wherein, the communication bus 1002 is used to realize connection and communication between these components. The user interface 1003 can include a display screen (Display), and the optional user interface 1003 can also include a standard wired interface and a wireless interfa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security, and discloses an attack user identification method and device based on a test machine, and a storage medium. The method comprises the steps of collecting test behavior information of a current user through a test machine; generating a user behavior portrait according to the test behavior information; the user behavior portrait is matched with a preset attack user portrait knowledge base, so that whether the matched user behavior portrait exists in the preset attack user portrait knowledge base or not is judged, and the preset attack user portrait knowledge base is obtained by integrating the attack user portrait knowledge bases according to attack types; and when the matched user behavior portrait exists in the preset attack user portrait knowledge base, determining that the current user is an attack user, thereby obtaining the preset attack user portrait knowledge base with higher recognition efficiency by integrating the attack user portrait knowledge bases, and realizing rapid recognition of the attack user.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an attacking user identification method, equipment, storage medium and device based on a testing machine. Background technique [0002] In the process of testing and confronting advanced threat actors and security endpoint products, advanced threat actors will install the endpoint product in a virtual environment in most cases, and test their malicious tools against security endpoint products, so as to evaluate the next step However, during this process, advanced threat actors will continue to expose their habitual characteristics. [0003] Existing solutions for identifying advanced threat actors mainly rely on malicious code, commercial company assets, and open-source intelligence for correlation. When advanced threat actors change their technical strategies or lack intelligence, it is difficult for emergency response teams to trace the source of the attack to the attr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1425
Inventor 边亮陈泽宇
Owner 三六零数字安全科技集团有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap