Multilayer fusion beacon detection and path restoration method and device

A multi-layer fusion and beacon detection technology, applied in the field of network security, can solve problems such as the inability to build a network attack path, the difficulty in path reconstruction, and the inability to collect data packets.

Active Publication Date: 2022-06-21
NO 15 INST OF CHINA ELECTRONICS TECH GRP +2
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The path reconstruction process is difficult: since this method is to add a mark in the IP domain, when performing path restoration, it is necessary to collect a certain number of data packets for analysis and traceability;
[0006] (2) If the attacker forges or tampers with the network data marking packet, the victim cannot collect all the marked data packets, and cannot construct a network attack path or construct a wrong network attack path

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multilayer fusion beacon detection and path restoration method and device
  • Multilayer fusion beacon detection and path restoration method and device
  • Multilayer fusion beacon detection and path restoration method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] see figure 1 , figure 1 It is an overall block diagram of a multi-layer fusion beacon detection and path restoration method disclosed in the embodiment of the present invention, including the following operations:

[0083] 101. The target system network routing routing node data packet beacon implantation;

[0084] The beacon is implanted in a multi-layer fusion method. When the beacon identification field in the network data packet is marked by the routing node, it is inserted according to the insertfield old =insertfield+ID old Rules are implanted, where insertfield represents the identification field of the current routing node, and insertfield old Indicates the identification field of the previous routing node, ID old Indicates the ID of the IP protocol in the data packet of the previous routing node. like figure 2 As shown, a beacon is implanted in a specific position of the application layer protocol, an optional field of the transport layer in TCP, and an ...

Embodiment 2

[0105] Scenario: When an enterprise accesses the network in the local area network, if there is an attacker attacking the users using the network, the network security management personnel can restore the attack path of the attacker through the method mentioned in the present invention, and can take measures Improve the security of your own network.

[0106] The overall thinking of embodiment two is as follows:

[0107]Step 1. Select the routers for network traffic in and out of the enterprise, and add beacon implantation devices to these routers; select network border entry and exit gateway routers, and add beacon detection devices to them.

[0108] Step 2: When the intranet of the enterprise is attacked by the network, the beacon is extracted from the data packets flowing through the router.

[0109] Step 3. Starting from the data packet of the first routing node, calculate the transition probability, search deviation and the probability of the data packet pointing to the n...

Embodiment 3

[0122] see Figure 4 , Figure 4 It is a schematic diagram of a multi-layer fusion beacon detection and path restoration device based on representation learning, wherein, Figure 4 The described device can be applied to a multi-layer fusion beacon detection and path restoration method based on representation learning, such as Figure 4 As shown, the device may include:

[0123] 401. Beacon implantation module, used to implement multi-layer fusion beacon implantation;

[0124] 402. The routing node feature calculation module uses a random walk-based network representation learning model to calculate the features of the routing node;

[0125] 403. The path restoration module extracts the path information of information propagation from the information of each routing node in the network, so as to find the order of routing node restoration;

[0126] 404. The storage module stores the restored attack path in a database, so as to enhance network security later.

[0127] It can...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-layer fusion beacon detection and path restoration method and device. The method comprises the following steps: implanting a multi-layer fusion beacon in a target system network routing node data packet; obtaining a routing node network data packet of an implanted beacon in a target system; network characterization learning is carried out on the network data packet with the implanted beacons, and the features of routing nodes are calculated; extracting path information of information propagation according to the characteristics of the routing node, and restoring an attack path; and storing the restored path information. Therefore, according to the method, the network representation learning model is introduced, the network routing nodes are vectorized, and the characteristics of different routing nodes are considered, so that the obtained vector form can have representation and reasoning capabilities in the vector space, and then the reduced attack path is calculated by using the graph convolutional neural network; the threat perception and prediction capability of the network can be improved, and the security of the network is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for multi-layer fusion beacon detection and path restoration. Background technique [0002] With the continuous development of computer technology and the continuous popularization of the Internet, the forms of network attacks emerge in endlessly, and the problem of network security is becoming more and more prominent. The network attack path describes the dependency between the network state and the attack action, and the restoration of the attack path is mainly to locate the attack source and reconstruct the attack sequence. [0003] Most attack path tracing uses the tag information in the data packet to determine the forwarding path that the traffic data packet passes through during network transmission. In the development of traceability technology, emerging technologies can be divided into four categories: link test method, log record method, IC...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06N3/04G06N3/08
CPCH04L63/1416G06N3/08H04L63/1408G06N3/045Y02D30/70
Inventor 崔军吴凤丽任传伦俞赛赛刘晓影乌吉斯古愣孟祥頔林志贵王明琛谭震刘文瀚
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap