Attack detection method, apparatus, device, and computer-readable storage medium

By performing fine-grained feature analysis on traffic data's metadata and content data, and combining basic behavioral features, semantic features, and temporal features, this technology solves the problems of low accuracy and insufficient real-time performance in existing network attack detection technologies, and achieves accurate identification and real-time protection against Webshell code.

CN117938455BActive Publication Date: 2026-06-23BEIJING TOPWALK INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING TOPWALK INFORMATION TECH CO LTD
Filing Date
2023-12-26
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing attack detection methods struggle to identify Webshell code modified by attackers through obfuscation, bypassing, and encryption, resulting in low accuracy in network attack detection and making them unsuitable for real-time monitoring and protection against network attacks.

Method used

The traffic data to be detected is divided into two types: metadata and content data. The first feature and the second feature are extracted respectively. By comprehensively applying basic behavioral features, semantic features and temporal features, more granular feature analysis is achieved to identify network attacks.

Benefits of technology

It improves the accuracy of network attack detection, meets the requirements for real-time monitoring and protection against network attacks, and can identify Webshell code that has been modified through obfuscation, bypass, and encryption.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117938455B_ABST
    Figure CN117938455B_ABST
Patent Text Reader

Abstract

The application discloses an attack detection method and device, equipment and a computer readable storage medium, and relates to the technical field of network security. The method comprises the following steps: acquiring a first feature and a second feature of to-be-detected traffic data; the first feature is used for representing metadata of the to-be-detected traffic data; the second feature is used for representing content data of the to-be-detected traffic data; feature extraction is respectively performed on the first feature and the second feature, so as to obtain a basic behavior feature of the first feature and a semantic feature corresponding to the second feature; the basic behavior feature is used for representing the correlation between the metadata, and the semantic feature is used for representing the correlation between the content data; time sequence information extraction is performed on the first feature and the second feature, so as to obtain a time sequence feature; and a classification result of the to-be-detected traffic data is determined according to the basic behavior feature, the semantic feature and the time sequence feature; the classification result is used for representing whether the to-be-detected traffic data is subjected to a network attack.
Need to check novelty before this filing date? Find Prior Art