A method and system for identifying a service logic attack link based on dynamic behavior

By aggregating and multi-dimensionally judging business behavior records, abnormal transfers are identified and attack chains are traced, solving the problems of insufficient accuracy in identifying complex business logic attacks and insufficient path reconstruction in existing technologies, and achieving more efficient attack chain identification and tracing.

CN122247741APending Publication Date: 2026-06-19CHINA INT DATA SYST CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA INT DATA SYST CO LTD
Filing Date
2026-04-24
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing technologies struggle to accurately identify the relationships between business behaviors scattered across different times, sessions, or processing stages in complex business logic attack scenarios, resulting in low accuracy in attack chain identification and insufficient path reconstruction capabilities.

Method used

By collecting business behavior records, dynamic behavior fragments are aggregated and then subjected to status parsing, permission determination, and credential determination. Combined with preset legal rules, multi-dimensional comparisons are performed to identify abnormal transfers and trace the attack chain through supplementary certification events.

Benefits of technology

It improves the accuracy of identifying and tracing complex business logic attacks, reduces the false alarm rate, and can more completely reconstruct the attack path.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247741A_ABST
    Figure CN122247741A_ABST
Patent Text Reader

Abstract

This invention relates to the field of data processing technology and discloses a method and system for identifying business logic attack chains based on dynamic behavior. The method includes: collecting and aggregating business behavior records to obtain dynamic behavior fragments; parsing the dynamic behavior fragments to obtain preceding and subsequent state descriptions, performing permission determination to obtain the actual access permission result; performing credential determination to obtain the access credential inheritance result; extracting preceding and subsequent dynamic behavior fragments, comparing the preceding and subsequent dynamic behavior fragments, the actual access permission result, and the access credential inheritance result with preset legal rules; determining an abnormal transfer when any comparison fails; and performing a reverse lookup of the abnormal business object to obtain the business logic attack chain identification result. This application improves the accuracy of identifying complex business logic attacks, reduces the false positive rate, and enhances the attack path reconstruction capability.
Need to check novelty before this filing date? Find Prior Art