Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat intelligence analysis system for attack tracing

An analysis system and intelligence technology, applied in the field of threat intelligence analysis system, can solve the problems of insufficient threat intelligence sources, high rate of missed or false positives, and lack of uniform specifications, etc., to achieve wide source methods, less resource use, and high operating efficiency high effect

Inactive Publication Date: 2017-08-15
STATE GRID CORP OF CHINA +3
View PDF7 Cites 69 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The above method has certain limitations:
The above method uses a relatively simple whitelist method. First, the method of generating threat intelligence is relatively single, and the source of threat intelligence is not extensive enough. The rate of false negatives or false positives may be high, and the generalization of the method is poor.
Moreover, it only describes the method of generating threat intelligence, and does not form a complete threat intelligence analysis system
(2) The method of threat intelligence sharing is based on solving the current problems of lack of unified norms, low efficiency of intelligence sharing, and risk of leakage of intelligence due to information sharing between the automatic processing of network threat intelligence and cross-departmental information sharing.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat intelligence analysis system for attack tracing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific embodiments.

[0026] see figure 1 , the present invention includes an internal threat intelligence source module, an external threat intelligence source module and an attack traceability analysis module.

[0027] Among them, the internal threat intelligence source module mainly refers to the threat intelligence formed by the organization's own security monitoring protection analysis system, including data from the security detection module and the security analysis module. Security detection modules, such as firewalls, intrusion detection systems, vulnerability scanning systems, antivirus systems, and terminal security management systems. Enterprise internal security analysis modules, such as SIME, security operation center and security management platform;

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a threat intelligence analysis system for attack tracing. The system comprises an internal threat intelligence collection module, an external threat intelligence collection module and an attack tracing analysis module; the internal threat intelligence collection module comprises a security detection module and a security analysis module; the attack tracing analysis module comprises attacker tracing and attack host tracking; threat intelligence obtained by the internal threat intelligence collection module and the external threat intelligence collection module is uploaded to the attack tracing analysis module, the attack tracing analysis module performs attacker tracing and attack host tracking on the threat intelligence and feeds back the result to the security detection module and the security analysis module; and meanwhile, the result is performed with threat intelligence sharing and exchange with an external cooperation mechanism. The threat intelligence analysis system disclosed by the invention can not only singly and quickly accomplish threat intelligence analysis and detection, but also can provide prediction for the attacks of enterprises, the method is orientated to attack tracing, and the attack mode is analyzed from the source so as to better identify the identity of the attacker.

Description

technical field [0001] The invention relates to an attack source-oriented threat intelligence analysis system, which belongs to the technical field of network security. Background technique [0002] Threat intelligence is knowledge information that describes threats based on evidence, including threat-related context information (context), methods and mechanisms used by threats, threat-related indicators (indicators), attack impact, and countermeasures. Threat intelligence is used to describe security threats and provide decision-making suggestions to organizations or third parties. The purpose of threat intelligence is to provide all clues to restore and predict attacks that have not occurred, to learn as much as possible about attackers’ motives, tactics, tools, resources, and behavioral processes, and to establish an effective defense system. Threat intelligence generally consists of two parts: threat information and defense information. The threat information includes:...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1408H04L63/1433H04L63/1441H04L63/145H04L63/1466H04L63/1475
Inventor 廖鹏郭靓陈春霖韩勇金倩倩于晓文蒋甜李炜键姜帆俞皓贾雪张路煜林学峰秦学嘉丁晓玉张明扬周晟郭蔡炜关海潮刘盼
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com