Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for establishing threat activity topological graph and storage equipment

A topology map, activity technology, applied in the field of network security, can solve the problem of inability to accurately restore attackers, analyze and stay, etc.

Active Publication Date: 2019-09-06
HARBIN ANTIY TECH
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Based on the above existing problems, the embodiment of the present invention provides a method, device and storage device for establishing a threat activity topology map, so as to solve the problem that the analysis of cyberspace threat activities in the prior art stays in the fuzzy assessment based on network assets and scope of influence , unable to accurately restore the problem of the attacker's threat activity process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for establishing threat activity topological graph and storage equipment
  • Method and device for establishing threat activity topological graph and storage equipment
  • Method and device for establishing threat activity topological graph and storage equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the purpose, technical solution and advantages of the present invention clearer, the specific implementation of the method for establishing the threat activity topology map provided by the embodiment of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described below are only used to illustrate and explain the present invention, not to limit the present invention. And in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

[0032] Cyberspace Threat Framework: Developed by the US National Security Agency / Cyberspace Security Products and Sharing Division (NSA / CSS), it divides the attacker's attack steps into six steps: management, preparation, interaction, existence, influence, and ongoing process. Each stage includes the target activities that need to be achieved,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a method and a device for establishing a threat activity topological graph and storage equipment. The method and the device are used for solving the problem that the process of threat activity of an attacker cannot be accurately restored due to the fact that analysis on threat activity of a network space stays in fuzzy evaluation based on network assets and an influence range in the prior art. The method comprises the steps of performing stage classification on a target threat activity based on a network space threat framework; in combination with a threat activity relationship, inferring related threat activities of all stages before and / or after the stage where the target threat activity is located; establishing a sequential association relationship between the target threat activity and the related threat activity; obtaining a topological graph of a plurality of complete threatening activities according to the sequential incidence relation;and assessing the influence range of each complete threat activity according to each topological graph, comparing the influence range with the actual network asset influence range, and determining thecomplete threat activity topological graph of the target threat activity.

Description

technical field [0001] The embodiments of the present invention relate to the field of network security, and in particular to a method, device and storage device for establishing a threat activity topology map. Background technique [0002] The analysis of cyberspace threat activities in the existing technology is based on fuzzy assessment based on network assets and scope of influence, without combining the context analysis of threat activities, nor analyzing the purpose of threat activities and the methods of attackers. Therefore, the existing analysis of threat activities does not start from the perspective of the attacker, and it is impossible to know why the target threat exists, what is the prerequisite for the existence of the target threat, and what is the attack method of the attacker. Contents of the invention [0003] Based on the above existing problems, the embodiment of the present invention provides a method, device and storage device for establishing a thre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/14H04L63/1441
Inventor 庞博王剑桥孙晋超肖新光
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products