Method for detecting intranet lateral movement attack

A lateral movement, intranet technology, applied in the directions of instruments, character and pattern recognition, electrical components, etc., can solve problems such as inability to defend against advanced attacks, difficult to eradicate attackers hiding, and inability to effectively solve the problem of lateral movement attack detection. The effect of low reporting rate, protection of information security, and high detection accuracy

Inactive Publication Date: 2019-11-29
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because attackers can compromise multiple devices through lateral movement attacks, it is very easy for attackers to hide themselves and difficult to eradicate
[0004] At present, traditional detection technologies cannot defend against such advanced attacks. Most of the solutions are intrusion detection deployed on the network boundary, such as the detection of abnormal traffic at the boundary or the heuristic detection of 0day vulnerabilities, etc.
However, there is no good solution to the attacks that have penetrated into the intranet, so the detection of lateral movement attacks is a difficult problem that cannot be effectively solved now

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting intranet lateral movement attack
  • Method for detecting intranet lateral movement attack
  • Method for detecting intranet lateral movement attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the purpose, features and advantages of the present invention more obvious and easy to understand, the technical core of the present invention will be further described in detail below in conjunction with the accompanying drawings and examples instruction of.

[0037] This embodiment discloses a reliable and effective method for detecting intranet lateral movement attacks, such as figure 1 As shown, this method is mainly composed of four parts: information collection, communication construction between hosts, network representation learning and semi-supervised classification. The main steps are as follows.

[0038] Step 100, the enterprise uses the intranet data collection module to collect information according to its own capabilities and needs. The collected information, such as the number of successful / failed logins between...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for detecting an intranet lateral movement attack. The method comprises the following steps: collecting flow and log data of intranet equipment; extracting all nodes inthe data, connecting the two nodes subjected to network communication, and constructing an inter-host communication graph; extracting and combinding flow data between every two connected nodes and extracting and combinding data on the nodes to serve as feature values to be assigned to edges and points of the inter-host communication graph; performing dimension reduction on the inter-host communication graph with the features by using a network representation learning method, and extracting a low-dimensional feature vector by using an auto-encoder; and classifying the low-dimensional feature vectors by using a semi-supervised classification learning algorithm, and distinguishing hosts suspected to be attacked.

Description

technical field [0001] The invention relates to the field of computer network security, and is used for combating the lateral movement attack stage in advanced persistent threats, more specifically, a detection method for intranet lateral movement attacks. Background technique [0002] A lateral movement attack refers to an attacker targeting a specific internal network, starting from an infected peripheral device, accessing other hosts in the network and stealing sensitive information (such as credentials, confidential information, etc.) etc.) malicious infiltration behavior. Through lateral movement attacks, attackers can finally obtain domain control rights and then control all devices, thereby achieving the purpose of stealing important data and residing in intranet systems, which seriously threatens the information security of enterprises and other organizations. [0003] Lateral movement attacks are widely used in complex network attacks, and are also a very important...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416G06F18/2155G06F18/24
Inventor 陈明毅王天姚叶鹏刘俊荣姜波苏莉娅卢志刚
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap