Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat information processing method and device, electronic equipment and medium

An information processing method and basic information technology, applied in electrical components, transmission systems, etc., can solve problems such as poor pertinence, and achieve the effect of improving processing efficiency

Active Publication Date: 2020-02-18
浙江乾冠信息安全研究院有限公司
View PDF6 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the means of network attacks are gradually evolving towards simplicity and comprehensiveness, the types of network attacks are gradually becoming more diverse and complex
[0003] At present, in the relevant technologies of network security analysis, the analysis data used is generally the security data of general equipment, such as firewalls, security logs and other data. Analyzing these data can obtain the overall security status of the network, but the pertinence is not strong, and it is difficult to Make targeted threat predictions for each attack source

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat information processing method and device, electronic equipment and medium
  • Threat information processing method and device, electronic equipment and medium
  • Threat information processing method and device, electronic equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] This embodiment provides a threat information processing method, which aims to solve the problem that it is difficult to make targeted threat prediction for each attack source. Specifically, refer to figure 1 As shown, the threat information processing method specifically includes the following steps S10 to S40.

[0044] In step S10, a set to be processed is acquired, and the event of the set to be processed is recorded as a threat event. Specifically, a process in which an attack source attacks a device in a preset area is an event, and the event is included in the threat information.

[0045] It is worth noting that each event is associated with a corresponding attack type, and a corresponding set is set for the attack type. For example: when the execution device captures a new event, it will attribute the new event to the corresponding set according to the attack type corresponding to the new event.

[0046] The attack types include but are not limited to DDoS att...

Embodiment 2

[0060] This embodiment provides a threat information processing method, referring to figure 2 As shown, this embodiment is carried out on the basis of Embodiment 1. Specifically, the threat information processing method further includes the following steps.

[0061] Step S50, group threat events with the same attack target into the same group and record it as a victim group. The threat events in the victim group have the same attack type and the same attack target, so that the corresponding information can be obtained through the analysis of the victim group, so as to make targeted threat predictions for each attack target.

[0062] Specifically, data cleaning is performed on threat data in each victim group, and data cleaning rules can be customized. For example: during data cleaning, remove the data whose attack target is not the specified IP.

[0063] It should be noted that the basic information also includes the occurrence time, and the occurrence time falls within th...

Embodiment 3

[0069] This embodiment provides a threat information processing method, referring to figure 1 , figure 2 and image 3 As shown, this embodiment is carried out on the basis of Embodiment 1 and / or Embodiment 2. Specifically, the threat information processing method further includes the following steps.

[0070] Step S70, mark the attack source marked in step S403 and the attack target marked in step S603 as marked IP. It is worth noting that the obtained marked IPs can be queued according to preset rules.

[0071] Step S80, matching the marked IP with the IP address database to obtain the area data of the marked IP. It is worth noting that the IPs in the IP address database are associated with regional data, operators, purposes, etc. Wherein, the area data can be None, or it can be a specific volume position.

[0072] Step S90, judging whether the area data is none, if not, execute step S100, enter the processing mode with area; if yes, execute step S110, enter the proces...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a threat information processing method, and relates to the technical field of information security, and is used for solving the problem that targeted threat prediction is difficult to perform on each attack source, and the method specifically comprises the following steps: obtaining a to-be-processed set, marking events of the to-be-processed set as threat events, and enabling attack types of the threat events to be the same and addresses to be located in a preset region; obtaining basic information of each threat event, wherein the basic information comprises an attacksource and an attack target; classifying the threat events with the same attack source into the same group and marking as a suspect group; counting the number of attack targets of each suspect groupand recording the number as a1, judging whether the number a1 is greater than a preset value b1 or not, and if so, marking a corresponding attack source. The invention further discloses a threat information processing device, electronic equipment and a computer readable medium.

Description

technical field [0001] The present invention relates to the technical field of information security, and in particular, to a threat information processing method, device, electronic device and medium. Background technique [0002] The development and evolution of today's informatization has greatly changed the social life of human beings, but with the rapid development of informatization, the network security situation has become more and more severe. Although the means of network attacks are gradually evolving towards simplification and integration, the types of network attacks are gradually developing towards diversification and complexity. [0003] At present, in the related technologies of network security analysis, the analysis data used is generally the security data of general equipment, such as firewalls, security logs and other data. The analysis of these data can obtain the overall security status of the network, but the pertinence is not strong and it is difficult...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L2463/146
Inventor 董超刘雷马威付华萍
Owner 浙江乾冠信息安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products