Mining method for discovering dependency relationship between threat behaviors, terminal and storage medium

A technology of dependencies and storage media, which is applied in the mining method for discovering dependencies between threat behaviors, terminals and storage media, can solve problems such as computer loss, and achieve the effect of improving incident response capabilities

Active Publication Date: 2021-01-22
中孚安全技术有限公司 +3
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] With the advent of big data, more attack behaviors are no longer a single operation, and there are inextricably linked among many attack behaviors. It is difficult for the traditional attack matrix to identify and quantify these attack relationships. At the same time as the threat, these preventive measures may release another attack related to the constant threat, causing incalculable damage to the computer

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mining method for discovering dependency relationship between threat behaviors, terminal and storage medium
  • Mining method for discovering dependency relationship between threat behaviors, terminal and storage medium
  • Mining method for discovering dependency relationship between threat behaviors, terminal and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The present invention relates to a mining method for discovering dependencies between threat behaviors, and the described features, structures or characteristics can be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to ensure a thorough understanding of embodiments of the invention. However, those skilled in the art will realize that the present invention does not specify an implementation method for some details of the technical solution, and the skilled person may use other known methods, devices, steps, etc. to implement it. Therefore, the following description does not illustrate or describe well-known methods, apparatuses, implementations or operations in detail to avoid obscuring aspects of the present invention.

[0046] The invention provides a mining method for discovering the dependency between threat behaviors, and the purpose of the invention is to mine the dependency between beh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a mining method for discovering a dependency relationship between threat behaviors, a terminal and a storage medium, and the method comprises the steps: collecting log files ofall users a in a system, cleaning and arranging data in the log files, forming an employee behavior set S = {behai}, and carrying out the statistics of the time span wt in the set S; counting a behavior occurrence probability P (behai) and a behavior co-occurrence probability P (behai, behaj) based on S and wt; calculating dependency relationship values depai, aj based on the two probabilities, wherein the depai, aj reflects the dependency degree of the behavior behai on the behavior behaj; constructing an attack dependence matrix M according to all depai and aj, wherein the matrix M reflectsthe dependence relationship between every two of all behaviors of one employee; and obtaining an attack behavior path pahag -> ak through the M, wherein the pahag -> ak represents a series of completeattack actions which are most likely to occur. According to the method, the potential relationship among employee behaviors is found out, and the dependency relationship is quantified. Enterprises can quickly find out two behaviors with the closest relationship through the dependency relationship numerical value, early warning is conducted on threat behaviors according to a preset danger threshold value, and the enterprises are prevented from suffering from some threat attacks from the inside.

Description

technical field [0001] The present invention relates to the technical field of data security, in particular to a mining method, a terminal and a storage medium for discovering dependencies among threat behaviors. Background technique [0002] Insider threats are generally considered to be malicious activities by disgruntled employees or ex-employees of a business, institution, or organization that compromise systems. The saboteur obtains access to the enterprise system or network, finds the weak position of the system defense by infiltrating the system structure and operating status, and attacks it. There are many forms of internal threat attacks, such as using Trojan horses, worms, viruses and other program tools to invade the system; stealing confidential information within the enterprise; modifying, deleting or destroying key data of the company; stealing the identity information of employees within the company, etc. The occurrence of any of these acts will cause incalcu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 李成梁李兴国苗功勋路冰孙宁
Owner 中孚安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap