Tracing method and device for multi-sample combined attack

A multi-sample and sample technology, applied in the field of network security, can solve the problems of low traceability efficiency, increasing the difficulty of traceability for analysts, and increasing traceability analysis time.

Active Publication Date: 2021-05-18
HARBIN ANTIY TECH
View PDF10 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The attack samples in APT come from multiple attack organizations. Therefore, at present, the analysis and traceability of this obfuscation attack method mainly rely on the experience of professional analysts. At the same time, the traceability analysis requires a large amount of data accumulation. With the continuous change of APT attack methods, A large amount of characteristic data is generated, which will increase the difficulty of traceability for analysts and increase the time for traceability analysis, resulting in low traceability efficiency for multi-sample combined attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Tracing method and device for multi-sample combined attack
  • Tracing method and device for multi-sample combined attack
  • Tracing method and device for multi-sample combined attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0056] Such as figure 1 As shown, the embodiment of the present invention provides a source-tracing method for multi-sample combined attacks, the method includes the following steps:

[0057] Step 101: detecting an attack trigger event;

[0058] Step 102: Obtain at least two attack samples to be traced;

[0059] Step 103: Perform feature ext...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a tracing method and device for multi-sample combined attacks. The method comprises the following steps: detecting an attack trigger event; obtaining at least two attack samples to be traced; performing feature extraction on the at least two attack samples to be traced to obtain feature information of each attack sample to be traced; and according to the feature information of each attack sample to be traced and a pre-created target Bayesian traceability model, obtaining traceability results of the at least two attack samples to be traced. According to the scheme, the tracing efficiency for the multi-sample combined attacks can be improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a source tracing method and device for multi-sample combined attacks. Background technique [0002] Advanced Persistent Threat (Advanced Persistent Threat, APT), different from traditional network intrusion, often uses multiple attack samples to carry out combined attacks on network information systems. Due to its high risk, difficult detection, long duration and clear attack target , has caused a serious threat to network security. In order to restore network security, it is necessary to trace the source of network attacks as soon as possible to find a solution. [0003] At present, most malicious attack sample traceability analysis methods are mainly aimed at a single sample, which is not suitable for APT multi-sample combination attacks, and most of the existing traceability analysis solutions have certain limitations. The attack samples in APT come from multiple att...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/126
Inventor 薛晨龙童志明肖新光
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap