CN108810014B - Attack event warning method and device - Google Patents
Attack event warning method and device Download PDFInfo
- Publication number
- CN108810014B CN108810014B CN201810713167.0A CN201810713167A CN108810014B CN 108810014 B CN108810014 B CN 108810014B CN 201810713167 A CN201810713167 A CN 201810713167A CN 108810014 B CN108810014 B CN 108810014B
- Authority
- CN
- China
- Prior art keywords
- attack
- behavior
- target object
- result
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012544 monitoring process Methods 0.000 claims abstract description 29
- 230000006399 behavior Effects 0.000 claims description 363
- 206010001488 Aggression Diseases 0.000 claims description 44
- 230000016571 aggressive behavior Effects 0.000 claims description 44
- 208000012761 aggressive behavior Diseases 0.000 claims description 44
- 230000004044 response Effects 0.000 claims description 21
- 238000012163 sequencing technique Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008901 benefit Effects 0.000 abstract description 4
- 230000009471 action Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000000605 extraction Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000003826 tablet Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The invention relates to the technical field of information security, in particular to an attack event warning method and device, wherein the method comprises the following steps: monitoring whether an attack behavior attacking a target object exists or not; when the existence of the attack behavior is monitored, determining the behavior type of the attack behavior; determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior; after the attack behavior completes the attack on the target object, acquiring an attack result for representing whether the attack on the target object by the attack behavior is successful; and alarming the attack behavior according to the attack threat degree and the attack result. The attack behavior warning method and the attack behavior warning device have the advantages that the attack threat degree of the attack behavior and the attack result are considered together to warn the attack behavior, so that the threat situation of the attack behavior to the target object can be more accurately determined, and the accuracy of the attack behavior warning is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an attack event warning method and device.
Background
The information security mainly includes the following five aspects, namely, the confidentiality, the authenticity, the integrity, the unauthorized copying of the information and the security of a parasitic system are ensured, and specifically, the information security itself can include how to prevent the secret leakage of a business enterprise, prevent the browsing of bad information by teenagers, the leakage of personal information and the like. An information security system under a network environment is a key for ensuring information security, and global security can be threatened as long as security vulnerabilities exist.
In the prior art, when an attack acts on a target object, the threat situation of an attack event on the target object is usually determined according to the level of a vulnerability of the target object to which the attack acts, so that an alarm on the attack acts is realized according to the determined threat situation, however, the threat situation determined by adopting the above method is often inaccurate, and thus the alarm on the attack acts has the technical problem of low accuracy.
Disclosure of Invention
In view of the above, the present invention has been made to provide an attack event alerting method and apparatus that overcomes or at least partially solves the above problems.
According to a first aspect of the present invention, there is provided an attack event alerting method, the method comprising:
monitoring whether an attack behavior attacking a target object exists or not;
when the existence of the attack behavior is monitored, determining the behavior type of the attack behavior;
determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
after the attack behavior completes the attack on the target object, acquiring an attack result for representing whether the attack on the target object by the attack behavior is successful;
and alarming the attack behavior according to the attack threat degree and the attack result.
Preferably, the monitoring whether there is an attack behavior attacking the target object includes:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
Preferably, the determining the behavior type of the aggressive behavior when the presence of the aggressive behavior is monitored includes:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
Preferably, the determining, according to the behavior type of the attack behavior, the attack threat level of the attack behavior on the target object includes:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
Preferably, after the attacking behavior completes the attack on the target object and before the obtaining of the attack result for characterizing whether the attack on the target object by the attacking behavior is successful, the method further includes:
acquiring a response message of the target object to the attack behavior;
wherein the obtaining of the attack result used for representing whether the attack of the attack behavior on the target object is successful includes:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
Preferably, the attack result is an attack result weight.
Preferably, when the attack result is an attack result weight, the alarming the attack behavior according to the attack threat degree and the attack result includes:
multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and alarming the attack behavior according to the attack score.
Preferably, the alarming the aggressive behavior according to the aggressive score includes:
judging whether the attack score is higher than a preset alarm threshold value or not;
and when the attack score is higher than a preset high alarm threshold value, sending alarm information to a user.
Preferably, when there are a plurality of the attack behaviors, after obtaining attack scores of the respective attack behaviors, the method further includes:
and sequencing all the attack behaviors according to the attack scores to obtain an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
Preferably, the target object is hardware, software, a system or a protocol in a client or a server.
According to a second aspect of the present invention, there is provided an attack event alert device, the device comprising:
the monitoring module is used for monitoring whether an attack behavior attacking the target object exists or not;
the first determining module is used for determining the behavior type of the attack behavior when the existence of the attack behavior is monitored;
the second determining module is used for determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
the first obtaining module is used for obtaining an attack result used for representing whether the attack of the attack behavior on the target object is successful or not after the attack behavior finishes attacking the target object;
and the warning module is used for warning the attack behavior according to the attack threat degree and the attack result.
Preferably, the monitoring module is specifically configured to:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
Preferably, the first determining module is specifically configured to:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
Preferably, the second determining module is specifically configured to:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
Preferably, the apparatus further comprises:
the second acquisition module is used for acquiring a response message of the target object to the attack behavior;
the first obtaining module is specifically configured to:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
Preferably, the attack result is an attack result weight.
Preferably, when the attack result is the attack result weight, the alarm module includes:
the obtaining unit is used for multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and the alarm unit is used for alarming the attack behavior according to the attack score.
Preferably, the alarm unit includes:
the judging subunit is used for judging whether the attack score is higher than a preset alarm threshold value;
and the sending subunit is used for sending alarm information to the user when the attack score is higher than a preset high alarm threshold value.
Preferably, when there are a plurality of said aggressive behaviors, the apparatus further comprises:
and the sequencing module is used for sequencing all the attack behaviors according to the attack scores and obtaining an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
Preferably, the target object is hardware, software, a system or a protocol in a client or a server.
According to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method steps of any of the first aspects of the present invention.
According to a fourth aspect of the present invention, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method steps according to any one of the first aspect of the present invention when executing the program.
According to the attack event warning method and device, whether the attack behavior attacking the target object exists is monitored, when the attack behavior is monitored, the behavior type of the attack behavior is determined, the attack threat degree of the attack behavior on the target object is determined according to the behavior type of the attack behavior, after the attack behavior finishes attacking the target object, the attack result used for representing whether the attack of the attack behavior on the target object succeeds is obtained, finally, the attack behavior is warned according to the attack threat degree and the attack result, and the attack threat degree and the attack result of the attack behavior are considered together to warn the attack behavior, so that the threat situation of the attack behavior on the target object can be determined more accurately, and the warning accuracy of the attack behavior is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart illustrating an attack event alert method according to an embodiment of the present invention;
FIG. 2 is a block diagram of an attack event alert device according to an embodiment of the present invention;
fig. 3 shows a block diagram of a computer device in an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
An embodiment of the present invention provides an attack event warning method, which may be applied to a server or a client, and as shown in fig. 1, the method includes:
step 101: and monitoring whether an attack behavior attacking the target object exists or not.
Step 102: and when the existence of the attack behavior is monitored, determining the behavior type of the attack behavior.
Step 103: and determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior.
Step 104: and after the attack behavior completes the attack on the target object, acquiring an attack result for representing whether the attack on the target object by the attack behavior is successful or not.
Step 105: and alarming the attack behavior according to the attack threat degree and the attack result.
Specifically, if the attack event warning method of the present invention is applied to a server, the target object may be hardware, software, a system, or a protocol in the server, and if the attack event warning method of the present invention is applied to a client, the target object may be hardware, software, a system, or a protocol in the client. The attack behavior corresponds to the type of the target object, that is, the attack behavior is a behavior that can pose a security threat to the target object, for example, if the target object is a system, software or protocol in a PC client, the corresponding attack behavior may be overflow, release re-reference, array out-of-bounds, denial of service, double release, kernel extraction, authority extraction \ bypass, logic vulnerability, information disclosure, DLL hijacking, XSS, and the like.
Further, in step 101, as to how to monitor whether there is an attack behavior, the embodiment of the present invention provides the following implementation manner: and monitoring whether an attack request of an attack behavior to the target object exists.
Specifically, when an attack action attempts to attack a target object, an attack request is usually sent out, whether the attack action exists can be judged by monitoring whether the attack request exists, if the attack request exists, the attack action exists, and if the attack request does not exist, the attack action does not exist.
Further, the attack request contains the behavior type of the attack behavior, i.e., the behavior type of the attack behavior can be known from the attack request. In step 102, when it is monitored that the attack request exists, the behavior type of the attack behavior is determined according to the attack request.
Further, after determining the behavior type of the attack behavior, in step 103, as to how to determine the attack threat degree of the attack behavior on the target object, the embodiment of the present invention provides the following implementation manner: and determining a threat score of the aggressive behavior from a corresponding relation between a preset behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
Specifically, in the embodiment of the present invention, a correspondence between a behavior type and a threat score is pre-established, where the higher the degree of threat to the security of the target object is, the higher the corresponding threat score is, and for a high-risk attack behavior, a medium-risk attack behavior and a low-risk attack behavior, the degrees of threats to the security of the target object by the three kinds of attack behaviors are sequentially reduced, that is, the degree of threat to the security of the target object by the high-risk attack behavior is higher than that by the medium-risk attack behavior, the degree of threat to the security of the target object by the medium-risk attack behavior is higher than that by the low-risk attack behavior, further, the threat score to the high-risk attack behavior is greater than that by the medium-risk attack behavior, and the threat score of the medium-risk attack behavior is greater than that by the low-risk attack behavior. For example, if the behavior type of the attack behavior is XSS attack behavior, the XSS attack behavior is called cross-site scripting attack, and the XSS attack behavior is a computer security vulnerability in WEB application, which allows a malicious WEB user to implant a code into a page provided for other users, and has a very high threat degree to the security of a target object, and belongs to high-risk attack behavior, therefore, the XSS attack behavior has a high threat score, such as 8 scores; if the behavior type of the attack behavior is the information leakage attack behavior, the threat degree of the attack behavior on the safety of the target object is general, and the attack behavior belongs to the medium-risk attack behavior, so that the information leakage attack behavior has a threat score of a medium score value, such as 5.
Further, after the behavior type of the attack behavior is determined, based on the behavior type of the attack behavior, the threat score of the attack behavior is found out from the pre-established corresponding relationship between the behavior type and the threat score. For example, if the behavior type of the attack behavior is determined to be the XSS attack behavior, the threat score corresponding to the XSS attack behavior is found to be 8 scores from the correspondence between the behavior type and the threat score established in advance, and if the behavior type of the determined attack behavior is the information leakage attack behavior, the threat score corresponding to the information leakage attack behavior is found to be 5 scores from the correspondence between the behavior type and the threat score established in advance.
Further, after determining the threat score of the attack behavior, in step 104, after the attack behavior completes the attack on the target object, an attack result used for representing whether the attack on the target object by the attack behavior is successful is obtained. For how to know the attack result of the attack behavior, the embodiment of the invention provides the following implementation modes: after the attack action finishes attacking the target object, firstly, a response message of the target object to the attack action is obtained, wherein the response message comprises an attack result used for representing whether the attack action succeeds in attacking the target object, and then the attack result is determined according to the response message and comprises two conditions of attack success and attack failure.
Further, in the embodiment of the present invention, the attack result may be implemented in a manner of an attack result weight, specifically, the weight corresponding to attack success of the attack result is higher than the weight corresponding to attack failure of the attack result, and a specific value given by the attack result weight may be adjusted according to an actual situation, in a general case, a setting range of the attack result weight is 0 to 1, that is, the weight corresponding to attack success of the attack result and the weight corresponding to attack failure of the attack result are both selected from 0 to 1, but, in the selection, it needs to satisfy: the weight corresponding to the attack result as success is higher than the weight corresponding to the attack result as failure, for example, the weight corresponding to the attack result as success is set to 1, and the weight corresponding to the attack result as failure is set to 0.2.
It should be noted that, for attack behaviors belonging to different behavior types, the corresponding attack result weights may be set to be different or the same. For example, for two different behavior types of attack behaviors, that is, the behavior type of the first attack behavior is different from the behavior type of the second attack behavior, the first attack behavior corresponds to two attack results, namely attack success and attack failure, the second attack behavior also corresponds to two attack results, namely attack success and attack failure, the attack result weight corresponding to attack success of the first attack behavior is the first attack result weight, the attack result weight corresponding to attack failure of the first attack behavior is the second attack result weight, the attack result weight corresponding to attack success of the second attack behavior is the third attack result weight, the attack result weight corresponding to attack failure of the second attack behavior is the fourth attack result weight, so that when the weights are set, the first attack result weight is set to be higher than the second attack result weight, under the condition that the third attack result weight is set to be higher than the fourth attack result weight, in the first case, the first attack result weight can be set to be higher than the third attack result weight, meanwhile, the second attack result weight can be higher than the fourth attack result weight, the second attack result weight can also be equal to the fourth attack result weight, and the second attack result weight can also be lower than the fourth attack result weight; in the second case, the first attack result weight may be set equal to the third attack result weight, and meanwhile, the second attack result weight may be higher than the fourth attack result weight, the second attack result weight may also be equal to the fourth attack result weight, and the second attack result weight may also be lower than the fourth attack result weight; in a third case, the first attack result weight may be set lower than the third attack result weight, and at the same time, the second attack result weight may be higher than the fourth attack result weight, and the second attack result weight may also be equal to the fourth attack result weight, and the second attack result weight may also be lower than the fourth attack result weight.
Further, in the embodiment of the present invention, when the attack result is the attack result weight and the attack threat degree is the threat score, in step 105, as to how to alarm the attack behavior according to the attack threat degree and the attack result, the embodiment of the present invention provides the following implementation manner: and multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score, and alarming the attack behavior according to the attack score.
Specifically, a threat score is obtained when an attack action attempts to attack a target object, an attack result weight is obtained when the attack action completes the attack on the target object, and after the threat score and the attack result weight are obtained respectively, the product result between the threat score and the attack result weight is used as an attack score, for example, for a certain attack action, the obtained threat score is 7, the obtained attack result weight is 0.3, and the attack score of the attack action is 7 x 0.3, that is, the attack score is 2.1.
Further, after the attack score is obtained, an alarm is given according to the attack score, specifically, a preset alarm threshold value can be preset, so that after the attack score is obtained, whether the attack score is higher than the preset alarm threshold value is judged, and if the attack score is higher than the preset alarm threshold value, an alarm message is sent to the user to prompt the user of the threat situation of the attack behavior to the target object. The alarm information may be character alarm information, sound alarm information, light alarm information, and sound and light alarm information. When the alarm information is character alarm information, the alarm information contains attack scores of attack behaviors; when the alarm information contains sound alarm information, the higher the attack score is, the higher the sound emission frequency is, and the lower the attack score is, the lower the sound emission frequency is, so that a user can intuitively know the threat degree of an attack behavior to a target object according to the sound alarm information; when the alarm information contains light alarm information, the higher the attack score is, the higher the light flicker frequency is, and the lower the attack score is, the lower the light flicker flat rate is, so that a user can intuitively know the threat degree of an attack behavior to a target object according to the light alarm information.
In the embodiment of the invention, for a target object, when a plurality of attack behaviors exist, one attack behavior corresponds to one attack score, and after the attack scores of the attack behaviors are obtained, all the attack behaviors can be sequenced according to the attack scores to obtain an attack sequencing result for representing the threat situation of all the attack behaviors to the target object. For example, for a target object, when there are 3 attack behaviors, namely a first attack behavior, a second attack behavior and a third attack behavior, after a first attack score of the first attack behavior is 10, a second attack score of the second attack behavior is 8 and a third attack score of the third attack behavior is 5, the three attack scores are ranked according to the attack scores, and if the three attack scores are ranked in order from high to low, an obtained attack ranking result is: according to the first attack behavior, the second attack behavior and the third attack behavior, the target object threatened by all the attack behaviors can be intuitively known according to the attack sequencing result, namely, the degree of threat of the first attack behavior to the safety of the target object is higher than that of the second attack behavior, and the degree of threat of the second attack behavior to the safety of the target object is higher than that of the third attack behavior.
The attack event warning method according to the embodiment of the present invention will be described in detail with reference to a specific example.
If the target object is an operating system of a client, monitoring whether an attack behavior attacking the operating system exists or not, if so, determining a behavior type of the first attack behavior according to the first attack request, determining a behavior type of the second attack behavior according to the second attack request, if so, determining a threat score of the first attack behavior to be 8 according to the XSS attack behavior, if so, determining a threat score of the second attack behavior to be 5 according to the information leakage attack behavior, and after the first attack behavior and the second attack behavior finish attacking the target object, the target object generates a first response message corresponding to the first attack behavior and a second response message corresponding to the second attack behavior, if the preset attack result weights corresponding to attack success and attack failure are both 1 and 0.2 for the first attack behavior and the second attack behavior, if the first response message represents attack failure of the first attack behavior, the attack result weight of the first attack behavior is determined to be 0.2, if the second response message represents attack success of the second attack behavior, the attack result weight of the second attack behavior is determined to be 1, so that the attack score of the first attack behavior can be calculated to be 8 x 0.2, namely 1.6, the attack score of the second attack behavior is calculated to be 5 x 1, namely 5, if the preset alarm threshold is 4, the second attack behavior is alarmed, and at the same time, the first attack behavior and the second attack behavior can be ranked according to the attack scores from high to low, and the obtained attack ranking result is as follows: first attack behavior-second attack behavior.
Based on the same inventive concept, an embodiment of the present invention further provides an attack event warning device, as shown in fig. 2, the device includes:
a monitoring module 201, configured to monitor whether there is an attack behavior attacking a target object;
a first determining module 202, configured to determine a behavior type of the aggressive behavior when it is monitored that the aggressive behavior exists;
the second determining module 203 is configured to determine, according to the behavior type of the attack behavior, an attack threat degree of the attack behavior on the target object;
a first obtaining module 204, configured to obtain, after the attack behavior completes an attack on the target object, an attack result used for characterizing whether the attack on the target object by the attack behavior is successful;
and the warning module 205 is configured to warn the attack behavior according to the attack threat degree and the attack result.
Preferably, the monitoring module 201 is specifically configured to:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
Preferably, the first determining module 202 is specifically configured to:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
Preferably, the second determining module 203 is specifically configured to:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
Preferably, the apparatus further comprises:
the second acquisition module is used for acquiring a response message of the target object to the attack behavior;
the first obtaining module is specifically configured to:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
Preferably, the attack result is an attack result weight.
Preferably, when the attack result is the attack result weight, the alarm module 205 includes:
the obtaining unit is used for multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and the alarm unit is used for alarming the attack behavior according to the attack score.
Preferably, the alarm unit includes:
the judging subunit is used for judging whether the attack score is higher than a preset alarm threshold value;
and the sending subunit is used for sending alarm information to the user when the attack score is higher than a preset high alarm threshold value.
Preferably, when there are a plurality of said aggressive behaviors, the apparatus further comprises:
and the sequencing module is used for sequencing all the attack behaviors according to the attack scores and obtaining an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
Preferably, the target object is hardware, software, a system or a protocol in a client or a server.
Based on the same inventive concept, embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the method steps described in the foregoing embodiments.
Based on the same inventive concept, an embodiment of the present invention further provides a computer apparatus, as shown in fig. 3, for convenience of description, only the portion related to the embodiment of the present invention is shown, and details of the specific technology are not disclosed, please refer to the method portion of the embodiment of the present invention. The computer device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, etc., taking the computer device as the mobile phone as an example:
fig. 3 is a block diagram illustrating a partial structure associated with a computer device provided by an embodiment of the present invention. Referring to fig. 3, the computer apparatus includes: a memory 301 and a processor 302. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 3 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The following describes the components of the computer device in detail with reference to fig. 3:
the memory 301 may be used to store software programs and modules, and the processor 302 executes various functional applications and data processing by operating the software programs and modules stored in the memory 301. The memory 301 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.), and the like. Further, the memory 301 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 302 is a control center of the computer device, and performs various functions and processes data by operating or executing software programs and/or modules stored in the memory 301 and calling data stored in the memory 301. Alternatively, processor 302 may include one or more processing units; preferably, the processor 302 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications.
In the embodiment of the present invention, the processor 302 included in the computer device may have the functions corresponding to the method steps in any of the foregoing embodiments.
According to the attack event warning method and device, whether the attack behavior attacking the target object exists is monitored, when the attack behavior is monitored, the behavior type of the attack behavior is determined, the attack threat degree of the attack behavior on the target object is determined according to the behavior type of the attack behavior, after the attack behavior finishes attacking the target object, the attack result used for representing whether the attack of the attack behavior on the target object succeeds is obtained, finally, the attack behavior is warned according to the attack threat degree and the attack result, and the attack threat degree and the attack result of the attack behavior are considered together to warn the attack behavior, so that the threat situation of the attack behavior on the target object can be determined more accurately, and the warning accuracy of the attack behavior is improved.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in accordance with embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
A1, an attack event warning method, characterized in that, the method includes:
monitoring whether an attack behavior attacking a target object exists or not;
when the existence of the attack behavior is monitored, determining the behavior type of the attack behavior;
determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
after the attack behavior completes the attack on the target object, acquiring an attack result for representing whether the attack on the target object by the attack behavior is successful;
and alarming the attack behavior according to the attack threat degree and the attack result.
A2, the attack event alert method according to A1, wherein the monitoring whether there is an attack behavior attacking a target object includes:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
A3, the attack event warning method according to A2, wherein the determining the behavior type of the attack behavior when the existence of the attack behavior is monitored comprises:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
A4, the attack event warning method according to A1, wherein the determining the attack threat level of the attack behavior to the target object according to the behavior type of the attack behavior comprises:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
A5, the attack event alert method according to A1, wherein after the attacking behavior completes the attack on the target object and before the obtaining of the attack result for characterizing whether the attack on the target object by the attacking behavior is successful, the method further comprises:
acquiring a response message of the target object to the attack behavior;
wherein the obtaining of the attack result used for representing whether the attack of the attack behavior on the target object is successful includes:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
A6, the attack event alert method according to A1, wherein the attack result is an attack result weight.
A7, the method for alarming attack event according to A4, wherein when the attack result is the weight of the attack result, the alarming attack behavior according to the attack threat degree and the attack result comprises:
multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and alarming the attack behavior according to the attack score.
A8, the attack event warning method according to A7, wherein the warning the attack behavior according to the attack score includes:
judging whether the attack score is higher than a preset alarm threshold value or not;
and when the attack score is higher than a preset high alarm threshold value, sending alarm information to a user.
A9, the attack event alert method according to A7, wherein when there are a plurality of said aggressive behaviors, after obtaining attack scores of the respective aggressive behaviors, the method further comprises:
and sequencing all the attack behaviors according to the attack scores to obtain an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
A10, the attack event alert method according to A1, wherein the target object is hardware, software, system or protocol in a client or a server.
B11, an attack event warning device, comprising:
the monitoring module is used for monitoring whether an attack behavior attacking the target object exists or not;
the first determining module is used for determining the behavior type of the attack behavior when the existence of the attack behavior is monitored;
the second determining module is used for determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
the first obtaining module is used for obtaining an attack result used for representing whether the attack of the attack behavior on the target object is successful or not after the attack behavior finishes attacking the target object;
and the warning module is used for warning the attack behavior according to the attack threat degree and the attack result.
B12, the attack event alert device according to B11, wherein the monitoring module is specifically configured to:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
B13, the attack event alert device according to B12, wherein the first determining module is specifically configured to:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
B14, the attack event alert device according to B11, wherein the second determining module is specifically configured to:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
B15, the attack event warning device according to B11, characterized in that the device further comprises:
the second acquisition module is used for acquiring a response message of the target object to the attack behavior;
the first obtaining module is specifically configured to:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
B16, the attack event warning device according to B11, wherein the attack result is an attack result weight.
The attack event warning device according to B17 or B14, wherein the warning module includes, when the attack result is an attack result weight:
the obtaining unit is used for multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and the alarm unit is used for alarming the attack behavior according to the attack score.
B18, the attack event warning device according to B17, wherein the warning unit includes:
the judging subunit is used for judging whether the attack score is higher than a preset alarm threshold value;
and the sending subunit is used for sending alarm information to the user when the attack score is higher than a preset high alarm threshold value.
B19, the attack event alert device according to B17, wherein when there are a plurality of said attack behaviors, the device further comprises:
and the sequencing module is used for sequencing all the attack behaviors according to the attack scores and obtaining an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
B20, the attack event alert device according to B11, wherein the target object is hardware, software, system or protocol in a client or a server.
C21, a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps according to any of claims a1-a 10.
D22, a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor realizes the method steps according to any of the claims a1-a10 when executing the program.
Claims (20)
1. An attack event warning method, characterized in that the method comprises:
monitoring whether an attack behavior attacking a target object exists or not;
when the existence of the attack behavior is monitored, determining the behavior type of the attack behavior;
determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
after the attack behavior completes the attack on the target object, acquiring an attack result for representing whether the attack on the target object by the attack behavior is successful;
according to the attack threat degree and the attack result, alarming is carried out on the attack behavior;
the determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior comprises:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
2. The attack event alerting method according to claim 1, wherein said monitoring whether there is an attack behavior attacking a target object comprises:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
3. The attack event alert method according to claim 2, wherein the determining the behavior type of the aggressive behavior when the existence of the aggressive behavior is monitored comprises:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
4. The attack event alerting method according to claim 1, wherein after the attacking behavior completes the attack on the target object and before the obtaining of the attack result for characterizing whether the attack on the target object by the attacking behavior is successful, the method further comprises:
acquiring a response message of the target object to the attack behavior;
wherein the obtaining of the attack result used for representing whether the attack of the attack behavior on the target object is successful includes:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
5. The attack event alert method according to claim 1, wherein the attack result is an attack result weight.
6. The attack event alerting method according to claim 1, wherein when the attack result is an attack result weight, the alerting the attack behavior according to the attack threat degree and the attack result comprises:
multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and alarming the attack behavior according to the attack score.
7. The attack event alerting method according to claim 6, wherein the alerting of the aggressive behavior according to the attack score comprises:
judging whether the attack score is higher than a preset alarm threshold value or not;
and when the attack score is higher than a preset high alarm threshold value, sending alarm information to a user.
8. The attack event alert method according to claim 6, wherein when there are a plurality of the attack behaviors, after obtaining attack scores of the respective attack behaviors, the method further comprises:
and sequencing all the attack behaviors according to the attack scores to obtain an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
9. The attack event alert method according to claim 1, wherein the target object is hardware, software, system or protocol in a client or server.
10. An attack event alert device, the device comprising:
the monitoring module is used for monitoring whether an attack behavior attacking the target object exists or not;
the first determining module is used for determining the behavior type of the attack behavior when the existence of the attack behavior is monitored;
the second determining module is used for determining the attack threat degree of the attack behavior to the target object according to the behavior type of the attack behavior;
the first obtaining module is used for obtaining an attack result used for representing whether the attack of the attack behavior on the target object is successful or not after the attack behavior finishes attacking the target object;
the warning module is used for warning the attack behavior according to the attack threat degree and the attack result;
the second determining module is specifically configured to:
and determining a threat score of the aggressive behavior from a preset corresponding relation between the behavior type and the threat score according to the behavior type of the aggressive behavior, wherein the threat score of the aggressive behavior is used for representing the attack threat degree of the aggressive behavior to the target object.
11. The attack event warning device according to claim 10, wherein the monitoring module is specifically configured to:
monitoring whether an attack request of the attack behavior to the target object exists or not;
if the attack request is monitored to exist, the existence of the attack behavior is indicated, and otherwise, the absence of the attack behavior is indicated.
12. The attack event alert device according to claim 11, wherein the first determination module is specifically configured to:
and when the attack request is monitored to exist, determining the behavior type of the attack behavior according to the attack request.
13. The attack event alert device according to claim 10, wherein the device further comprises:
the second acquisition module is used for acquiring a response message of the target object to the attack behavior;
the first obtaining module is specifically configured to:
and acquiring an attack result used for representing whether the attack of the attack behavior on the target object is successful according to the response message.
14. The attack event alert device according to claim 10, wherein the attack result is an attack result weight.
15. The attack event warning device according to claim 10, wherein when the attack result is an attack result weight, the warning module includes:
the obtaining unit is used for multiplying the threat score of the attack behavior by the weight of the attack result to obtain an attack score;
and the alarm unit is used for alarming the attack behavior according to the attack score.
16. The attack event alert device according to claim 15, wherein the alert unit includes:
the judging subunit is used for judging whether the attack score is higher than a preset alarm threshold value;
and the sending subunit is used for sending alarm information to the user when the attack score is higher than a preset high alarm threshold value.
17. The attack event alert device according to claim 15, wherein when there are a plurality of the attack behaviors, the device further comprises:
and the sequencing module is used for sequencing all the attack behaviors according to the attack scores and obtaining an attack sequencing result for representing the threat situation of all the attack behaviors to the target object.
18. The attack event alert device according to claim 10, wherein the target object is hardware, software, a system or a protocol in a client or a server.
19. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 9.
20. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method steps of any of claims 1-9 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810713167.0A CN108810014B (en) | 2018-06-29 | 2018-06-29 | Attack event warning method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810713167.0A CN108810014B (en) | 2018-06-29 | 2018-06-29 | Attack event warning method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108810014A CN108810014A (en) | 2018-11-13 |
| CN108810014B true CN108810014B (en) | 2021-06-04 |
Family
ID=64074100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810713167.0A Active CN108810014B (en) | 2018-06-29 | 2018-06-29 | Attack event warning method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108810014B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111581643B (en) * | 2020-05-07 | 2024-02-02 | 中国工商银行股份有限公司 | Penetration attack evaluation method and device, electronic device and readable storage medium |
| CN113037555B (en) * | 2021-03-12 | 2022-09-20 | 中国工商银行股份有限公司 | Risk event marking method, risk event marking device and electronic equipment |
| CN113947788A (en) * | 2021-08-27 | 2022-01-18 | 浙江新再灵科技股份有限公司 | Method, device and equipment for identifying abnormal flowing of people in building |
| CN114760151B (en) * | 2022-06-13 | 2022-09-13 | 宁波和利时信息安全研究院有限公司 | Method and device for acquiring authority of upper computer through PLC |
| CN115842658A (en) * | 2022-11-18 | 2023-03-24 | 贵州电网有限责任公司遵义供电局 | Network security alarm method for threat and attack |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685298A (en) * | 2013-12-23 | 2014-03-26 | 上海交通大学无锡研究院 | Deep packet inspection based SSL (Secure Sockets Layer) man-in-the-middle attack discovering method |
| CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| CN106656912A (en) * | 2015-10-28 | 2017-05-10 | 华为技术有限公司 | Method and device for detecting denial of service attack |
| CN107483438A (en) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | A kind of network security situation awareness early warning system and method based on big data |
| CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
| KR20180068268A (en) * | 2016-12-13 | 2018-06-21 | 경희대학교 산학협력단 | Method and apparatus for security investment based on evaluating security risks |
-
2018
- 2018-06-29 CN CN201810713167.0A patent/CN108810014B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685298A (en) * | 2013-12-23 | 2014-03-26 | 上海交通大学无锡研究院 | Deep packet inspection based SSL (Secure Sockets Layer) man-in-the-middle attack discovering method |
| CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
| CN106656912A (en) * | 2015-10-28 | 2017-05-10 | 华为技术有限公司 | Method and device for detecting denial of service attack |
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| KR20180068268A (en) * | 2016-12-13 | 2018-06-21 | 경희대학교 산학협력단 | Method and apparatus for security investment based on evaluating security risks |
| CN107483438A (en) * | 2017-08-15 | 2017-12-15 | 山东华诺网络科技有限公司 | A kind of network security situation awareness early warning system and method based on big data |
| CN107819783A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | A kind of network security detection method and system based on threat information |
Non-Patent Citations (1)
| Title |
|---|
| "网络安全威胁与态势评估方法研究";雷杰;《中国博士学位论文全文数据库 信息科技辑》;20091215(第12期);正文第53-56页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108810014A (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810014B (en) | Attack event warning method and device | |
| US10430592B2 (en) | Integrity checking for computing devices | |
| US10262132B2 (en) | Model-based computer attack analytics orchestration | |
| CN102932329B (en) | A kind of method, device and client device that the behavior of program is tackled | |
| WO2019153857A1 (en) | Asset protection method and apparatus for digital wallet, electronic device, and storage medium | |
| US10783239B2 (en) | System, method, and apparatus for computer security | |
| JP2014038596A (en) | Method for identifying malicious executable | |
| CN104268475B (en) | A kind of system for running application program | |
| US10372907B2 (en) | System and method of detecting malicious computer systems | |
| US20170155683A1 (en) | Remedial action for release of threat data | |
| Tuncay et al. | See no evil: phishing for permissions with false transparency | |
| CN105095758B (en) | Screen locking applied program processing method, device and mobile terminal | |
| US11507675B2 (en) | System, method, and apparatus for enhanced whitelisting | |
| WO2017101874A1 (en) | Detection method for apt attack, terminal device, server and system | |
| CN115859274B (en) | Method and system for monitoring event log behavior of Windows process emptying system | |
| US9009819B1 (en) | Method and system for detecting rogue security software that displays frequent misleading warnings | |
| CN110619214A (en) | Method and device for monitoring normal operation of software | |
| CN110674496A (en) | Method and system for program to counter invading terminal and computer equipment | |
| US11303662B2 (en) | Security indicator scores | |
| CN110941825B (en) | Application monitoring method and device | |
| US8479289B1 (en) | Method and system for minimizing the effects of rogue security software | |
| CN114124414B (en) | Method and device for generating honey service, method for capturing attack behavior data, computer equipment and storage medium | |
| CN110865774A (en) | Information security detection method and device for printing equipment | |
| CN116016174A (en) | Rule base upgrading method and device, electronic equipment and storage medium | |
| CN111783087A (en) | Method and device for detecting malicious execution of executable file, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220721 Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee after: 3600 Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230718 Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing Hongxiang Technical Service Co.,Ltd. Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee before: 3600 Technology Group Co.,Ltd. |
|
| CP03 | Change of name, title or address |
Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing 360 Zhiling Technology Co.,Ltd. Country or region after: China Address before: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee before: Beijing Hongxiang Technical Service Co.,Ltd. Country or region before: China |