CN108965346A - One kind is fallen Host Detection method - Google Patents
One kind is fallen Host Detection method Download PDFInfo
- Publication number
- CN108965346A CN108965346A CN201811175949.XA CN201811175949A CN108965346A CN 108965346 A CN108965346 A CN 108965346A CN 201811175949 A CN201811175949 A CN 201811175949A CN 108965346 A CN108965346 A CN 108965346A
- Authority
- CN
- China
- Prior art keywords
- host
- early warning
- log
- warning platform
- falling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
It falls Host Detection method the invention discloses one kind, include the following steps: log uploading step: each security boundary probe class equipment will be as caused by flow between each security domain, and the daily record data including application access log, URL access log, file transmission log, threat log uploads secure cloud early warning platform;Data extraction step: the daily record data that security boundary probe class equipment reports is converged to cloud big data analysis engine by secure cloud early warning platform; cloud big data analysis engine excavates user's abnormal behaviour that host in network deviates normal baseline; abnormal behaviour data are generated, and will threaten log aggregation is to threaten information;Data Matching step: secure cloud early warning platform will threaten user's abnormal behaviour that host deviates normal baseline in information and network to carry out matching head-on collision by cloud big data analysis engine, predict suspicious host of falling.
Description
Technical field
It falls Host Detection method the present invention relates to one kind of network safety filed.
Background technique
Passing, most of attacker often entertains the phychology of " opportunism " when selecting target of attack, can be with " everywhere
Bloom " form scan that there are the targets of known bugs to be permeated extensively.Theoretically, the protection intensity of enterprise is more than average
It is horizontal, so that it may to obtain opposite safety, the system of safeguard procedures weakness is often found and captured by attacker prior to them.
Therefore, traditional network safety is followed P2DR strategy always, is established protection-detection-response centered on " prevention "
Model, i.e., first fully assess the risk of information system, then formulates corresponding prevention policies, comprising: in crucial wind
Danger point deployment access control apparatus, such as firewall, IPS, Certificate Authority etc., repair system loophole correctly configure system, periodically rise
Grade maintenance, education proper use of system of user etc..Detection is in response to and reinforces the foundation of protection, passes through detection network flow and row
To be matched with preset strategy, if triggering prevention policies, then it is assumed that network attack has occurred, response system is carried out pre-
If movement prevents attack, and carries out alarm and recovery processing.
It is corresponding, conventional security product, such as terminal antivirus, firewall, IPS, Web application firewall, it is base
It organizes work in known features and preset rules, theoretical foundation is equally P2DR Protection Model, this is a kind of static, passive
, defence thinking security model.
However, the security incident exposed in recent years constantly proves, hacker attack means are evolved to from traditional general attack
Advanced threat.It using the 0-day loophole of system, can not defend, with clearly defined objective, directional attack, lose huge, it is difficult to draw in advance
It returns.
With attack process gradually deeply, will be undergone by the destination host that attacker locks by invading, controlled
System initiates several stages such as malicious act.In " invasion " stage, destination host is often by phishing, loophole benefit
With the attack of the forms such as, Brute Force;Once success if will enter " being controlled " stage, this phase targets host will with it is remote
The C&C server at end establishes connection, and continues the control of person under attack;It after destination host is controlled, will start " to initiate malice row
For " stage, the target expanded sweep that destination host is often used as springboard new to Intranet or outer net is attacked, refusal services (DoS/
DDoS a series of) activities such as attack, the access of malice network address, loophole invasion, spyware implantation, data theft." host of falling "
Refer to and successfully invaded by attacker, behavioural characteristic meets the host of above-mentioned " being controlled " or " initiating malicious act " stage.
Summary of the invention
The purpose of the invention is to overcome the deficiencies of the prior art and provide one kind to fall Host Detection method, complete
It ensure that internet security and macrocyclic visibility in office, realize to fall and Host Detection and fight with other and Advanced threat
Ability.
Realizing a kind of technical solution of above-mentioned purpose is: one kind is fallen Host Detection method, is included the following steps:
Log uploading step: each security boundary probe class equipment will be as caused by flow between each security domain, including applies
Access log, file transmission log, threatens the daily record data including log to upload secure cloud early warning platform at URL access log;
Data extraction step: the daily record data that security boundary probe class equipment reports is converged to cloud by secure cloud early warning platform
Big data analysis engine is held, cloud big data analysis engine excavates user's abnormal behaviour that host in network deviates normal baseline,
User's abnormal behaviour data are generated, and will threaten log aggregation is to threaten information;
Data Matching step: secure cloud early warning platform will be threatened main in information and network by cloud big data analysis engine
User's abnormal behaviour that machine deviates normal baseline carries out matching head-on collision, predicts suspicious host of falling.
Further, threaten information come be also from secure cloud early warning platform cloud sand table and with secure cloud early warning platform
Connected third party's intelligence sharing platform.
Further, the generation of user's abnormal behaviour data is visited according to Unified Threat Management in security boundary probe class equipment
The daily record data of needle acquisition threatens the generation of log according to the log of gas defence safety probe acquisition in security boundary probe class equipment
Data.
Further, threatening information includes the source IP of attack, Target IP, the domain address used, the attack taken
Means.
Further, there are also results to show step, the shape counted by secure cloud early warning platform after Data Matching step
Formula is presented host subscriber's abnormal behaviour data in network and clashes with matching for information is threatened as a result, then determining suspicious master of falling
Machine.
Further, as a result show in step, by secure cloud early warning platform, with information map view show it is entire because
Security postures in spy's net.
Further, it as a result shows in step, for secure cloud early warning platform by cloud big data analysis engine, judgement can
Doubtful host of falling is in by invading, be controlled, initiate to internal attack, initiate possible stage in malicious act, to sentence
Break the certainty of falling of suspicious host of falling.
Further, the result shows host analysis step of also falling after step, and secure cloud early warning platform passes through
Scenario analysis and blog search analyze selected suspicious host of falling, and the suspicious host of falling is presented selected
Specific user's abnormal behaviour in period.
Further, statistics overview and association analysis are carried out in scenario analysis;
The network for the host of falling that this is suspicious in seclected time period is presented in statistics overview in the form of histogram or cake chart
Attack the statistical result of information;
The related information of the attack of the suspicious host of falling is presented to manager for association analysis.
Further, there are also back feeding step after Data Matching step, secure cloud early warning platform distributes prestige in network-wide basis
Information is coerced, back feeding is located at the firewall on boundary and the threat characteristics library of each security boundary probe class equipment.
Using a kind of technical solution of Host Detection method of falling of the invention, include the following steps: that log uploads step
Rapid: each security boundary probe class equipment will be as caused by flow between each security domain, including application access log, URL access day
Will, threatens the daily record data including log to upload secure cloud early warning platform at file transmission log;Data extraction step: secure cloud
The daily record data that security boundary probe class equipment reports is converged to cloud big data analysis engine, cloud big data by early warning platform
Analysis engine excavates user's abnormal behaviour that host in network deviates normal baseline, generates abnormal behaviour data, and will threaten day
Will convergence is threat information;Data Matching step: secure cloud early warning platform will threaten information by cloud big data analysis engine
The user's abnormal behaviour for deviateing normal baseline with host in network carries out matching head-on collision, predicts suspicious host of falling.Its technology
Effect is: flat by secure cloud early warning using the strategy of secure cloud early warning platform and security boundary probe class equipment real-time collaborative
Platform provide cloud big data analysis, quick-searching and magnanimity cloud storage, further ensure that in the overall situation internet security and
Macrocyclic visibility realizes fall Host Detection and the ability with other and Advanced threat confrontation.
Detailed description of the invention
Fig. 1 is a kind of knot flow chart of Host Detection method of falling of the invention.
Specific embodiment
Referring to Fig. 1, the present inventor in order to preferably understand technical solution of the present invention, is led to below
Specifically embodiment is crossed, and will be described in detail with reference to the accompanying drawings:
One kind of the invention Host Detection method of falling includes the following steps:
Log uploading step: each security boundary probe class equipment will be as caused by flow between each security domain, including applies
Access log, file transmission log, threatens the daily record data including log to upload secure cloud early warning platform at URL access log.Side
The effect of boundary's safety probe class equipment is: based on its own sensing capability to user behavior in network, threat information, will have
The daily record data of value, which continually uploads, to summarize to secure cloud early warning platform.
Data extraction step: secure cloud early warning platform converges to the daily record data that each security boundary probe class equipment reports
Cloud big data analysis engine, cloud big data analysis engine extract user's abnormal behaviour data of host in network;Excavate net
Host deviates user's abnormal behaviour of normal baseline in network, and threatens information from threatening to extract in log.
Since security boundary probe class equipment can at least be divided into Threat Management probe and gas defence safety probe:
By having the Threat Management probe of application layer message recognition capability, see clearly user in network flow, using and
Content, analysis record user's abnormal behaviour of host in network, are uploaded to secure cloud early warning platform.Threat Management probe is in tradition
On the basis of identification technology, extends using mechanism such as behavioral value, application source infomation detections, promoted in network flow
Using, user, the accuracy of identification and range of terminal, content.Threat Management probe is based on to network flow application type, Yong Huxin
Breath and content, such as the depth recognition of URL, file type, file content carry out insight to user network behavior, to lose
The analysis of user's abnormal behaviour necessary to Host Detection is fallen into lay a good foundation.
The activity for being attacked and being implanted into spyware using loophole is identified by gas defence safety probe, based on to virus plant
Enter, malice network address access, vulnerability exploit attack, spyware movable perception, by the network attack log of generation it is real-time on
Secure cloud early warning platform is passed, is generated for secure cloud early warning platform and threatens information.
Data Matching step: secure cloud early warning platform will be threatened main in information and network by cloud big data analysis engine
User's abnormal behaviour that machine deviates normal baseline carries out matching head-on collision, and the doubtful master of falling that may be fallen is predicted from multiple dimensions
Machine.
Threaten information in addition to being also from the cloud sand table and and secure cloud in secure cloud early warning platform from log is threatened
The connected third party's intelligence sharing platform of early warning platform.
Threatening information includes the source IP of attack, Target IP, the domain address used, the attack means taken.
As a result show step: secure cloud early warning platform is presented host subscriber's abnormal behaviour data in network and threatens information
Matching head-on collision as a result, inform manager in the form of statistics, in network in the network behavior of host how many with it is fixed
Malicious act is related, then quickly determines suspicious host of falling.
The step is converged the attack that each security boundary probe class equipment is reported by " information map ", and
It wins wherein tens of points one to be presented on a global map, for illustrating the security postures of current Internet to manager.
The step can also provide fall host overall qualitative index and threat two indexs of sex index really simultaneously.Certainty refers to
Number embodies the suspicious degree that the host has been fallen, which is up to 100, and the value the high, means that it determines the assurance fallen
Degree is bigger, and sex index is threatened to embody the menace degree of the host, which is up to 100, and the value the high, means it really
It is fixed bigger by Threat.
It falls host analysis step:, selected suspicious host of falling is analyzed by secure cloud early warning platform, is in
Host specific user's abnormal behaviour in seclected time period that now this was suspicious fall.Be substantially carried out: scenario analysis and log are searched
Rope.
Scenario analysis: secure cloud early warning platform provides further contextual information to selected suspicious host of falling and drills through
And association analysis, the behavior and motivation of attacker are portrayed, scenario analysis includes " statistics overview " and " association analysis " two parts.
The net for the suspicious host of falling selected in seclected time period is presented in statistics overview in the form of histogram, cake chart
Network attacks the statistical result of information, and the IP including being saturated attack ranks, is saturated the event seniority among brothers and sisters of attack, spyware behavior
IP seniority among brothers and sisters, spyware behavior event seniority among brothers and sisters, access malice URL IP seniority among brothers and sisters, access URL event seniority among brothers and sisters, downloading disease
The IP seniority among brothers and sisters of malicious spyware, the event seniority among brothers and sisters for downloading viral spyware.
The related information of the attack of selected suspicious host of falling is presented to manager for association analysis.For example, seeping
The attack source of attack IP, attack pattern, application vector download source IP address, purpose IP address, application vector of certain virus etc. thoroughly.
Blog search is based on search result convenient for manager and quickly traces to the source attack, comprising:
Safety message, secure cloud early warning platform by the daily record data reported converge after with a variety of custom formats output safety reports
It accuses.Safety message can be about in advance daily paper, weekly, monthly magazine etc., and periodically automatically generate.
In default template, safety message includes assets security analysis, threat analysis, application risk analysis, virus and dislikes
The URL that anticipates is analyzed.
Assets security analysis in, in graphical form respectively present network in server and terminal by attack the case where
And specifying information.
In threat analysis, mainly using threat types as visual angle, most popular attack type, newly-increased is presented in graphical form
Attack type and attack concrete principle, the statistics of related IP and number.
In application risk analysis, ranking mainly is carried out to the application of maximum flow in network, and successively analyze various applications
Purposes, risk and related IP.
Virus counts the situation of the whole network host access malice URL, downloading virus with malice URL analysis.
Back feeding step: secure cloud early warning platform will threaten information to distribute rapidly in network-wide basis, and back feeding is located at boundary
The threat characteristics library of firewall and each security boundary probe class equipment.
One kind of the invention is fallen Host Detection method, the application having using security boundary probe class equipment, terminal,
User, content recognition ability and threat sensing capability, powerful guarantee accurately know full the whole network behavior, movable insight clearly
Net behavior provides precondition for the analysis of subsequent user's abnormal behaviour, threat information detection etc., guarantees Host Detection of falling
Accuracy.
Since security boundary probe class equipment can be deployed in any position in network in a variety of forms, and have in itself super
Strong application control, application layer threat-protection capability can carry out high-performance interception for application abuse, known threaten etc.;Therefore
One kind of the invention is fallen Host Detection method, is not being changed the network architecture convenient for user, is not being increased network availability risk
In the case of, improve the accuracy for Host Detection of falling.
By the cloud filtering of secure cloud early warning platform, cloud killing, threaten information distribution back feeding that security boundary probe class is helped to set
Standby work enables a kind of Host Detection method of falling of the invention to guarantee the safety of network boundary.
One kind of the invention Host Detection method of falling is real using secure cloud early warning platform and security boundary probe equipment
The strategy of Shi Xietong, by cloud big data analysis, quick-searching and magnanimity cloud storage that secure cloud early warning platform provides, into one
Step ensure that internet security and macrocyclic visibility in the overall situation, realization fall Host Detection and with other and Advanced threat
The ability of confrontation brings safety for user.
Those of ordinary skill in the art it should be appreciated that more than embodiment be intended merely to illustrate the present invention,
And be not used as limitation of the invention, as long as the change in spirit of the invention, to embodiment described above
Change, modification will all be fallen within the scope of claims of the present invention.
Claims (10)
1. one kind is fallen, Host Detection method, includes the following steps:
Log uploading step: each security boundary probe class equipment will be as caused by flow between each security domain, including application access
Log, file transmission log, threatens the daily record data including log to upload secure cloud early warning platform at URL access log;
Data extraction step: it is big that the daily record data that security boundary probe class equipment reports is converged to cloud by secure cloud early warning platform
Data analysis engine, cloud big data analysis engine excavate user's abnormal behaviour that host in network deviates normal baseline, generate
User's abnormal behaviour data, and will threaten log aggregation is to threaten information;
Data Matching step: secure cloud early warning platform will threaten information and host in network inclined by cloud big data analysis engine
User's abnormal behaviour from normal baseline carries out matching head-on collision, predicts suspicious host of falling.
The Host Detection method 2. one kind according to claim 1 is fallen, it is characterised in that: information is threatened to be also from peace
The cloud sand table of full cloud early warning platform and the third party's intelligence sharing platform being connected with secure cloud early warning platform.
The Host Detection method 3. one kind according to claim 1 is fallen, it is characterised in that: the life of user's abnormal behaviour data
At the daily record data according to Unified Threat Management probe collection in security boundary probe class equipment, threaten the generation of log according to side
The daily record data that gas defence safety probe acquires in boundary's safety probe class equipment.
The Host Detection method 4. one kind according to claim 1 is fallen, it is characterised in that: threatening information includes attack
Source IP, Target IP, the domain address used, the attack means taken.
The Host Detection method 5. one kind according to claim 1 is fallen, it is characterised in that: there are also tie after Data Matching step
Fruit shows step, and host subscriber's abnormal behaviour data in network are presented in the form of counting secure cloud early warning platform and threaten
The matching of information is clashed as a result, then determining suspicious host of falling.
The Host Detection method 6. one kind according to claim 5 is fallen, it is characterised in that: result is shown in step, is passed through
Secure cloud early warning platform shows the security postures in entire internet with information map view.
The Host Detection method 7. one kind according to claim 5 is fallen, it is characterised in that: result is shown in step, safe
Cloud early warning platform judges that suspicious host of falling is in by invading, be controlled, initiate by cloud big data analysis engine
It internals attack, initiate possible stage in malicious act, to judge the certainty of falling of suspicious host of falling.
The Host Detection method 8. one kind according to claim 5 is fallen, it is characterised in that: the result is gone back after showing step
It falls host analysis step, secure cloud early warning platform is by scenario analysis and blog search, to selected suspicious master of falling
Machine is analyzed, and suspicious host specific user's abnormal behaviour in seclected time period of falling is presented.
The Host Detection method 9. one kind according to claim 8 is fallen, it is characterised in that: carry out counting total in scenario analysis
It lookes at and association analysis;
The network attack for the host of falling that this is suspicious in seclected time period is presented in statistics overview in the form of histogram or cake chart
The statistical result of information;
The related information of the attack of the suspicious host of falling is presented to manager for association analysis.
The Host Detection method 10. one kind according to claim 1 is fallen, it is characterised in that: after Data Matching step also
Back feeding step, secure cloud early warning platform distribute in network-wide basis threaten information, back feeding be located at boundary firewall and each boundary
The threat characteristics library of safety probe class equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811175949.XA CN108965346A (en) | 2018-10-10 | 2018-10-10 | One kind is fallen Host Detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811175949.XA CN108965346A (en) | 2018-10-10 | 2018-10-10 | One kind is fallen Host Detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108965346A true CN108965346A (en) | 2018-12-07 |
Family
ID=64471525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811175949.XA Pending CN108965346A (en) | 2018-10-10 | 2018-10-10 | One kind is fallen Host Detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108965346A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525611A (en) * | 2019-01-11 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of abnormal outgoing behavioral value method and device of Intranet user |
| CN109862003A (en) * | 2019-01-24 | 2019-06-07 | 深信服科技股份有限公司 | Local generation method, device, system and the storage medium for threatening information bank |
| CN110149303A (en) * | 2019-03-27 | 2019-08-20 | 李登峻 | A kind of network safety pre-warning method and early warning system of Party school |
| CN110708315A (en) * | 2019-10-09 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Asset vulnerability identification method, device and system |
| CN110708296A (en) * | 2019-09-19 | 2020-01-17 | 中国电子科技网络信息安全有限公司 | VPN account number collapse intelligent detection model based on long-time behavior analysis |
| CN110719291A (en) * | 2019-10-16 | 2020-01-21 | 杭州安恒信息技术股份有限公司 | Network threat identification method and identification system based on threat information |
| CN110730175A (en) * | 2019-10-16 | 2020-01-24 | 杭州安恒信息技术股份有限公司 | Botnet detection method and detection system based on threat information |
| CN110830470A (en) * | 2019-11-06 | 2020-02-21 | 浙江军盾信息科技有限公司 | Method, device and equipment for detecting defect-losing host and readable storage medium |
| CN110875928A (en) * | 2019-11-14 | 2020-03-10 | 北京神州绿盟信息安全科技股份有限公司 | Attack tracing method, device, medium and equipment |
| CN110958251A (en) * | 2019-12-04 | 2020-04-03 | 中电福富信息科技有限公司 | Method and device for detecting and backtracking lost host based on real-time stream processing |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112153062A (en) * | 2020-09-27 | 2020-12-29 | 北京北信源软件股份有限公司 | Multi-dimension-based suspicious terminal equipment detection method and system |
| CN112487321A (en) * | 2020-12-08 | 2021-03-12 | 北京天融信网络安全技术有限公司 | Detection method, detection device, storage medium and electronic equipment |
| CN113141335A (en) * | 2020-01-19 | 2021-07-20 | 奇安信科技集团股份有限公司 | Network attack detection method and device |
| CN113497784A (en) * | 2020-03-20 | 2021-10-12 | 中国电信股份有限公司 | Method, apparatus and computer readable storage medium for detecting intelligence data |
| CN113852615A (en) * | 2021-09-15 | 2021-12-28 | 广东电力信息科技有限公司 | Method and device for monitoring lost host in multi-stage DNS (Domain name System) environment |
| CN113904920A (en) * | 2021-09-14 | 2022-01-07 | 上海纽盾科技股份有限公司 | Network security defense method, device and system based on lost equipment |
| CN114006802A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Situation awareness prediction method, device and system for equipment with failure |
| CN115021978A (en) * | 2022-05-17 | 2022-09-06 | 云盾智慧安全科技有限公司 | Attack path prediction method and device, electronic equipment and storage medium |
| CN115643120A (en) * | 2022-12-26 | 2023-01-24 | 国联江森自控绿色科技(无锡)有限公司 | Control system for exception self-processing of new energy management platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090125547A1 (en) * | 2005-10-18 | 2009-05-14 | Norihiko Kawakami | Storage System for Managing a Log of Access |
| CN105468737A (en) * | 2015-11-24 | 2016-04-06 | 湖北大学 | Web service big data analysis method, cloud computing platform and mining system |
| CN105915532A (en) * | 2016-05-23 | 2016-08-31 | 北京网康科技有限公司 | Method and device for recognizing fallen host |
| CN107707541A (en) * | 2017-09-28 | 2018-02-16 | 小花互联网金融服务(深圳)有限公司 | A kind of attack daily record real-time detection method based on machine learning of streaming |
-
2018
- 2018-10-10 CN CN201811175949.XA patent/CN108965346A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090125547A1 (en) * | 2005-10-18 | 2009-05-14 | Norihiko Kawakami | Storage System for Managing a Log of Access |
| CN105468737A (en) * | 2015-11-24 | 2016-04-06 | 湖北大学 | Web service big data analysis method, cloud computing platform and mining system |
| CN105915532A (en) * | 2016-05-23 | 2016-08-31 | 北京网康科技有限公司 | Method and device for recognizing fallen host |
| CN107707541A (en) * | 2017-09-28 | 2018-02-16 | 小花互联网金融服务(深圳)有限公司 | A kind of attack daily record real-time detection method based on machine learning of streaming |
Non-Patent Citations (2)
| Title |
|---|
| 王秀波: "《网络安全解决方案》", 《智能建筑》 * |
| 网康科技有限公司: "《基于网康云和下一代防火墙的失陷主机检测解决方案(V1.1)》", 《《HTTPS://WENKU.BAIDU.COM/VIEW/AD03D8C0F78A6529657D53C1.HTML》》 * |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525611A (en) * | 2019-01-11 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of abnormal outgoing behavioral value method and device of Intranet user |
| CN109525611B (en) * | 2019-01-11 | 2021-03-12 | 新华三信息安全技术有限公司 | Method and device for detecting abnormal outgoing behavior of intranet user |
| CN109862003A (en) * | 2019-01-24 | 2019-06-07 | 深信服科技股份有限公司 | Local generation method, device, system and the storage medium for threatening information bank |
| CN109862003B (en) * | 2019-01-24 | 2022-02-22 | 深信服科技股份有限公司 | Method, device, system and storage medium for generating local threat intelligence library |
| CN110149303A (en) * | 2019-03-27 | 2019-08-20 | 李登峻 | A kind of network safety pre-warning method and early warning system of Party school |
| CN110149303B (en) * | 2019-03-27 | 2022-07-15 | 李登峻 | Party-school network security early warning method and early warning system |
| CN110708296A (en) * | 2019-09-19 | 2020-01-17 | 中国电子科技网络信息安全有限公司 | VPN account number collapse intelligent detection model based on long-time behavior analysis |
| CN110708296B (en) * | 2019-09-19 | 2022-03-18 | 中国电子科技网络信息安全有限公司 | VPN account number collapse intelligent detection model based on long-time behavior analysis |
| CN110708315A (en) * | 2019-10-09 | 2020-01-17 | 杭州安恒信息技术股份有限公司 | Asset vulnerability identification method, device and system |
| CN110730175A (en) * | 2019-10-16 | 2020-01-24 | 杭州安恒信息技术股份有限公司 | Botnet detection method and detection system based on threat information |
| CN110719291A (en) * | 2019-10-16 | 2020-01-21 | 杭州安恒信息技术股份有限公司 | Network threat identification method and identification system based on threat information |
| CN110830470A (en) * | 2019-11-06 | 2020-02-21 | 浙江军盾信息科技有限公司 | Method, device and equipment for detecting defect-losing host and readable storage medium |
| CN110830470B (en) * | 2019-11-06 | 2022-02-01 | 杭州安恒信息安全技术有限公司 | Method, device and equipment for detecting defect-losing host and readable storage medium |
| CN110875928A (en) * | 2019-11-14 | 2020-03-10 | 北京神州绿盟信息安全科技股份有限公司 | Attack tracing method, device, medium and equipment |
| CN110958251A (en) * | 2019-12-04 | 2020-04-03 | 中电福富信息科技有限公司 | Method and device for detecting and backtracking lost host based on real-time stream processing |
| CN113141335B (en) * | 2020-01-19 | 2022-10-28 | 奇安信科技集团股份有限公司 | Network attack detection method and device |
| CN113141335A (en) * | 2020-01-19 | 2021-07-20 | 奇安信科技集团股份有限公司 | Network attack detection method and device |
| CN113497784A (en) * | 2020-03-20 | 2021-10-12 | 中国电信股份有限公司 | Method, apparatus and computer readable storage medium for detecting intelligence data |
| CN112073389A (en) * | 2020-08-21 | 2020-12-11 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112073389B (en) * | 2020-08-21 | 2023-01-24 | 苏州浪潮智能科技有限公司 | Cloud host security situation awareness system, method, device and storage medium |
| CN112153062A (en) * | 2020-09-27 | 2020-12-29 | 北京北信源软件股份有限公司 | Multi-dimension-based suspicious terminal equipment detection method and system |
| CN112153062B (en) * | 2020-09-27 | 2023-02-21 | 北京北信源软件股份有限公司 | Multi-dimension-based suspicious terminal equipment detection method and system |
| CN112487321A (en) * | 2020-12-08 | 2021-03-12 | 北京天融信网络安全技术有限公司 | Detection method, detection device, storage medium and electronic equipment |
| CN114006802B (en) * | 2021-09-14 | 2023-11-21 | 上海纽盾科技股份有限公司 | Situation awareness prediction method, device and system for collapse equipment |
| CN113904920A (en) * | 2021-09-14 | 2022-01-07 | 上海纽盾科技股份有限公司 | Network security defense method, device and system based on lost equipment |
| CN114006802A (en) * | 2021-09-14 | 2022-02-01 | 上海纽盾科技股份有限公司 | Situation awareness prediction method, device and system for equipment with failure |
| CN113904920B (en) * | 2021-09-14 | 2023-10-03 | 上海纽盾科技股份有限公司 | Network security defense method, device and system based on collapse equipment |
| CN113852615A (en) * | 2021-09-15 | 2021-12-28 | 广东电力信息科技有限公司 | Method and device for monitoring lost host in multi-stage DNS (Domain name System) environment |
| CN115021978A (en) * | 2022-05-17 | 2022-09-06 | 云盾智慧安全科技有限公司 | Attack path prediction method and device, electronic equipment and storage medium |
| CN115021978B (en) * | 2022-05-17 | 2023-11-24 | 云盾智慧安全科技有限公司 | Attack path prediction method, device, electronic equipment and storage medium |
| CN115643120A (en) * | 2022-12-26 | 2023-01-24 | 国联江森自控绿色科技(无锡)有限公司 | Control system for exception self-processing of new energy management platform |
| CN115643120B (en) * | 2022-12-26 | 2023-04-11 | 国联江森自控绿色科技(无锡)有限公司 | Control system for exception self-processing of new energy management platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108965346A (en) | One kind is fallen Host Detection method | |
| CN108259449B (en) | Method and system for defending against APT (android packet) attack | |
| Ashoor et al. | Importance of intrusion detection system (IDS) | |
| CN106027559B (en) | Large scale network scanning detection method based on network session statistical nature | |
| CN105915532B (en) | A kind of recognition methods of host of falling and device | |
| US20140283064A1 (en) | Network attack offensive appliance | |
| Kumar et al. | Intrusion detection systems: a review | |
| Ramamoorthi et al. | Real time detection and classification of DDoS attacks using enhanced SVM with string kernels | |
| Chen et al. | Intrusion detection | |
| Nicholson et al. | A taxonomy of technical attribution techniques for cyber attacks | |
| Nijim et al. | FastDetict: A data mining engine for predecting and preventing DDoS attacks | |
| Bartwal et al. | Security orchestration, automation, and response engine for deployment of behavioural honeypots | |
| CN114915493B (en) | Trapping deployment method based on network attack of power monitoring system | |
| Thu | Integrated intrusion detection and prevention system with honeypot on cloud computing environment | |
| Rutherford et al. | Using an improved cybersecurity kill chain to develop an improved honey community | |
| Morozov et al. | Honeypot and cyber deception as a tool for detecting cyber attacks on critical infrastructure. | |
| Patel et al. | An architecture of hybrid intrusion detection system | |
| Hammadeh et al. | Unraveling Ransomware: Detecting Threats with Advanced Machine Learning Algorithms | |
| Beigh et al. | Performance evaluation of different intrusion detection system: An empirical approach | |
| Mehta et al. | Cowrie honeypot data analysis and predicting the directory traverser pattern during the attack | |
| Narote et al. | Detection of DDoS Attacks using Concepts of Machine Learning | |
| Beqiri | Neural networks for intrusion detection systems | |
| Gavrilovic et al. | Snort IDS system visualization interface for alert analysis | |
| Sharma et al. | A Comprehensive Analysis of Exploring SDN-Enabled Honeypots for IoT Security | |
| Gu et al. | Misleading and defeating importance-scanning malware propagation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181207 |