CN109474561B - Network attack degree determination method and device and security protection system - Google Patents

Network attack degree determination method and device and security protection system Download PDF

Info

Publication number
CN109474561B
CN109474561B CN201710799293.8A CN201710799293A CN109474561B CN 109474561 B CN109474561 B CN 109474561B CN 201710799293 A CN201710799293 A CN 201710799293A CN 109474561 B CN109474561 B CN 109474561B
Authority
CN
China
Prior art keywords
attack
network
wave source
determining
amplitude
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710799293.8A
Other languages
Chinese (zh)
Other versions
CN109474561A (en
Inventor
侯艳芳
周能
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201710799293.8A priority Critical patent/CN109474561B/en
Publication of CN109474561A publication Critical patent/CN109474561A/en
Application granted granted Critical
Publication of CN109474561B publication Critical patent/CN109474561B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for determining network attack degree and a security protection system, and relates to the field of mobile internet. The network flow is analyzed to obtain corresponding network security parameters, attack ripples are generated according to the network security parameters, corresponding attack strength is obtained by the aid of the attack ripples, and the degree of malicious attack on the current network is determined according to the attack strength. The invention carries out quantitative analysis on the malicious attack condition suffered by the current network, thereby driving the technical scheme of dynamically updating the current network security protection strategy, leading the network security protection system to actively adjust the own security protection strategy in real time according to the current security state of the network, and improving the protection capability of the current network.

Description

Network attack degree determination method and device and security protection system
Technical Field
The invention relates to the field of mobile internet, in particular to a method and a device for determining network attack degree and a security protection system.
Background
The traditional network security technology is mainly based on passive defense, lacks quantitative security analysis on malicious attacks suffered by the network, and can not effectively adjust own defense strategies according to the conditions of the current attack strength, the risk level and the like of the network in a targeted manner.
Therefore, a technical solution that can quantitatively analyze the malicious attack situation suffered by the current network so as to drive the current network security protection policy to dynamically update is urgently needed.
Disclosure of Invention
The embodiment of the invention provides a method, a device and a safety protection system for determining network attack degree, which drive the technical scheme of dynamically updating the safety protection strategy of the current network by quantitatively analyzing the malicious attack condition suffered by the current network, so that the network safety protection system actively adjusts the safety protection strategy of the network safety protection system in real time according to the current safety state of the network, and the protection capability of the current network is improved.
According to an aspect of the present invention, there is provided a network attack level determining method, including:
analyzing the network flow to obtain corresponding network security parameters;
generating attack ripples according to network security parameters;
obtaining corresponding attack strength by using the attack ripple;
and determining the degree of malicious attack on the current network according to the attack strength.
In one embodiment, the network security parameters include vulnerability level, attacker's attack steps, attacker capabilities, and network defense capabilities.
In one embodiment, generating attack ripples based on network security parameters comprises:
determining an attack wave source according to the vulnerability grade and the ability of an attacker;
determining an attack amplitude according to the attack step and the network protection capability;
and determining attack ripples according to the attack wave source and the attack amplitude.
In one embodiment, determining the source of the attack wave according to the vulnerability class and the ability of the attacker comprises:
determining a corresponding wave source radius according to the vulnerability grade;
determining the corresponding wave source depth according to the ability of an attacker;
and determining an attack wave source by using the wave source radius and the wave source depth.
In one embodiment, determining the attack amplitude based on the attack steps and the network defense capabilities comprises:
determining a corresponding initial amplitude according to the attack step;
determining corresponding attack damping according to the network protection capability;
and determining the attack amplitude according to the initial amplitude, the attack damping and the wave source radius.
In one embodiment, determining the attack ripple from the attack source and the attack amplitude comprises:
if the current time is greater than a preset threshold, representing attack ripples by attack amplitude;
and if the current time is not greater than the preset threshold, representing the attack ripple by the attack wave source.
In one embodiment, obtaining the corresponding attack strength using the attack ripple comprises:
and determining the attack strength according to the volume of the attack wave source and the value of the attack amplitude at a preset moment.
In one embodiment, determining the degree of malicious attack on the current network according to the attack strength comprises:
and inquiring the level of the current network which is attacked maliciously according to the attack intensity by utilizing the incidence relation between the preset attack intensity and the corresponding level.
According to another aspect of the present invention, there is provided a network attack level determination apparatus, including:
the network security analysis module is used for analyzing the network flow to obtain corresponding network security parameters;
the attack ripple generating module is used for generating attack ripples according to the network security parameters;
the attack intensity calculation module is used for obtaining corresponding attack intensity by utilizing the attack ripples;
and the attack degree determining module is used for determining the degree of malicious attack on the current network according to the attack strength.
In one embodiment, the network security parameters include vulnerability level, attacker's attack steps, attacker capabilities, and network defense capabilities.
In one embodiment, the attack ripple generation module is used for determining an attack wave source according to the vulnerability grade and the ability of an attacker, determining an attack amplitude according to the attack step and the network protection ability, and determining the attack ripple according to the attack wave source and the attack amplitude.
In one embodiment, the attack ripple generation module is configured to determine a corresponding wave source radius according to the vulnerability level, determine a corresponding wave source depth according to the attacker capability, and determine an attack wave source by using the wave source radius and the wave source depth.
In one embodiment, the attack ripple generation module is further configured to determine a corresponding initial amplitude according to the attack step, determine a corresponding attack damping according to the network protection capability, and determine an attack amplitude according to the initial amplitude, the attack damping, and the source radius.
In one embodiment, the attack ripple generation module is configured to represent the attack ripple by an attack amplitude if the current time is greater than a predetermined threshold; in the case that the current time is not greater than the predetermined threshold, the attack ripple is represented by the attack wave source.
In one embodiment, the attack strength calculation module is used for determining the attack strength according to the volume of the attack wave source and the value of the attack amplitude at a preset time.
In one embodiment, the attack degree determining module is configured to query, according to the magnitude of the attack strength, a level of a malicious attack on the current network, using a predetermined association relationship between the attack strength and the corresponding level.
According to another aspect of the present invention, there is provided a network attack level determination apparatus, including:
a memory to store instructions;
a processor coupled to the memory, the processor configured to perform a method according to any of the embodiments described above based on instructions stored in the memory.
According to another aspect of the present invention, a computer-readable storage medium is provided, wherein the computer-readable storage medium stores computer instructions, which when executed by a processor, implement a method as any of the above embodiments relate to.
According to another aspect of the present invention, there is provided a safety shield system comprising:
the network attack level determination apparatus according to any one of the embodiments described above;
the security protection strategy device is used for generating a corresponding security protection strategy according to the network attack degree information provided by the network attack degree determining device;
and the safety control implementation device is used for carrying out corresponding safety control implementation according to the safety protection strategy provided by the safety protection strategy device.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of an embodiment of a network attack level determination method according to the present invention.
Fig. 2 is a schematic diagram of an embodiment of a network attack level determination apparatus according to the present invention.
Fig. 3 is a schematic diagram of another embodiment of the network attack level determination apparatus according to the present invention.
Fig. 4 is a schematic diagram of one embodiment of a security system of the present invention.
FIG. 5 is a schematic diagram of another embodiment of a security system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The normal communication network can be seen as a calm surface. The malicious attack is regarded as a stone, and when the stone is thrown into water, a ripple effect is generated, namely when the malicious attack occurs in a network, some specific ripples are necessarily generated. The invention is based on the angle of attack ripple, measures the malicious attack strength, and realizes the quantitative analysis of the current network security state.
Fig. 1 is a schematic diagram of an embodiment of a network attack level determination method according to the present invention. Alternatively, the method steps of this embodiment may be executed by the network attack level determination apparatus. Wherein:
step 101, analyzing the network traffic to obtain corresponding network security parameters.
The network security parameters may include vulnerability level, attack steps of an attacker, attacker capability, network protection capability, and the like.
Step 102, generating attack ripples according to the network security parameters.
Wherein, the attack ripple can be composed of an attack wave source and an attack wave amplitude. The attack wave source can be determined according to the vulnerability grade and the ability of an attacker, the attack amplitude is determined according to the attack step and the network protection ability, and the attack ripple is determined according to the attack wave source and the attack amplitude.
The size of the aggressor source S is related to the vulnerability exploited by the aggressor and the capabilities of the aggressor. Because the vulnerability grade corresponds to the radius r of the wave source and the attacker capability corresponds to the depth n of the wave source, the attack wave source can be determined by utilizing the radius of the wave source and the depth of the wave source, namely the attack wave source S can be constructed by utilizing the two-dimensional vector. For example, the attack wave source S can be represented by the following equation.
S=(πr2,-n) (1)
The corresponding relationship between the value of the wave source radius r and the vulnerability level can be shown in table 1.
Vulnerability class Low risk Middle-risk High risk Super-danger
Radius of wave source 1 2 3 4
TABLE 1
This yields max (r) 4 and min (r) 1.
The source depth n is an impulse value, dimensionless value, and the corresponding relationship with the attacker's ability can be shown in table 2.
Attacker capability Weak (weak) In general Is stronger High strength
Depth of wave source 1 2 3 4
TABLE 2
This yields max (n) ═ 4 and min (n) ═ 1.
The attack amplitude a is related to the attack steps of the attacker to implement the attack and the network protection capability. The initial amplitude A of the attack corresponds to the attack step0The protection capability of the network corresponds to the attack damping c (i.e., attenuation), so the attack amplitude can be determined from the initial amplitude, the attack damping, and the source radius.
For example, the attack amplitude a may be:
Figure BDA0001401132350000061
wherein r is the wave source radius, t represents time, and t >2 r.
Wherein, the amplitude initial value A0The correspondence with the attack step can be as shown in table 3.
Figure BDA0001401132350000071
TABLE 3
As can be seen from Table 3, max (A)0)=6,min(A0)=1。
Furthermore, the correspondence between attack damping c and network protection capability can be shown in table 4.
Network protection capability Attack damping (c)
Fire wall 2
Firewall and IPS 4
Firewall, IPS, IDS 8
Firewall, IPS, IDS, antivirus software 16
Firewall, IPS, IDS, antivirus software, DLP 32
TABLE 4
As can be seen from table 4, max (c) is 32, and min (c) is 2.
After the attack wave source and the attack amplitude are obtained, the attack ripple can be determined according to the attack wave source and the attack amplitude. For example, if the current time is greater than a predetermined threshold, the attack ripple is represented by an attack amplitude; and if the current time is not greater than the preset threshold, representing the attack ripple by the attack wave source.
Alternatively, the attack ripple may be expressed as:
Figure BDA0001401132350000072
where r is the source radius, n is the source depth, A0Is the amplitude initial value, c is the damping value, and t is the time.
And 103, acquiring corresponding attack strength by using the attack ripple.
For example, the attack strength AP may be determined according to the volume of the attack source and the value of the attack amplitude at a predetermined time.
Alternatively, the attack strength AP may be calculated using the following equation.
Figure BDA0001401132350000081
If according to the above example, an attack strength value may be determined. For example:
Figure BDA0001401132350000082
and step 104, determining the degree of malicious attack on the current network according to the attack strength.
And inquiring the level of the current network which is attacked maliciously according to the attack intensity by utilizing the incidence relation between the preset attack intensity and the corresponding level.
For example, the attack strength may be divided into the following 6 levels, as shown in table 5.
Figure BDA0001401132350000083
Figure BDA0001401132350000091
TABLE 5
Based on the method for determining the network attack degree provided by the embodiment of the invention, the technical scheme of dynamically updating the current network security protection strategy is driven by quantitatively analyzing the malicious attack condition suffered by the current network, so that the network security protection system actively adjusts the security protection strategy of the network security protection system in real time according to the current security state of the network, and the protection capability of the current network is improved.
Fig. 2 is a schematic diagram of an embodiment of a network attack level determination apparatus according to the present invention. As shown in fig. 2, the apparatus may include a network security analysis module 21, an attack ripple generation module 22, an attack strength calculation module 23, and an attack degree determination module 24. Wherein:
the network security analysis module 21 is configured to analyze the network traffic to obtain corresponding network security parameters.
The network security parameters may include vulnerability level, attack steps of an attacker, attacker capability, network protection capability, and the like.
The attack ripple generation module 22 is used for generating attack ripples according to the network security parameters.
For example, the attack ripple generation module 22 determines an attack wave source according to the vulnerability level and the ability of an attacker, determines an attack amplitude according to the attack step and the network protection ability, and determines an attack ripple according to the attack wave source and the attack amplitude.
The attack ripple generation module 22 determines a corresponding wave source radius according to the vulnerability grade, determines a corresponding wave source depth according to the ability of an attacker, and determines an attack wave source by using the wave source radius and the wave source depth.
For example, the source of the attack wave may be as shown in equation (1).
In addition, the attack ripple generation module 22 determines a corresponding initial amplitude according to the attack step, determines a corresponding attack damping according to the network protection capability, and determines an attack amplitude according to the initial amplitude, the attack damping, and the wave source radius.
For example, the attack amplitude may be as shown in equation (2).
The attack ripple generation module 22 represents the attack ripple by the attack amplitude under the condition that the current time is greater than the predetermined threshold; in the case that the current time is not greater than the predetermined threshold, the attack ripple is represented by the attack wave source.
For example, the attack ripple may be as shown in equation (3).
The attack strength calculation module 23 is used for obtaining the corresponding attack strength by using the attack ripple.
The attack intensity calculation module 23 may determine the attack intensity according to the volume of the attack source and the value of the attack amplitude at a predetermined time.
For example, the attack strength may be as shown in equation (4).
The attack degree determining module 24 is used for determining the degree of the malicious attack on the current network according to the attack strength.
The attack degree determining module 24 may query the level of the malicious attack on the current network according to the magnitude of the attack strength by using the predetermined association relationship between the attack strength and the corresponding level.
Fig. 3 is a schematic diagram of a network attack level determining apparatus according to another embodiment of the present invention. As shown in fig. 3, the apparatus includes a memory 31 and a processor 32. Wherein:
the memory 31 is used for storing instructions, the processor 32 is coupled to the memory 31, and the processor 32 is configured to execute the method according to any embodiment in fig. 1 based on the instructions stored in the memory.
As shown in fig. 3, the apparatus further includes a communication interface 33 for information interaction with other devices. Meanwhile, the device also comprises a bus 34, and the processor 32, the communication interface 33 and the memory 31 are communicated with each other through the bus 34.
The memory 31 may comprise a high-speed RAM memory, and may also include a non-volatile memory (e.g., at least one disk memory). The memory 31 may also be a memory array. The storage 31 may also be partitioned and the blocks may be combined into virtual volumes according to certain rules.
Further, the processor 32 may be a central processing unit CPU, or may be an application Specific Integrated circuit ASIC (application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present invention.
The invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, which when executed by a processor implement the method according to any one of the embodiments in fig. 1.
Fig. 4 is a schematic diagram of one embodiment of a security system of the present invention. As shown in fig. 4, the system includes a network attack level determination device 41, a security protection policy device 42, and a security control enforcement device 43. The network attack level determination device 41 is the network attack level determination device according to any one of the embodiments in fig. 2 or fig. 3.
The security policy device 42 generates a corresponding security policy according to the network attack degree information provided by the network attack degree determining device.
The security control enforcement device 43 performs corresponding security control enforcement according to the security protection policy provided by the security protection policy device.
FIG. 5 is a schematic diagram of another embodiment of a security system of the present invention. In this embodiment, the network security analysis module analyzes the traffic flowing in from the external network to obtain the corresponding security parameters such as vulnerability level, attack step, attacker capability, network protection capability, and the like. And generating corresponding attack ripples according to the acquired security parameters, and calculating corresponding attack strength to accurately judge the attack degree. And selecting a corresponding security protection strategy according to the determined attack degree, and implementing corresponding security protection by using the selected security protection strategy. Therefore, dynamic security protection of the internal network can be realized.
By implementing the invention, the following beneficial effects can be obtained:
1) the invention is based on the brand-new angle that the attack ripple is inevitably generated when the malicious attack enters the communication network, constructs the attack wave source and the attack amplitude by taking the attack step, the system bug, the attacker capability and the network protection capability as four factors, forms the attack ripple, obtains the calculation expression of the attack intensity, quantitatively calculates the attack intensity, and grades the attack intensity through the value range of the attack intensity, describes the network attack more intuitively, comprehensively and accurately, and has important significance for improving the network security.
2) The method focuses on the consideration of the linkage of the network influence caused by the malicious attack, analyzes the ripple effect formed by the attack by constructing attack ripples, quantitatively describes the network malicious attack, can drive the self-adjustment of the network security protection strategy according to the analysis result, and is favorable for constructing a dynamic enhanced network security protection system.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (9)

1. A network attack level determination method is characterized by comprising the following steps:
analyzing the network flow to obtain corresponding network security parameters;
generating attack ripples according to the network security parameters;
obtaining corresponding attack strength by using the attack ripple;
determining the degree of malicious attack on the current network according to the attack strength;
wherein generating attack ripples according to the network security parameters comprises:
determining a corresponding wave source radius according to the vulnerability grade, determining a corresponding wave source depth according to the ability of an attacker, and determining an attack wave source by using the wave source radius and the wave source depth;
determining a corresponding initial wave amplitude according to the attack step, determining a corresponding attack damping according to the network protection capability, and determining an attack wave amplitude according to the initial wave amplitude, the attack damping and the wave source radius;
if the current time is greater than a preset threshold, representing the attack ripple by the attack amplitude;
if the current time is not greater than a preset threshold, representing the attack ripple by the attack wave source;
obtaining a corresponding attack strength by using the attack ripple comprises:
and determining the attack strength according to the volume of the attack wave source and the value of the attack amplitude at a preset moment.
2. The method of claim 1,
the network security parameters include vulnerability level, attack steps of an attacker, attacker capability and network protection capability.
3. The method according to any one of claims 1-2,
determining the degree of malicious attack on the current network according to the attack strength comprises the following steps:
and inquiring the level of the current network which is attacked maliciously according to the attack intensity by utilizing the incidence relation between the preset attack intensity and the corresponding level.
4. A network attack level determination apparatus, comprising:
the network security analysis module is used for analyzing the network flow to obtain corresponding network security parameters;
an attack ripple generation module, configured to generate attack ripples according to the network security parameters, where a corresponding wave source radius is determined according to a vulnerability level, a corresponding wave source depth is determined according to an attacker capability, an attack wave source is determined by using the wave source radius and the wave source depth, a corresponding initial wave amplitude is determined according to an attack step, a corresponding attack damping is determined according to a network protection capability, an attack wave amplitude is determined according to the initial wave amplitude, the attack damping, and the wave source radius, the attack ripples are represented by the attack wave amplitude when current time is greater than a predetermined threshold, and the attack ripples are represented by the attack wave source when current time is not greater than the predetermined threshold;
the attack intensity calculation module is used for obtaining corresponding attack intensity by utilizing the attack ripples, wherein the attack intensity is determined according to the volume of an attack wave source and the value of the attack amplitude at a preset moment;
and the attack degree determining module is used for determining the degree of malicious attack on the current network according to the attack strength.
5. The apparatus of claim 4,
the network security parameters include vulnerability level, attack steps of an attacker, attacker capability and network protection capability.
6. The apparatus according to any one of claims 4-5,
and the attack degree determining module is used for inquiring the level of the current network which is attacked maliciously according to the attack strength by utilizing the incidence relation between the preset attack strength and the corresponding level.
7. A network attack level determination apparatus, comprising:
a memory to store instructions;
a processor coupled to the memory, the processor configured to perform implementing the method of any of claims 1-3 based on instructions stored by the memory.
8. A computer-readable storage medium storing computer instructions which, when executed by a processor, implement the method of any one of claims 1-3.
9. A safety shield system, comprising:
the network attack level determination apparatus according to any one of claims 4 to 7;
the security protection strategy device is used for generating a corresponding security protection strategy according to the network attack degree information provided by the network attack degree determining device;
and the safety control implementation device is used for carrying out corresponding safety control implementation according to the safety protection strategy provided by the safety protection strategy device.
CN201710799293.8A 2017-09-07 2017-09-07 Network attack degree determination method and device and security protection system Active CN109474561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710799293.8A CN109474561B (en) 2017-09-07 2017-09-07 Network attack degree determination method and device and security protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710799293.8A CN109474561B (en) 2017-09-07 2017-09-07 Network attack degree determination method and device and security protection system

Publications (2)

Publication Number Publication Date
CN109474561A CN109474561A (en) 2019-03-15
CN109474561B true CN109474561B (en) 2021-01-08

Family

ID=65658281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710799293.8A Active CN109474561B (en) 2017-09-07 2017-09-07 Network attack degree determination method and device and security protection system

Country Status (1)

Country Link
CN (1) CN109474561B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098847B (en) * 2021-03-16 2023-03-24 四块科技(天津)有限公司 Supply chain management method, system, storage medium and electronic device
CN114826755B (en) * 2022-05-05 2023-12-01 烽火通信科技股份有限公司 Method and device for defending network malicious attack

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1860451A (en) * 2003-10-16 2006-11-08 思科技术公司 Policy-based network security management
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN106416182A (en) * 2014-05-09 2017-02-15 思科技术公司 Distributed voting mechanism for attack detection
CN106850265A (en) * 2016-12-29 2017-06-13 中国科学院信息工程研究所 A kind of power system network Attack Prediction method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160180078A1 (en) * 2014-12-23 2016-06-23 Jasmeet Chhabra Technologies for enhanced user authentication using advanced sensor monitoring

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1860451A (en) * 2003-10-16 2006-11-08 思科技术公司 Policy-based network security management
CN102354355A (en) * 2011-09-30 2012-02-15 北京神州绿盟信息安全科技股份有限公司 Security risk assessment method and device for computers
CN106416182A (en) * 2014-05-09 2017-02-15 思科技术公司 Distributed voting mechanism for attack detection
CN106850265A (en) * 2016-12-29 2017-06-13 中国科学院信息工程研究所 A kind of power system network Attack Prediction method

Also Published As

Publication number Publication date
CN109474561A (en) 2019-03-15

Similar Documents

Publication Publication Date Title
Yeo et al. Flow-based malware detection using convolutional neural network
US10313385B2 (en) Systems and methods for data driven game theoretic cyber threat mitigation
WO2018086544A1 (en) Security protection method and device, and computer storage medium
CN110138788B (en) Vulnerability attack cost quantitative evaluation method based on depth index
US10320820B2 (en) Systems and techniques for guiding a response to a cybersecurity incident
US8863284B1 (en) System and method for determining a security status of potentially malicious files
KR101534192B1 (en) System for providing cybersecurity realtime training against attacks and method thereof
US8769692B1 (en) System and method for detecting malware by transforming objects and analyzing different views of objects
US10063519B1 (en) Automatically optimizing web application firewall rule sets
CN109474561B (en) Network attack degree determination method and device and security protection system
CN106549980B (en) Malicious C & C server determination method and device
US9462011B2 (en) Determining trustworthiness of API requests based on source computer applications' responses to attack messages
CN111565184A (en) Network security assessment device, method, equipment and medium
Moodi et al. A hybrid intelligent approach to detect android botnet using smart self-adaptive learning-based PSO-SVM
JP2019021294A (en) SYSTEM AND METHOD OF DETERMINING DDoS ATTACKS
US9501742B2 (en) System and method for assessing categorization rule selectivity
CN102354355B (en) Security risk assessment method and device for computers
US10757029B2 (en) Network traffic pattern based machine readable instruction identification
CN106789849A (en) CC attack recognitions method, node and system
US20160197943A1 (en) System and Method for Profiling System Attacker
Jerkins et al. Mitigating IoT insecurity with inoculation epidemics
CN114157480B (en) Method, device, equipment and storage medium for determining network attack scheme
Tanaka et al. On modeling and simulation of the behavior of iot malwares mirai and hajime
KR20190028880A (en) Method and appratus for generating machine learning data for botnet detection system
US10263998B1 (en) Automated determination of relevance of a security alert to one or more other security alerts based on shared markers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant