CN111818103A - 一种网络靶场中基于流量的溯源攻击路径方法 - Google Patents
一种网络靶场中基于流量的溯源攻击路径方法 Download PDFInfo
- Publication number
- CN111818103A CN111818103A CN202010938005.4A CN202010938005A CN111818103A CN 111818103 A CN111818103 A CN 111818103A CN 202010938005 A CN202010938005 A CN 202010938005A CN 111818103 A CN111818103 A CN 111818103A
- Authority
- CN
- China
- Prior art keywords
- traffic
- malicious
- flow
- attack
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000000605 extraction Methods 0.000 claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 24
- 238000001514 detection method Methods 0.000 claims description 15
- 238000010276 construction Methods 0.000 claims description 14
- 239000000523 sample Substances 0.000 claims description 3
- 230000006399 behavior Effects 0.000 abstract description 28
- 238000005516 engineering process Methods 0.000 abstract description 15
- 230000008569 process Effects 0.000 abstract description 11
- 239000000284 extract Substances 0.000 abstract description 2
- 230000002349 favourable effect Effects 0.000 abstract description 2
- 238000004458 analytical method Methods 0.000 description 11
- 238000013461 design Methods 0.000 description 8
- 238000011160 research Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 241000270730 Alligator mississippiensis Species 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
恶意程序名 | 恶意流量特征 | HTTP头中位置 |
Gator | Gator/x.xx,其中x.xx为版本号 | User-Agent字段 |
Cydoor | 前缀为“/bns”或者“/scripts”的URL,包含字符串“Javasite”的URL | URL字段 |
SaveNow | 前缀“/offer”、“/heartbeat”或“/about”的URL | URL字段 |
eZula | “eZula”,“mez”或“Wise” | User-Agent字段 |
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010938005.4A CN111818103B (zh) | 2020-09-09 | 2020-09-09 | 一种网络靶场中基于流量的溯源攻击路径方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010938005.4A CN111818103B (zh) | 2020-09-09 | 2020-09-09 | 一种网络靶场中基于流量的溯源攻击路径方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111818103A true CN111818103A (zh) | 2020-10-23 |
CN111818103B CN111818103B (zh) | 2020-12-15 |
Family
ID=72860193
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010938005.4A Active CN111818103B (zh) | 2020-09-09 | 2020-09-09 | 一种网络靶场中基于流量的溯源攻击路径方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111818103B (zh) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112751704A (zh) * | 2020-12-17 | 2021-05-04 | 杭州安恒信息技术股份有限公司 | 网络靶场中异构网络连通性检查方法、装置及设备 |
CN112887329A (zh) * | 2021-02-24 | 2021-06-01 | 北京邮电大学 | 隐藏服务溯源方法、装置及电子设备 |
CN113259316A (zh) * | 2021-04-02 | 2021-08-13 | 国家电网有限公司 | 电力系统内部的攻击路径可视化方法、系统和电子设备 |
CN113676484A (zh) * | 2021-08-27 | 2021-11-19 | 绿盟科技集团股份有限公司 | 一种攻击溯源方法、装置和电子设备 |
CN113761522A (zh) * | 2021-09-02 | 2021-12-07 | 恒安嘉新(北京)科技股份公司 | 一种webshell流量的检测方法、装置、设备和存储介质 |
CN114006717A (zh) * | 2021-01-04 | 2022-02-01 | 北京八分量信息科技有限公司 | 一种区块链节点存储云系统 |
CN114048487A (zh) * | 2021-11-29 | 2022-02-15 | 北京永信至诚科技股份有限公司 | 网络靶场的攻击过程评估方法、装置、存储介质及设备 |
CN114978666A (zh) * | 2022-05-18 | 2022-08-30 | 杭州安恒信息技术股份有限公司 | 一种网络攻击流程还原方法、装置、设备及存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102821002A (zh) * | 2011-06-09 | 2012-12-12 | 中国移动通信集团河南有限公司信阳分公司 | 网络流量异常检测方法和系统 |
US20170222979A1 (en) * | 2016-01-29 | 2017-08-03 | Zenedge, Inc. | Qualifying Client Behavior to Mitigate Attacks on a Host |
CN108696473A (zh) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | 攻击路径还原方法及装置 |
CN110149350A (zh) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | 一种告警日志关联的网络攻击事件分析方法及装置 |
CN110691080A (zh) * | 2019-09-25 | 2020-01-14 | 光通天下网络科技股份有限公司 | 自动溯源方法、装置、设备及介质 |
CN111181932A (zh) * | 2019-12-18 | 2020-05-19 | 广东省新一代通信与网络创新研究院 | Ddos攻击检测与防御方法、装置、终端设备及存储介质 |
-
2020
- 2020-09-09 CN CN202010938005.4A patent/CN111818103B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102821002A (zh) * | 2011-06-09 | 2012-12-12 | 中国移动通信集团河南有限公司信阳分公司 | 网络流量异常检测方法和系统 |
US20170222979A1 (en) * | 2016-01-29 | 2017-08-03 | Zenedge, Inc. | Qualifying Client Behavior to Mitigate Attacks on a Host |
CN108696473A (zh) * | 2017-04-05 | 2018-10-23 | 中国移动通信集团广东有限公司 | 攻击路径还原方法及装置 |
CN110149350A (zh) * | 2019-06-24 | 2019-08-20 | 国网安徽省电力有限公司信息通信分公司 | 一种告警日志关联的网络攻击事件分析方法及装置 |
CN110691080A (zh) * | 2019-09-25 | 2020-01-14 | 光通天下网络科技股份有限公司 | 自动溯源方法、装置、设备及介质 |
CN111181932A (zh) * | 2019-12-18 | 2020-05-19 | 广东省新一代通信与网络创新研究院 | Ddos攻击检测与防御方法、装置、终端设备及存储介质 |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112751704A (zh) * | 2020-12-17 | 2021-05-04 | 杭州安恒信息技术股份有限公司 | 网络靶场中异构网络连通性检查方法、装置及设备 |
CN112751704B (zh) * | 2020-12-17 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | 网络靶场中异构网络连通性检查方法、装置及设备 |
CN114006717A (zh) * | 2021-01-04 | 2022-02-01 | 北京八分量信息科技有限公司 | 一种区块链节点存储云系统 |
CN112887329A (zh) * | 2021-02-24 | 2021-06-01 | 北京邮电大学 | 隐藏服务溯源方法、装置及电子设备 |
CN113259316A (zh) * | 2021-04-02 | 2021-08-13 | 国家电网有限公司 | 电力系统内部的攻击路径可视化方法、系统和电子设备 |
CN113676484A (zh) * | 2021-08-27 | 2021-11-19 | 绿盟科技集团股份有限公司 | 一种攻击溯源方法、装置和电子设备 |
CN113676484B (zh) * | 2021-08-27 | 2023-04-18 | 绿盟科技集团股份有限公司 | 一种攻击溯源方法、装置和电子设备 |
CN113761522A (zh) * | 2021-09-02 | 2021-12-07 | 恒安嘉新(北京)科技股份公司 | 一种webshell流量的检测方法、装置、设备和存储介质 |
CN114048487A (zh) * | 2021-11-29 | 2022-02-15 | 北京永信至诚科技股份有限公司 | 网络靶场的攻击过程评估方法、装置、存储介质及设备 |
CN114048487B (zh) * | 2021-11-29 | 2022-06-17 | 北京永信至诚科技股份有限公司 | 网络靶场的攻击过程评估方法、装置、存储介质及设备 |
CN114978666A (zh) * | 2022-05-18 | 2022-08-30 | 杭州安恒信息技术股份有限公司 | 一种网络攻击流程还原方法、装置、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN111818103B (zh) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111818103B (zh) | 一种网络靶场中基于流量的溯源攻击路径方法 | |
Sharafaldin et al. | Towards a reliable intrusion detection benchmark dataset | |
Wang et al. | Delving into internet DDoS attacks by botnets: characterization and analysis | |
CN113783896B (zh) | 一种网络攻击路径追踪方法和装置 | |
CN112383546B (zh) | 一种处理网络攻击行为的方法、相关设备及存储介质 | |
US8516585B2 (en) | System and method for detection of domain-flux botnets and the like | |
Xie et al. | A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors | |
KR101010302B1 (ko) | Irc 및 http 봇넷 보안 관제를 위한 관리 시스템 및 그 방법 | |
RU2495486C1 (ru) | Способ анализа и выявления вредоносных промежуточных узлов в сети | |
US7313695B2 (en) | Systems and methods for dynamic threat assessment | |
Najafabadi et al. | User behavior anomaly detection for application layer ddos attacks | |
US20140047543A1 (en) | Apparatus and method for detecting http botnet based on densities of web transactions | |
Zarras et al. | Automated generation of models for fast and precise detection of HTTP-based malware | |
Taylor et al. | Detecting malicious exploit kits using tree-based similarity searches | |
CN111786966A (zh) | 浏览网页的方法和装置 | |
Grill et al. | Malware detection using http user-agent discrepancy identification | |
CN103701816B (zh) | 执行拒绝服务攻击的服务器的扫描方法和扫描装置 | |
KR101005866B1 (ko) | 룰기반 웹아이디에스 시스템용 웹로그 전처리방법 및 시스템 | |
Apruzzese et al. | SpacePhish: the evasion-space of adversarial attacks against phishing website detectors using machine learning | |
Jia et al. | Micro-honeypot: using browser fingerprinting to track attackers | |
Boulaiche et al. | An auto-learning approach for network intrusion detection | |
CN101588276A (zh) | 一种检测僵尸网络的方法及其装置 | |
CN108737332A (zh) | 一种基于机器学习的中间人攻击预测方法 | |
CN112583827B (zh) | 一种数据泄露检测方法及装置 | |
Qureshi et al. | Analysis of Challenges in Modern Network Forensic Framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20201023 Assignee: Beijing Mingbo Xin'an Information Technology Co.,Ltd. Assignor: XINLIAN TECHNOLOGY (NANJING) Co.,Ltd. Contract record no.: X2023980051461 Denomination of invention: A Traffic Based Traceability Attack Path Method in Network Shooting Range Granted publication date: 20201215 License type: Common License Record date: 20231212 |
|
TR01 | Transfer of patent right |
Effective date of registration: 20240516 Address after: Room D04, Building 2, No. 28 Zhenxing Road, Science and Technology Park, Changping District, Beijing, 102299 Patentee after: Beijing Mingbo Xin'an Information Technology Co.,Ltd. Country or region after: China Address before: No.1, Dongji Avenue, Jiangning Economic and Technological Development Zone, Nanjing, Jiangsu Province, 210000 Patentee before: XINLIAN TECHNOLOGY (NANJING) Co.,Ltd. Country or region before: China |