CN110351274A - A kind of method, server and the system of the tracking of network attack face - Google Patents

A kind of method, server and the system of the tracking of network attack face Download PDF

Info

Publication number
CN110351274A
CN110351274A CN201910626345.0A CN201910626345A CN110351274A CN 110351274 A CN110351274 A CN 110351274A CN 201910626345 A CN201910626345 A CN 201910626345A CN 110351274 A CN110351274 A CN 110351274A
Authority
CN
China
Prior art keywords
data
network node
server
attack
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910626345.0A
Other languages
Chinese (zh)
Other versions
CN110351274B (en
Inventor
娈靛浆
段彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuleng Technology Co Ltd
Original Assignee
Wuhan Sipuleng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuleng Technology Co Ltd filed Critical Wuhan Sipuleng Technology Co Ltd
Priority to CN201910626345.0A priority Critical patent/CN110351274B/en
Publication of CN110351274A publication Critical patent/CN110351274A/en
Application granted granted Critical
Publication of CN110351274B publication Critical patent/CN110351274B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses method, server and the systems of a kind of tracking of network attack face, it first passes through each network node oneself and checks data slot, extract the vector of attack that can be utilized, regather the data slot copy on each network node, it is merged with history big data, data slot is analyzed with the presence or absence of abnormal, it whether there is logic association between multiple abnormal data segments, thereby determine that and mark abnormal point and approach point, the security breaches for potentially attacking track and network node are obtained, to realize the purpose in the pursuit attack face in a large amount of network nodes.

Description

A kind of method, server and the system of the tracking of network attack face
Technical field
A kind of tracked this application involves technical field of network security more particularly to network attack face method, server and System.
Background technique
Current network communication faces more and more hidden safety problem, and many attacks are from hidden, fragmentation shape Formula, the loophole point and attack link of individual node can constitute multiple attack faces, and the method for existing guarding network attack can fail. Especially present network usually has a large amount of network nodes, and segment can be dispersed in each different network node by attacker On, it is found to escape.Be badly in need of it is a kind of being capable of the node method that checks loophole, the network monitor attack for tracking segment link.
Summary of the invention
The purpose of the present invention is to provide a kind of methods, devices and systems of network attack face tracking, first pass through each net Network node oneself checks data slot, extracts the vector of attack that can be utilized, regathers the data slot on each network node Whether copy merges it with history big data, and analysis data slot whether there is exception, deposit between multiple abnormal data segments In logic association, abnormal point and approach point are thereby determined that and marked, obtains the safety leakage for potentially attacking track and network node Hole, solving the problems, such as in the prior art can not pursuit attack face.
In a first aspect, the application provides a kind of method of network attack face tracking, which comprises
Network side server sends to each network node and instructs, and described instruction is for ordering each network node local Data slot is uploaded onto the server;
After each network node receives instruction, several numbers will be split as via the data flow of network node local According to segment copy, the vector of attack that can be utilized therefrom is extracted;
Each network node first calls local policy to scan the data slot copy, checks whether comprising can be sharp Vector of attack, then the vector of attack being utilized and data slot copy are packaged, it is sealed in business processing gap It loads onto and is transmitted to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark;
After the server receives the data slot copy after encapsulation, by the data slot and server local after parsing Historical data segment merge;The merging includes according to belonging network node, affiliated transmission terminal, data type, corresponding visit Ask that at least one of behavior standard merges;
The server analyzes the combined data slot using analysis model, finds wherein that may be present Network node belonging to several abnormal data segments or terminal are labeled as abnormal point by abnormal data segment, and if analysis It whether there is logic association between dry abnormal data segment;
If there are logic association between several described abnormal data segments, before the abnormal point corresponding to it is established Incidence relation afterwards, an approach point being labeled as in potential attack track;If between several described abnormal data segments not There are logic associations, then disconnect the forward-backward correlation relationship between its corresponding abnormal point, delete it in potential attack track Approach point;
The vector of attack that can be utilized described in the server inspection, judges whether there is security breaches;If there is peace Full loophole then calls relative strategy to execute the movement for eliminating security breaches;If there is no security breaches, then corresponding network is notified Security breaches are not present in node;
The server is by the forward-backward correlation relationship, the transit point, the potential attack track, the security breaches Pass to display processing unit;
The server is according to the forward-backward correlation relationship, the abnormal data segment training analysis model;
The display processing unit receives the forward-backward correlation relationship, the transit point, the potential attack track, institute After stating security breaches, by transit point label on the network node architecture figure of mapable, marked on each node in figure Its corresponding forward-backward correlation relationship draws potential attack track, and the security breaches of each node of mark, by putting and attacking rail One width network attack face of mark railway superstructures, is shown on large screen.
With reference to first aspect, in a first possible implementation of that first aspect, each network node data Stream, which is split as several data slots, to determine the length split according to type of service, access movement.
With reference to first aspect, in a second possible implementation of that first aspect, the network side server fixed week Phase sends to each network node and instructs.
With reference to first aspect, in first aspect in the third possible implementation, the network node is in business processing Gap upload data slot copy include: priority processing business datum, when do not have business datum need handle or transmit when, just to Server uploads data slot copy.
Second aspect, the application provide a kind of device of network attack face tracking, are applied on network node, execute whole Or partial method, described device include:
Instruction receiving unit, the instruction sent for receiving network side server to each network node, described instruction are used It uploads onto the server in each network node local data segment of order;
Data processing unit, for several data slots will to be split as via the data flow of network node local, therefrom It extracts the vector of attack that can be utilized, and local policy is called to scan the data slot copy, check whether comprising can The vector of attack being utilized;
Data transmission unit, for the vector of attack being utilized and data slot copy to be packaged, in business The encapsulation of processing gap is uploaded to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark.
The third aspect, the application provide a kind of server of network attack face tracking, are located at network side, execute whole or portion The method divided, the server include:
Instruction sending unit is instructed for sending to each network node, and described instruction is for ordering each network node Local data segment is uploaded onto the server;
Data combination unit, after receiving the data slot copy after encapsulating, by the data slot and clothes after parsing The historical data segment of business device local merges;The merging includes according to belonging network node, affiliated transmission terminal, data class At least one of type, corresponding access behavior standard merge;
Anomaly unit is analyzed, for analyzing using analysis model the combined data slot, searching wherein may be used Network node belonging to several abnormal data segments or terminal are labeled as abnormal point by abnormal data segment existing for energy, with And it analyzes between several abnormal data segments with the presence or absence of logic association;
If there are logic association between several described abnormal data segments, before the abnormal point corresponding to it is established Incidence relation afterwards, an approach point being labeled as in potential attack track;If between several described abnormal data segments not There are logic associations, then disconnect the forward-backward correlation relationship between its corresponding abnormal point, delete it in potential attack track Approach point;
Loophole inspection unit judges whether there is security breaches for checking the vector of attack that can be utilized;If There are security breaches, then relative strategy is called to execute the movement for eliminating security breaches;If there is no security breaches, then notice pair Answering network node, there is no security breaches;
Transfer unit is used for the forward-backward correlation relationship, the transit point, the potential attack track, the safety Loophole passes to display processing unit;
Model training unit, for according to the forward-backward correlation relationship, the abnormal data segment training analysis mould Type.
Fourth aspect, the application provide a kind of system of network attack face tracking, and the system comprises applications just like second Multiple network nodes of aspect described device, and server and display processing unit as described in the third aspect.
The present invention provides a kind of methods, devices and systems of network attack face tracking, first passes through each network node oneself Check data slot, extract the vector of attack that can be utilized, regather the data slot copy on each network node, by its with History big data merges, and analysis data slot whether there is exception, whether there is logic association between multiple abnormal data segments, Abnormal point and approach point are thereby determined that and marked, the security breaches for potentially attacking track and network node are obtained, to realize The purpose in pursuit attack face in a large amount of network nodes.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, for those of ordinary skills, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart for the method that inventive network attacks face tracking;
Fig. 2 is the internal structure chart for the device that inventive network attacks face tracking;
Fig. 3 is the internal structure chart for the server that inventive network attacks face tracking;
Fig. 4 is the architecture diagram for the system that inventive network attacks face tracking.
Specific embodiment
The preferred embodiment of the present invention is described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy It is easier to be readily appreciated by one skilled in the art, so as to make a clearer definition of the protection scope of the present invention.
Fig. 1 is the flow chart of the method for network attack face provided by the present application tracking, which comprises
Network side server sends to each network node and instructs, and described instruction is for ordering each network node local Data slot is uploaded onto the server;
After each network node receives instruction, several numbers will be split as via the data flow of network node local According to segment copy, the vector of attack that can be utilized therefrom is extracted;
Each network node first calls local policy to scan the data slot copy, checks whether comprising can be sharp Vector of attack, then the vector of attack being utilized and data slot copy are packaged, it is sealed in business processing gap It loads onto and is transmitted to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark;
After the server receives the data slot copy after encapsulation, by the data slot and server local after parsing Historical data segment merge;The merging includes according to belonging network node, affiliated transmission terminal, data type, corresponding visit Ask that at least one of behavior standard merges;
The server analyzes the combined data slot using analysis model, finds wherein that may be present Network node belonging to several abnormal data segments or terminal are labeled as abnormal point by abnormal data segment, and if analysis It whether there is logic association between dry abnormal data segment;
If there are logic association between several described abnormal data segments, before the abnormal point corresponding to it is established Incidence relation afterwards, an approach point being labeled as in potential attack track;If between several described abnormal data segments not There are logic associations, then disconnect the forward-backward correlation relationship between its corresponding abnormal point, delete it in potential attack track Approach point;
The vector of attack that can be utilized described in the server inspection, judges whether there is security breaches;If there is peace Full loophole then calls relative strategy to execute the movement for eliminating security breaches;If there is no security breaches, then corresponding network is notified Security breaches are not present in node;
The server is by the forward-backward correlation relationship, the transit point, the potential attack track, the security breaches Pass to display processing unit;
The server is according to the forward-backward correlation relationship, the abnormal data segment training analysis model;
The display processing unit receives the forward-backward correlation relationship, the transit point, the potential attack track, institute After stating security breaches, by transit point label on the network node architecture figure of mapable, marked on each node in figure Its corresponding forward-backward correlation relationship draws potential attack track, and the security breaches of each node of mark, by putting and attacking rail One width network attack face of mark railway superstructures, is shown on large screen.
In some preferred embodiments, each network node data flow be split as several data slots can basis Type of service, access movement determine the length split.
In some preferred embodiments, the network side server fixed cycle sends instruction shelves to each network node.
In some preferred embodiments, it includes: excellent that the network node, which uploads data slot copy in business processing gap, First processing business data just upload data slot copy to server when not having business datum to need to handle or transmit.
Fig. 2 is the internal structure chart of the device of network attack face provided by the present application tracking, and described device includes:
Instruction receiving unit, the instruction sent for receiving network side server to each network node, described instruction are used It uploads onto the server in each network node local data segment of order;
Data processing unit, for several data slots will to be split as via the data flow of network node local, therefrom It extracts the vector of attack that can be utilized, and local policy is called to scan the data slot copy, check whether comprising can The vector of attack being utilized;
Data transmission unit, for the vector of attack being utilized and data slot copy to be packaged, in business The encapsulation of processing gap is uploaded to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark.
In some preferred embodiments, it includes: preferential place that described device, which uploads data slot copy in business processing gap, Business datum is managed, when not having business datum to need to handle or transmit, just uploads data slot copy to server.
Fig. 3 is the internal structure chart of the server of network attack face provided by the present application tracking, and the server includes:
Instruction sending unit is instructed for sending to each network node, and described instruction is for ordering each network node Local data segment is uploaded onto the server;
Data combination unit, after receiving the data slot copy after encapsulating, by the data slot and clothes after parsing The historical data segment of business device local merges;The merging includes according to belonging network node, affiliated transmission terminal, data class At least one of type, corresponding access behavior standard merge;
Anomaly unit is analyzed, for analyzing using analysis model the combined data slot, searching wherein may be used Network node belonging to several abnormal data segments or terminal are labeled as abnormal point by abnormal data segment existing for energy, with And it analyzes between several abnormal data segments with the presence or absence of logic association;
If there are logic association between several described abnormal data segments, before the abnormal point corresponding to it is established Incidence relation afterwards, an approach point being labeled as in potential attack track;If between several described abnormal data segments not There are logic associations, then disconnect the forward-backward correlation relationship between its corresponding abnormal point, delete it in potential attack track Approach point;
Loophole inspection unit judges whether there is security breaches for checking the vector of attack that can be utilized;If There are security breaches, then relative strategy is called to execute the movement for eliminating security breaches;If there is no security breaches, then notice pair Answering network node, there is no security breaches;
Transfer unit is used for the forward-backward correlation relationship, the transit point, the potential attack track, the safety Loophole passes to display processing unit;
Model training unit, for according to the forward-backward correlation relationship, the abnormal data segment training analysis mould Type.
In some preferred embodiments, the network side server is cluster server.
In some preferred embodiments, the network side server fixed cycle sends instruction shelves to each network node.
Fig. 4 is the architecture diagram of the system of network attack face provided by the present application tracking, and the system comprises applications just like Fig. 2 Multiple network nodes of shown device and server and display processing unit as shown in Figure 3.
In the specific implementation, the present invention also provides a kind of computer storage mediums, wherein the computer storage medium can deposit Program is contained, which may include step some or all of in each embodiment of the present invention when executing.The storage medium It can be magnetic disk, CD, read-only memory (referred to as: ROM) or random access memory (referred to as: RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present invention substantially or The part that contributes to existing technology can be embodied in the form of software products, which can store In storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions use is so that a computer equipment (can be Personal computer, server or network equipment etc.) it executes described in certain parts of each embodiment of the present invention or embodiment Method.
The same or similar parts between the embodiments can be referred to each other for this specification.For embodiment, Since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to the explanation in embodiment of the method ?.
Invention described above embodiment is not intended to limit the scope of the present invention..

Claims (7)

1. a kind of method of network attack face tracking characterized by comprising
Network side server sends to each network node and instructs, and described instruction is for ordering each network node local data Segment is uploaded onto the server;
After each network node receives instruction, several data slices will be split as via the data flow of network node local Section copy, therefrom extracts the vector of attack that can be utilized;
Each network node first calls local policy to scan the data slot copy, checks whether to include that can be utilized Vector of attack, then the vector of attack being utilized and data slot copy are packaged, in the encapsulation of business processing gap It is transmitted to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark;
After the server receives the data slot copy after encapsulation, by after parsing data slot and server local go through History data slot merges;The merging includes according to belonging network node, affiliated transmission terminal, data type, corresponding access row For at least one of standard merge;
The server analyzes the combined data slot using analysis model, finds wherein exception that may be present Network node belonging to several abnormal data segments or terminal are labeled as abnormal point, and analyze several by data slot It whether there is logic association between abnormal data segment;
If there are logic associations between several described abnormal data segments, the abnormal point corresponding to it is established into front and back pass Connection relationship, an approach point being labeled as in potential attack track;If be not present between several described abnormal data segments Logic association then disconnects the forward-backward correlation relationship between its corresponding abnormal point, deletes its approach in potential attack track Point;
The vector of attack that can be utilized described in the server inspection, judges whether there is security breaches;It is leaked if there is safety Hole then calls relative strategy to execute the movement for eliminating security breaches;If there is no security breaches, then corresponding network node is notified There is no security breaches;
The server transmits the forward-backward correlation relationship, the transit point, the potential attack track, the security breaches To display processing unit;
The server is according to the forward-backward correlation relationship, the abnormal data segment training analysis model;
The display processing unit receives the forward-backward correlation relationship, the transit point, the potential attack track, the peace After full loophole, by transit point label on the network node architecture figure of mapable, mark its right on each node in figure The forward-backward correlation relationship answered draws potential attack track, and the security breaches of each node of mark, by putting and attacking trajectory line Road constitutes a width network attack face, is shown on large screen.
2. the method according to claim 1, wherein each network node data flow is split as several Data slot can determine the length split according to type of service, access movement.
3. method according to claim 1 to 2, which is characterized in that the network side server fixed cycle is to each Network node sends instruction.
4. method according to claim 1 to 3, which is characterized in that the network node uploads in business processing gap Data slot copy includes: priority processing business datum, when not having business datum to need to handle or transmit, just on server Pass data slot copy.
5. a kind of device of network attack face tracking, is applied on network node, executes according to any one of claims 1-4 Method characterized by comprising
Instruction receiving unit, the instruction sent for receiving network side server to each network node, described instruction is for ordering Each network node local data segment is enabled to upload onto the server;
Data processing unit is therefrom extracted for will be split as several data slots via the data flow of network node local The vector of attack that can be utilized out, and local policy is called to scan the data slot copy is checked whether comprising can be sharp Vector of attack;
Data transmission unit, for the vector of attack being utilized and data slot copy to be packaged, in business processing Gap encapsulation is uploaded to server;The encapsulation, which is included in data slot copy, is inserted into data originator's mark.
6. a kind of server of network attack face tracking, is located at network side, executes side according to any one of claims 1-4 Method characterized by comprising
Instruction sending unit is instructed for sending to each network node, and described instruction is for ordering each network node sheet Ground data slot is uploaded onto the server;
Data combination unit, after receiving the data slot copy after encapsulating, by the data slot and server after parsing Local historical data segment merges;The merging includes according to belonging network node, affiliated transmission terminal, data type, right At least one of behavior standard should be accessed to merge;
Anomaly unit is analyzed, for analyzing using analysis model the combined data slot, searching may wherein be deposited Abnormal data segment, network node belonging to several abnormal data segments or terminal are labeled as abnormal point, Yi Jifen It analyses between several abnormal data segments with the presence or absence of logic association;
If there are logic associations between several described abnormal data segments, the abnormal point corresponding to it is established into front and back pass Connection relationship, an approach point being labeled as in potential attack track;If be not present between several described abnormal data segments Logic association then disconnects the forward-backward correlation relationship between its corresponding abnormal point, deletes its approach in potential attack track Point;
Loophole inspection unit judges whether there is security breaches for checking the vector of attack that can be utilized;If there is Security breaches then call relative strategy to execute the movement for eliminating security breaches;If there is no security breaches, then corresponding net is notified Security breaches are not present in network node;
Transfer unit is used for the forward-backward correlation relationship, the transit point, the potential attack track, the security breaches Pass to display processing unit;
Model training unit, for according to the forward-backward correlation relationship, the abnormal data segment training analysis model.
7. a kind of system of network attack face tracking, which is characterized in that the system comprises applications dress as claimed in claim 5 The multiple network nodes set, server and display processing unit as claimed in claim 6.
CN201910626345.0A 2019-07-11 2019-07-11 Network attack surface tracking method, server and system Active CN110351274B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910626345.0A CN110351274B (en) 2019-07-11 2019-07-11 Network attack surface tracking method, server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910626345.0A CN110351274B (en) 2019-07-11 2019-07-11 Network attack surface tracking method, server and system

Publications (2)

Publication Number Publication Date
CN110351274A true CN110351274A (en) 2019-10-18
CN110351274B CN110351274B (en) 2021-11-26

Family

ID=68175055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910626345.0A Active CN110351274B (en) 2019-07-11 2019-07-11 Network attack surface tracking method, server and system

Country Status (1)

Country Link
CN (1) CN110351274B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111787002A (en) * 2020-06-30 2020-10-16 北京赋云安运营科技有限公司 Method and system for analyzing service data network security
CN112417462A (en) * 2020-12-10 2021-02-26 中国农业科学院农业信息研究所 Network security vulnerability tracking method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100318852A1 (en) * 2009-06-16 2010-12-16 Microsoft Corporation Visualization tool for system tracing infrastructure events
CN104539626A (en) * 2015-01-14 2015-04-22 中国人民解放军信息工程大学 Network attack scene generating method based on multi-source alarm logs
CN104731816A (en) * 2013-12-23 2015-06-24 阿里巴巴集团控股有限公司 Method and device for processing abnormal business data
CN105208000A (en) * 2015-08-21 2015-12-30 深信服网络科技(深圳)有限公司 Network attack retrospective analysis method and network security equipment
CN105763529A (en) * 2015-12-12 2016-07-13 哈尔滨安天科技股份有限公司 Attack chain obtaining method and system in network environment
US20170302691A1 (en) * 2016-04-18 2017-10-19 Acalvio Technologies, Inc. Systems and Methods for Detecting and Tracking Adversary Trajectory
US20180020022A1 (en) * 2015-06-08 2018-01-18 Illusive Networks Ltd. Predicting and preventing an attacker's next actions in a breached network
CN109067815A (en) * 2018-11-06 2018-12-21 深信服科技股份有限公司 Attack Source Tracing method, system, user equipment and storage medium
CN109587174A (en) * 2019-01-10 2019-04-05 广东电网有限责任公司信息中心 Composite defense method and system for network protection

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100318852A1 (en) * 2009-06-16 2010-12-16 Microsoft Corporation Visualization tool for system tracing infrastructure events
CN104731816A (en) * 2013-12-23 2015-06-24 阿里巴巴集团控股有限公司 Method and device for processing abnormal business data
CN104539626A (en) * 2015-01-14 2015-04-22 中国人民解放军信息工程大学 Network attack scene generating method based on multi-source alarm logs
US20180020022A1 (en) * 2015-06-08 2018-01-18 Illusive Networks Ltd. Predicting and preventing an attacker's next actions in a breached network
CN105208000A (en) * 2015-08-21 2015-12-30 深信服网络科技(深圳)有限公司 Network attack retrospective analysis method and network security equipment
CN105763529A (en) * 2015-12-12 2016-07-13 哈尔滨安天科技股份有限公司 Attack chain obtaining method and system in network environment
US20170302691A1 (en) * 2016-04-18 2017-10-19 Acalvio Technologies, Inc. Systems and Methods for Detecting and Tracking Adversary Trajectory
CN109067815A (en) * 2018-11-06 2018-12-21 深信服科技股份有限公司 Attack Source Tracing method, system, user equipment and storage medium
CN109587174A (en) * 2019-01-10 2019-04-05 广东电网有限责任公司信息中心 Composite defense method and system for network protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李秋霞: "基于地图的网络攻击可视化***设计与实现", 《中国优秀硕士学位论文全文数据库》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111787002A (en) * 2020-06-30 2020-10-16 北京赋云安运营科技有限公司 Method and system for analyzing service data network security
CN111787002B (en) * 2020-06-30 2022-05-20 安全能力生态聚合(北京)运营科技有限公司 Method and system for analyzing safety of service data network
CN112417462A (en) * 2020-12-10 2021-02-26 中国农业科学院农业信息研究所 Network security vulnerability tracking method and system
CN112417462B (en) * 2020-12-10 2024-02-02 中国农业科学院农业信息研究所 Network security vulnerability tracking method and system

Also Published As

Publication number Publication date
CN110351274B (en) 2021-11-26

Similar Documents

Publication Publication Date Title
CN104219316B (en) A kind of call request processing method and processing device in distributed system
CN103023906B (en) Method and system aiming at remote procedure calling conventions to perform status tracking
CN110505241A (en) A kind of network attack face detection method and system
CN107465651A (en) Network attack detecting method and device
CN110365674A (en) A kind of method, server and system for predicting network attack face
CN105939311A (en) Method and device for determining network attack behavior
CN105493060A (en) Honeyport active network security
CN206686205U (en) The multiple-protection network architecture
CN110351274A (en) A kind of method, server and the system of the tracking of network attack face
CN110381047A (en) A kind of method, server and the system of the tracking of network attack face
Gugelmann et al. Hviz: HTTP (S) traffic aggregation and visualization for network forensics
CN109413016A (en) A kind of rule-based message detecting method and device
CN112738095A (en) Method, device, system, storage medium and equipment for detecting illegal external connection
CN109361574A (en) NAT detection method, system, medium and equipment based on JavaScript script
CN106209487A (en) For detecting the method and device of the security breaches of webpage in website
CN106506630A (en) A kind of hostile network behavior based on HTTP content consistencies finds method
CN110365673A (en) Method, server and the system in a kind of isolation network attack face
JP2023550974A (en) Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same
CN107979845A (en) The indicating risk method and apparatus of wireless access point
CN110351273A (en) A kind of methods, devices and systems of network trace reel chain attack
CN110213301A (en) A kind of method, server and system shifting network attack face
EP3789890A1 (en) Fully qualified domain name (fqdn) determination
CN109691158A (en) Mobile flow Redirectional system
KR102541888B1 (en) Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same
CN106657054B (en) A kind of network security defence method based on virtual machine service jump

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant