基本信息:
- 专利标题: 一种基于近邻相似性的网络攻击目标预测方法
- 专利标题(英):Network attack target prediction method based on neighbor similarity
- 申请号:CN201611103522.X 申请日:2016-12-05
- 公开(公告)号:CN106453417A 公开(公告)日:2017-02-22
- 发明人: 卢新岱 , 戴桦 , 孙歆 , 李沁园 , 韩嘉佳 , 李景 , 周辉 , 姚影
- 申请人: 国网浙江省电力公司电力科学研究院 , 国家电网公司
- 申请人地址: 浙江省杭州市下城区朝晖八区华电弄1号
- 专利权人: 国网浙江省电力公司电力科学研究院,国家电网公司
- 当前专利权人: 国网浙江省电力有限公司电力科学研究院,国家电网有限公司
- 当前专利权人地址: 浙江省杭州市下城区朝晖八区华电弄1号
- 代理机构: 浙江翔隆专利事务所
- 代理人: 张建青; 张允姿
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
The invention discloses a network attack target prediction method based on neighbor similarity. In the existing threat prediction methods, prediction and analysis are performed based on attack behaviors, and an attack target is not further predicted. The technical scheme adopted in the invention is as follows: firstly, preprocessing a safety event, performing normalization processing, and removing redundancy and misinformation; then matching the preprocessed safety event with a pre-defined rule library, performing correlation analysis, and reconstructing an attack scene; and finally calculating the similarity of a host address, an open port and an operating system of the attack target with these attributes of a neighbor host, and predicting the next step network attack target. The network attack target prediction method disclosed by the invention provides reference for an administrator to prepare handling strategies, achieves a prediction function of network attacks and improves the overall safety of the network.
公开/授权文献:
- CN106453417B 一种基于近邻相似性的网络攻击目标预测方法 公开/授权日:2019-01-22