METHOD AND APPARATUS FOR PROCESSING NETWORK ATTACK
First Claim
Patent Images
1. A method for processing network attack, comprising:
- after determining an attacked object, searching for a recorded attack event related to the attacked object to determine a controlled host in an attack network;
searching for a recorded control event related to the controlled host to determine a controlling host in the attack network; and
determining a detected host which performs the same communication with multiple controlling hosts as an attack manipulator.
1 Assignment
0 Petitions
Accused Products
Abstract
A network attack processing method and a processing apparatus are disclosed herein. The method may include; after determining an attacked object, searching for a recorded attack event related to the attacked object to determine a controlled host in an attack network; searching for a recorded control event related to the controlled host to determine a controlling host in the attack network; and determining a detected host which performs similar communication with the multiple controlling hosts as an attack manipulator. Accordingly, embodiments for a processing apparatus adapted to perform the methods are disclosed herein.
24 Citations
16 Claims
-
1. A method for processing network attack, comprising:
-
after determining an attacked object, searching for a recorded attack event related to the attacked object to determine a controlled host in an attack network; searching for a recorded control event related to the controlled host to determine a controlling host in the attack network; and determining a detected host which performs the same communication with multiple controlling hosts as an attack manipulator. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for processing network attack, comprising:
-
an attacked object modeling module, adapted to determine an attacked object; a topology module, adapted to, after the attacked object modeling module determines the attacked object, search for a recorded attack event related to the attacked object to determine a controlled host in an attack network, and search for a recorded control event related to the controlled host to determine a controlling host in the attack network; and a communication analysis module, adapted to determine a detected host which performs the same communication with multiple controlling hosts as an attack manipulator. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A network analyzing monitor center, comprising:
-
an attacked object modeling module adapted to determine the attacked object; a topology module adapted to, after the attacked object modeling module determines the attacked object, search for a recorded attack event related to the attacked object to determine a controlled host in an attack network, and search for a recorded control event related to the controlled host to determine a controlling host in the attack network; and a communication analysis module adapted to determine a detected host which performs the same communication with the multiple controlling hosts as an attack manipulator. - View Dependent Claims (13, 14, 15, 16)
-
Specification