-
公开(公告)号:EP3205072A1
公开(公告)日:2017-08-16
申请号:EP15848332.1
申请日:2015-10-12
发明人: LI, Zhichun , WU, Zhenyu , QIAN, Zhiyun , JIANG, Guofei , AKHOONDI, Masoud , KUSANO, Markus
CPC分类号: H04L63/1416 , G06F17/30958 , H04L63/1425 , H04L63/1441 , H04L2463/146
摘要: Methods and systems for intrusion attack recovery include monitoring two or more hosts in a network to generate audit logs of system events. One or more dependency graphs (DGraphs) is generated based on the audit logs. A relevancy score for each edge of the DGraphs is determined. Irrelevant events from the DGraphs are pruned to generate a condensed backtracking graph. An origin is located by backtracking from an attack detection point in the condensed backtracking graph.
摘要翻译: 用于入侵攻击恢复的方法和系统包括监视网络中的两个或更多主机以生成系统事件的审计日志。 根据审计日志生成一个或多个依赖关系图(DGraphs)。 确定DGraphs每个边缘的相关性分数。 DGraphs中的不相关事件被修剪以产生浓缩的回溯图。 通过凝聚回溯图中的攻击检测点回溯来确定原点。
搜索结果
1 条记录 (耗时 0.008 秒)
筛选
AND
AND
过滤
NOT
NOT
扫码加群
