首页> 外国专利> A method for modeling attack patterns in honeypots

A method for modeling attack patterns in honeypots

机译：蜜罐攻击模式建模的方法

页面导航

摘要
著录项
相似文献

摘要

A monitored honeypot system, comprising sensors for monitoring data being communicated between an attacker and said honeypot; a hardware processor adapted to analyze a portion of said communicated data by defining a set of attack features; obtaining a dataset comprising monitored cyber-attack metadata; filtering said dataset to a desired contextual subset of cyber-attacks; defining attack sessions from said contextual subset; extracting values for each feature, respectively, from each said attack sessions; generating from said features values attack profiles, each profile relating to a set of attacks; clustering the attack profiles based on features of said profiles; enriching the centroid representation of said attack profiles; outlining important features which distinguish between said pattern clusters; calculating a closeness similarity between said pattern-clusters; generating a model of cyber-attack patterns, based the preceding steps; and a memory for storing the form model.

机译：一种受监视的蜜罐系统，包括：用于监视在攻击者与所述蜜罐之间通信的数据的传感器;以及硬件处理器，其适于通过定义一组攻击特征来分析所述通信数据的一部分;获得包括监视的网络攻击元数据的数据集;将所述数据集过滤到期望的网络攻击的上下文子集;从所述上下文子集中定义攻击会话;从每个所述攻击会话中分别提取每个特征的值;从所述特征值生成攻击简档，每个简档与一组攻击有关;根据所述攻击特征的特征聚类攻击特征;丰富所述攻击轮廓的质心表示;概述区分所述模式簇的重要特征;计算所述模式簇之间的相似度;根据上述步骤，生成网络攻击模式模型;以及用于存储表格模型的存储器。

著录项

公开/公告号IL249827D0

专利类型
公开/公告日2017-03-30

原文格式PDF
申请/专利权人 DUDU MIMRAN;BRACHA SHAPIRA;DEUTSCHE TELEKOM AG;LIOR ROKACH;ARIEL BAR;MOSHE UNGER;OLEG BRODT;B.G. NEGEV TECHNOLOGIES & APPLICATIONS LTD AT BEN-GURION UNIVERSITY;
展开▼

申请/专利号IL20160249827
发明设计人 DUDU MIMRAN;BRACHA SHAPIRA;LIOR ROKACH;ARIEL BAR;MOSHE UNGER;OLEG BRODT;
展开▼

申请日2016-12-28
分类号G06F;
国家 IL
入库时间 2022-08-21 13:38:51

相似文献

专利
外文文献
中文文献