Threat detection method, device and equipment and storage medium

• Main Author: PANG SIMING
• Format: Patent
• Language: Chinese; English
• Published: 12.05.2020
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention discloses a threat detection method. The method comprises the steps of collecting weblog monitored in real time; performing threat detection on the weblog by utilizing a threat detectionmodel to obtain a detection result; if the detection result represents that the behavior of the weblog is abnormal, determining a target attack link to which the weblog with the abnormal behavior belongs based on an attack chain of a network space security framework; and taking the target attack link in the attack chain and all preorder attack links of the target attack link as attacked links tocomplete threat detection of the weblog. The invention further discloses a threat detection device and equipment and a storage medium. Threat capture is carried out from the global perspective of theattack chain, and the security defense capability is improved. 本发明公开了一种威胁检测方法，包括：采集实时监测的网络日志；利用威胁检测模型，对所述网络日志进行威胁检测，获得检测结果；若所述检测结果表征所述网络日志的行为异常，则基于网络空间安全框架的攻击链，确定所述行为异常的网络日志所属的目标攻击环节；将所述攻击链中所述目标攻击环节及该目标攻击环节的所有前序攻击环节作为被攻陷环节，完成对所