ATTACK PATH DETECTION METHOD, ATTACK PATH DETECTION SYSTEM AND NON-TRANSITORY COMPUTER-READABLE MEDIUM｜Patents Search｜Patents｜Service

2019.09.30

ATTACK PATH DETECTION METHOD, ATTACK PATH DETECTION SYSTEM AND NON-TRANSITORY COMPUTER-READABLE MEDIUM

United States

Overview

An attack path detection method is disclosed herein. The attack path detection method includes the following operations: establishing a connecting relationship between a plurality of hosts according to a host log set to generate a host association graph; marking at least one host with an abnormal condition on the host association graph, and calculating a risk value corresponding to each of the plurality of hosts; determining whether the risk value corresponding to each of the plurality of hosts is larger than a first threshold, utilizing a host with the risk value greater than the first threshold as a high-risk host; and searching at least one host attach path between the high-risk host and the at least one host with the abnormal condition according to the connecting relationship of the host association graph.