Detection method of network attack source organization

The invention discloses a detection method of a network attack source organization, and aims at mining the network attack source organization through mass alarm data in a backbone network security monitoring window. According to the technical scheme, the method comprises the steps of mining threat activity information of an attacker from the mass alarm information; building an attacker threat activity information matrix; obtaining a threat activity association diagram of the threat activity information matrix by the threat activity association diagram generation method; optimally processing the threat activity association diagram; performing markov quick graph clustering for the optimized threat activity association diagram to obtain the network attack source organization information. With the adoption of the method, the network attack source organization can be mined from the mass alarm data in the backbone network monitoring window, the problem that the network attack source organization cannot be directly detected can be solved, the accuracy of the network attack source organization detection result is ensured, and moreover, the influence of the change of the network structure on the detection result can be avoided.