White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform

An intelligent detection and data technology, applied in the field of white data filtering methods and systems, can solve problems such as analysis difficulties, and achieve the effects of improving analysis efficiency, saving hardware costs, and relieving storage pressure.

Inactive Publication Date: 2012-07-18
BEIJING VENUS INFORMATION TECH +1
View PDF5 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the core of APT detection lies in the ability to store and analyze historical traffic,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform
  • White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform
  • White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment 1, a method for filtering white data in an APT intelligent detection and analysis platform, comprising:

[0052] Perform protocol analysis on each Pcap (packet capture library, packet capture library) data packet in the stored historical flow data respectively, and obtain the control information and data of each Pcap data packet;

[0053] Generate filter rules according to predetermined white data filter conditions;

[0054]The control information of each Pcap packet analyzed is matched with the filter rule, if the control information of a Pcap packet satisfies the filter rule, then delete the control information and data of the Pcap packet;

[0055] After the deletion, the remaining data and control information (that is, the control information and data of the Pcap data packet that has not been deleted) are repackaged and encapsulated into a Pcap data packet and sent to the APT search engine.

[0056] In this embodiment, the white data filtering conditions ...

Embodiment 2

[0072] Embodiment 2, a white data filtering system in an APT intelligent detection and analysis platform, such as figure 2 shown, including:

[0073] Protocol analysis module 101, is used for carrying out agreement analysis respectively to the Pcap file in the historical flow data of storage, obtains the control information and the application data content of each Pcap packet;

[0074] A rule generation module 102, configured to generate filter rules according to predetermined white data filter conditions;

[0075] Data deletion module 103 is used to match the control information of each Pcap packet analyzed with the filter rule, if the control information of a Pcap packet satisfies the filter rule, then delete the control information and the filter rule of the Pcap packet application data content;

[0076] The file operation module 104 is used to repackage and encapsulate the remaining application data content and control information after deletion into a Pcap data packet ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a white data filter method and system in an APT (Advanced Persistent Threat) intelligent detection and analysis platform. The white data filter method comprises the following steps of: performing protocol analysis on each packet capturing library Pcap data packet in the stored historical flow data, so as to obtain the control information and data of the Pcap data packet; generating a filter criteria according to a predetermined white data filter condition; matching the analyzed control information of each Pcap data packet with the filter criteria, if the control information of one Pcap data packet satisfies the filter criteria, then deleting the control information and data of the Pcap data packet; after deleting the control information and data, re-packaging and encapsulating the other data and control information into a Pcap data packet and then transmitting the Pcap data packet to an APT search engine. The white data filter method and system in the APT intelligent detection and analysis platform, disclosed by the invention, can rationally degrade the filtered and stored historical data.

Description

technical field [0001] The invention relates to the field of network security, in particular to a white data filtering method and system in an APT intelligent detection and analysis platform. Background technique [0002] As hacker attacks become more and more organized and profitable, APT (Advanced Persistent Threat, Advanced Persistent Threat) has become the most serious threat to government and major enterprise information systems. Macroscopic network security monitoring has the characteristics of a wide monitoring range and involves many key units, and is an ideal environment for detecting APT attacks. The difficulty of APT detection is that the attacker's behavior is carried out within a time window, while traditional intrusion detection equipment is based on real-time detection of time points, lacking the support of the detection context. In order to realize the detection of APT attacks, it is necessary to establish an intelligent detection and analysis platform for A...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
Inventor 万淼周涛
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap