System and method for detecting APT attacks based on DNS log analysis

A technology of attack detection and DNS query, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of defense measures loopholes, all massive data analysis, missed APT attacks, etc.

Active Publication Date: 2014-07-09
SHANGHAI JIAO TONG UNIV
View PDF2 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, for analyzing potential threats from massive data, the above defense measures have loopholes, and it is difficult to analyze all massive data, which may miss potential APT attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for detecting APT attacks based on DNS log analysis
  • System and method for detecting APT attacks based on DNS log analysis
  • System and method for detecting APT attacks based on DNS log analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings. This embodiment is implemented under the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the embodiment.

[0036] A kind of APT attack detection system based on DNS log analysis of the present invention is specifically as follows figure 1 As shown, it includes DNS query log record module, log analysis module and attack detection module. in,

[0037] DNS query log recording module: it is used to record the DNS query action DNS to form a DNS log. The query action mainly includes query time time, source IP address ipsrc and query content qname;

[0038] Log analysis module: used to convert DNS query action requests into SSH login attempt information, and calculate the time density...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A system for detecting APT attacks based on DNS log analysis comprises a DNS query log recording module, a log analysis module and an attack detection module. Detection of the APT attacks is achieved through the detection system. A method for detecting the APT attacks based on DNS log analysis includes the steps that firstly, DNS query requests are collected through the DNS query log recording module, and then DNS query logs are formed; secondly, pattern matching is conducted on the DNS query logs and SSH login attempt information through the log analysis module, and computing time density, the coverage area and time correlation are analyzed; thirdly, the SSH login attempt information is grouped according to a source IP address; fourthly, the attack detection module judges whether the attacks happen or not and determines the types of the attacks according to the result of the log analysis module. The method is in a lightweight class attack detection mode, consumed resources are far smaller than resources required for analyzing whole network flow, the log analysis mode is adopted, a network does not need to be monitored in real time, and therefore the network is hardly affected.

Description

technical field [0001] The invention relates to a detection system and method for high persistent attacks in the field of computer network security, in particular to an APT attack detection system and method based on DNS log analysis for SSH scanning and password blasting. Background technique [0002] Computer network has become an important facility for sharing resources and information, and the widespread use of the network has led to new social, ethical and political issues. APT (Advanced Persistent Threat, Advanced Persistent Threat) is a network attack and intrusion against customers launched by hackers for the purpose of stealing core data. It is a long-planned "malicious commercial espionage threat". This kind of behavior is often operated and planned for a long time, and has a high degree of concealment. The attack method of APT is to hide oneself and steal data in a long-term, planned and organized manner for specific objects. This behavior of stealing data and co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 邹福泰刘鹏焜谷雨昊易平李建华
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap