Discrimination method for advanced persistent threat attack

A discriminative method and continuous technology, applied in the field of information security, can solve problems such as increasing difficulty in maintaining rule bases, insufficient flexibility of rule bases, and limited detection capabilities

Inactive Publication Date: 2015-08-19
BEIJING VRV SOFTWARE CO LTD
View PDF0 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that the flexibility of the rule base is insufficient, and its ability to detect unknown A...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Discrimination method for advanced persistent threat attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The specific implementation manners of the present invention will be described below in conjunction with the accompanying drawings.

[0021] Such as figure 1 Shown is the method flowchart of the technical solution of the present invention, as can be seen from the figure, the present invention specifically comprises the following steps:

[0022] Step 101: collect each terminal sample program system API call sequence through the terminal program behavior collection module;

[0023] Step 102: Extract the short sequence of the system API call sequence by using the sliding window method through the MapReduce module;

[0024] Step 103: Calculate the short sequence information gain of each system API call, and select the short sequence with a large information gain value as the program behavior feature;

[0025] Step 104: Scan the system API call sequence of each terminal sample program again through the MapReduce module to obtain the behavioral characteristics of the termin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a discrimination method for advanced persistent threat attack. The discrimination method comprises the following steps: collecting an API (Application Program Interface) calling sequence of a terminal sample program system; extracting the API calling short sequence of the terminal sample program system through a MapReduce module, then, calculating the information gain of the short sequence, and screening program behavior characteristics with huge information gain; scanning the API calling sequence of the terminal sample program system again to obtain the behavior characteristics of a terminal sample program; using the behavior characteristics of each sample program as input by a statistical machine learning model module, training the statistical machine learning model module until the classification correction rate of the training sample program by the statistical machine learning model module is above 90%, determining a model parameter, and taking the model parameter as an APT (Advanced Persistent Threat) attack discriminator; collecting the system calling sequence of a target terminal program; and after the API calling sequence of the target program is collected and the behavior characteristics of the target program are extracted, judging whether the target program has attack behaviors. The discrimination method is high in APT attack detection capability and shortens the extraction time of program behavior characteristics.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for distinguishing advanced persistent threat attacks. Background technique [0002] Advanced Persistent Threat (Advanced Persistent Threat) attacks are cyber attacks and intrusions launched by hackers against customers for the purpose of stealing core data. In terms of attack channels, there are various APT attack channels. Among the well-known APT incidents that have been exposed so far, social attacks, 0day exploits, and physical ferrying emerge in endlessly, while traditional detection often only focuses on border defense. Once the system border is bypassed, the difficulty of implementing subsequent attack steps will be greatly reduced. From the behavior point of view, it is difficult to extract the characteristics of APT attack behavior. APT generally uses 0day vulnerabilities to obtain permissions and conduct remote control through unknown Trojan hor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55
Inventor 高曦杨华张宏宇
Owner BEIJING VRV SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap