Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for identifying advanced persistent threat attacks

An advanced persistent threat and attack identification technology, applied in electrical components, transmission systems, etc., to solve problems such as difficulty in realizing security protection detection

Active Publication Date: 2018-06-26
SHANXI CHINA MOBILE COMM CORP
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the discovery and judgment of attack behavior by the existing network security protection detection system is based on known security vulnerabilities and defects, known Trojan horse behaviors and characteristics, and for Trojan horse behaviors using unknown or deformed security vulnerabilities and defects, positions or deformations and features, unknown attack behaviors, and APT attacks with unknown encrypted content are difficult to achieve security protection detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for identifying advanced persistent threat attacks
  • A method and device for identifying advanced persistent threat attacks
  • A method and device for identifying advanced persistent threat attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In the embodiment of the present invention, the APT attack includes the first stage, the second stage and the third stage. The attack event is detected first, and then the detected attack event is recorded, and the APT attack stage is classified and recorded according to the characteristics of the attack event. When the record includes the attack event of the third stage, the attack event of the third stage is associated with the attack event of the first stage and the second stage suffered by the attacked object, and the associated attack event has When it comes from an external source, it is determined to be an APT attack event.

[0033] Further, the attack event of the third stage is associated with the attack events of the first stage and the second stage suffered by the attacked object, and when the associated attack event has an internal source, the associated The attack event is associated with the attack events of the first stage, the second stage, and the third...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an advanced persistent threat attack recognition method. An APT attack comprises a first stage, a second stage and a third stage. The advanced persistent threat attack recognition method comprises the steps that an attack event is detected; the detected attack event is recorded, and APT attack stage classified recording is performed according to the characteristics of the attack event; and when the recording includes the attack event of the third stage, the attack event of the third stage is correlated with the attack event of the first stage and the second stage suffered by the attacked object, and the attack event is confirmed to be the APT attack event when the correlated attack event has an external source. The invention also discloses an advanced persistent threat attack recognition device.

Description

technical field [0001] The invention relates to network security defense technology, in particular to a method and device for identifying advanced persistent threat attacks. Background technique [0002] Facing the increasingly severe network security situation, how to continuously improve the defense capabilities against network attacks, and how to detect and quickly and effectively deal with network attacks are the core issues that organizations and enterprise IT departments are concerned about. With the development of virtualization and cloud computing technologies, the degree of virtualization of large data centers is getting higher and higher, and network boundaries are becoming increasingly blurred. At the same time, advanced persistent threat (Advanced Persistent Threat, APT) attacks have become the focus of public attention. APT attacks are also known as "target-specific" attacks. New types of attacks; APT attacks use various advanced attack methods and social engin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 卢山李斌
Owner SHANXI CHINA MOBILE COMM CORP