APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection

An attack detection and domain name detection technology, which is applied in the field of APT attack detection based on malicious domain name detection, and can solve problems such as poor adaptability

Inactive Publication Date: 2015-12-09
COMMUNICATION UNIVERSITY OF CHINA
View PDF5 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, such methods are often accompanied by a large number of false positives and false p...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection
  • APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection
  • APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In the following description, a lot of specific details are given in order to provide a more thorough understanding of the present invention. However, it is obvious to those skilled in the art that the present invention can be implemented without one or more of these details. In other examples, in order to avoid confusion with the present invention, some technical features known in the art are not described.

[0021] It should be understood that the present invention can be implemented in different forms and should not be construed as being limited to the embodiments presented here. On the contrary, the provision of these embodiments will make the disclosure thorough and complete, and will fully convey the scope of the present invention to those skilled in the art.

[0022] The purpose of the terms used here is only to describe specific embodiments and not as a limitation of the present invention. When used herein, the singular forms of "a", "an" and "the / the" are also int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an APT (Advanced Persistent Threat) attack detection method and an APT attack detection device based on malicious domain name detection. The APT attack detection method comprises the following steps: obtaining communication data in a network; analyzing the communication data so as to extract the IP (Internet Protocol) of a source host, a domain name inquired by the source host and the domain name inquiry time related in the communication data; inquiring a domain name risk grade database so as to determine whether the domain name inquired by the source host exists in the domain name risk grade database or not, if so, extracting and displaying a risk grade result corresponding to the domain name from the domain name risk grade database, and if not, evaluating the risk grade of the domain name and displaying a risk grade evaluation result so as to determine whether the source host is attacked by APT or not, wherein the risk grade evaluation result comprises abnormal heartbeat analysis and sub-domain name semantic analysis. The APT attack detection method and the APT attack detection device provided by the invention are capable of accurately detecting unknown malicious domain names; therefore, APT attacks can be detected in time; and consequences due to the APT attacks can be reduced.

Description

Technical field [0001] The invention relates to the technical field of network security, in particular to an APT attack detection method and device based on malicious domain name detection. Background technique [0002] In recent years, the successive occurrence of a series of major security incidents has brought a new term-APT attack into people's field of vision. APT (AdvancedPersistentThreat) is the advanced persistent threat. The characteristics of APT attacks that are different from traditional attacks are: A (Advanced) problem, the attacker will adapt to the defender to generate resistance, and the use of advanced intrusion methods to achieve the intrusion plan makes it difficult to effectively deal with the traditional boundary defense technology based on feature matching; P (Persistent) difficult problem, continuous attack detection challenge, APT attack time span is very long, after intrusion is often long-term latency, there is no obvious abnormality at a single time p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 黄玮范文庆安靖李美聪邹权臣李建方王永滨隋爱娜
Owner COMMUNICATION UNIVERSITY OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap