Rule-based detection method of ATP attack behavior

A detection method and a rule-based technology, applied in the field of APT detection, can solve problems such as the difficulty of effective defense methods

Active Publication Date: 2016-03-02
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 53 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Based on the above characteristics reflected in APT attacks, it is difficult for the tra...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule-based detection method of ATP attack behavior
  • Rule-based detection method of ATP attack behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038]First of all, it should be explained that the APT attack behavior detection method involved in the present invention is an application of computer technology in the field of information security technology. During the implementation of the present invention, the application of multiple software function modules will be involved. The applicant believes that after carefully reading the application documents and accurately understanding the realization principle and purpose of the present invention, and in combination with existing known technologies, those skilled in the art can fully implement the present invention by using their software programming skills. There is no possibility that it cannot be understood or reproduced. The foregoing software functional modules include but are not limited to: acquisition module, detection module, rule analysis module, analysis module, etc. There are many ways to implement them, and all those mentioned in the application documents of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of APT detection, and aims at providing a rule-based detection method of an ATP attack behavior. The rule-based detection method of the ATP attack behavior comprises the following steps: defining grammar used for creating an APT attack scene rule; creating the APT attack scene rule, and constituting an APT attack scene knowledge base; dispatching a rule analysis module to analyze and load the APT attack scene rule by an analysis module; collecting full flow of an application layer protocol by a collection module to obtain flow data; screening data; analyzing important alarm; identifying a behavior; and constituting processing of ATP attack behavior failure. With regard to the ATP attack behavior, multiple attach exposure points always exist in the entire attach process, backtracking association is carried out on related flow by the rule-based detection method provided by the invention on this basis, the traditional situation of matching features based on a single time point is changed, and association analysis is carried out on the data of a long time window to identify the complete attack intention of an attacker.

Description

technical field [0001] The invention relates to the field of APT (Advanced Persistent Threat, Advanced Persistent Threat) detection, in particular to a method for detecting APT attack behavior based on rules. Background technique [0002] An APT attack is a new type of attack and threat that is organized, has a specific target, is highly concealed, has great destructive power, and lasts for a long time. Its main features are: [0003] Strong ability to conceal a single attack source: In order to evade traditional detection systems, APT pays more attention to the concealment of dynamic behavior and static files. For example, avoiding the detection of network behavior through covert channels and encrypted channels, or preventing malicious code files from being identified by forging legal signatures, which brings great difficulties to traditional signature-based detection. [0004] There are many attack methods and the attack duration is long: APT attacks are divided into mult...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 李凯范渊程华才史光庭
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap