Unlock instant, AI-driven research and patent intelligence for your innovation.

Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack

A terminal device and detection method technology, applied in the field of information security, can solve the problems of missing APT attacks, failing to quickly and accurately detect APT attacks, threatening computer data information security, etc., and achieve the effect of accurate detection

Inactive Publication Date: 2016-03-23
BEIJING QIHOO TECH CO LTD +1
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides an APT attack detection method, terminal equipment, server and system, the main purpose of which is to solve the problem of manual detection of APT attacks, which cannot detect APT attacks quickly and accurately, and may miss latent APT attacks , therefore, may seriously threaten the security of computer data information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack
  • Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack
  • Detecting method, terminal device, server and system of APT (Advanced Persistent Threat) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0038] An embodiment of the present invention provides a method for detecting an APT attack, which is applied to the terminal device side, such as figure 1 As shown, the method includes:

[0039] 101. The terminal device records the attribute information of the preset file in the local area network.

[0040] In the local area network environment, including multiple terminal devices, each terminal device will record the attribute i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detecting method, a terminal device, a server and a system of an APT (Advanced Persistent Threat) attack relating to the technique field of information security, mainly aiming at detecting the APT attack rapidly and accurately. The main technical solution of the invention comprises that the terminal device records attribute information of a preset file in a local area network; the attribute information of the preset file comprises identification information, time information, source information and circulation object information; whether the preset file is a grey file is confirmed according to the attribute information; the grey file is neither stored in the white list of the preset file nor in the black list of the preset file; if it is confirmed that the preset file is the grey file, whether the grey file triggers a preset abnormal behavior rule is determined; if it is confirmed that the grey file triggers the preset abnormal behavior rule, abnormal alarm information that the grey file triggers the preset abnormal behavior rule is sent to the server; and the abnormal alarm information comprises the identification information of the terminal device. The invention is mainly applied in the detecting process of the APT attack.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to an APT attack detection method, a terminal device, a server and a system. Background technique [0002] With the continuous development of computer technology, the degree of informatization of human society is getting higher and higher, and the whole society is more and more dependent on computer information. At the same time, threats to the security of computer files are also increasing, and Advanced Persistent Threat (APT) has become one of the most serious threats in the field of information security, and it is a persistent network attack. [0003] The principle of APT attack is more advanced and advanced than other attack forms. Its advanced nature is mainly reflected in the fact that APT needs to accurately collect the business process and target system of the attack object before launching the attack. During the collection process, this attack will actively di...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCG06F21/56H04L63/1416H04L63/1425H04L63/1466
Inventor 江爱军张聪
Owner BEIJING QIHOO TECH CO LTD