Apt event attack organization homology analysis method and apparatus

A technology of homology analysis and events, applied in the field of information security

Active Publication Date: 2016-06-29
HARBIN ANTIY TECH
View PDF7 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In APT attacks, the proportion of incidents preceded by emails is far greater than other methods, and for an attack organization, in order to balance costs and benefits, it may...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apt event attack organization homology analysis method and apparatus
  • Apt event attack organization homology analysis method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The present invention provides an apt event attack organization homology analysis method and device embodiments, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purpose and characteristics of the present invention And advantage can be more obvious and easy to understand, below in conjunction with accompanying drawing technical scheme in the present invention is described in further detail:

[0060] The present invention firstly provides an embodiment of a homology analysis method of an apt event attack organization, such as figure 1 shown, including:

[0061] S101 Obtaining the mail to be analyzed and extracting metadata, including: sender information, recipient information, subject, text or attachment;

[0062]S102 Analyzing various metadata and obtaining relevant behavior feature information;

[0063] S103 comparing various behavior characteristic in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an apt event attack organization homology analysis method and apparatus. The method comprises the following steps: obtaining a mail to be analyzed and extracting metadata comprising sender information, receiver addressor information, addressee information, a theme, a text or an appendix; analyzing the metadata and obtaining correlation behavior feature information; comparing the behavior feature information with preset conditions, and based on comparison results, setting weights; calculating a weight sum, and when the weight sum is higher than a preset threshold, consuming that an event is a suspected apt event, and storing the event into an apt event behavior database; and analyzing each apt event in the apt event behavior database by use of a cluster algorithm, and determining an apt event whose similarity is higher than a preset value is initiated by a homologous attack organization. According to the technical scheme provided by the invention, the apt event can be effectively identified, and classified division of attack organizations of the apt event can be realized.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a homology analysis method and device for an apt event attack organization. Background technique [0002] APT (Advanced Persistent Threat) ------ advanced persistent threat is an attack form that uses advanced attack methods to carry out long-term and persistent network attacks on specific targets. [0003] In view of the increasingly severe APT attack incidents, APT attacks have long been planned and organized for specific objects to collect a large amount of accurate information about user business processes and target system usage, and widely use 0day vulnerabilities, covert communication, signature spoofing, social engineering The intrusion of computer science and other attack methods poses a great threat to the security of information systems. Therefore, the effective discovery of APT attacks and further discovery of their attacking organizations has become the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/55
Inventor 任洪伟李柏松
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap