Advanced persistent threat detection method based on aggressive behavior analysis

A behavior analysis and threat detection technology, applied in the field of network security, can solve the problem of low frequency of command channel mode changes and achieve high detection efficiency

Active Publication Date: 2016-08-17
SHANGHAI JIAO TONG UNIV
View PDF2 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Various studies have shown that although the malicious code used in advanced persistent threat attacks will continue to mutate, upgrade, and change, the frequency of change in the command channel mode that the malicious code finally builds is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Advanced persistent threat detection method based on aggressive behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to the protection scope of the present invention.

[0032] According to the advanced persistent threat detection method based on attack behavior analysis provided by the present invention, it can obtain the behavior analysis data of hackers in the system as much as possible under the premise of meeting the detection requirements, and for the captured process and command line parameters, Detect suspicious execution instructions and codes, and monitor the network data flow at the same time to determine possible hazard characteristics in the data flow. It i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an advanced persistent threat detection method based on aggressive behavior analysis. The advanced persistent threat detection method comprises the steps that 1, all system kernel program execution pipelines are taken over; 2, a network card is set to be in a confusion mode, network data packets are acquired, local port analysis behaviors are combined as characteristics, and a system gives an alarm if malicious operating instructions of network attack behaviors are contained; 3, all network channels are enumerated, and the system gives an alarm if the malicious operating instructions of the network attack behaviors are contained; 4, file operation is monitored, key information is judged, and the system gives an alarm if the requirements are not met; 5, captured software API information are submitted to an application layer from a kernel layer in a trans-boundary mode so as to be submitted to a behavior analysis engine, whether the behaviors are attack behaviors or not is judged, if so, an alarm is given, and if not, the step 2 repeated. The advanced persistent threat detection method can detect advanced persistent threats, is high in detection efficiency and more comprehensively analyzes the situations of the behaviors performing attacking at a system level.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an advanced persistent threat detection method based on attack behavior analysis. Background technique [0002] As the attacks in the network become more and more complex, their military and commercial impacts are also becoming wider and wider, and the complexity of the attacks makes advanced persistent detection more and more difficult. The development of this attack is specifically reflected in the fact that attackers continue to use Various attack methods, changing the existing attack methods, dormant for a long time after slowly and smoothly infiltrating the internal network, constantly obtaining relevant sensitive information in the network and trying to continue to elevate permissions until important sensitive information is obtained. For highly concealed attacks, it is necessary to discover and deal with them in a timely manner to protect the security of the main ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 施勇薛质
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap