Detection method for APTs (Advanced Persistent Threat) based on instruction monitoring
A threat detection and command technology, applied in the field of APT advanced threat detection based on command monitoring, can solve the problems of inability to adapt to the security situation, lack of unknown attack detection capabilities and traffic in-depth analysis capabilities, achieve high reliability and scalability, and improve security. performance, reliability and efficiency
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Example Embodiment
[0024] The present invention proposes a new APT advanced threat detection method based on instruction-level monitoring, which applies KVM virtualization and Intel hardware virtualization technology (Intel-VT) to perform function (API) level and instruction on malicious code in APT attacks In-depth analysis of level behavior monitoring; and use taint analysis and other vulnerability detection methods to effectively detect unknown and known vulnerability exploits from the root cause. The invention has the characteristics of high scalability, strong concealment and high fidelity of data.
[0025] 1. The overall architecture of the present invention
[0026] Such as figure 1 As shown, the main modules include: custom ExKVM (extended KVM), multiple virtual machines, virtual machine introspection (LibVMI), stain analysis, operation monitoring and behavior log data analysis modules. The design goal of the present invention is to be able to dynamically analyze various malicious codes in A...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap