APT detection method and system based on invasion route

A threat detection and approach technology, applied in the field of APT threat detection, can solve the problems of difficult protection for the attacked, difficult detection of attack methods and methods, etc., and achieve the effect of convenient overall behavior, simple operation and easy use

Active Publication Date: 2017-09-15
CHENGDU GOLDTEL IND GROUP
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The main reason why APT attacks make it difficult for the attackers to

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT detection method and system based on invasion route
  • APT detection method and system based on invasion route
  • APT detection method and system based on invasion route

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] Such as figure 1 Shown is an APT threat detection method based on intrusion pathways, which includes:

[0054] S1: Carry out knowledge base modeling on the domain of intrusion pathways;

[0055] S2: Collecting behavior data, including collecting host behavior data and collecting network behavior data. The collected host behavior data includes collecting progress / thread information records, port information records, disk data operation records, system registry information change records, terminal System basic information update records, peripheral equipment connection and data transmission records, and third-party application program information records. The collection of network behavior data will first classify and mark the network behavior, and then restore the network behavior data, and record and track The operation and maintenance service information and external connection information of the network system, and finally save the data locally;

[0056] S3: Correla...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an APT detection method and system based on an invasion route. The APT detection method based on the invasion route comprises the following steps: S1, carrying out knowledge base modeling on an invasion route area; S2, acquiring behavior data, i.e., acquiring host behavior data and acquiring network behavior data; S3, carrying out association analysis on results obtained through the behavior data acquisition; S4, preserving evidence, i.e., recovering attack risk behaviors for evidence preservation; and S5, presenting the evidence. The APT detection system based on the invasion route comprises an evidence presentation module, a behavior evidence association analysis module, a knowledge base module, an evidence preservation module, and an evidence collection module. The method and system provided by the invention has the beneficial effects that invasion by an APT attacker is intercepted at a source, so that preventive measures can be taken for the invasion route, and low-cost and highly-efficient construction can be achieved; an acquisition process is concealed and totally transparent, so that network loads are avoided; and evidence presentation is easy to use and can be simply operated.

Description

technical field [0001] The invention relates to the technical field of APT threat detection, in particular to an APT threat detection method and system based on an intrusion path. Background technique [0002] Finance and government are the main target industries of APT attacks, as high as 84% ​​and 77% respectively. Next is telecommunications with 66%, the military with 64%, industrial enterprises with 54%, and others with 14%. E-mail and social networking sites have become the main channels for hackers to launch APT attacks. Emails are used up to 68%, and social networking sites are used up to 65%. Email and social networking sites even surpass traditional hacking avenues such as viruses, malicious links, and phishing sites. [0003] Through this trend, we can see that with the popularity of social networks in recent years, traditional enterprise security protection methods have been unable to effectively control social networks, and email has always been the hardest hit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/1416H04L63/1425H04L2463/146
Inventor 彭光辉屈立笳陶磊苏礼刚林伟黄丽洪
Owner CHENGDU GOLDTEL IND GROUP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap