Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and device for protecting against advanced persistent threats

A technology of business characteristics and behavior, applied in transmission systems, electrical components, etc., can solve problems such as increasing operating costs and reducing effectiveness of enterprises, and achieving the effect of curbing APT attacks, easy operation, and reducing operating costs

Active Publication Date: 2021-02-26
CHINA MOBILE GROUP SICHUAN
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the current traditional security protection solutions mainly deploy protection devices, such as firewalls and intrusion prevention systems, to deal with APT attacks. Most of these devices are based on known rules for protection, although they generally have a rich feature library and The rule base can defend against known threats such as worms, Trojan horses, viruses, overflow attacks, scanning attacks, and brute force cracking. However, more and more attackers will test whether they can bypass the security detection of the target network before launching an attack. Therefore, new attack methods will be used, such as zero-day threats, advanced evasion techniques such as deformation and polymorphism, and multi-stage attacks. These new attack methods cannot be effectively detected and defended by traditional security mechanisms.
Under the new generation of threats, the effectiveness of security products based on signature technology and security systems based on boundary protection is gradually reduced
In addition, in order to effectively and reasonably use and maintain the protective equipment, maintenance personnel are required to have a high level of safety technology and rich experience in safe operation and maintenance, which will also increase the operating costs of enterprises to a certain extent.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for protecting against advanced persistent threats
  • A method and device for protecting against advanced persistent threats
  • A method and device for protecting against advanced persistent threats

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0066] figure 1 It is a schematic diagram of the implementation flow of the advanced persistent threat attack protection method in the embodiment of the present invention, as shown in figure 1 As shown, the method includes:

[0067] Step 101: collecting network data packets of current user access behavior;

[0068] Step 102: analyzing the network data packets of the current user's access behavior to obtain the service characteristics of the current user's access behavior;

[0069] Step 103: Based on the horizontal neighborhood radius, horizontal critical value, vertical neighborhood radius, and vertical critical value of the business access rule of the business access baseline model, perform anomaly detection on the service characteristics of the current user's access behavior;

[0070] Step 104: When the business feature of the cu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an advanced persistent threat attack protection method, which collects network data packets of current user access behaviors; analyzes the network data packets of current user access behaviors to obtain service characteristics of current user access behaviors; The horizontal neighborhood radius, horizontal critical value, vertical neighborhood radius, and vertical critical value of the business access rule are used to detect abnormalities in the business characteristics of the current user access behavior; when the business characteristics of the current user access behavior are matched to all When the non-business access rules of the business access baseline model are used, an abnormal traffic alarm is issued; when the business characteristics of the current user access behavior are matched to the normal unknown business access rules of the business access baseline model, an unknown traffic alarm is issued. At the same time, the invention also discloses an advanced persistent threat attack protection device.

Description

technical field [0001] The invention relates to network security defense technology, in particular to a method and device for protecting against advanced persistent threat attacks. Background technique [0002] With the rapid development of computer technology and network technology, network security has gradually become a potential huge problem, and the endless network security incidents such as the famous American Prism Gate incident have sounded the alarm for people. In the increasingly severe network security situation, how to continuously improve the defense capabilities against network attacks and how to detect and warn network attacks in time is the core issue that various organizations and enterprise IT departments are concerned about. Among them, Advanced Persistent Threat (APT) attack, as the main form of network attack at present, is the focus of people's attention and research. APT attack is a form of attack that uses advanced attack methods to carry out long-te...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0263H04L63/10H04L63/14H04L63/1441
Inventor 周晓伟余扬舜
Owner CHINA MOBILE GROUP SICHUAN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com