Unlock instant, AI-driven research and patent intelligence for your innovation.

Detection method and device for advanced persistent threats

A persistent and advanced technology, applied in the field of information security, can solve problems such as the difficulty of extracting attack channel attack space from attack behavior characteristics, and the difficulty of effectively detecting APT attacks.

Active Publication Date: 2020-11-10
CHINA TELECOM CORP LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The so-called "advanced" is reflected in the difficulty of extracting attack behavior characteristics, the diversification of attack channels, and the uncertainty of attack space. The traditional malicious code detection and host application protection are based on single-point feature matching. Difficult to effectively detect APT attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for advanced persistent threats
  • Detection method and device for advanced persistent threats
  • Detection method and device for advanced persistent threats

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0012] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. The following description of at least one exemplary embodiment is merely illustrative in nature and in no way taken as limiting the invention, its application or uses. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0013] Aiming at the problem that it is difficult to effectively detect advanced persistent threats in the existing technology based on single-point feature matching methods, this solution is proposed.

[0014] Combine below figure 1 The detection method of the advanced persistent threat of the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and device for detecting advanced persistent threats, and relates to the technical field of information security. The method comprises the following steps: obtaining all traffics of real-time data streams, obtaining a plurality of all traffics within a period of time to obtain an observation sequence, further, on the basis of a hidden Markov model, evaluating the satisfaction degree of the real-time all traffics and the historical all traffics from multiple dimensions, such as the traffic packet size information, access time information or access behavior information so as to determine whether the advanced persistent threats occur. The all traffics are observed from multiple angles, and the advanced persistent threats can be effectively detected.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a detection method for advanced persistent threats. Background technique [0002] APT (Advanced Persistent Threat, Advanced Persistent Threat) is an attack form that uses advanced attack methods to carry out long-term persistent network attacks on specific targets. The so-called "advanced" is reflected in the difficulty of extracting attack behavior characteristics, the diversification of attack channels, and the uncertainty of attack space. The traditional malicious code detection and host application protection are based on single-point feature matching. It is difficult to effectively detect APT attacks. Contents of the invention [0003] A technical problem to be solved by the present invention is: how to effectively detect APT attacks. [0004] According to one aspect of the present invention, a method for detecting advanced persistent threats is provided, in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 龙洋朱易翔王锦华黄铖斌何吟
Owner CHINA TELECOM CORP LTD