APT heuristic detection method and system based on abnormal component association

A detection method and heuristic technology, applied in the direction of platform integrity maintenance, etc., can solve the problem of inability to detect APT attack methods, and achieve the effect of increasing detection uncertainty, reducing concealment, and avoiding frequent update of virus database.

Inactive Publication Date: 2018-05-25
HARBIN ANTIY TECH
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Based on the above-mentioned problems, the present invention proposes an APT heuristic detection method and system based on abnormal component association, and determines whether the component is abnormal through the component association relationship, and solves the complex attack method that cannot detect APT in the traditional method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT heuristic detection method and system based on abnormal component association
  • APT heuristic detection method and system based on abnormal component association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned objectives, features and advantages of the present invention more obvious and understandable, the technical solutions of the present invention will be further detailed below in conjunction with the accompanying drawings. Description.

[0035] The present invention is realized by the following methods:

[0036] An APT heuristic detection method based on abnormal component association, such as figure 1 Shown, including:

[0037] S101: monitor all startup processes in the system;

[0038] S102: Record the calling relationships and component environment information of all components, and cache them in the cache knowledge base;

[0039] S103: Record the calling relationship and component environment information of the newly acquired component by the system;

[0040] S104: Match the calling relationship and component envir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an APT heuristic detection method and system based on abnormal component association. The method includes the steps of monitoring all startup processes in the system; recordingcall relations and component environment information of all components and buffering the call relations and the component environment information into a cache knowledge base; recording call relationsand component environment information of components newly acquired by the system; matching the call relations and the component environment information of the newly-acquired components with the cacheknowledge base, and determining whether the components in the system are abnormal based on matching rules; if yes, making an alarm to users and performing risk prompting, or else storing the call relations and the component environment information of the newly-acquired components into the cache knowledge base. The invention further provides a corresponding system and a storage medium. Through themethod, detect modularization, engineering, high concealment and complex APT attacks can be effectively detected.

Description

Technical field [0001] The invention relates to the technical field of computer network security, in particular to an APT heuristic detection method and system based on abnormal component association. Background technique [0002] APT attacks are an advanced sustainable threat. APT attacks have extremely high concealment, pertinence, and complexity. More and more functions are implemented in a componentized and modular manner. Component generally refers to an independent individual that can complete a function or part of a function, including but not limited to executable programs, dynamic link libraries, etc. Component-based functions require association calls between components. Component association refers to the relationship formed between components to achieve functions, including but not limited to dynamic link library methods, process call methods, etc. The attack behavior of delivering attack payloads in batches. The batch time span of such attack delivery components is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55
CPCG06F21/55
Inventor 沈长伟童志明何公道
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap