Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method

A program detection, fine-grained technology, applied in the field of information security, can solve the problems of non-existence, expensive labor, and the detection system cannot provide semantics for detection results, and achieves the effect of ensuring accuracy and improving reliability.

Active Publication Date: 2018-07-06
杭州义盾信息技术有限公司 +1
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantages are also very obvious. First, it can only detect known malicious codes, and the RATs used in APT attacks are unknown and often do not exist in the virus database.
Second, most detection objects are files, and some advanced malware can not appear in the form of files (such as loading directly in memory), then this detection method will fail
First of all, the attack methods us

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0052] The present invention will be described in detail below with reference to the drawings and specific embodiments.

[0053] A fine-grained RAT program detection method based on dynamic behavior, which obtains the dynamic data of the target program when it is running as the data to be checked, and matches the data to be checked with the signature of each fine-grained behavior. If there is a successful match Feature code, use the fine-grained behavior corresponding to the successfully matched feature code as the label of the target program, and determine whether the target program is a RAT program according to the label of the target program; the feature code of each fine-grained behavior described is obtained through the following steps :

[0054] Run different fine-grained behaviors through the RAT program, obtain the dynamic data of each fine-grained behavior runtime as training data, and record the fine-grained behavior corresponding to each dynamic data;

[0055] Feature mat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and a corresponding APT (advanced persistent threat) attack detection method. The method includes the steps: acquiring dynamic data in running of a target program to serve as data to be detected; matching the data to be detected with characteristic codes of fine-grained behaviors; taking a fine-grained behavior corresponding to a successfully matched characteristic code as a label of the target program if the successfully matched characteristic code is present;judging whether the target program is a RAT program according to the label of the target program or not. According to the method, identification is performed based on dynamic data, reliability is high, and an unknown RAT and an unknown APT can be identified based on fine grains.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a fine-grained RAT program detection method and system based on dynamic behavior, and a corresponding APT attack detection method. Background technique [0002] The full name of APT is Advanced Persistent Threat (Advanced Persistent Threat). Advanced means that APT will use very advanced attack methods, such as 0day vulnerabilities and unknown malware, while traditional security defense methods are mostly signature-based detection methods, which are difficult to detect unknown malicious code. Persistence means that the attack is very targeted and the purpose is very clear. The attacker usually does a lot of investigation work, lurks in the enterprise for a long time, slowly collects information, and only breaks out under specific circumstances. At present, APT attacks are frequently reported, and the targets of the general attacks are high-value targets, suc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 杨润青熊春霖李振源陈焰宋哲
Owner 杭州义盾信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap