Unlock instant, AI-driven research and patent intelligence for your innovation.

Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method

A program detection, fine-grained technology, applied in the field of information security, can solve the problems of non-existence, expensive labor, and the detection system cannot provide semantics for detection results, and achieves the effect of ensuring accuracy and improving reliability.

Active Publication Date: 2018-07-06
杭州义盾信息技术有限公司 +1
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantages are also very obvious. First, it can only detect known malicious codes, and the RATs used in APT attacks are unknown and often do not exist in the virus database.
Second, most detection objects are files, and some advanced malware can not appear in the form of files (such as loading directly in memory), then this detection method will fail
First of all, the attack methods used by APT are very advanced, the malicious code is unknown, and the traditional signature-based detection method (Signature-based Detection) is easily bypassed
Secondly, many detection systems cannot provide semantics for the detection results. Even if a suspicious program is detected, they do not know what the program does. It takes a lot of manpower to reverse analyze the malicious program.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method
  • Fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and corresponding APT (advanced persistent threat) attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0053] A fine-grained RAT program detection method based on dynamic behavior, which obtains the dynamic data of the target program when it is running as the data to be checked, and matches the data to be checked with the feature codes of each fine-grained behavior, if there is a successful match feature code, then use the fine-grained behavior corresponding to the successful feature code as the label of the target program, and judge whether the target program is a RAT program according to the label of the target program; the feature codes of each fine-grained behavior described are obtained through the following steps :

[0054] Run different fine-grained behaviors through the RAT program, obtain the dynamic data of each fine-grained behavior during operation as training data, and record the fine-grained behaviors corresponding to each piece ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a fine-grained RAT (remote administration tool) program detection method and system based on dynamic behaviors and a corresponding APT (advanced persistent threat) attack detection method. The method includes the steps: acquiring dynamic data in running of a target program to serve as data to be detected; matching the data to be detected with characteristic codes of fine-grained behaviors; taking a fine-grained behavior corresponding to a successfully matched characteristic code as a label of the target program if the successfully matched characteristic code is present;judging whether the target program is a RAT program according to the label of the target program or not. According to the method, identification is performed based on dynamic data, reliability is high, and an unknown RAT and an unknown APT can be identified based on fine grains.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a fine-grained RAT program detection method and system based on dynamic behavior, and a corresponding APT attack detection method. Background technique [0002] The full name of APT is Advanced Persistent Threat (Advanced Persistent Threat). Advanced means that APT will use very advanced attack methods, such as 0day vulnerabilities and unknown malware, while traditional security defense methods are mostly signature-based detection methods, which are difficult to detect unknown malicious code. Persistence means that the attack is very targeted and the purpose is very clear. The attacker usually does a lot of investigation work, lurks in the enterprise for a long time, slowly collects information, and only breaks out under specific circumstances. At present, APT attacks are frequently reported, and the targets of the general attacks are high-value targets, suc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 杨润青熊春霖李振源陈焰宋哲
Owner 杭州义盾信息技术有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com