Method and system for defense against APT attacks

An attacker and attacked technology, applied in the field of APT attack defense, can solve the problem of difficult detection of attack behavior, and achieve the effect of effective APT attack, effective detection and defense

Active Publication Date: 2018-07-06
NEW H3C TECH CO LTD
View PDF11 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 2) Attack behavior is difficult to detect
[0007] In view of the above characteristics of APT attacks, the traditional network security defense mechanism...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for defense against APT attacks
  • Method and system for defense against APT attacks
  • Method and system for defense against APT attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0028] This application mentions the concept of kill chain, which originally came from the military field and refers to the complete process of "discovery-location-tracking-targeting-attack-assessment". From the perspective of the kill chain, an APT attack process can be divided into seven stages:

[0029] Phase 1: Reconnaissance, using social engineering to select and understand the target network, and using scanning technology to perceive the vulnerability of the destination.

[0030] Stage 2: Weaponization mainly refers to the production of targeted attack tools, such as pdf files or office files with malicious codes.

[0031] Stage 3: Delivery, delivering attack tools to the target system. Commonly used methods include email attachments,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application provides a method and system for defense against advanced persistent threat APT attacks. The method for defense against the advanced persistent threat APT attacks comprises the following steps: obtaining communication data in a network; performing association analysis on the communication data, and screening out the threat data in the communication data according to the results ofthe association analysis; mapping each piece of threat data to a corresponding APT attack stage separately, wherein the APT attack stage is defined according to the kill chain model; and performing defense on the network entity related to each piece of threat data according to the defense strategy corresponding to the plurality of APT attack stages. According to the method and system for defense against the advanced persistent threat APT attacks, the threat data is mapped to the corresponding APT attack stage, and corresponding defense strategies are taken for different APT attack stages, therefore, the APT attack processing is more targeted, and the APT attacks can be detected and defended more effectively.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and system for defending against APT attacks. Background technique [0002] APT (Advanced Persistent Threat, Advanced Persistent Threat) is usually launched by professional hacker organizations and state-level hackers to launch targeted attacks on governments, energy, finance, and enterprises. APT attacks often have a complete and well-planned attack process. [0003] The characteristics of APT attacks are: [0004] 1) The purpose of attack is becoming more and more clear, and the scope of attack is becoming more and more focused. The field of attack has expanded from simple computer networks to industrial control systems, and it is increasingly targeting large enterprises, national infrastructure, and key equipment. [0005] 2) Attack behavior is difficult to detect. Because APT attacks generally use 0day vulnerabilities, new Trojan horses, and phi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1466H04L63/14H04L63/0236H04L63/0892H04L63/101
Inventor 陈友琨
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap