A method and system for defending against apt attacks

An attacker and attacked technology, applied in the field of APT attack defense, can solve the problem of difficult detection of attack behavior, and achieve the effect of effective APT attack, effective detection and defense

Active Publication Date: 2020-03-06
NEW H3C TECH CO LTD
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 2) Attack behavior is difficult to detect
[0007] In view of the above characteristics of APT attacks, the traditional network security defense mechanism is difficult to play a role in the confrontation with APT, and the research and implementation of a comprehensive defense model to deal with APT attacks is imminent

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for defending against apt attacks
  • A method and system for defending against apt attacks
  • A method and system for defending against apt attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0028] This application mentions the concept of kill chain, which originally came from the military field and refers to the complete process of "discovery-location-tracking-targeting-attack-assessment". From the perspective of the kill chain, an APT attack process can be divided into seven stages:

[0029] Phase 1: Reconnaissance, using social engineering to select and understand the target network, and using scanning technology to perceive the vulnerability of the destination.

[0030] Stage 2: Weaponization mainly refers to the production of targeted attack tools, such as pdf files or office files with malicious codes.

[0031] Stage 3: Delivery, delivering attack tools to the target system. Commonly used methods include email attachments,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present application provides a method and system for defending against Advanced Persistent Threat (APT) attacks. The method includes: obtaining communication data in the network; performing correlation analysis on the communication data, and filtering out the threat data in the communication data according to the correlation analysis results; Each threat data screened out is mapped to the corresponding APT attack stage, and the APT attack stage is defined according to the kill chain model; according to the defense strategy corresponding to the multiple APT attack stages, each threat data is related to network entities for defense. This application maps threat data to corresponding APT attack stages, and adopts corresponding defense strategies for different APT attack stages, so that APT attack processing is more targeted, and APT attacks can be detected and defended more effectively.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and system for defending against APT attacks. Background technique [0002] APT (Advanced Persistent Threat, Advanced Persistent Threat) is usually launched by professional hacker organizations and state-level hackers to launch targeted attacks on governments, energy, finance, and enterprises. APT attacks often have a complete and well-planned attack process. [0003] The characteristics of APT attacks are: [0004] 1) The purpose of attack is becoming more and more clear, and the scope of attack is becoming more and more focused. The field of attack has expanded from simple computer networks to industrial control systems, and it is increasingly targeting large enterprises, national infrastructure, and key equipment. [0005] 2) Attack behavior is difficult to detect. Because APT attacks generally use 0day vulnerabilities, new Trojan horses, and phi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1466H04L63/14H04L63/0236H04L63/0892H04L63/101
Inventor 陈友琨
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap