APT organization identification method and apparatus

An identification method and organizational technology, applied in the field of data processing, can solve problems such as sabotage and effective defense schemes for APT organization attacks that have not yet been proposed

Active Publication Date: 2018-08-24
BEIJING LANYUN TECH CO LTD
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Once implanted, it can lie dormant for months or even years, gathering critical information and wreaking havoc
[0003] At present, no effective defense scheme against APT organizations and their attacks has been proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT organization identification method and apparatus
  • APT organization identification method and apparatus
  • APT organization identification method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] A method for identifying an APT organization, such as figure 2 shown, may include:

[0044] Step 201, perform reverse analysis on the sample file to be detected, and obtain the function of the sample file to be detected;

[0045] Step 202: Based on the pre-formed feature set and the function of the sample file to be detected, a feature vector of the sample file to be detected is formed, and the feature vector represents the relationship between the function in the sample file to be detected and the feature set , one feature set is a set of similar function sets, and the functions in the similar function set correspond to the same APT organization;

[0046]Step 203, using a pre-established APT tissue traceability model based on the feature vector of the sample file to be detected to obtain the APT tissue identifier of the sample file to be detected, the APT tissue traceability model is a calculation model based on a machine learning algorithm.

[0047] The method of t...

Embodiment 2

[0100] An identification device for an APT organization, such as Figure 7 As shown, it includes: a memory 71 and a processor 72; the memory 101 stores a computer program, and the processor 72 is configured to read the computer program to execute the operation of the method for identifying an APT organization in Embodiment 1.

[0101] Specifically, the processor 72 may at least be configured to read the computer program to execute steps 201 to 203 in the first example. In addition, the processor 72 may also be configured to read the computer program to execute other operations of the method for identifying an APT organization in Embodiment 1. The technical details of these operations can refer to Embodiment 1.

[0102] It should be noted, Figure 7 The shown structure only shows the basic structure of the identification device of the APT organization in this embodiment. In practical applications, the identification device of the APT organization may include not only the bas...

Embodiment 3

[0104] A computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the steps of the method for identifying an APT organization in Embodiment 1 are implemented.

[0105] Specifically, when the computer program is executed by the processor, at least the operations of steps 201 to 203 are implemented. In addition, when the computer program is executed by the processor, other steps of the method for identifying an APT organization in Embodiment 1 can be implemented. The technical details of these steps can refer to Embodiment 1.

[0106] In practical applications, the computer-readable medium includes permanent and non-permanent, removable and non-removable storage media, and information storage can be realized by any method or technology. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media inc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an APT organization identification method and apparatus. The method comprises the steps of performing inverse analysis on a to-be-detected sample file to obtain a function of the to-be-detected sample file; based on a pre-formed feature set and the function of the to-be-detected sample file, forming an eigenvector of the to-be-detected sample file, wherein the eigenvector represents a relationship between the function in the to-be-detected sample file and the feature set, one feature set is a set of similar function sets, and functions in the similar function sets correspond to a same APT organization; and obtaining an APT organization identifier of the to-be-detected sample file based on the eigenvector of the to-be-detected sample file by using a pre-built APT organization tracing model, wherein the APT organization tracing model is a computing model built based on a machine learning algorithm. The APT organization can be at least effectively traced.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to an identification method and device for an APT organization. Background technique [0002] Advanced Persistent Threat (APT, Advanced Persistent Threat) is different from worms, Trojan horses or viruses. APT refers to a complex intrusion plan carefully planned by organized cyber attackers driven by economic interests, politics or reputation. system. Once implanted, it can lie dormant for months or even years, gathering critical information and wreaking havoc. [0003] At present, no effective defense scheme against APT organizations and their attacks has been proposed. The effective defense of APT organizations and their attacks inevitably requires effective traceability of APT organizations. Contents of the invention [0004] The present application provides a method and device for identifying an APT organization, which can at least effectively trace the source of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06N99/00
CPCG06F21/563G06N20/00
Inventor 虎志强周宏斌
Owner BEIJING LANYUN TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap