Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

APT attack defense method and system adopting mimetic technology

An attack defense system and technology, which is applied in the field of APT attack defense method and system using mimic technology, can solve problems such as inflexibility, complex strategies, and false positives

Inactive Publication Date: 2018-11-06
刘勇
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the rise of SAAS business and the continuous integration and integration of the Internet and other industries, the strategies that need to be constructed in this way of detection are becoming more and more complex, and they are not flexible enough, and false positives may also occur.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack defense method and system adopting mimetic technology
  • APT attack defense method and system adopting mimetic technology
  • APT attack defense method and system adopting mimetic technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] The overall idea of ​​this embodiment is to provide a method for defending against APT attacks using mimic technology, including:

[0054] Virtualize the mimicry services of different forms of business and the mimicry files of sensitive files, when the mimicry business and / or the mimicry files are accessed, access log information obtained in real time, analyze the access log information, and analyze according to the analysis results , send alarm information, and take appropriate measures according to the alarm information. This defense method effectively solves the shortcomings of several previous APT defense methods, and at the same time achieves accurate discovery and location of APT attack behaviors that have infiltrated into the enterprise without affecting the normal use of users.

[0055] Specifically, in the APT attack defense method using mimicry technology in this embodiment, such as figure 2 Shown:

[0056] Step S1100 is to virtualize the imitation business...

Embodiment 2

[0078] The overall concept of this embodiment is to provide an APT attack defense system using mimicry technology, the system architecture is as follows image 3 As shown, it includes: mimic module, client module and security data analysis module.

[0079] The mimicry module is used to virtualize the corresponding virtual business of different forms of business, and virtualize the mimicry files of different types of sensitive files;

[0080] The client module is used to accept the virtual service data packet sent by the mimic module and cooperate with the mimic module to form a mimic service and / or accept the mimic file data packet sent by the mimic module, and send a virtual request of mimic file and / or mimic service to the mimic module;

[0081] The mimetic service is composed of corresponding virtual services of different forms of services and service ports matched with the virtual service, and the sensitive file is a file in which warning codes are implanted in virtual fil...

Embodiment 3

[0096] Such as Figure 4 It is a schematic flow diagram of the method for APT attack defense using mimic technology in this application:

[0097] A. According to the actual business status inside the client, deploy the corresponding business on the mimic module such as the mimic business server, such as database service, web service and decoy file.

[0098] B. Configure the mimicry policy on the security policy management platform according to the user's internal network conditions, business conditions and related information. For example, mimic database services are deployed on certain computers, web services are simulated on certain computers, and some mimic “sensitive files” are placed on certain computers.

[0099] C. After the client module establishes a network communication connection with the security policy management platform, the security policy management module will push a virtual data packet to the client module on the target client, and after the target client ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an APT attack defense method and system adopting the mimetic technology. The method comprises the following steps: virtualizing mimetic services of different forms of servicesand mimetic files of different types of sensitive files; and inducing the APT access attack, and once the mimetic services and / or the mimetic files are accessed, obtaining access log information in real time, analyzing the access log information, sending alarm information according to an analysis result, and adopting appropriate processing measures according to the alarm information. The defense method and system of the invention have low requirements on hardware, high defense efficiency and low accidental injury rate, and various operations of normal users, such as accessing the Internet, accessing the internal network system and the like, are normally performed without being affected.

Description

technical field [0001] The invention relates to an APT attack defense method, in particular to an APT attack defense method and system using mimic technology. Background technique [0002] APT (Advanced Persistent Threat) -------- advanced persistent threat. APT is a network attack and attack launched by hackers for the purpose of stealing core data. Use advanced attack methods to bypass traditional code-based security solutions (such as anti-virus software, firewalls, IPS, etc.), and stay hidden in the system for a longer period of time, making it difficult for traditional defense systems to detect and carry out long-term continuous attacks on specific targets. Attack form of sexual network attack. The principle of APT attack is more advanced and advanced than other attack forms. Its advanced nature is mainly reflected in the fact that APT needs to accurately collect the business process and target system of the attack object before launching the attack. During the colle...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1483H04L63/1491
Inventor 刘勇
Owner 刘勇
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com