APT attack defense method and system adopting mimetic technology

An attack defense system and technology, which is applied in the field of APT attack defense method and system using mimic technology, can solve problems such as inflexibility, complex strategies, and false positives

Inactive Publication Date: 2018-11-06
刘勇
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the rise of SAAS business and the continuous integration and integration of the Internet and other industries, the strategies that need

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack defense method and system adopting mimetic technology
  • APT attack defense method and system adopting mimetic technology
  • APT attack defense method and system adopting mimetic technology

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0052] Example one:

[0053] The general idea of ​​this embodiment is to provide an APT attack defense method using mimicry technology, including:

[0054] Mimic files of mimic business and sensitive files that virtualize different forms of business, access log information obtained in real time when the mimic business and / or mimic files are accessed, analyze the access log information for analysis, and analyze the results based on the analysis results , Send alarm information, and adopt appropriate measures according to the alarm information. This defense method effectively solves the shortcomings of the previous APT defense methods, and at the same time achieves accurate detection and location of APT attacks that penetrate into the enterprise without affecting the normal use of users.

[0055] Specifically, in the APT attack defense method using mimicry technology in this embodiment, as figure 2 Shown:

[0056] Step S1100 is to virtualize the mimic business of different forms of bu...

Example Embodiment

[0077] Embodiment two:

[0078] The general idea of ​​this embodiment is to provide an APT attack defense system using mimic technology. The system architecture is as follows image 3 Shown, including: mimic module, client module and safety data analysis module.

[0079] The mimic module is used to virtualize different types of business applications and mimic documents of different types of sensitive documents;

[0080] The client module is used to receive the virtual business data packet sent by the mimic module and cooperate with the mimic module to form a mimic service and / or receive the mimic file data package sent by the mimic module, and send the mimic file and / or virtual request of the mimic service to the mimic module;

[0081] The mimic service is composed of virtual services corresponding to different types of services and service ports collocated with the virtual services, and the sensitive files are files with warning codes embedded in virtual files of different types of se...

Example Embodiment

[0095] Embodiment three:

[0096] Such as Figure 4 This application is a schematic flow diagram of the APT attack defense method using mimic technology:

[0097] A. According to the actual business conditions inside the client, deploy corresponding services, such as database services, web services, and decoy files, on mimic modules such as mimic business-side servers.

[0098] B. Configure the mimic strategy in the security policy management platform according to the user's internal network status, business status and related information. For example, mimic database services are deployed on certain computers, certain computers simulate WEB services, and certain mimic "sensitive files" are placed on certain computers.

[0099] C. After the client module establishes a network communication connection with the security policy management platform, the security policy management module will push virtual data packets to the client module on the target client. After the receiver of the tar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an APT attack defense method and system adopting the mimetic technology. The method comprises the following steps: virtualizing mimetic services of different forms of servicesand mimetic files of different types of sensitive files; and inducing the APT access attack, and once the mimetic services and/or the mimetic files are accessed, obtaining access log information in real time, analyzing the access log information, sending alarm information according to an analysis result, and adopting appropriate processing measures according to the alarm information. The defense method and system of the invention have low requirements on hardware, high defense efficiency and low accidental injury rate, and various operations of normal users, such as accessing the Internet, accessing the internal network system and the like, are normally performed without being affected.

Description

technical field [0001] The invention relates to an APT attack defense method, in particular to an APT attack defense method and system using mimic technology. Background technique [0002] APT (Advanced Persistent Threat) -------- advanced persistent threat. APT is a network attack and attack launched by hackers for the purpose of stealing core data. Use advanced attack methods to bypass traditional code-based security solutions (such as anti-virus software, firewalls, IPS, etc.), and stay hidden in the system for a longer period of time, making it difficult for traditional defense systems to detect and carry out long-term continuous attacks on specific targets. Attack form of sexual network attack. The principle of APT attack is more advanced and advanced than other attack forms. Its advanced nature is mainly reflected in the fact that APT needs to accurately collect the business process and target system of the attack object before launching the attack. During the colle...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1483H04L63/1491
Inventor 刘勇
Owner 刘勇
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap