APT attack defense method and system adopting mimetic technology
An attack defense system and technology, which is applied in the field of APT attack defense method and system using mimic technology, can solve problems such as inflexibility, complex strategies, and false positives
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Example Embodiment
[0052] Example one:
[0053] The general idea of this embodiment is to provide an APT attack defense method using mimicry technology, including:
[0054] Mimic files of mimic business and sensitive files that virtualize different forms of business, access log information obtained in real time when the mimic business and / or mimic files are accessed, analyze the access log information for analysis, and analyze the results based on the analysis results , Send alarm information, and adopt appropriate measures according to the alarm information. This defense method effectively solves the shortcomings of the previous APT defense methods, and at the same time achieves accurate detection and location of APT attacks that penetrate into the enterprise without affecting the normal use of users.
[0055] Specifically, in the APT attack defense method using mimicry technology in this embodiment, as figure 2 Shown:
[0056] Step S1100 is to virtualize the mimic business of different forms of bu...
Example Embodiment
[0077] Embodiment two:
[0078] The general idea of this embodiment is to provide an APT attack defense system using mimic technology. The system architecture is as follows image 3 Shown, including: mimic module, client module and safety data analysis module.
[0079] The mimic module is used to virtualize different types of business applications and mimic documents of different types of sensitive documents;
[0080] The client module is used to receive the virtual business data packet sent by the mimic module and cooperate with the mimic module to form a mimic service and / or receive the mimic file data package sent by the mimic module, and send the mimic file and / or virtual request of the mimic service to the mimic module;
[0081] The mimic service is composed of virtual services corresponding to different types of services and service ports collocated with the virtual services, and the sensitive files are files with warning codes embedded in virtual files of different types of se...
Example Embodiment
[0095] Embodiment three:
[0096] Such as Figure 4 This application is a schematic flow diagram of the APT attack defense method using mimic technology:
[0097] A. According to the actual business conditions inside the client, deploy corresponding services, such as database services, web services, and decoy files, on mimic modules such as mimic business-side servers.
[0098] B. Configure the mimic strategy in the security policy management platform according to the user's internal network status, business status and related information. For example, mimic database services are deployed on certain computers, certain computers simulate WEB services, and certain mimic "sensitive files" are placed on certain computers.
[0099] C. After the client module establishes a network communication connection with the security policy management platform, the security policy management module will push virtual data packets to the client module on the target client. After the receiver of the tar...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap