A multidimensional association analysis method and system for advanced persistent threats

A correlation analysis and continuous technology, applied in transmission systems, digital transmission systems, special data processing applications, etc., can solve problems such as difficulty in dealing with unknown attacks, challenges in reasonable applications, and evaluation results that are difficult to reflect state changes, to achieve security. The effect of situational assessment

Active Publication Date: 2019-06-21
UNIV OF SCI & TECH OF CHINA
View PDF7 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The rule-based evaluation method can accurately discover the existing vulnerabilities according to the current rules, but it is difficult to deal with unknown attacks and find the dependency relationship between vulnerabilities; the evaluation method based on the indicator system can combine the intermediate results of each stage to give the final assessment, but the assessment results are difficult to reflect state changes; model-based assessment methods can combine multiple factors for assessment, and can show the attack process and threat changes, but the reasonable application of attack dependencies and logical relationships in the assessment faces challenges
In short, the key to the challenge of APT to traditional security assessment techniques lies in the persistence of its attacks in stages. Existing security assessment techniques lack long-term monitoring correlation, and it is difficult to discover the hidden and continuous damage in each stage of attack.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A multidimensional association analysis method and system for advanced persistent threats
  • A multidimensional association analysis method and system for advanced persistent threats
  • A multidimensional association analysis method and system for advanced persistent threats

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0043] Such as figure 1 As shown, it is a flow chart of Embodiment 1 of the multidimensional correlation analysis method for advanced persistent threats disclosed in the present invention, and the method may include the following steps:

[0044] S101. Perform association analysis and reorganization on the original alarm information, and form alarm information chains with associated alarm information;

[0045] S102, extracting the hidden attack theme in the warning information chain...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multidimensional association analysis method and system for advanced persistent threats, and the method comprises the steps: carrying out the association analysis and reorganization of original alarm information, and enabling the alarm information with an association relationship to form an alarm information chain; extracting an attack theme hidden in the alarm information chain through semantic analysis; and calculating a security evaluation value according to the probability of the attack theme. According to the invention, attack correlation assessment can be realized, and potential influence of each attack stage of network threats on the security situation is discovered, so that the whole network security situation assessment is realized.

Description

technical field [0001] This application relates to the technical field of network security monitoring, in particular to a multi-dimensional correlation analysis method and system for advanced persistent threats. Background technique [0002] The development of network information technology has brought huge changes to the productivity of today's society. More and more national companies, institutions and governments are accelerating the development of their own network applications and services. The existing computer networks and software systems are becoming more and more complex. The most important thing is the frequent occurrence of vulnerabilities and attacks. The attack methods of these events are increasingly diversified and persistent, and the attack surface extends from traditional computer networks to industrial control systems and social networks. [0003] Advanced Persistent Threat (Advanced Persistent Threat, APT) is a new type of network attack that has emerged ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24G06F17/27
Inventor 姜晓枫张琦杨坚侯云鹏江锦英
Owner UNIV OF SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap