APT threat identification method

A technology for identifying methods and behaviors, applied in the field of APT threat identification, which can solve problems such as missed APT attacks, massive data analysis, and vulnerabilities in defense measures.

Inactive Publication Date: 2019-07-16
GUIZHOU POWER GRID CO LTD ZUNYI POWER SUPPLY BUREAU
View PDF10 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, for threats lurking in the analysis of massive data, the above defense measures have l

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT threat identification method
  • APT threat identification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to have a clearer understanding of the technical features, purposes and effects of the present invention, the specific implementation manners of the present invention will now be described in detail with reference to the accompanying drawings. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0030] The present invention provides an APT threat identification method, see figure 1 , including: establishing a normal data behavior model; establishing a simulated APT attack life cycle model; establishing a threat visualization correlation analysis data behavior model. Through the establishment of a normal data behavior model, periodic correlation analysis of log data from various sources i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an APT threat identification method. The method comprises the steps of establishing a normal data behavior model; establishing an APT attack life cycle simulation model; and establishing a threat visualization association analysis data behavior model. Through establishment of a normal data behavior model, periodical association analysis is carried out on log data of varioussources so as to find abnormal data, suspicious APT attack behaviors and the like. An APT attack behavior and an attack path can be simulated by establishing an APT attack life cycle simulation model, and suspicious APT attack actions can be found in advance. And the danger degree is judged according to the actual action after the device is actually operated. A comprehensive data real-time correlation analysis platform based on the Zunyi power supply bureau network environment is developed, and APT attack visualization in the user environment is achieved through a static analysis module, a dynamic analysis module and a behavior detection correlation analysis module.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an APT threat identification method. Background technique [0002] APT (Advanced Persistent Threat) -------- advanced persistent threat. It refers to the attack form in which organizations (especially governments) or small groups use advanced attack methods to carry out long-term and continuous network attacks on specific targets. The principle of APT attack is more advanced and advanced than other attack forms. Its advanced nature is mainly reflected in the fact that APT needs to accurately collect the business process and target system of the attack object before launching an attack. During the collection process, the attack It will actively dig out the vulnerabilities of the trusted system and application program of the attacked object, and form the C&C network required by the attacker based on these vulnerabilities. This behavior does not take any actions that may t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1433
Inventor 粱晶亮
Owner GUIZHOU POWER GRID CO LTD ZUNYI POWER SUPPLY BUREAU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap