Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Sample homology analysis method based on dynamic behavior chain and dynamic characteristics

A technology of dynamic features and analysis methods, applied in the field of homologous analysis of malicious samples, can solve the problems of identification ability, response time and work efficiency that cannot meet the requirements, and achieve the effect of solving low efficiency and large investment

Active Publication Date: 2019-09-10
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current mainstream homology analysis technology cannot meet the requirements in terms of recognition ability, response time and work efficiency.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Sample homology analysis method based on dynamic behavior chain and dynamic characteristics
  • Sample homology analysis method based on dynamic behavior chain and dynamic characteristics

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention aims to solve the problems existing in common methods of homology analysis, and make up for the shortcomings of mainstream analysis methods, that is, the feature rules are aimed at a single sample, which cannot adapt to the rapid change process of APT samples, and the resources and time overhead are too large, and there is a lag problem. The present invention provides a sample homologous analysis method based on dynamic behavior chains and dynamic features, through chain modeling and analysis of behavioral features during sample execution and matching of file IOCs information exposed during dynamic execution, to realize the detection of malicious samples homology analysis.

[0043] In order to make the object of the present invention clearer and the technical solution clearer, detailed steps will be described below in conjunction with the accompanying drawings. The training method in the content of the above-mentioned "technical solution" is "step ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a sample homology analysis method based on a dynamic behavior chain and dynamic characteristics. The method comprises the following steps: 1, collecting and sorting attack samples; 2, classifying the training sample set; 3, putting the training sample set into a sandbox for operation; 4, sorting the samples to generate a dynamic behavior chain; 5, training a homologous analysis decision tree model by using a behavior chain extracted from the training data set; 6, extracting a behavior chain and sample IOCs information; 7, enabling the test data set to judge the APT organization to which the test data set belongs or the malicious family and type to which the test data set belongs through the decision tree model; 8, subjecting the test data set to fuzzy matching with IOCs information through a knowledge base, and obtaining homologous information; 9, obtaining a final homologous analysis conclusion. According to the method, the effect of carrying out sample homologous analysis based on the dynamic behavior chain and the dynamic characteristics on the malicious samples starting from the dynamic behavior is achieved, and the practical problems of single sample characteristic, low manual analysis efficiency, high investment and the like caused by a traditional homologous analysis means are solved.

Description

[0001] 1. Technical field [0002] The invention provides a sample homologous analysis method based on dynamic behavior chains and dynamic features, which relates to a malicious sample homologous analysis technology and belongs to the technical field of network security. [0003] 2. Background technology [0004] Facing the increasingly frequent Advanced Persistent Threat-APT incidents targeting the government, military industry, aerospace, energy, education, medical care, high-tech units and enterprises, as well as the increasing number of APT organizations, there are endless attack samples It is becoming more and more important to carry out correlation and homology analysis from samples to organizations, from samples to events and then to criminal organizations behind the scenes. It can not only contribute to the defense of APT attacks, but also to trace the source of attacks Analysis provides strong data support. [0005] Now, the same-origin analysis of APT organizations h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62H04L29/06
CPCH04L63/1441G06F18/241G06F18/214
Inventor 韩志辉吕志泉梅瑞严寒冰丁丽李佳沈元张帅李志辉张腾陈阳王适文马莉雅高川周昊周彧
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com