Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Sample Homology Analysis Method Based on Dynamic Behavior Chain and Dynamic Features

A technology of dynamic features and analysis methods, applied in the field of homologous analysis of malicious samples, can solve the problems of identification ability, response time and work efficiency that cannot meet the requirements, and achieve the effect of low efficiency and large investment

Active Publication Date: 2021-07-27
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current mainstream homology analysis technology cannot meet the requirements in terms of recognition ability, response time and work efficiency.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Sample Homology Analysis Method Based on Dynamic Behavior Chain and Dynamic Features
  • A Sample Homology Analysis Method Based on Dynamic Behavior Chain and Dynamic Features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention aims to solve the problems existing in common methods of homology analysis, and make up for the shortcomings of mainstream analysis methods, that is, the feature rules are aimed at a single sample, which cannot adapt to the rapid change process of APT samples, and the resources and time overhead are too large, and there is a lag problem. The present invention provides a sample homologous analysis method based on dynamic behavior chains and dynamic features, through chain modeling and analysis of behavioral features during sample execution and matching of file IOCs information exposed during dynamic execution, to realize the detection of malicious samples homology analysis.

[0043] In order to make the object of the present invention clearer and the technical solution clearer, detailed steps will be described below in conjunction with the accompanying drawings. The training method in the content of the above-mentioned "technical solution" is "step ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a sample homology analysis method based on dynamic behavior chains and dynamic features. The steps are as follows: 1: Collect and organize attack samples; 2: Classify and process the training sample set; 3: Put the training sample set into sandbox operation; 4: Sort the samples to generate a dynamic behavior chain; 5: Use the behavior chain extracted from the training data set to train the same-origin analysis decision tree model; 6: Extract the behavior chain and sample IOCs information; 7: Test the data set through the decision tree The model judges the APT organization it belongs to, or the malicious family and type it belongs to; 8: the test data set fuzzily matches the IOCs information through the knowledge base, and obtains the homology information; 9: draws the final homology analysis conclusion; the present invention achieves the goal of starting from dynamic behavior , the effect of sample homology analysis based on dynamic behavior chains and dynamic characteristics on malicious samples solves the practical problems of single sample characteristics caused by traditional homology analysis methods, low efficiency of manual analysis and large investment.

Description

[0001] 1. Technical field [0002] The invention provides a sample homologous analysis method based on dynamic behavior chains and dynamic features, which relates to a malicious sample homologous analysis technology and belongs to the technical field of network security. [0003] 2. Background technology [0004] Facing the increasingly frequent Advanced Persistent Threat-APT incidents targeting the government, military industry, aerospace, energy, education, medical care, high-tech units and enterprises, as well as the increasing number of APT organizations, there are endless attack samples It is becoming more and more important to carry out correlation and homology analysis from samples to organizations, from samples to events and then to criminal organizations behind the scenes. It can not only contribute to the defense of APT attacks, but also to trace the source of attacks Analysis provides strong data support. [0005] Now, the same-origin analysis of APT organizations h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62H04L29/06
CPCH04L63/1441G06F18/241G06F18/214
Inventor 韩志辉吕志泉梅瑞严寒冰丁丽李佳沈元张帅李志辉张腾陈阳王适文马莉雅高川周昊周彧
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com