APT information determination method and device, storage medium and electronic device
A technology for determining methods and samples, applied in the field of network security, can solve problems such as undiscovered solutions and network attack defense lag, and achieve the effects of solving low efficiency, improving analysis, tracking and positioning capabilities, and improving automation and accuracy
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0031] The method embodiment provided in Embodiment 1 of the present application may be executed on a server or a similar computing device. Take running on the server as an example, figure 1 It is a block diagram of the hardware structure of an APT information determining server according to an embodiment of the present invention. Such as figure 1 As shown, the server 10 may include one or more ( figure 1 Only one is shown in ) processor 102 (processor 102 may include but not limited to processing devices such as microprocessor MCU or programmable logic device FPGA) and memory 104 for storing data. Optionally, the above-mentioned server can also be A transmission device 106 for communication functions and an input and output device 108 are included. Those of ordinary skill in the art can understand that, figure 1 The shown structure is only for illustration, and it does not limit the structure of the above server. For example, server 10 may also include figure 1 more or ...
Embodiment 2
[0069] In this embodiment, a device for determining APT information is also provided, which may be a server, and the device is used to implement the above embodiments and preferred implementation modes, and those that have already been described will not be repeated. As used below, the term "module" may be a combination of software and / or hardware that realizes a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
[0070] Figure 5 is a structural block diagram of an apparatus for determining APT information according to an embodiment of the present invention, which can be applied in a server, such as Figure 5 As shown, the device includes: an acquisition module 50, a detection module 52, and a determination module 54, wherein,
[0071] Obtaining module 50, for obtaining malicious samples;
[007...
Embodiment 3
[0081] An embodiment of the present invention also provides a storage medium, in which a computer program is stored, wherein the computer program is set to execute the steps in any one of the above method embodiments when running.
[0082] Optionally, in this embodiment, the above-mentioned storage medium may be configured to store a computer program for performing the following steps:
[0083] S1, obtaining malicious samples;
[0084] S2. Statically detect the malicious sample to obtain first sample information, and dynamically detect the malicious sample to obtain second sample information;
[0085] S3. Determine advanced persistent threat (APT) information of the malicious sample according to the first sample information or the second sample information.
[0086] Optionally, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (Read-Only Memory, ROM for short), random access memory (Random Access Memory, RAM for sh...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com