APT information determination method and device, storage medium and electronic device

A technology for determining methods and samples, applied in the field of network security, can solve problems such as undiscovered solutions and network attack defense lag, and achieve the effects of solving low efficiency, improving analysis, tracking and positioning capabilities, and improving automation and accuracy

Active Publication Date: 2019-09-10
BEIJING QIANXIN TECH
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, there is no plan to obtain threat intelligence in advance when these attacks occur in a small area, and carry out early warning and defense on a large scale
Defenses leading to cyberattacks lag
[0005] For the above-mentioned problems existing in related technologies, no effective solution has been found yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT information determination method and device, storage medium and electronic device
  • APT information determination method and device, storage medium and electronic device
  • APT information determination method and device, storage medium and electronic device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] The method embodiment provided in Embodiment 1 of the present application may be executed on a server or a similar computing device. Take running on the server as an example, figure 1 It is a block diagram of the hardware structure of an APT information determining server according to an embodiment of the present invention. Such as figure 1 As shown, the server 10 may include one or more ( figure 1 Only one is shown in ) processor 102 (processor 102 may include but not limited to processing devices such as microprocessor MCU or programmable logic device FPGA) and memory 104 for storing data. Optionally, the above-mentioned server can also be A transmission device 106 for communication functions and an input and output device 108 are included. Those of ordinary skill in the art can understand that, figure 1 The shown structure is only for illustration, and it does not limit the structure of the above server. For example, server 10 may also include figure 1 more or ...

Embodiment 2

[0069] In this embodiment, a device for determining APT information is also provided, which may be a server, and the device is used to implement the above embodiments and preferred implementation modes, and those that have already been described will not be repeated. As used below, the term "module" may be a combination of software and / or hardware that realizes a predetermined function. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

[0070] Figure 5 is a structural block diagram of an apparatus for determining APT information according to an embodiment of the present invention, which can be applied in a server, such as Figure 5 As shown, the device includes: an acquisition module 50, a detection module 52, and a determination module 54, wherein,

[0071] Obtaining module 50, for obtaining malicious samples;

[007...

Embodiment 3

[0081] An embodiment of the present invention also provides a storage medium, in which a computer program is stored, wherein the computer program is set to execute the steps in any one of the above method embodiments when running.

[0082] Optionally, in this embodiment, the above-mentioned storage medium may be configured to store a computer program for performing the following steps:

[0083] S1, obtaining malicious samples;

[0084] S2. Statically detect the malicious sample to obtain first sample information, and dynamically detect the malicious sample to obtain second sample information;

[0085] S3. Determine advanced persistent threat (APT) information of the malicious sample according to the first sample information or the second sample information.

[0086] Optionally, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (Read-Only Memory, ROM for short), random access memory (Random Access Memory, RAM for sh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an APT information determination method and device, a storage medium and an electronic device, and the method comprises the steps: obtaining a malicious sample; carrying out static detection on the malicious sample to obtain first sample information, and carrying out dynamic detection on the malicious sample to obtain second sample information; and determining advanced persistent threat APT information of the malicious sample according to the first sample information or the second sample information. The technical problem of low APT information determination efficiency in the prior art is solved.

Description

technical field [0001] The present invention relates to the field of network security, in particular to a method and device for determining APT information, a storage medium, and an electronic device. Background technique [0002] A network attack is an attack on an electronic device by a hacker or a Trojan horse, which causes huge losses to users by stealing files. [0003] When tracking and discovering advanced persistent threat (Advanced Persistent Threat, APT) groups, context analysis is mainly based on malicious files, phishing emails and other attacks in network transmission. Attackers use malicious programs to intrude and control networks and information systems to steal sensitive data and damage systems and network environments. It is urgent to improve the detection rate and batch analysis capabilities of malicious samples spread in enterprise networks. [0004] In related technologies, in the field of computer security, network attacks are becoming more and more sp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/1483
Inventor 白敏代慧平汪列军
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap