APT attack behavior analysis and detection method and device based on cascade attack chain model

A behavioral analysis and detection method technology, applied in the field of network security, to achieve good application prospects, make up for excessive dependence on manual analysis, and lower the threshold of requirements

Active Publication Date: 2019-12-20
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF12 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] To this end, the present invention provides a method and device for analyzing and detecting APT attack behaviors based on the cascaded attack chain model, which overcomes the limitations of the prior art, effectively identifies and analyzes APT attack behaviors, and makes up for excessive manual analysis in existing analysis methods. Dependent defects, improve the accuracy of attack behavior detection, and facilitate the application in actual analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack behavior analysis and detection method and device based on cascade attack chain model
  • APT attack behavior analysis and detection method and device based on cascade attack chain model
  • APT attack behavior analysis and detection method and device based on cascade attack chain model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0033] In view of the fact that the detection model in the existing network attack detection is difficult to meet the analysis of attack behavior requirements and is inconvenient for actual application, in the embodiments of the present invention, see figure 1 As shown, an APT attack behavior analysis and detection method based on the cascade attack chain model is provided, including the following content:

[0034] S101) Collect multi-source heterogeneous network data, represent the attack process with a recursive structure of multiple sub-attack chains, form the overall structure of the attack chain through the cascading form of the sub-attack chains, and build a cascaded attack chain model;

[0035] S102) Based on t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security, in particular to an APT attack behavior analysis and detection method and device based on a cascaded attack chain model, and the method comprises the steps: collecting multi-source heterogeneous network data, representing an attack process through the recursive structure of a plurality of sub-attack chains, forming an attack chain overall structure in a sub-attack chain cascading mode, and constructing the cascaded attack chain model; and based on the cascade attack chain model, analyzing and detecting APT attack behaviors in the network, and reconstructing an APT attack scene. According to the method, the limitation of the prior art is overcome, the APT attack behavior is effectively recognized and analyzed, the defect thatan existing analysis method excessively depends on manual analysis is overcome, the accuracy of attack behavior detection is improved, and the method can be conveniently applied to actual analysis.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an APT attack behavior analysis and detection method and device based on a cascade attack chain model. Background technique [0002] In the current network environment, in the current network environment, network attacks emerge in an endless stream, and network attacks are becoming increasingly complex, persistent, and concealed. main threat. Due to the advanced nature, persistence and unknown nature of APT attacks, the existing detection methods are gradually difficult to deal with, and it is difficult for people to detect them at the beginning of the attack. Very low yield. Therefore, intrusion detection has always been a hot issue in the field of network security research, and the attack chain model is a description model of attack behavior that has been studied more in intrusion detection. Specifically, the attack chain model is a general attack behavior descripti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1441H04L63/145
Inventor 郭渊博琚安康张瑞杰李涛方晨王一丰钟雅
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap