Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

APT attack behavior analysis and detection method and device based on cascade attack chain model

A technology of behavior analysis and detection methods, applied in the field of network security, to achieve the effect of lowering the threshold of requirements, simplifying the complexity of analysis, and making up for the excessive dependence on manual analysis

Active Publication Date: 2022-04-29
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF12 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] To this end, the present invention provides a method and device for analyzing and detecting APT attack behaviors based on the cascaded attack chain model, which overcomes the limitations of the prior art, effectively identifies and analyzes APT attack behaviors, and makes up for excessive manual analysis in existing analysis methods. Dependent defects, improve the accuracy of attack behavior detection, and facilitate the application in actual analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack behavior analysis and detection method and device based on cascade attack chain model
  • APT attack behavior analysis and detection method and device based on cascade attack chain model
  • APT attack behavior analysis and detection method and device based on cascade attack chain model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0033] In view of the fact that the detection model in the existing network attack detection is difficult to meet the analysis of attack behavior requirements and is inconvenient for actual application, in the embodiments of the present invention, see figure 1 As shown, an APT attack behavior analysis and detection method based on the cascade attack chain model is provided, including the following content:

[0034] S101) Collect multi-source heterogeneous network data, represent the attack process with a recursive structure of multiple sub-attack chains, form the overall structure of the attack chain through the cascading form of the sub-attack chains, and build a cascaded attack chain model;

[0035] S102) Based on t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and in particular relates to a method and device for analyzing and detecting APT attack behaviors based on a cascaded attack chain model. During the attack process, the overall structure of the attack chain is formed through the cascading form of sub-attack chains, and the cascading attack chain model is constructed; based on the cascading attack chain model, the APT attack behavior in the network is analyzed and detected, and the APT attack scene is reconstructed. The present invention overcomes the limitations of the prior art, effectively identifies and analyzes APT attack behaviors, makes up for the defect of excessive reliance on manual analysis in existing analysis methods, improves the accuracy of attack behavior detection, and facilitates application in actual analysis.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to an APT attack behavior analysis and detection method and device based on a cascade attack chain model. Background technique [0002] In the current network environment, in the current network environment, network attacks emerge in an endless stream, and network attacks are becoming increasingly complex, persistent, and concealed. main threat. Due to the advanced nature, persistence and unknown nature of APT attacks, the existing detection methods are gradually difficult to deal with, and it is difficult for people to detect them at the beginning of the attack. Very low yield. Therefore, intrusion detection has always been a hot issue in the field of network security research, and the attack chain model is a description model of attack behavior that has been studied more in intrusion detection. Specifically, the attack chain model is a general attack behavior descripti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416H04L63/1433H04L63/1441H04L63/145
Inventor 郭渊博琚安康张瑞杰李涛方晨王一丰钟雅
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products