Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Unknown threat active defense method and system

An unknown threat, active defense technology, applied in the field of network security, can solve the problem that unknown threats cannot be identified and dealt with

Inactive Publication Date: 2020-02-25
杭州安恒信息安全技术有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the object of the present invention is to provide a method and system for active defense against unknown threats, so as to alleviate the technical problems existing in the prior art that unknown threats cannot be identified and processed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown threat active defense method and system
  • Unknown threat active defense method and system
  • Unknown threat active defense method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] Since traditional network security solutions are mainly rule-based, known threats can be actively discovered and dealt with. In the prior art, the threat processing engine used for discovery and processing of known threats is mainly based on the rule matching technology for known threats to identify and process known malicious files and known malicious traffic. For unknown threats, existing rules cannot be used to discover and deal with them, and active identification technologies and active defense technologies are needed to deal with them.

[0023] Based on file and traffic deep behavior analysis technology, the present invention actively discovers and processes unknown threats, and provides an active defense method for unknown threats.

[0024] figure 1 It is a flow chart of an active defense method for unknown threats provided according to an embodiment of the present invention, which is applied to a server. like figure 1 As shown, the method specifically include...

Embodiment 2

[0098] figure 2 It is a schematic diagram of an unknown threat active defense system provided according to an embodiment of the present invention, which is applied to a server and includes: a terminal module 10 , a first analysis module 20 , a second analysis module 30 and an unknown threat processing module 40 .

[0099] Specifically, the terminal module 10 is configured to acquire files to be identified and / or traffic to be identified.

[0100] The first analysis module 20 is configured to perform behavior analysis on the files to be identified and / or the traffic to be identified, and obtain file traces and / or traffic traces.

[0101] The second analysis module 30 is configured to perform threat analysis on the file to be identified and / or the traffic to be identified based on the file track and / or the traffic track to obtain the malicious degree of the file to be identified and / or the malicious degree of the traffic to be identified.

[0102] The unknown threat processing m...

Embodiment 3

[0117] The embodiment of the present invention also provides another active defense system against unknown threats, such as image 3 As shown, the system includes: a known threat processing engine 31 , a feature library 32 , an unknown threat processing engine 33 , a behavior database 34 and a terminal 35 . Among them, such as image 3 As shown, the number of terminals 35 may be multiple.

[0118] Specifically, the known threat processing engine 31 is configured to: identify and process known malicious files and known malicious traffic.

[0119] Feature storehouse 32 is used for: recording the fingerprint feature (for example can be MD5 value) of known malicious file, is used for file matching to find malicious file; Record the fingerprint feature (for example can be IP mode or domain name mode) of known malicious traffic , used for traffic matching to detect malicious traffic.

[0120] The signature library 32 provides a known threat processing engine to match known threat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an unknown threat active defense method and system which are applied to a server, and the method comprises the steps: obtaining a to-be-recognized file and / or to-be-recognized flow; performing behavior analysis on the to-be-identified file and / or the to-be-identified flow to obtain a file track and / or a flow track; performing threat analysis on the to-be-identified file and / or the to-be-identified flow based on the file track and / or the flow track to obtain maliciousness of the to-be-identified file and / or maliciousness of the to-be-identified flow; and based on the maliciousness of the to-be-identified file and / or the maliciousness of the to-be-identified traffic, judging whether the to-be-identified file and / or the to-be-identified traffic is a malicious file and / or malicious traffic. The technical problem that unknown threats cannot be recognized and processed in the prior art is solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an active defense method and system for unknown threats. Background technique [0002] With the rapid prevalence of malware such as ransomware and mining Trojans, various new and unknown network security threats emerge in an endless stream. For a network, it is very important to proactively discover and deal with unknown network security threats. Among them, known threat types include known malicious files and known malicious traffic. Unknown threats include unknown malicious files and unknown malicious traffic. [0003] However, since traditional network security solutions are mainly rule-based, known threats can be actively discovered and dealt with. For unknown threats, existing rules cannot be used to discover and deal with them. Therefore, the threat processing engine in the prior art will allow unknown malicious files and unknown malicious traffic, thereby caus...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 李华生吴相东
Owner 杭州安恒信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com