Unlock instant, AI-driven research and patent intelligence for your innovation.

A bro-based apt monitoring system and method

A technology of monitoring system and intrusion detection system, which is applied in the field of Bro-based APT monitoring system, can solve problems such as the difficulty of distinguishing the authenticity of emails, and achieve the effects of strong scalability, high performance and scalability

Active Publication Date: 2021-08-20
SHANGHAI JIAOTONG UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 2. Malicious social engineering emails are one of the key factors for the success of many APT attacks. With the increasing maturity of social engineering attack methods, it is almost difficult to distinguish genuine and fake emails

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A bro-based apt monitoring system and method
  • A bro-based apt monitoring system and method
  • A bro-based apt monitoring system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The following describes several preferred embodiments of the present invention with reference to the accompanying drawings, so as to make the technical content clearer and easier to understand. The present invention can be embodied in many different forms of embodiments, and the protection scope of the present invention is not limited to the embodiments mentioned herein.

[0044] The invention designs and implements an APT monitoring system based on the Bro intrusion detection system—BroAPT system. The BroAPT system detects APT attacks through direct comprehensive analysis of network traffic. The system has high performance and scalability, can reorganize and extract the files transmitted in the traffic, and perform real-time analysis and log generation functions on high-speed traffic, and through targeted malicious file detection, and log analysis Analysis, to achieve the goal of monitoring APT attacks in traffic. The designed Bro intrusion detection system architect...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Bro-based APT monitoring system and method, and relates to the field of computer network security, including a host machine, a Docker container and system expansion; the host machine is a gateway, grabs and generates a PCAP file, and stores the PCAP file. The file is output to the Docker container; the Docker container includes an extraction module and a detection module, which extract and detect the inputted PCAP file; the extraction module and the detection module are set as Bro intrusion detection system. The invention detects APT attacks through direct and comprehensive analysis of network traffic, has high performance and scalability, can reorganize and extract files transmitted in traffic, analyze high-speed traffic in real time and generate logs. Through targeted malicious file detection and log analysis, the monitoring target of APT attacks in traffic is realized.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to a Bro-based APT monitoring system and method. Background technique [0002] APT attack, that is, advanced persistent threat attack, also known as targeted threat attack, refers to a continuous and effective attack activity launched by an organization against a specific target. This type of attack is highly concealed and targeted, and usually uses various means of infected media, supply chain, and social engineering to carry out advanced, persistent, and effective threats and attacks. [0003] There are various ways for APT to invade customers, mainly including the following aspects: [0004] 1. Target and attack mobile devices such as smartphones, tablets, and USBs, and then invade enterprise information systems; [0005] 2. Malicious social engineering emails are one of the key factors for the success of many APT attacks. With the increasing maturity of social engineer...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441H04L2463/144H04L2463/146
Inventor 邹福泰肖佳伟高逸飞孟德超化存卿毕越
Owner SHANGHAI JIAOTONG UNIV