Method for creating safe closed-loop process based on MITRE ATT&CK

A closed-loop and safe technology, applied in computer security devices, instruments, computing, etc., can solve problems such as low analysis efficiency, inability to share work with others, accuracy errors, etc.

Active Publication Date: 2020-05-29
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There is no standardized format, so people cannot share their work with others
The analysis efficiency is low, and there are certain errors in the accuracy of human judgment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for creating safe closed-loop process based on MITRE ATT&CK
  • Method for creating safe closed-loop process based on MITRE ATT&CK
  • Method for creating safe closed-loop process based on MITRE ATT&CK

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] Embodiment 1, a method for creating a secure closed-loop process based on MITER ATT&CK, such as figure 1 shown, including the following steps:

[0031] 1), the first stage:

[0032] When creating an effective search, alert, and response improvement cycle that starts with input, the traditional data-informed cycle allows for more effective decision-making on alert and defense. The input content includes big data mining to obtain data, according to indicator IOC, threat intelligence, big data mining, etc.

[0033] ATT&CK is a tactic to obtain a portrait of a specific industry or a specific organization from the attack characteristics in threat intelligence.

[0034] Threat Intelligence:

[0035] External threat intelligence is useful for two key reasons: new attack TTPs and attack verification and identification. Threat intelligence can be used to create one-off attack simulations, based on recent attacks such as the campaign carried out by APT39, or even more certain...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for creating a safety closed-loop process based on MITRE ATT&CK, which comprises the following steps: 1) obtaining data to obtain an MITREATT&CK framework; 2) obtainingan opponent attack plan; 3) simulating an attack according to the opponent attack plan to obtain a simulated attack determination result; and 4) constructing an improvement plan according to a resultdetermined by the simulation attack. The MITRE ATT&CK provides a framework of a structure for researching and analyzing attacks. The threat modeling method and model suite of the matrix for each stage of the hand life cycle comprise changes of several main operating systems such as Windows, MacOS and Linux. It can provide context for describing attacks and help identify. An attack chain with a real simulation environment and upper and lower texts is created among an available data source, an MITREATT & CK matrix and a workflow of an analyst, so as to understand the defense capability gap.

Description

technical field [0001] The invention relates to a method for creating a security closed loop, in particular to a method for creating a security closed loop process based on MITER ATT&CK. Background technique [0002] Implement effective iterative defenses against industry adversaries, defense postures, and security operations, enabling visibility into the environment and reducing the workload of security teams by filling gaps in defense. Gaining valuable sample input, adversary simulation plans, attack simulations, search and report tables, and alert maintenance prioritization are all solid foundations on which to build a defensive system. Understand the techniques, tactics, and procedures an adversary may use, simulate planning guidelines and linkages between adversary groups for an integrated, productive security strategy. [0003] When the behavior of the attacker is not seen and there is no attack alarm, these can be used to formulate the defense and alarm environment b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 周楠范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap