Operation authority control method based on APT attack intention

A control method and a technology of operating authority, applied in the field of network security in the computer field, to achieve the effects of security and convenience, high controllability, and accurate identification

Pending Publication Date: 2020-11-13
广州纬通贸易有限公司
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the particularity of APT attacks, it is difficult for traditional network security defense mechanisms to play a role in the confrontation with APTs....

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Operation authority control method based on APT attack intention
  • Operation authority control method based on APT attack intention
  • Operation authority control method based on APT attack intention

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] Such as figure 1 As shown, the operation authority control method based on the APT attack intention of this implementation includes the following steps:

[0057] Step 1. Obtain network and system logs to identify APT attack behavior;

[0058] In this embodiment, the specific process of obtaining the network and system logs described in step 1 and identifying the APT attack behavior is as follows:

[0059] Step 1A1, collect network and system logs, obtain network link log records through network logs, obtain the domain name of relevant information data from network and system logs through dns logs, and then query its source IP address, for the visit of a specific IP address, dns The log parses its source IP address, including access parameters, access content and return data from the dns server;

[0060] Step 1A2, log mining based on DBSCAN cluster analysis, find out abnormal operation logs, and identify them as APT attack behaviors.

[0061] In this embodiment, the l...

Embodiment 2

[0099] The difference between this embodiment and Embodiment 1 is: the specific process of obtaining the network and system logs described in step 1 and identifying the APT attack behavior is as follows:

[0100] Step 1B1, acquiring user behavior characteristics;

[0101] During specific implementation, the acquisition of user behavior features described in step 1B1 is to perform one-hot word vector feature extraction on user behavior operations affecting the number of files, whether they are system files, whether they are confidential files, and whether they modify permissions. The one-hot word vector uses a 128-dimensional word vector for feature extraction. The user's behavior characteristics carry the security level information of the operation behavior. The security level information of the operation behavior includes the number of files affected by the operation, whether it is a system file, whether it is a confidential file, and whether it has modification authority. Ba...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an operation authority control method based on an APT attack intention. The method comprises the steps: 1, obtaining a network and system log, and recognizing an APT attack behavior; 2, carrying out attack check on APT attack behaviors, obtaining APT attack contents and sending alarm information; 3, establishing an attack intention logic relationship for the attacked targetfile, the target operation and the target operation authority according to the acquired APT attack content, and predicting the attack intention of the next step according to the attack intention logic relationship and the alarm information; and 4, generating an operation guidance knowledge graph for the attack intention based on a knowledge graph technology, displaying the operation guidance knowledge graph on an operation interface, and enabling an administrator to perform operation according to the operation guidance knowledge graph to avoid APT attack threats. Compared with the prior art,the method has higher controllability, the attack intention is more accurately recognized, too high manual workload cannot be caused, the working difficulty is reduced, and the safety and convenienceof operation are realized.

Description

technical field [0001] The invention belongs to the technical field of network security in the computer field, and in particular relates to an operation authority control method based on an APT attack intention. Background technique [0002] APT (Advanced Persistent Threat, Advanced Persistent Threat) is usually a targeted attack launched by a professional hacker organization, and an APT attack often has a complete and well-planned attack process. [0003] The characteristics of APT attacks are: the purpose of the attack is becoming more and more clear, the scope of the attack is more and more focused, the attack area is wide, the attack behavior is difficult to detect, it is extremely concealed and lasts for a long time, and it seriously threatens national security and citizens' rights and interests. [0004] The biggest reason for APT attacks is the contradiction of system permissions. When the program has high operating permissions, it is easy to carry out attacks, and wh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06K9/62
CPCG06F21/552G06F18/2321
Inventor 刘宽伟
Owner 广州纬通贸易有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap