APT attack analysis method and system, and server

A technology for analyzing servers and analysis methods, applied in the field of APT attack analysis methods, systems and servers, to avoid data loss and simplify analysis

Active Publication Date: 2021-01-01
新浪技术(中国)有限公司
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the embodiment of the present application is to provide an APT attack analysis method, system and server to solve the problem in the prior art that it is difficult to correlate domain name resolution logs with APT attack events

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack analysis method and system, and server
  • APT attack analysis method and system, and server
  • APT attack analysis method and system, and server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042]Embodiments of the present application provide an APT attack analysis method, system, and server to solve the problem in the prior art that it is difficult to correlate and analyze domain name resolution logs and APT attack events.

[0043] In order to enable those skilled in the art to better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described The embodiments are only some of the embodiments of the present application, but not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the scope of protection of this application.

[0044] figure 1 It is a schematic architecture diagram of an APT attack analysis system according t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an APT attack analysis method and system and a server, and the method is used for solving the problem that in the prior art, correlation analysis is difficultto be carried out on a domain name resolution log and an APT attack event. The method comprises the steps of extracting to-be-analyzed log data from a log collection and storage server according to apreset data extraction condition; performing key field matching on each log in the to-be-analyzed log data, and determining a first target domain name generating an APT attack event and a first target IP address resolved by the first target domain name; and according to the first target domain name and the first target IP address, creating an interception list and sending the interception list toa domain name resolution server, so that the domain name resolution server determines whether to respond to a domain name resolution request initiated by a client according to the interception list.According to the technical scheme, correlation analysis between the domain name resolution log and the APT attack event is realized, so that log data for data backup plays a role in discovering APT attacks.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to an APT attack analysis method, system and server. Background technique [0002] In the prior art, the domain name resolution log is generally only used to back up and save the domain name data resolved by the DNS (DomainName System, Domain Name System) server, and there is no corresponding mechanism to compare each log data in the domain name resolution log with APT (AdvancedPersistentThreat, advanced Persistent Threat) events are analyzed. [0003] Therefore, in the process of DNS server processing the user's domain name resolution request, it is impossible to perform APT inspection and judgment on the domain name requested by the user and the IP (Internet Protocol, Internet Protocol) address corresponding to the domain name, and it is impossible to know the domain name accessed by the user, Whether the IP is safe, the threat cannot be discovered when the use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1425H04L61/4511Y02D10/00
Inventor 盛洋
Owner 新浪技术(中国)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap