Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

APT attack identification and affiliation method and system based on homology analysis, and storage medium

A technology of homology analysis and attack identification, applied in systems and storage media, in the field of APT attack identification and attribution methods based on homology analysis, can solve the problems of difficulty in feature extraction, method failure, single static features, etc. Automatic identification efficiency, simple calculation process, and the effect of improving automation efficiency

Active Publication Date: 2021-01-08
GUANGZHOU UNIVERSITY
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, most of the identification and attribution analysis of APT attacks rely on the manual analysis of security experts. The time spent in the analysis process and the cost of human resources are high, and the efficiency is too low; the static features selected in the existing automatic analysis methods are too single , and it will be difficult to extract features due to malware obfuscation and packing technology, resulting in failure of the method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack identification and affiliation method and system based on homology analysis, and storage medium
  • APT attack identification and affiliation method and system based on homology analysis, and storage medium
  • APT attack identification and affiliation method and system based on homology analysis, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0048] This embodiment is based on the APT attack identification and attribution method based on homology analysis. First, collect APT-related attack data from a large amount of monitored threat data and extract the characteristic element values ​​in each set in the defined APT quadruple characteristic group; secondly , perform feature vectorization with the APT attack feature tuple in any existing APT organization database; finally, calculate the similarity of the feature vectors of the two groups of attacks, find the relationship between the attack and the selected APT and the organization it belongs to, and Save the attack sample to the APT organization library.

[0049] Such as figure 1 As shown, the method of this embodiment specifically includes the following steps:

[0050] S1. Collect APT-related attack data from the monitored threat data, and extract feature element values ​​in each set of the defined APT quadruple feature group.

[0051] More specifically, in step ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an APT attack identification and affiliation method and system based on homology analysis, and a storage medium, and the method comprises the following steps: collecting attackdata related to APT from monitored threat data, and extracting feature element values in each set in a defined APT quaternion feature group; carrying out feature vectorization on any existing APT attack feature tuples in a certain APT organization library; and calculating similarity of the feature vectors of the two groups of attacks, discovering a relationship between the attack and the selectedAPT attack and an organization to which the attack belongs, and storing an attack sample into an APT organization library. According to the method, the IKC attack chain and other features capable ofdistinguishing APT organizations are fused to form the multi-dimensional feature set, similarity calculation is carried out in combination with the weights, APT attack events can be effectively detected, similar APT attacks can be found based on a known APT organization library, and attack scene construction and attacker tracking are facilitated. The APT attack organization of subsequent events iseffectively identified.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an APT attack identification and attribution method, system and storage medium based on homology analysis. Background technique [0002] APT advanced persistent threat is an attack form that uses advanced attack methods to carry out long-term and persistent network attacks on specific targets. Different from traditional network attacks, APT attacks have the characteristics of pertinence, continuity, advancement, stages, sharing, and indirectness. Combined with the continuous tracking and analysis of APT threat activities by various security research institutions and security vendors at home and abroad, it can be seen that most APT attack organizations have government backgrounds, and many APT organizations have developed their own unique network weapons. The attack methods and means used , processes are quite proficient, and can master the use of various net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416
Inventor 张倩青李树栋吴晓波韩伟红方滨兴田志宏殷丽华顾钊铨
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com