Apt attack identification and attribution method, system and storage medium based on homology analysis
A technology of homology analysis and attack identification, which is applied in the field of homology analysis-based APT attack identification and attribution methods, systems and storage media, can solve problems such as difficulty in feature extraction, single static feature, and method failure, and achieve improved The effect of automatic recognition efficiency, improvement of automation efficiency, and simple calculation process
Active Publication Date: 2021-09-07
GUANGZHOU UNIVERSITY
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] At present, most of the identification and attribution analysis of APT attacks rely on the manual analysis of security experts. The time spent in the analysis process and the cost of human resources are high, and the efficiency is too low; the static features selected in the existing automatic analysis methods are too single , and it will be difficult to extract features due to malware obfuscation and packing technology, resulting in failure of the method
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0048] This embodiment is based on the APT attack identification and attribution method based on homology analysis. First, collect APT-related attack data from a large amount of monitored threat data and extract the characteristic element values in each set in the defined APT quadruple characteristic group; secondly , perform feature vectorization with the APT attack feature tuple in any existing APT organization database; finally, calculate the similarity of the feature vectors of the two groups of attacks, find the relationship between the attack and the selected APT and the organization it belongs to, and Save the attack sample to the APT organization library.
[0049] Such as figure 1 As shown, the method of this embodiment specifically includes the following steps:
[0050] S1. Collect APT-related attack data from the monitored threat data, and extract feature element values in each set of the defined APT quadruple feature group.
[0051] More specifically, in step ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an APT attack identification and attribution method, system and storage medium based on homology analysis, comprising the following steps: collecting APT-related attack data from monitored threat data, and extracting defined APT quadruple features The feature element values in each set in the group; perform feature vectorization with the APT attack feature tuple in any existing APT organization library; calculate the similarity of the feature vectors of the two groups of attacks, and find that the attack is similar to the selected APT attack relationship and the organization it belongs to, and save the attack sample to the APT organization library. The invention combines the IKC attack chain with other features that can distinguish APT organizations to form a multi-dimensional feature set, and combines the weights to calculate the similarity, not only can effectively detect APT attack events, but also can find similar APTs based on known APT organization databases Attacks are conducive to constructing attack scenarios, tracking attackers, and effectively identifying subsequent APT attack organizations.
Description
technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an APT attack identification and attribution method, system and storage medium based on homology analysis. Background technique [0002] APT advanced persistent threat is an attack form that uses advanced attack methods to carry out long-term and persistent network attacks on specific targets. Different from traditional network attacks, APT attacks have the characteristics of pertinence, continuity, advancement, stages, sharing, and indirectness. Combined with the continuous tracking and analysis of APT threat activities by various security research institutions and security vendors at home and abroad, it can be seen that most APT attack organizations have government backgrounds, and many APT organizations have developed their own unique network weapons. The attack methods and means used , processes are quite proficient, and can master the use of various net...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416
Inventor 张倩青李树栋吴晓波韩伟红方滨兴田志宏殷丽华顾钊铨
Owner GUANGZHOU UNIVERSITY