APT attack detection method, terminal equipment and storage medium

An attack detection and detection technology, applied in the field of malicious attack detection, can solve the problems of long duration, low APT attack efficiency, and only focus on border defense, etc., to achieve the effect of simplifying the scale

Pending Publication Date: 2021-03-26
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Because APT usually lasts for a long time, different attack stages distributed in irrelevant time periods will be mistaken for several irrelevant independent events, and APT attacks usually use complex attack methods such as social engineerin

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack detection method, terminal equipment and storage medium
  • APT attack detection method, terminal equipment and storage medium
  • APT attack detection method, terminal equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0037] Embodiment one:

[0038] The embodiment of the present invention provides a method for detecting APT attacks, such as figure 1 As shown, it is a flow chart of the APT attack detection method described in the embodiment of the present invention, and the method includes the following steps:

[0039] S1: Collect the network request data set to be detected, and extract the domain name contained in it.

[0040] The data to be detected used in this embodiment is continuous DNS request information and response data. A DNS request record contains the following information: request time, request host name, request domain name, DNS type and additional information.

[0041] Since the data size of the network request data set is usually large, it is 30GB in this embodiment, which contains a total of 250 million DNS request data (specifically 257535071), including a total of 70,000 domain names (specifically 73136), and the response fails The error domain name 4408. Since it is ...

Example Embodiment

[0079] Embodiment two:

[0080] The present invention also provides an APT attack detection terminal device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the present invention is realized when the processor executes the computer program Steps in the above method embodiment of Embodiment 1.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an APT attack detection method, terminal equipment and a storage medium, and the method comprises the steps: S1, collecting a to-be-detected network request data set, and extracting a domain name contained in the to-be-detected network request data set; S2, constructing a domain name IP bipartite graph according to the extracted relationship between the domain name and theIP, converting the domain name IP bipartite graph into a domain name graph only with domain name nodes according to the mapping relationship between the domain name and the IP, and obtaining connected sub-graphs in the domain name graph; and S3, analyzing each connected sub-graph in the domain name graph to obtain a suspicious domain name list. According to the method, the relevance between domain names is considered, the relevance between IPs and the specific situation that the domain names map the IPs are calculated, and the malicious domain names are detected more accurately by improving the weight of the IP jointly mapped by most malicious domain names.

Description

technical field [0001] The invention relates to the field of malicious attack detection, in particular to an APT attack detection method, a terminal device and a storage medium. Background technique [0002] In recent years, a class of cyber attacks called Advanced Persistent Threats (APTs) has brought very serious losses to organizations such as governments and enterprises. This type of attack called APT has the characteristics of long duration, complex attack means, and strong concealment, which makes it difficult to detect this type of attack. In the face of APT attacks with long latency and high concealment, traditional detection methods (such as firewalls, intrusion detection systems, etc.) cannot achieve effective detection. [0003] At present, there are three main detection methods for traditional APT attacks: [0004] (1) The detection method based on machine learning analyzes the unique characteristics of APT attacks in the overall behavior, and then uses these u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 姚刚陈奋陈荣有孙晓波龚利军
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap