Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat response method and device based on threat intelligence and ATT&CK

An ATT&CK and intelligence technology, applied in computer security devices, machine learning, instruments, etc., can solve the problems of high load overhead, disorder and disorder of the policy system, lack of effective evidence in the traceability process, etc.

Active Publication Date: 2021-05-07
NO 15 INST OF CHINA ELECTRONICS TECH GRP +1
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the present invention provides a threat response method and device based on threat intelligence and ATT&CK, which is mainly used to solve the single and chaotic threat intelligence information in the prior art, which leads to the lack of effective evidence in the traceability process, and the commonly adopted Issues such as banning and blocking strategies, high system load overhead, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat response method and device based on threat intelligence and ATT&CK

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] figure 1 An overall structural diagram of a threat response method based on threat intelligence and ATT&CK provided by an embodiment of the present invention.

[0061] S1 establishes a threat intelligence library:

[0062] S11 External threat collection steps: Use crawlers and open source threat intelligence sharing platform APIs to automatically collect external threat intelligence from public resources as the first collection result;

[0063] Specifically, to establish an open source threat intelligence collection and query framework, automatically collect threat intelligence from various public resources, use crawlers and open source threat intelligence sharing platform APIs, simplify the external collection process, and quickly collect and organize. Among them, the crawler part is mainly aimed at targets such as Twitter, Tor, dark web forums, security portal 360, freebuf, fireeye, MCAfee, etc., and uses libraries such as BeautifulSoup, Requests, and Scrapy in Pytho...

Embodiment 2

[0110] Further, another embodiment of the present invention provides a threat response device based on threat intelligence and ATT&CK as an implementation of the methods shown in the above embodiments. This device embodiment corresponds to the foregoing method embodiment. For the convenience of reading, this device embodiment does not repeat the details in the foregoing method embodiment one by one, but it should be clear that the device in this embodiment can correspond to the foregoing method implementation. Everything in the example. In the device of this embodiment, there are following modules:

[0111] One: Threat intelligence database module, corresponding to S1 in Embodiment 1, establishes a threat intelligence database.

[0112] The external threat collection sub-module uses crawlers and open source threat intelligence sharing platform APIs to automatically collect external threat intelligence from public resources as the first collection result. The external threat ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a threat response method and device based on threat intelligence and ATT&CK, and belongs to the technical field of computer network security. The method comprises the following steps: establishing a threat intelligence library, collecting threat intelligence from public resources and traditional security equipment, analyzing the full life cycle of an attack behavior in combination with an ATT&CK framework, and establishing an attacker machine learning model in a complete attack chain form; establishing a mapping relation between the label and the processing rule according to an attacker machine learning model; monitoring and identifying the real-time flow data by using a DFI-based depth flow detection technology, and continuously changing a label value according to the change of the real-time characteristics of the flow; and activating threat defense according to the mapping relation between the label and the processing rule. According to the method, the problems that the traceability process lacks effective evidence due to single and disordered threat intelligence information and the load overhead of a forbidding and blocking strategy system which is usually adopted is large are solved.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a threat response method and device based on threat intelligence and ATT&CK. Background technique [0002] With the increasing openness and complexity of the Internet and the rapid development of new information technologies such as big data, cloud computing, the Internet of Things, and 5G mobile communication networks, cyberspace threats are also developing towards generalization and complexity. Network security defense based on threat intelligence can analyze existing intrusions in a timely manner, judge future threat situations, and assess potential security risks based on this to guide users to make effective security decisions. [0003] Traditional security protection only relies on firewalls, IDS, IPS and other security devices deployed on borders or special nodes for static control, implements network security monitoring based on feature detection, and ge...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/53G06F21/55G06F21/56G06N20/00
CPCH04L63/1416H04L63/1491H04L63/20G06F21/552G06F21/53G06F21/562G06N20/00
Inventor 任传伦郭世泽冯景瑜张威刘晓影张先国俞赛赛乌吉斯古愣王玥闫慧孟祥頔夏建民金波刘文瀚
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products