Unlock instant, AI-driven research and patent intelligence for your innovation.

Network security threat hunting method based on TTP and network equipment

A network security and network attack technology, applied in the field of network security, can solve the problems of poor compatibility, uncommon terminal equipment, and high degree of dependence on physical files and programs, and achieve the effect of good compatibility and reduced degree of dependence.

Active Publication Date: 2021-08-06
广东云智安信科技有限公司
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the rules of the above threat hunting method are not universal for various terminal devices, and the compatibility is poor, and there must be a physical file program in the hard disk, which is highly dependent on the physical file program

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security threat hunting method based on TTP and network equipment
  • Network security threat hunting method based on TTP and network equipment
  • Network security threat hunting method based on TTP and network equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0074] In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, the technical solutions provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

[0075] The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of approaches consistent with aspects of the application as recited in the appended claims.

[0076] The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and / or" as used herein refers to and i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a TTP-based network security threat hunting method and network equipment, and the method comprises the steps: obtaining historical network attack event information, and carrying out the analysis processing of the historical network attack event information, and obtaining a TTP rule model; obtaining related data of the current running state of the terminal equipment, establishing a snapshot based on the related data, and obtaining a snapshot model; carrying out matching processing on the snapshot model based on the TTP rule model to obtain a matching result containing a matching score of the snapshot model, and judging whether a threat standard is reached or not based on the matching result; if the matching score is greater than or equal to a first preset threshold value, determining that a threat standard is reached, and outputting alarm information for warning that the terminal equipment is subjected to the network security threat; or, if the matching score is smaller than the first preset threshold value, determining that the threat standard is not reached, and ending the detection of the network security threat. In this way, various terminal devices can be compatible, compatibility is bettter, and the degree of dependence on entity file programs can be reduced.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a TTP-based network security threat hunting method and network equipment. Background technique [0002] At present, the binary characteristics and sensitive behavior rules of Trojan horse programs are usually used to hunt for network threats. For example, when the Trojan horse program is running or the user performs file operations on the Trojan horse program entity, the above rules are used for matching, so as to achieve the purpose of detecting and discovering the Trojan horse. [0003] The above-mentioned threat hunting method needs to extract binary features from existing Trojan horse programs, and also needs to monitor the running behavior of the terminal device from the driver layer to complete the threat hunting work. Therefore, the rules of the above-mentioned threat hunting method are not common to various terminal devices, and the compatibility is po...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 赵必胜余毅廖壮鑫
Owner 广东云智安信科技有限公司