Unlock instant, AI-driven research and patent intelligence for your innovation.

A ttp-based network security threat hunting method and network equipment

A network security and network attack technology, which is applied in the field of network security, can solve problems such as poor compatibility, non-universal terminal equipment, and high dependence on physical file programs, and achieve the effect of reducing dependence and good compatibility

Active Publication Date: 2021-10-26
广东云智安信科技有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the rules of the above threat hunting method are not universal for various terminal devices, and the compatibility is poor, and there must be a physical file program in the hard disk, which is highly dependent on the physical file program

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A ttp-based network security threat hunting method and network equipment
  • A ttp-based network security threat hunting method and network equipment
  • A ttp-based network security threat hunting method and network equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0074] In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, the technical solutions provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

[0075] The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of approaches consistent with aspects of the application as recited in the appended claims.

[0076] The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and / or" as used herein refers to and i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This application discloses a TTP-based network security threat hunting method and network equipment. The method includes: obtaining historical network attack event information, and analyzing and processing the historical network attack event information to obtain a TTP rule model; Based on the relevant data of the state, a snapshot is established based on the relevant data to obtain a snapshot model; the snapshot model is matched based on the TTP rule model, and the matching result including the matching score of the snapshot model is obtained, and based on the matching result, it is judged whether the threat standard is met; if it matches If the score is greater than or equal to the first preset threshold, it is determined that the threat standard is met, and an alarm message is output to warn the terminal device of a network security threat; or, if the matching score is less than the first preset threshold, it is determined that the threat standard is not met , ending detection of cybersecurity threats. In this way, it can be compatible with various terminal devices, the compatibility is better, and the dependence on the entity file program can also be reduced.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a TTP-based network security threat hunting method and network equipment. Background technique [0002] At present, the binary characteristics and sensitive behavior rules of Trojan horse programs are usually used to hunt for network threats. For example, when the Trojan horse program is running or the user performs file operations on the Trojan horse program entity, the above rules are used for matching, so as to achieve the purpose of detecting and discovering the Trojan horse. [0003] The above-mentioned threat hunting method needs to extract binary features from existing Trojan horse programs, and also needs to monitor the running behavior of the terminal device from the driver layer to complete the threat hunting work. Therefore, the rules of the above-mentioned threat hunting method are not common to various terminal devices, and the compatibility is po...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 赵必胜余毅廖壮鑫
Owner 广东云智安信科技有限公司