Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Terminal detection and response system

A terminal and detection point technology, applied in the field of information security, can solve the problems of detection efficiency impact, malicious code cannot be prevented, and errors are easy to achieve, and achieve the effect of improving detection efficiency and effect.

Active Publication Date: 2021-08-27
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In related technologies, the means of preventing malicious codes is usually anti-virus software or active defense software. Anti-virus software is implemented by detecting signatures contained in malicious codes. The effectiveness of anti-virus software is closely related to its virus database. With the new When malicious code is discovered, the virus database must also be updated. Therefore, within the update period of the virus database, it is impossible to prevent newly generated malicious code, especially for malicious code that is hidden deep. Once a large-scale outbreak occurs, it is too late to upgrade the virus database. Late, unable to deal with APT, the attackers use various obfuscation and evasion methods, can bypass the defense, the continuous growth of the virus database will definitely affect the detection efficiency; Monitor its access to specific resources during the period. When a risky operation is captured, the user may be prompted, and the user decides whether to block the operation, or directly block the operation. However, when a risky operation occurs, it is difficult to determine whether it is true or not. If the decision is made by the user, it depends on the user's professional knowledge; if it is directly judged, it is easy to make mistakes, and it is still unable to deal with the evasion methods commonly used by APT, such as borrowing system tools in the whitelist to complete malicious operations to bypass detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Terminal detection and response system
  • Terminal detection and response system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that, in the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other.

[0060] In the following description, many specific details are set forth in order to fully understand the present disclosure, but the present disclosure can also be implemented in other ways than described here; obviously, the embodiments in the description are only some of the embodiments of the present disclosure, and Not all examples.

[0061] At present, known malicious behaviors are classified according to the different stages or purposes of the attack, and Endpoint Detection And Response (EDR) products have emerged. EDR no longer uses a single behavior as the basis for blocking. Instead, it continuously detects various secur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present disclosure relates to a terminal detection and response system, comprising: at least one detection point for capturing an event, constructing an event context of the event, and sending the event context to a filtering engine; a security object database which is used for storing information of key objects; a filtering engine which is used for maintaining the strategy set, filtering the event context transmitted by the detection point according to the strategy set, and returning a filtering result, wherein when the filtering engine carries out filtering judgment on the event context, the security object database is inquired to obtain information of the event related object; and a detection point which is also used for executing corresponding operation according to the filtering result. Therefore, real-time detection and response can be realized at the terminal, and the detection efficiency and effect are improved.

Description

technical field [0001] The present disclosure relates to the technical field of information security, and in particular to a terminal detection and response system. Background technique [0002] At present, from the earliest viruses, worms, Trojan horses, to APT (Advanced Persistent Threat, advanced persistent threat), malicious code is always the most serious threat to information systems. [0003] In related technologies, the means of preventing malicious codes is usually anti-virus software or active defense software. Anti-virus software is implemented by detecting signatures contained in malicious codes. The effectiveness of anti-virus software is closely related to its virus database. With the new When malicious code is discovered, the virus database must also be updated. Therefore, within the update period of the virus database, it is impossible to prevent newly generated malicious code, especially for malicious code that is hidden deep. Once a large-scale outbreak occ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 周国华毕向阳李海峰
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products