Unlock instant, AI-driven research and patent intelligence for your innovation.

APT attack detection method and device, electronic equipment and readable storage medium

An attack detection and grammar technology, applied in the field of malicious attack detection, can solve the problems of high misjudgment rate, easy missed judgment, incomplete security inspection, etc., and achieve the effect of avoiding misjudgment and reducing misjudgment

Pending Publication Date: 2021-08-27
SANGFOR TECH INC
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the current security checks for DNS requests are not comprehensive, ei

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack detection method and device, electronic equipment and readable storage medium
  • APT attack detection method and device, electronic equipment and readable storage medium
  • APT attack detection method and device, electronic equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0080] The purpose of this application is to provide an APT attack detection method, apparatus, electronic device, and readable storage medium, which is animately decreasing the misconduct as much as possible on the basis of unlike.

[0081] In order to make the objects, technical solutions, and advantages of the present application, the technical solutions in the present application embodiment will be clearly described, and the described embodiments will be described in conjunction with the drawings in the present application embodiment. It is an embodiment of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained without making creative labor have not made creative labor premises.

[0082] See figure 1 , figure 1 A flowchart of an APT attack detection method provided herein, including the following steps:

[0083] S101: Get the DNS request data and extract the actual grammatical characteristics fro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an APT attack detection method. The method comprises the steps: carrying out the grammar analysis of obtained DNS request data, obtaining an actual grammar feature, judging whether an APT attack is contained or not from the grammar feature through the consistency comparison of the actual grammar feature and a malicious grammar feature, and carrying out the detection of the APT attack. Considering that the CDN type service always shows similar grammar characteristics under the actual condition, in order to reduce misjudgment as much as possible, the method determines whether the DNS server corresponding to the DNS request is a credible DNS server or not, so that normal DNS request data is prevented from being misjudged as malicious request data containing APT attack. The DNS request containing the APT attack can play a role only when reaching a DNS server built by an attacker, so that misjudgment can be well avoided. The invention also discloses an APT attack detection device, electronic equipment and a readable storage medium, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of malicious attack detection, in particular to an APT attack detection method, device, electronic equipment and readable storage medium. Background technique [0002] APT attack, that is, advanced persistent threat attack, also known as targeted threat attack, refers to a continuous and effective attack activity launched by an organization against a specific target. APT attacks carried out through network channels have a higher degree of harm, so they must be guarded against. [0003] One way to attack APT today is to block ports, such as blocking port 80 to prohibit Internet access, but DNS (Domain Name System, Domain Name Service Protocol), as a necessary service for enterprise basic networks, is often open for access. This also gives APT attacks based on DNS requests for information transmission and command control. For example, some APT attackers put the data to be transmitted in the queries...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/1491H04L61/4511
Inventor 田永晓闫凡
Owner SANGFOR TECH INC