APT attack detection method based on event relation directed graph in network full traffic

A network event and event relationship technology, which is applied in the field of APT attack detection based on the directed graph of event relationship in the full network traffic, can solve problems such as sandbox detection failure, and achieve the effects of convenient backtracking, saving storage resources, and meticulous division

Active Publication Date: 2021-11-02
广州广电研究院有限公司
View PDF15 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, as the technical means of APT attacks become more and more advanced, it will detect the operating environment. Once it is found to be a sandbox, it will not show malicious behavior, making the sandbox detection invalid.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack detection method based on event relation directed graph in network full traffic
  • APT attack detection method based on event relation directed graph in network full traffic
  • APT attack detection method based on event relation directed graph in network full traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described in detail below in conjunction with the reaction scheme and specific examples.

[0034] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with specific embodiments and accompanying drawings.

[0035] In this embodiment, the key network areas and devices such as the network egress, core switches, and routing devices of the monitored network environment are collected to collect all network traffic, and extract the links from the second layer link layer to the seventh layer application layer in the seven-layer network structure. store stream-based network metadata.

[0036] The network data anomaly detection device can be a detection device such as a desktop computer, a notebook computer, a palmtop computer, and a cloud server. Stream-based metadata capture for analytics.

[0037] Through t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of network security, in particular to an APT attack detection method based on an event relation directed graph in network full traffic, which comprises the following steps of: S1, acquiring bypass traffic by using deep packet analysis to obtain real-time network metadata; S2, analyzing the network metadata by using big data based on a hacker network technology, and generating a network event relation directed graph; and S3, constructing a network event attack technology directed graph based on a preset APT attack technology weighted directed graph, performing matching analysis on the network event attack technology directed graph and a preset APT attack technology weighted directed graph, calculating a connected component weight of the network event directed graph, and finally detecting a current APT attack result and generating an alarm prompt. According to the technical scheme, the APT attack detection method based on the event relation digraph in the network full traffic is comprehensive and reliable in data analysis, higher in detection accuracy, capable of saving storage resources and convenient for backtracking, querying and analyzing historical data.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an APT attack detection method based on a directed graph of event relationships in full network traffic. Background technique [0002] Advanced Persistent Threat (APT) attack is a persistent network attack on a specific target using advanced technical means. With the continuous development of network technology, APT attacks have become more and more stealthy. A single traditional network security protection and analysis device is powerless against complex APT attacks, and it is difficult to correlate the analysis results of different network protection and analysis devices. The traces of APT attacks are hidden in the vast sea of ​​network traffic. The log information of network security devices cannot directly and accurately reflect the events in the network, and some hackers even delete the logs on network devices to avoid tracking. Only by collecting and analyzing th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416Y02D30/50
Inventor 刘嘉奇郭晓冬高才唐锡南
Owner 广州广电研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap