Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-method mixed distributed APT malicious traffic detection and defense system and method

A malicious traffic and defense system technology, applied in the field of network security, can solve the problems of inability to fully perceive the APT network attack situation, no APT attack persistence, and inability to identify APT attacks, so as to overcome the lack of protection scope, improve the level of security protection, The effect of reducing the performance burden

Active Publication Date: 2021-12-03
HUAZHONG UNIV OF SCI & TECH
View PDF10 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Through the above analysis, the existing problems and defects of the existing technology are: the existing technology does not address the complexity and concealment of APT attacks, analyzes the alarm information of different network locations in a wide space span, and cannot fully perceive complex and hidden APT network attacks Posture; no persistence against APT attacks, no way to identify potential APT attacks
[0010] The difficulty of solving the above problems and defects is: relatively difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-method mixed distributed APT malicious traffic detection and defense system and method
  • Multi-method mixed distributed APT malicious traffic detection and defense system and method
  • Multi-method mixed distributed APT malicious traffic detection and defense system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0098] The purpose of the present invention is to realize a distributed APT malicious traffic intrusion detection and defense system mixed with multiple detection methods, so as to accurately and comprehensively detect and defend APT attacks in the network. The intrusion detection and defense system can be abstracted into four layers from bottom to top: "network device layer", "detection and protection layer", "analysis and control layer" and "display and management layer". Among them, "network device layer" and "detection and protection layer" run on the same host, which is called "Sensor" in this intrusion detection and prevention system; "analysis and control layer" and "display and management layer" run on the same host, referred to as "Tower" in this Intrusion Detection and Prevention System. The specific implementation details of each layer are as follows:

[0099] 1. Network equipment layer

[0100] Responsible for traffic bypass and device control of the intrusion de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and discloses a multi-method mixed distributed APT malicious traffic detection and defense system and method, and the method comprises the steps that a network equipment layer carries out traffic bypass and equipment management and control, and sends the bypass traffic to a detection and defense layer for detection; the detection and defense layer performs flow detection and instruction execution; the analysis and control layer is used for summarizing and analyzing detection logs and issuing instructions; and a display and management layer performs data display and user interaction. According to the method, the malicious traffic in the network can be accurately detected in an omnibearing and multi-angle manner, so the potential APT attack can be identified. Meanwhile, by using a distributed architecture, accurate and comprehensive threat modeling can be carried out on the intrusion situation of the whole protected network. Meanwhile, a Cyber Kill Chain theoretical model is used, association between alarms in the network under long time and wide space span is fully mined, potential APT attack actions in the network are identified, and corresponding alarms are given.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a multi-method mixed distributed APT malicious traffic detection and defense system and method. Background technique [0002] At present, in recent years, threats to cyberspace security have become more and more complex, especially since the "Prism Gate" incident broke out in the United States, a series of malicious software has been disclosed. These malicious software are different from the previous common network attack software, showing the characteristics of increasing number, constantly upgrading technical means, gradually increasing attack efficiency, and mutual cooperation among various software. This shows that the network attack mode has developed from a single mode to a complex advanced persistent threat (Advanced Persistent Threat, APT) attack mode. APT attack is an organized, purposeful, complex, persistent and covert network security attack mode...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 张成伟陈逸飞陆国航董瑞华赵睿钟国辉高雅玙
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products