Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-method mixed distributed apt malicious traffic detection defense system and method

A malicious traffic and defense system technology, applied in the field of network security, can solve the problems of inability to fully perceive the APT network attack situation, no APT attack persistence, and inability to identify APT attacks, so as to overcome the lack of protection scope, improve the level of security protection, The effect of reducing the performance burden

Active Publication Date: 2022-04-29
HUAZHONG UNIV OF SCI & TECH
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Through the above analysis, the existing problems and defects of the existing technology are: the existing technology does not address the complexity and concealment of APT attacks, analyzes the alarm information of different network locations in a wide space span, and cannot fully perceive complex and hidden APT network attacks Posture; no persistence against APT attacks, no way to identify potential APT attacks
[0010] The difficulty of solving the above problems and defects is: relatively difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-method mixed distributed apt malicious traffic detection defense system and method
  • Multi-method mixed distributed apt malicious traffic detection defense system and method
  • Multi-method mixed distributed apt malicious traffic detection defense system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0098] The purpose of the present invention is to realize a distributed APT malicious traffic intrusion detection and defense system mixed with multiple detection methods, so as to accurately and comprehensively detect and defend APT attacks in the network. The intrusion detection and defense system can be abstracted into four layers from bottom to top: "network device layer", "detection and protection layer", "analysis and control layer" and "display and management layer". Among them, "network device layer" and "detection and protection layer" run on the same host, which is called "Sensor" in this intrusion detection and prevention system; "analysis and control layer" and "display and management layer" run on the same host, referred to as "Tower" in this Intrusion Detection and Prevention System. The specific implementation details of each layer are as follows:

[0099] 1. Network equipment layer

[0100] Responsible for traffic bypass and device control of the intrusion de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and discloses a multi-method mixed distributed APT malicious traffic detection and defense system and method, including: traffic bypass and device control at the network device layer, and sending the bypass traffic to the detection and defense layer Detection; the detection and protection layer conducts traffic detection and command execution; the analysis and control layer conducts detection log summary analysis and command issuance; the display and management layer performs data display and user interaction. The present invention can perform all-round and multi-angle accurate detection of malicious traffic in the network, thereby identifying potential APT attacks. At the same time, using the distributed architecture, it is possible to accurately and comprehensively model the intrusion of the entire protected network. At the same time, the Cyber ​​Kill Chain theoretical model is used to fully mine the correlation between alarms in the network under long-term and wide spatial spans, identify potential APT attack actions in the network and give corresponding alarms.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a multi-method mixed distributed APT malicious traffic detection and defense system and method. Background technique [0002] At present, in recent years, threats to cyberspace security have become increasingly complex. These malicious software are different from the previous common network attack software, showing the characteristics of increasing number, constantly upgrading technical means, gradually increasing attack efficiency, and mutual cooperation among various software. This shows that the network attack mode has developed from a single mode to a complex advanced persistent threat (Advanced Persistent Threat, APT) attack mode. APT attack is an organized, purposeful, complex, persistent and covert network security attack mode. Government and enterprise units are the main targets of most APT attacks, so APT attacks have a wide range and cause great l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1425H04L63/1441
Inventor 张成伟陈逸飞陆国航董瑞华赵睿钟国辉高雅玙
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com