APT detection method based on context behavior analysis

A technology for behavior analysis and detection methods, applied in semantic analysis, instrumentation, electrical digital data processing, etc., can solve problems such as high overhead, threat alert fatigue, program/system instability, etc.

Pending Publication Date: 2021-12-10
ZHEJIANG UNIV OF TECH
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the detection method based on network traffic analysis relies on the traffic generated by the program, and cannot directly observe the activities of malicious programs; the detection method based on software static feature analysis is easily avoided by polymorphic changes and confusion of code; the detection method based on hook tracking analysis will Modifying the logic of the underlying implementation code makes the program / system unstable and may expose new vulnerabilities; the detection method based on dynamic sandbox analysis needs to simulate the real environment, and the running overhead is high
In addition to the above traditional grid attack detection methods, a detection method of endpoint detection and response is also proposed, but this method also has the defects of threat alarm fatigue, analysis of logs requires technical knowledge costs, and low log storage efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT detection method based on context behavior analysis
  • APT detection method based on context behavior analysis
  • APT detection method based on context behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some, not all, embodiments of the application. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0039] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terms used herein in the description of the application are only for the purpose of describing specific embodiments, and are not intended to limit the application.

[0040] In one embodiment, in order to overcome the defects of existing detection strategies, an APT detection method based on...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an APT (Advanced Persistent Threat) detection method based on context behavior analysis, which comprises the following steps: collecting log data in real time, objects related to the log data comprising processes, files and events; then preprocessing the collected log data; performing intrusion detection based on context behavior analysis according to the simplified data dependency graph; and taking the newest data dependence graph, and tracing according to the process carrying the threat tag contained in the newest data dependence graph to obtain a complete APT attack chain. The APT detection method based on context behavior analysis has good adaptability and high detection success rate.

Description

technical field [0001] The present application belongs to the field of APT attack detection, and specifically relates to an APT detection method based on contextual behavior analysis. Background technique [0002] APT (Advanced Persistent Threat) attacks, that is, advanced persistent threat attacks, usually refer to attacks on governments, core infrastructure (such as energy, transportation, communications) and important industries (such as military industry, finance, and medical care). Compared with traditional attack modes, APT attacks have the characteristics of long duration, long attack chain, high concealment, various methods, and strong harm. They can use social engineering, 0-day vulnerabilities, infected storage media, etc. way to attack. Therefore, it is difficult to directly detect a complete APT attack chain using existing detection methods. Analysts usually detect a certain step of the attack at a certain point in time, and use forensic analysis to quickly loca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F40/211G06F40/30
CPCG06F21/562G06F40/211G06F40/30
Inventor 朱添田余金开
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap