APT event homology judgment method based on behavior pattern

A judgment method and behavior technology, applied in the field of network security, can solve the problems of one-sided analysis results, low efficiency of artificial homology judgment, etc., and achieve the effect of good classification effect.

Active Publication Date: 2021-12-31
NO 15 INST OF CHINA ELECTRONICS TECH GRP +2
View PDF3 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the problems of one-sided malicious sample analysis results and low efficiency of manual homology judgment in the existing APT event homology analysis, the present invention discloses a behavior pattern-based APT event homology judgment method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT event homology judgment method based on behavior pattern
  • APT event homology judgment method based on behavior pattern
  • APT event homology judgment method based on behavior pattern

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to better understand the contents of the present invention, an example is given here.

[0032] figure 1 It is an APT event correlation diagram based on behavior patterns in the present invention; figure 2 It is a schematic diagram of the implementation process of the present invention; image 3 It is a schematic diagram of attack clues and behavior patterns of the present invention; Figure 4 It is the APT event homology discrimination process of the present invention.

[0033] The invention discloses a method for judging the homology of APT events based on behavior patterns, the steps of which include:

[0034] S1, building an APT event correlation diagram based on behavior patterns;

[0035] Extract the clue information of APT events from the unstructured data obtained from multiple channels, extract the attack chain data of APT events from the kill chain model, and extract the technical and tactical information of this APT event from the attack technica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an APT event homology judgment method based on a behavior pattern. The APT event homology judgment method comprises the following steps: constructing an APT event association graph based on the behavior pattern; performing node attribute expansion on the APT event association graph; performing attribute labeling on nodes in the APT event association graph; performing attribute labeling on nodes in the APT event association graph to obtain behavior tags or clue tags of the nodes of the APT event association graph; carrying out similarity discrimination on the APT event association graph; carrying out similarity judgment on the APT event association graph to complete homologous judgment of the APT event; and comparing topological structure information and node attribute information of the structural data of the two APT event association graphs by adopting a sub-graph similarity measurement function to determine the homology or similarity of the two APT event association graphs. According to the method, the problems of one-sided malicious sample analysis result and low manual homology judgment efficiency in existing APT event homology analysis are solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for judging the homology of APT events based on behavior patterns. Background technique [0002] In recent years, with the increasingly intensified game of sovereignty in cyberspace, cyber attacks represented by Advanced Persistent Threat (APT) have become increasingly prevalent and have become one of the most serious threats to cyberspace security. All countries have improved their APT defenses from a national security perspective. [0003] Homology analysis of APT events is an important branch of traceability analysis in APT defense. Its main connotation is to determine whether there is similarity between multiple attack events based on the attack methods, attack tools, and attack loads of different APT attack events, and whether they belong to the same organization or APT attack launched by hackers. At present, the homology analysis of APT attack events is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F16/28G06F16/36
CPCG06F21/566G06F16/288G06F16/367
Inventor 任传伦郭世泽王玥刘晓影乌吉斯古愣俞赛赛刘文瀚谭震王淮张先国
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap