Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Behavioral Pattern-Based Approach to Homology Judgment of Apt Events

A judgment method and behavior technology, applied in the field of network security, can solve the problems of one-sided analysis results, low efficiency of artificial homology judgment, etc., and achieve the effect of good classification effect.

Active Publication Date: 2022-05-13
NO 15 INST OF CHINA ELECTRONICS TECH GRP +2
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the problems of one-sided malicious sample analysis results and low efficiency of manual homology judgment in the existing APT event homology analysis, the present invention discloses a behavior pattern-based APT event homology judgment method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Behavioral Pattern-Based Approach to Homology Judgment of Apt Events
  • A Behavioral Pattern-Based Approach to Homology Judgment of Apt Events
  • A Behavioral Pattern-Based Approach to Homology Judgment of Apt Events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to better understand the contents of the present invention, an example is given here.

[0032] figure 1 It is an APT event correlation diagram based on behavior patterns in the present invention; figure 2 It is a schematic diagram of the implementation process of the present invention; image 3 It is a schematic diagram of attack clues and behavior patterns of the present invention; Figure 4 It is the APT event homology discrimination process of the present invention.

[0033] The invention discloses a method for judging the homology of APT events based on behavior patterns, the steps of which include:

[0034] S1, building an APT event correlation diagram based on behavior patterns;

[0035] Extract the clue information of APT events from the unstructured data obtained from multiple channels, extract the attack chain data of APT events from the kill chain model, and extract the technical and tactical information of this APT event from the attack technica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for judging the homology of APT events based on behavior patterns. The steps include: constructing an APT event correlation graph based on behavior patterns; extending node attributes on the APT event correlation graph; Attribute labeling; attribute labeling of nodes in the APT event correlation graph to obtain behavior labels or clue tags of nodes in the APT event correlation graph; similarity discrimination for APT event correlation graphs; similarity judgment for APT event correlation graphs to complete APT Homology determination of events; use the subgraph similarity measurement function to compare the topology information and node attribute information of the structural data of the two APT event correlation graphs to determine the homology or similarity of the two APT event correlation graphs. The method of the invention solves the problems of one-sided malicious sample analysis results and low efficiency of manual homology determination in the prior homology analysis of APT events.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for judging the homology of APT events based on behavior patterns. Background technique [0002] In recent years, with the increasingly intensified game of sovereignty in cyberspace, cyber attacks represented by Advanced Persistent Threat (APT) have become increasingly prevalent and have become one of the most serious threats to cyberspace security. All countries have improved their APT defenses from a national security perspective. [0003] Homology analysis of APT events is an important branch of traceability analysis in APT defense. Its main connotation is to determine whether there is similarity between multiple attack events based on the attack methods, attack tools, and attack loads of different APT attack events, and whether they belong to the same organization or APT attack launched by hackers. At present, the homology analysis of APT attack events is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F16/28G06F16/36
CPCG06F21/566G06F16/288G06F16/367
Inventor 任传伦郭世泽王玥刘晓影乌吉斯古愣俞赛赛刘文瀚谭震王淮张先国
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products