Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multidimensional deep-level APT (Advanced Persistent Threat) attack detection method

A deep, multi-dimensional technology, applied in the field of multi-dimensional in-depth detection of APT attacks, can solve the problems of inability to outline APT attack links, single attack points and attack levels, inability to interact and self-optimization, etc.

Active Publication Date: 2017-11-21
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] Traditional protection mechanisms and products are more based on single-point detection based on several attack methods in the APT attack life cycle. The detected attack points and attack levels are relatively single, and the detection strategies of each attack point cannot interact. and self-optimization, which is not conducive to discovering latent APT attacks, cannot outline APT attack links, and is easily bypassed by well-planned APT attacks. Therefore, it is necessary to analyze possible attack points in each stage of the APT attack life cycle, from In-depth analysis and detection are carried out in multiple dimensions, and the attack clues found in a certain attack stage can be further used as the detection basis for other attack stages. The detection conclusions of each attack stage can be further correlated to form more certain attack evidence. To discover APT attacks more efficiently

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multidimensional deep-level APT (Advanced Persistent Threat) attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043]First of all, it needs to be explained that the present invention relates to the field of APT attack detection, and is an application branch of computer technology in the field of information security technology. During the implementation of the present invention, the detection of multiple attack points in the APT attack life cycle will be involved. The applicant believes that, after carefully reading the application documents and accurately understanding the realization principle and purpose of the present invention, combined with existing known technologies, those skilled in the art can fully implement the present invention by using their software programming skills. Everything mentioned in the application documents of the present invention belongs to this category, and the applicant will not list them one by one.

[0044] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

[0045] A method for ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of APT attack detection and aims at providing a multidimensional deep-level APT (Advanced Persistent Threat) attack detection method. The method comprises steps: traffic collection and analytical reduction are carried out on common network application layer protocol data packets; acquired network application behaviors are analyzed and detected, an attack behavior is recorded and an alarm is given; the detection strategy and the mechanism for each attack point are further optimized; and an APT attack link is generated through correlation. Multidimensional deep-level analysis and detection can be carried out on possible attack points in each stage of an APT attack life cycle, an attack clue found in an attack stage can be used to further serve as the basis for the detection of other attack stages, the detection conclusion in each attack stage is used for further correlation, and an attack evidence with higher certainty is formed.

Description

technical field [0001] The invention relates to the field of APT attack detection, in particular to a method for multi-dimensional in-depth detection of APT attacks. Background technique [0002] APT (Advanced Persistent Threat) attack is a series of covert and persistent attack processes that are organized and carefully planned for specific targets. APT attacks often use malware to exploit system vulnerabilities, and use external C&C servers to continuously monitor and steal data from the specific target of the attack. It is precisely because APT attacks are based on specific attack targets, are carefully planned, and can Further, through remote control and combined with artificial skills, the attack process is executed in a more targeted manner. The whole process is hidden for a long time and is difficult to detect. Therefore, once the attack is successful, it will cause a very large threat to the attack target. [0003] The life cycle of an APT attack is generally divide...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1466
Inventor 李凯范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products