CN109474586A - 一种基于用户行为分析的高级持续性威胁分析方法 - Google Patents
一种基于用户行为分析的高级持续性威胁分析方法 Download PDFInfo
- Publication number
- CN109474586A CN109474586A CN201811289377.8A CN201811289377A CN109474586A CN 109474586 A CN109474586 A CN 109474586A CN 201811289377 A CN201811289377 A CN 201811289377A CN 109474586 A CN109474586 A CN 109474586A
- Authority
- CN
- China
- Prior art keywords
- behavior
- user behavior
- abnormal
- method based
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811289377.8A CN109474586A (zh) | 2018-10-31 | 2018-10-31 | 一种基于用户行为分析的高级持续性威胁分析方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811289377.8A CN109474586A (zh) | 2018-10-31 | 2018-10-31 | 一种基于用户行为分析的高级持续性威胁分析方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109474586A true CN109474586A (zh) | 2019-03-15 |
Family
ID=65666274
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811289377.8A Pending CN109474586A (zh) | 2018-10-31 | 2018-10-31 | 一种基于用户行为分析的高级持续性威胁分析方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109474586A (zh) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110868403A (zh) * | 2019-10-29 | 2020-03-06 | 泰康保险集团股份有限公司 | 一种识别高级持续性攻击apt的方法及设备 |
CN113516337A (zh) * | 2021-03-25 | 2021-10-19 | 中国雄安集团数字城市科技有限公司 | 数据安全运营的监控方法及装置 |
CN113821794A (zh) * | 2021-09-14 | 2021-12-21 | 北京八分量信息科技有限公司 | 一种分布式的可信计算系统及方法 |
CN115168917A (zh) * | 2022-07-07 | 2022-10-11 | 青岛安泰德科技有限公司 | 一种云计算服务的异常用户行为处理方法及服务器 |
US11496489B1 (en) * | 2019-03-28 | 2022-11-08 | Ca, Inc. | Knowledge-aware detection of attacks on a client device conducted with dual-use tools |
CN116401658A (zh) * | 2023-04-10 | 2023-07-07 | 淳安华数数字电视有限公司 | 一种智能电视敏感数据安全控制方法与系统 |
CN117118717A (zh) * | 2023-09-01 | 2023-11-24 | 湖北顺安伟业科技有限公司 | 一种用户信息威胁分析方法及系统 |
CN117118717B (zh) * | 2023-09-01 | 2024-05-31 | 湖北顺安伟业科技有限公司 | 一种用户信息威胁分析方法及系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103001826A (zh) * | 2012-11-29 | 2013-03-27 | 北京奇虎科技有限公司 | 用于监测用户登录的设备和方法 |
CN105871883A (zh) * | 2016-05-10 | 2016-08-17 | 上海交通大学 | 基于攻击行为分析的高级持续性威胁检测方法 |
CN106598823A (zh) * | 2016-10-19 | 2017-04-26 | 同盾科技有限公司 | 一种网络行为特征的差量计算方法和系统 |
CN108712425A (zh) * | 2018-05-21 | 2018-10-26 | 南京南瑞集团公司 | 一种面向工业控制系统网络安全威胁事件的分析监管方法 |
-
2018
- 2018-10-31 CN CN201811289377.8A patent/CN109474586A/zh active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103001826A (zh) * | 2012-11-29 | 2013-03-27 | 北京奇虎科技有限公司 | 用于监测用户登录的设备和方法 |
CN105871883A (zh) * | 2016-05-10 | 2016-08-17 | 上海交通大学 | 基于攻击行为分析的高级持续性威胁检测方法 |
CN106598823A (zh) * | 2016-10-19 | 2017-04-26 | 同盾科技有限公司 | 一种网络行为特征的差量计算方法和系统 |
CN108712425A (zh) * | 2018-05-21 | 2018-10-26 | 南京南瑞集团公司 | 一种面向工业控制系统网络安全威胁事件的分析监管方法 |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11496489B1 (en) * | 2019-03-28 | 2022-11-08 | Ca, Inc. | Knowledge-aware detection of attacks on a client device conducted with dual-use tools |
CN110868403A (zh) * | 2019-10-29 | 2020-03-06 | 泰康保险集团股份有限公司 | 一种识别高级持续性攻击apt的方法及设备 |
CN113516337A (zh) * | 2021-03-25 | 2021-10-19 | 中国雄安集团数字城市科技有限公司 | 数据安全运营的监控方法及装置 |
CN113821794A (zh) * | 2021-09-14 | 2021-12-21 | 北京八分量信息科技有限公司 | 一种分布式的可信计算系统及方法 |
CN113821794B (zh) * | 2021-09-14 | 2023-08-18 | 北京八分量信息科技有限公司 | 一种分布式的可信计算系统及方法 |
CN115168917A (zh) * | 2022-07-07 | 2022-10-11 | 青岛安泰德科技有限公司 | 一种云计算服务的异常用户行为处理方法及服务器 |
CN115168917B (zh) * | 2022-07-07 | 2023-09-22 | 大唐智创(山东)科技有限公司 | 一种云计算服务的异常用户行为处理方法及服务器 |
CN116401658A (zh) * | 2023-04-10 | 2023-07-07 | 淳安华数数字电视有限公司 | 一种智能电视敏感数据安全控制方法与系统 |
CN116401658B (zh) * | 2023-04-10 | 2024-02-27 | 淳安华数数字电视有限公司 | 一种智能电视敏感数据安全控制方法与系统 |
CN117118717A (zh) * | 2023-09-01 | 2023-11-24 | 湖北顺安伟业科技有限公司 | 一种用户信息威胁分析方法及系统 |
CN117118717B (zh) * | 2023-09-01 | 2024-05-31 | 湖北顺安伟业科技有限公司 | 一种用户信息威胁分析方法及系统 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Lanzi et al. | Accessminer: using system-centric models for malware protection | |
CN109474586A (zh) | 一种基于用户行为分析的高级持续性威胁分析方法 | |
Wang et al. | Automatically traceback RDP‐based targeted ransomware attacks | |
Grégio et al. | Toward a taxonomy of malware behaviors | |
KR100910761B1 (ko) | 프로세스 행위 예측 기법을 이용한 비정형 악성코드 탐지방법 및 그 시스템 | |
US20070139231A1 (en) | Systems and methods for enterprise-wide data identification, sharing and management in a commercial context | |
Peisert et al. | Analysis of computer intrusions using sequences of function calls | |
Casey et al. | Malware forensics field guide for Linux systems: digital forensics field guides | |
CN110868403B (zh) | 一种识别高级持续性攻击apt的方法及设备 | |
Xue et al. | Design and implementation of a malware detection system based on network behavior | |
Wang et al. | Using ontologies to perform threat analysis and develop defensive strategies for mobile security | |
AlSabeh et al. | Exploiting ransomware paranoia for execution prevention | |
Torkura et al. | Slingshot-automated threat detection and incident response in multi cloud storage systems | |
Patil et al. | Roadmap of digital forensics investigation process with discovery of tools | |
Mahmoud et al. | APTHunter: Detecting advanced persistent threats in early stages | |
RU2481633C2 (ru) | Система и способ автоматического расследования инцидентов безопасности | |
Vigna et al. | Host-based intrusion detection | |
CN109492390A (zh) | 一种基于攻击时间线的高级持续性威胁分析方法 | |
Mathew et al. | Insider abuse comprehension through capability acquisition graphs | |
Gupta et al. | Attacking confidentiality: An agent based approach | |
徐明 et al. | Anomaly detection based on system call classification | |
BehradFar et al. | RAT hunter: Building robust models for detecting remote access trojans based on optimum hybrid features | |
Ren et al. | A hybrid intelligent system for insider threat detection using iterative attention | |
Nallaperumal | CyberSecurity Analytics to Combat Cyber Crimes | |
SRIDEVI et al. | Dynamic Malware Attack Detection and Prevention in Real TIME Iot with Hybridsignature Free Method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200727 Address after: 200000 Shanghai Pudong New Area free trade trial area, 1 spring 3, 400 Fang Chun road. Applicant after: Shanghai leading Mdt InfoTech Ltd. Address before: 200 000 Shuiqing Road 332, Minhang District, Shanghai Applicant before: Shi Yong Applicant before: Fu Yewen Applicant before: Liu Ning Applicant before: He Xiang |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190315 |