CN109583193B - 目标攻击的云检测、调查以及消除的系统和方法 - Google Patents

目标攻击的云检测、调查以及消除的系统和方法 Download PDF

Info

Publication number
CN109583193B
CN109583193B CN201810553206.5A CN201810553206A CN109583193B CN 109583193 B CN109583193 B CN 109583193B CN 201810553206 A CN201810553206 A CN 201810553206A CN 109583193 B CN109583193 B CN 109583193B
Authority
CN
China
Prior art keywords
computer
database
attack
tag
suspicious activity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810553206.5A
Other languages
English (en)
Chinese (zh)
Other versions
CN109583193A (zh
Inventor
谢尔盖·V·戈尔德契克
康斯坦丁·V·萨普罗诺夫
尤里·G·帕尔辛
泰穆尔·S·凯尔哈巴罗夫
谢尔盖·V·索尔达托夫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kaspersky Lab AO
Original Assignee
Kaspersky Lab AO
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from RU2017133842A external-priority patent/RU2661533C1/ru
Application filed by Kaspersky Lab AO filed Critical Kaspersky Lab AO
Publication of CN109583193A publication Critical patent/CN109583193A/zh
Application granted granted Critical
Publication of CN109583193B publication Critical patent/CN109583193B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
CN201810553206.5A 2017-09-29 2018-05-31 目标攻击的云检测、调查以及消除的系统和方法 Active CN109583193B (zh)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
RU2017133842 2017-09-29
RU2017133842A RU2661533C1 (ru) 2017-09-29 2017-09-29 Система и способ обнаружения признаков компьютерной атаки
US201762573830P 2017-10-18 2017-10-18
US62/573,830 2017-10-18
US15/923,581 US10873590B2 (en) 2017-09-29 2018-03-16 System and method of cloud detection, investigation and elimination of targeted attacks
US15/923,581 2018-03-16

Publications (2)

Publication Number Publication Date
CN109583193A CN109583193A (zh) 2019-04-05
CN109583193B true CN109583193B (zh) 2023-07-04

Family

ID=62148273

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810553206.5A Active CN109583193B (zh) 2017-09-29 2018-05-31 目标攻击的云检测、调查以及消除的系统和方法

Country Status (4)

Country Link
US (2) US10873590B2 (https=)
EP (1) EP3462698B1 (https=)
JP (1) JP7084778B2 (https=)
CN (1) CN109583193B (https=)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10902114B1 (en) * 2015-09-09 2021-01-26 ThreatQuotient, Inc. Automated cybersecurity threat detection with aggregation and analysis
US11277423B2 (en) * 2017-12-29 2022-03-15 Crowdstrike, Inc. Anomaly-based malicious-behavior detection
US11381984B2 (en) * 2018-03-27 2022-07-05 Forescout Technologies, Inc. Device classification based on rank
US11528287B2 (en) 2018-06-06 2022-12-13 Reliaquest Holdings, Llc Threat mitigation system and method
US11709946B2 (en) 2018-06-06 2023-07-25 Reliaquest Holdings, Llc Threat mitigation system and method
US11444957B2 (en) * 2018-07-31 2022-09-13 Fortinet, Inc. Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
USD926809S1 (en) 2019-06-05 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926810S1 (en) 2019-06-05 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926200S1 (en) 2019-06-06 2021-07-27 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926782S1 (en) 2019-06-06 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926811S1 (en) 2019-06-06 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
US11533323B2 (en) * 2019-10-10 2022-12-20 Target Brands, Inc. Computer security system for ingesting and analyzing network traffic
CN111079144B (zh) * 2019-11-25 2022-07-01 杭州迪普科技股份有限公司 一种病毒传播行为检测方法及装置
US11438373B2 (en) * 2020-01-09 2022-09-06 Cymulate Ltd. Monitoring for security threats from lateral movements
WO2021144978A1 (ja) * 2020-01-17 2021-07-22 三菱電機株式会社 攻撃推定装置、攻撃推定方法及び攻撃推定プログラム
CN112287339B (zh) * 2020-03-06 2024-06-04 杭州奇盾信息技术有限公司 Apt入侵检测方法、装置以及计算机设备
CN111475818B (zh) * 2020-04-17 2023-08-11 北京墨云科技有限公司 一种基于ai的自动化渗透测试系统的渗透攻击方法
US11847214B2 (en) * 2020-04-21 2023-12-19 Bitdefender IPR Management Ltd. Machine learning systems and methods for reducing the false positive malware detection rate
US20220075871A1 (en) * 2020-09-09 2022-03-10 Microsoft Technology Licensing, Llc Detecting hacker tools by learning network signatures
CN112269316B (zh) * 2020-10-28 2022-06-07 中国科学院信息工程研究所 一种基于图神经网络的高鲁棒性威胁狩猎系统与方法
US20240137382A1 (en) 2021-07-16 2024-04-25 Wiz, Inc. Techniques for cybersecurity identity risk detection utilizing disk cloning and unified identity mapping
US12278840B1 (en) 2021-07-16 2025-04-15 Wiz, Inc. Efficient representation of multiple cloud computing environments through unified identity mapping
US12278819B1 (en) 2021-07-16 2025-04-15 Wiz, Inc. Cybersecurity threat detection utilizing unified identity mapping and permission detection
US12505200B2 (en) 2022-05-23 2025-12-23 Wiz, Inc. Techniques for improved virtual instance inspection utilizing disk cloning
US12579251B2 (en) 2021-11-24 2026-03-17 Wiz, Inc. System and method for detecting excessive permissions in identity and access management
US12019730B2 (en) * 2021-09-28 2024-06-25 Red Hat, Inc. Systems and methods for identifying computing devices
US12489781B2 (en) 2021-11-24 2025-12-02 Wiz, Inc. Techniques for lateral movement detection in a cloud computing environment
US12524550B2 (en) 2021-11-24 2026-01-13 Wiz, Inc. System and method for recursive inspection of workloads from configuration code to production environments
US12063228B2 (en) * 2021-12-22 2024-08-13 Cisco Technology, Inc. Mitigating security threats in daisy chained serverless FaaS functions
US12219048B1 (en) 2021-12-27 2025-02-04 Wiz, Inc. Techniques for encrypted disk cybersecurity inspection utilizing disk cloning
US11936785B1 (en) 2021-12-27 2024-03-19 Wiz, Inc. System and method for encrypted disk inspection utilizing disk cloning techniques
US12081656B1 (en) 2021-12-27 2024-09-03 Wiz, Inc. Techniques for circumventing provider-imposed limitations in snapshot inspection of disks for cybersecurity
US11841945B1 (en) 2022-01-31 2023-12-12 Wiz, Inc. System and method for cybersecurity threat detection utilizing static and runtime data
US12531881B2 (en) 2022-01-31 2026-01-20 Wiz, Inc. Detection of cybersecurity threats utilizing established baselines
WO2023144805A1 (en) * 2022-01-31 2023-08-03 Wiz, Inc. Techniques for cloud detection and response from cloud logs utilizing a security graph
US12267326B2 (en) 2022-04-13 2025-04-01 Wiz, Inc. Techniques for detecting resources without authentication using exposure analysis
US12395488B2 (en) 2022-04-13 2025-08-19 Wiz, Inc. Techniques for analyzing external exposure in cloud environments
US12443720B2 (en) 2022-08-10 2025-10-14 Wiz, Inc. Techniques for detecting applications paths utilizing exposure analysis
US12244627B2 (en) 2022-04-13 2025-03-04 Wiz, Inc. Techniques for active inspection of vulnerability exploitation using exposure
US11936693B2 (en) 2022-04-13 2024-03-19 Wiz, Inc. System and method for applying a policy on a network path
CN114844691B (zh) * 2022-04-20 2023-07-14 安天科技集团股份有限公司 一种数据处理方法、装置、电子设备及存储介质
US12212586B2 (en) 2022-05-23 2025-01-28 Wiz, Inc. Techniques for cybersecurity inspection based on runtime data and static analysis from cloned resources
US12079328B1 (en) 2022-05-23 2024-09-03 Wiz, Inc. Techniques for inspecting running virtualizations for cybersecurity risks
US12506755B2 (en) 2022-05-23 2025-12-23 Wiz, Inc. Technology discovery techniques in cloud computing environments utilizing disk cloning
US12287899B2 (en) 2022-05-23 2025-04-29 Wiz, Inc. Techniques for detecting sensitive data in cloud computing environments utilizing cloning
US12217079B2 (en) 2022-05-23 2025-02-04 Wiz, Inc. Detecting security exceptions across multiple compute environments
US12061719B2 (en) 2022-09-28 2024-08-13 Wiz, Inc. System and method for agentless detection of sensitive data in computing environments
US12061925B1 (en) 2022-05-26 2024-08-13 Wiz, Inc. Techniques for inspecting managed workloads deployed in a cloud computing environment
EP4544433A1 (en) 2022-06-24 2025-04-30 Binalyze Yazlim A.S. Systems and methods for detection of advanced persistent threats in an information network
US20250384127A1 (en) * 2022-07-15 2025-12-18 Bluevoyant Llc Devices, systems, and methods for utilizing a networked, computer-assisted, threat hunting platform to enhance network security
CN117792745B (zh) * 2023-12-28 2025-02-11 北京江民新科技术有限公司 基于att&ck模型的apt攻击检测方法及系统
CN118890214B (zh) * 2024-09-27 2024-12-06 奇安星城网络安全技术(湖南)有限公司 一种针对apt攻击的检测和防御方法

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9703950B2 (en) 2012-03-30 2017-07-11 Irdeto B.V. Method and system for preventing and detecting security threats
US9088606B2 (en) * 2012-07-05 2015-07-21 Tenable Network Security, Inc. System and method for strategic anti-malware monitoring
RU141239U1 (ru) 2013-06-04 2014-05-27 Федеральное государственное казенное военное образовательное учреждение высшего профессионального образования "ВОЕННАЯ АКАДЕМИЯ СВЯЗИ имени Маршала Советского Союза С.М. Буденного" Министерства обороны Российской Федерации Устройство для обнаружения компьютерных атак на информационно-телекоммуникационные сети военного назначения
RU2538292C1 (ru) 2013-07-24 2015-01-10 Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" Способ обнаружения компьютерных атак на сетевую компьютерную систему
US10089461B1 (en) * 2013-09-30 2018-10-02 Fireeye, Inc. Page replacement code injection
WO2015066604A1 (en) 2013-11-04 2015-05-07 Crypteia Networks S.A. Systems and methods for identifying infected network infrastructure
RU2587426C2 (ru) 2013-12-27 2016-06-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обнаружения направленных атак на корпоративную инфраструктуру
US20150326592A1 (en) * 2014-05-07 2015-11-12 Attivo Networks Inc. Emulating shellcode attacks
US9754106B2 (en) 2014-10-14 2017-09-05 Symantec Corporation Systems and methods for classifying security events as targeted attacks
US9507946B2 (en) 2015-04-07 2016-11-29 Bank Of America Corporation Program vulnerability identification
RU2624552C2 (ru) 2015-06-30 2017-07-04 Закрытое акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, исполняемых с помощью стековой виртуальной машины
CN106888196A (zh) * 2015-12-16 2017-06-23 国家电网公司 一种未知威胁检测的协同防御系统
US9530016B1 (en) 2016-01-29 2016-12-27 International Business Machines Corporation Using source taint analysis to reduce false positives in an advanced persistent threat (APT) protection solution
CN107046543A (zh) * 2017-04-26 2017-08-15 国家电网公司 一种面向攻击溯源的威胁情报分析系统

Also Published As

Publication number Publication date
US11489855B2 (en) 2022-11-01
JP2019082989A (ja) 2019-05-30
US20190104140A1 (en) 2019-04-04
EP3462698B1 (en) 2021-06-23
US20210067529A1 (en) 2021-03-04
EP3462698A1 (en) 2019-04-03
US10873590B2 (en) 2020-12-22
CN109583193A (zh) 2019-04-05
JP7084778B2 (ja) 2022-06-15

Similar Documents

Publication Publication Date Title
CN109583193B (zh) 目标攻击的云检测、调查以及消除的系统和方法
CN109684832B (zh) 检测恶意文件的系统和方法
US9223978B2 (en) Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
RU2762528C1 (ru) Способ обработки событий информационной безопасности перед передачей на анализ
JP6134395B2 (ja) アプリケーション制御のためのリスクベースの規則のシステム及び方法
CN110119619B (zh) 创建防病毒记录的系统和方法
CN113824678B (zh) 处理信息安全事件的系统、方法和非暂时性计算机可读介质
US8955138B1 (en) Systems and methods for reevaluating apparently benign behavior on computing devices
RU2750628C2 (ru) Система и способ определения уровня доверия файла
RU2661533C1 (ru) Система и способ обнаружения признаков компьютерной атаки
RU2763115C1 (ru) Способ корректировки параметров модели машинного обучения для определения ложных срабатываний и инцидентов информационной безопасности
Aljaidi et al. An assessment of obfuscated bad rabbit ransomware detection and prevention methods
Major A Taxonomic Evaluation of Rootkit Deployment, Behavior and Detection
US20260087178A1 (en) Methods and associated computer systems for ensuring the integrity of data
Kavithamani et al. An analysis of remotely triggered malware exploits in content management system-based web applications
Hovmark et al. Towards Extending Probabilistic Attack Graphs with Forensic Evidence: An investigation of property list files in macOS
Aliabbas INFORMATION AND WEB TECHNOLOGIES
Lai et al. Target Attack Backdoor Malware Analysis and Attribution
CN117972676A (zh) 应用检测方法、装置、电子设备及存储介质
CN118551371A (zh) 用于识别信息安全威胁的系统和方法
CN120263435A (zh) 漏洞防护方法、装置、电子设备、程序产品及存储介质
CN117278288A (zh) 一种网络攻击防护方法、装置、电子设备及存储介质
Pundeer Host-Based Malware Analysis
Decloedt et al. Rootkits, trojans, backdoors and new developments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant