Network intrusion detection method, device and apparatus and readable storage medium
The invention discloses a network intrusion detection method, device and apparatus, and a readable storage medium. The method comprises the steps of screening out a target object with unknown securityfrom network traffic by utilizing a network intrusion detection system or a network intrusion preven...
Saved in:
Main Author | |
---|---|
Format | Patent |
Language | Chinese English |
Published |
28.07.2020
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The invention discloses a network intrusion detection method, device and apparatus, and a readable storage medium. The method comprises the steps of screening out a target object with unknown securityfrom network traffic by utilizing a network intrusion detection system or a network intrusion prevention system; inputting the target object into a sandbox, and calling a manual operation simulationprogram in the sandbox to perform simulation operation on the target object to obtain response data; performing malicious behavior matching detection on the response data to obtain a malicious behavior detection result; and determining the security of the target object by utilizing a malicious behavior detection result. In this method, network intrusion detection is carried out through combinationof HIDS/HIPS and a sandbox. The defects of traditional HIPS/HIDS in the aspect of malicious file detection capability can be overcome, a feasible scheme is provided for detecting currently popular APT attacks based on maliciou |
---|---|
Bibliography: | Application Number: CN202010236530 |