| 主权项 |
1. A computerized method for discovering and identifying an advanced persistent threat (APT) object corresponding to an object that includes an APT being a type of malware that is directed at a particular target and seeks to surveil, extract or manipulate data to which the particular target would have access, comprising:
receiving an object to be classified by one or more virtual machines of an APT detection center, the APT detection center includes a server and the one or more virtual machines communicatively coupled to the server and configured for processing of the received object; extracting features of the received object during processing of the received object by the one or more virtual machines, a first extracted feature of the extracted features includes information associated with an action performed during processing of the received object within the one or more virtual machines; conducting, by the server, a first analysis by comparing the extracted features with features of known APT objects stored in an APT database accessible to the server; responsive to determining that the extracted features satisfy a prescribed level of correlation with one or more features of known APT objects in the APT database, identifying the received object as an APT object in the APT database; and responsive to determining that the extracted features fail to satisfy the prescribed level of correlation with the one or more features of the known APT objects in the APT database, conducting a second analysis by the server subsequent to the first analysis, the second analysis includes a comparison of features associated with known non-APT malware to determine whether the received object is known non-APT type malware, the second analysis being different from the first analysis. |
