| 发明名称 |
ADVANCED PERSISTENT THREAT (APT) DETECTION CENTER |
| 摘要 |
A computerized method is described in which one or more received objects are analyzed by an advanced persistent threat (APT) detection center to determine if the objects are APTs. The analysis may include the extraction of features describing and characterizing features of the received objects. The extracted features may be compared with features of known APT malware objects and known non-APT malware objects to determine a classification or probability of the received objects being APT malware. Upon determination that the received objects are APT malware, warning messages may be transmitted to a user of associated client devices. Classified objects may also be used to generate analytic data for the prediction and prevention of future APT attacks. |
| 申请公布号 |
US2015096024(A1) |
申请公布日期 |
2015.04.02 |
| 申请号 |
US201314042483 |
申请日期 |
2013.09.30 |
| 申请人 |
FireEye, Inc. |
发明人 |
Haq Thoufique;Zhai Jinjian;Pidathala Vinay K. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computerized method for discovering and identifying advanced persistent threats (APT) using an APT detection center, comprising:
receiving, by an APT server, an object to be classified; extracting features describing behavior of the received object; storing the received object along with the extracted features in an APT database; comparing the extracted features with features of objects in the APT database using an APT classifier; and flagging the received object as an APT object in the APT database in response to determining that the extracted features include one or more APT related features having a prescribed level of correlation with one or more features of known APT objects in the APT database. |
| 地址 |
Milpitas CA US |
