内外双修实现对未知威胁监测

Inside and outside the double realization of the unknown threat monitoring

对未知威胁监测,常规手段都是基于内部技术的,常见的三个监测维度:文件处理、静态检测、动态检测。这些方式在一定范围内有效,却无法避免检测技术自身的局限性,对新攻击手法和未知漏洞的识别能力有限。数据量较小时,对可疑数据还原,通过内部检测技术对其进行相关分析,可由专家人工识别部分未知攻击行为。而大数据模式下,靠已知技术和人工来识别千变万化的未知破坏意图是完全不现实的。作为补充,利用大数据从外部IP的可信性角度做风险评估,减少噪音事件,把风险定位的圈子缩小,从路径和历史记录中筛选出可疑的行为,从而进一步通过内部行为分析对未知威胁进行准确的研判和定位是可行的。

So-called unknown threat,which type couldn't have been found,have unknown features and potential threats to information systems.It's completely unable to confirm just by using the single methods of signature identification.“Unknown Threat Monitoring Technology Research”, detects it by revert ing file of data flow ,can analysing attack behavior and learn the content and intention of the attack.We can monitor it from four dimension:File process,Static detection,Dynamic detection,Virus Detection.