| CPC H04L 63/1425 (2013.01) [G06F 9/542 (2013.01); H04L 63/1416 (2013.01)] | 10 Claims |
|
1. A method for detecting and analyzing time-series data based on a cyber threat framework, the method comprising:
an event determining operating of determining, according to a predetermined criterion, at least one target API event from an event set including a plurality of events stored in a cloud environment;
a mapping operation of mapping the at least one target API event to a threat behavior type corresponding to at least one technique included in a threat behavior analysis matrix based on a pre-stored threat behavior profile, wherein the threat behavior analysis matrix comprises a plurality of tactics and at least one technique included in each of the tactics;
a scenario creating operation of combining at least one of the at least one target API event based on the threat behavior type and creating at least one threat scenario;
a numerical value calculating operation of calculating a degree of matching and a risk for the at least one threat scenario based on a database, wherein the numerical value calculating operation comprises a risk calculating operation of calculating, by the main server, a risk of the at least one threat scenario based on a threat behavior type included in the at least one threat scenario;
a risk grade determining operating of determining a risk grade of the at least one threat scenario based on at least one of the degree of matching and the risk, wherein in the risk grade determining operating, a risk grade of the at least one threat scenario is determined based on an overall risk score calculated based on the degree of matching and the risk;
a threat behavior determining operating of determining a predicted threat behavior corresponding to the at least one threat scenario based on the risk grade; and
a solution providing operation of creating and providing a prompt based on the predicted threat behavior.
|