| CPC G06F 21/554 (2013.01) [G06F 21/552 (2013.01); G06F 21/577 (2013.01); G06F 2221/034 (2013.01)] | 6 Claims |
|
1. A method of processing cyber threat information, the method comprising:
receiving a file or information on the file from a user through at least one interface,
wherein the file includes either an executable file or non-executable file;
processing cyber threat information on advanced persistent threat (APT) attacks related to the received file or the information on the file,
wherein when the received file is the executable file, a first cyber threat feature being extracted from one or more functions in the file is classified into a first attack technique identifier and a first attack group identifier, and
when the received file is the non-executable file, a second cyber threat feature is extracted from memory data in a suspended state of an application of the non-executable file at the time of executing the application in a kernel area, and the extracted second cyber threat feature is classified into a second attack technique identifier and a second attack group identifier, and
wherein the cyber threat information is generated based on the first or second attack technique identifier and the first or second attack group identifier;
and
performing natural language processing on the cyber threat information and providing a real-time intelligence line feed service on the APT attacks based on the natural language through a user interface.
|