基于通信特征的APT攻击检测方法

发布时间：2018-05-11 18:28

  本文选题：APT检测 + 特征提取　； 参考：《计算机工程与应用》2017年18期

【摘要】：高级持续性威胁(APT)已经在全球范围内产生了严重的危害,APT攻击检测已经成为网络安全防护领域的重点。由于APT具有攻击手段多样,持续时间长等特点,传统的检测技术已经起不到理想的效果。利用从国际安全公司报告中提取的APT通信特征,提出了一种基于通信特征的APT攻击检测方法。为了提高该方法的检测效果,还提出了利用bloom filter对报文进行快速筛选和精确匹配相结合的双层通信特征匹配算法。实验结果表明,该方法具有较高的检测率和较低的误报率。
[Abstract]:Advanced persistent threat (apt) has caused serious damage to apt attack detection around the world and has become the focus of network security protection field. Because APT has the characteristics of various attack methods and long duration, the traditional detection technology has not achieved ideal results. Based on the APT communication features extracted from the reports of international security companies, a APT attack detection method based on communication features is proposed. In order to improve the detection effect of this method, a two-layer communication feature matching algorithm combining fast filtering and accurate matching with bloom filter is proposed. The experimental results show that the method has higher detection rate and lower false alarm rate.
【作者单位】： 东南大学计算机科学与工程学院;东南大学计算机网络和信息集成教育部重点实验室;
【基金】：国家高技术研究发展计划(863计划)(No.2015AA015603) 国家自然科学基金(No.61602114) 无线通信技术协同创新 软件新技术协同创新
【分类号】：TP393.08
，

本文编号：1875075