面向APT攻击的网络安全威胁隐蔽目标识别方法

针对当前网络APT隐蔽目标攻击识别方法准确率低、攻击识别耗时长的问题,提出面向APT攻击的网络安全威胁隐蔽目标识别方法.引入关联规则算法构建隐蔽目标识别模型,据此构建APT攻击隐蔽目标识别的总体框架,根据APT目标档案属性相关性计算网络安全威胁之间的关联规则,根据关联规则提取APT目标档案数据,通过可信度计算实现APT攻击下的网络安全威胁隐蔽目标识别.仿真实验表明,所提方法具有较高的攻击识别准确率,且攻击识别耗时短,能够高效、准确地实现APT攻击下网络安全威胁隐蔽目标识别.

Hidden target recognition method for network security focused on APT attacks

Aiming at the problems of low accuracy and long recognition time of current hidden target identification methods focused on network APT attacks, a hidden target recognition method for network security focused on APT attacks was proposed. Through introducing an association rule algorithm, a hidden target recognition model was constructed, with which an overall framework of hidden target recognition focused on APT attacks was established. According to the attribute correlation of APT target files, the association rules among network security threats were calculated. The APT target file data were extracted according to the association rules, and the hidden target identification under network security threats was realized through the credibility calculation. Simulation experiments show that the proposed method has a higher accuracy and a lower time-consumption for attack identification, and can realize the hidden target identification under network security threats with APT attacks efficiently and accurately.