| 基于危险理论的APT攻击实时响应模型 |
| |
| 引用本文: | 张瑜,LIUQingzhong,李涛,曹均阔,吴丽华.基于危险理论的APT攻击实时响应模型[J].四川大学学报(工程科学版),2015,47(4):83-90. |
| |
| 作者姓名: | 张瑜 LIUQingzhong 李涛 曹均阔 吴丽华 |
| |
| 作者单位: | 四川大学计算机学院 |
| |
| 基金项目: | 61462025 基于免疫的Rootkit隐遁攻击动态内存取证方法研究;61262077 基于免疫的Rootkit渗透攻击机理分析与检测方法研究;61173159 基于免疫的网络病毒入侵动态风险评估模型 |
| |
| 摘 要: | 针对当前破坏性极大的APT(Advanced Persistent Threat,高级持续性威胁)攻击威胁,提出了一种基于免疫危险理论的APT攻击实时响应模型。定义了网络活动中的自体、非自体、危险抗原、危险信号、抗原提呈细胞(特征提取器)、免疫细胞(特征识别器),使用了危险信号浓度来实时定量计算抗原危险性,并在此基础上建立了抗原提呈细胞、免疫细胞和抗原基因库动态演化方程。理论分析与实验结果表明,本模型有效克服了抗原危险性难以实时定量计算的问题,且对于APT攻击抗原的检测较传统方法有更好的适应性。
|
| 关 键 词: | 危险理论 APT攻击 人工免疫系统 危险信号 |
| 收稿时间: | 2014/11/19 0:00:00 |
| 修稿时间: | 3/6/2015 12:00:00 AM |
Danger Theory-based Real-time Response Model for APT Attacks |
| |
| Abstract: | An advanced persistent threat (APT) is a network attack during which an unauthorized person obtains access to a network and stays there undetected for a long period of time. APT attacks are difficult to identify because of their completely invisibility. Inspired by the danger theory in the biology immune system, we presented a danger theory-based real-time response model for APT attacks. Some important definitions such as self, nonself, danger signal, danger antigen, antigen presenting cell and immune cell in the network activities are defined. The dynamic evolution equations of antigen presenting cells, immune cells, and antigen gene library are established. We also use the danger signal concentration to calculate the antigen danger. The theoretical analysis and experimental results show that the presented model effectively overcomes the quantitative real-time calculation problem of antigen danger, and has much more adaptability than traditional methods for APT attacks detection. |
| |
| Keywords: | Danger theory APT attacks Artificial immune system Danger signals |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息 |
|
点击此处可从《四川大学学报(工程科学版)》下载全文 |
