| 基于通信特征的APT攻击检测方法 |
| |
| 引用本文: | 戴 震,程 光.基于通信特征的APT攻击检测方法[J].计算机工程与应用,2017,53(18):77-83. |
| |
| 作者姓名: | 戴 震 程 光 |
| |
| 作者单位: | 1.东南大学 计算机科学与工程学院,南京 211189
2.东南大学 计算机网络和信息集成教育部重点实验室,南京 211189 |
| |
| 摘 要: | 高级持续性威胁(APT)已经在全球范围内产生了严重的危害,APT攻击检测已经成为网络安全防护领域的重点。由于APT具有攻击手段多样,持续时间长等特点,传统的检测技术已经起不到理想的效果。利用从国际安全公司报告中提取的APT通信特征,提出了一种基于通信特征的APT攻击检测方法。为了提高该方法的检测效果,还提出了利用bloom filter对报文进行快速筛选和精确匹配相结合的双层通信特征匹配算法。实验结果表明,该方法具有较高的检测率和较低的误报率。
|
| 关 键 词: | APT检测 特征提取 特征匹配 bloomfilter |
Advanced persistent threat detection based on characteristics of communications |
| |
| DAI Zhen,CHENG Guang.Advanced persistent threat detection based on characteristics of communications[J].Computer Engineering and Applications,2017,53(18):77-83. |
| |
| Authors: | DAI Zhen CHENG Guang |
| |
| Affiliation: | 1.School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
2.Key Laboratory of Computer Network and Information Integration, Ministry of Education, Southeast University, Nanjing 211189, China |
| |
| Abstract: | Advanced Persistent Threat(APT) is a serious threat to the world, APT detection has become the key point of network security protection. Due to the complexity of APT, the traditional detection technology cannot perform well. An APT detection method is proposed by using APT communication features extracted from international security company reports. In order to improve the detection effect of this method, an algorithm for double feature matching is put forward. The initial feature matching method uses bloom filter to filter out some messages quickly, and then the exact matching method is set up to determine whether it is APT malicious traffic. The experimental results show that the method has higher detection rate and fewer false positives. |
| |
| Keywords: | Advanced Persistent Threat(APT) detection feature extraction feature matching bloom filter |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
