| 基于树型结构的APT攻击预测方法 |
| |
| 引用本文: | 张小松,牛伟纳,杨国武,卓中流,吕凤毛.基于树型结构的APT攻击预测方法[J].电子科技大学学报(自然科学版),2016,45(4):582-588. |
| |
| 作者姓名: | 张小松 牛伟纳 杨国武 卓中流 吕凤毛 |
| |
| 作者单位: | 1.电子科技大学网络空间安全研究中心 成都 611731 |
| |
| 基金项目: | 国家自然科学基金项目61572115,61402080中国博士后科学基金2014M562307四川省重大基础研究课题2016JY0007 |
| |
| 摘 要: | 近年来,高级持续性威胁已成为威胁网络安全的重要因素之一。然而APT攻击手段复杂多变,且具有极强的隐蔽能力,使得目前常用的基于特征匹配的边界防护技术显得力不从心。面对APT攻击检测防御难题,提出了一种基于树型结构的APT攻击预测方法。首先结合杀伤链模型构建原理,分析APT攻击阶段性特征,针对攻击目标构建窃密型APT攻击模型;然后,对海量日志记录进行关联分析形成攻击上下文,通过引入可信度和DS证据组合规则确定攻击事件,计算所有可能的攻击路径。实验结果表明,利用该方法设计的预测模型能够有效地对攻击目标进行预警,具有较好的扩展性和实用性。
|
| 关 键 词: | 高级持续性威胁 攻击预测 关联分析 杀伤链 |
| 收稿时间: | 2016-05-15 |
Method for APT Prediction Based on Tree Structure |
| |
| Affiliation: | 1.Center for Cyber Security, University of Electronic Science and Technology of China Chengdu 6117312.Big Data Research Center, University of Electronic Science and Technology of China Chengdu 611731 |
| |
| Abstract: | In recent years, advanced persistent threat (APT) has become one of the most important factors threatening cyber security. However, due to the complicated attacking method and strong conceal ability of APT, it is very hard to predict APT using the common boundary protection technique based on feature matching. To solve the problem of APT attack detection and defense, we propose an APT attacks prediction method based on tree structure. An APT exfiltration model of an attack target combing the kill chain model with stage characteristics is first constructed. And then the correlation analysis of massive logs is conducted to formulate attack events context, and the credibility ratio and DS evidence theory are introduced to determine true attack events. Finally, all possible attack paths are calculated. Experimental results show that our proposed method can predict APT attacks, and it can obtain good scalability and practicability. |
| |
| Keywords: | |
|
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
