基于活动行为特征的APT攻击检测方法研究
|
摘要
APT(高级持续性威胁)是专门针对特定组织所作的复杂且多方位的高级渗透攻击。本文提出了一种基于活动行为特征关联分析的APT攻击行为检测模型,从恶意行为代码感知、软件安全漏洞感知、典型攻击行为感知、综合关联分析四个方面来实现对APT攻击行为的监测预警,并将其有效应用于APT攻击检测系统,为未来APT攻击防御产品的研发提供了一种新的思路。
APT( Advanced Persistent Threat) is complex and multifaceted advanced penetration attack,which is made specifically for a particular organization. This paper proposed a method which is based on the analysis of the activities associated with behavior characteristics. The APT attack monitoring,early warning from malicious behavior code awareness,software vulnerabilities awareness,the awareness of the typical behavior of attack,and comprehensive analysis are realized. This method will give an idea for the product of the APT defense.
APT( Advanced Persistent Threat) is complex and multifaceted advanced penetration attack,which is made specifically for a particular organization. This paper proposed a method which is based on the analysis of the activities associated with behavior characteristics. The APT attack monitoring,early warning from malicious behavior code awareness,software vulnerabilities awareness,the awareness of the typical behavior of attack,and comprehensive analysis are realized. This method will give an idea for the product of the APT defense.
引文
[1]杜跃进. APT应对面临的挑战——关于APT的一些问题[J].信息安全与通信保密. 2012,41(7):13-14.
[2]江原. APT攻击的那些事[J].信息安全与通信保密.2011,33(11):22-23.
[3]张帅.对APT攻击的检测与防御[J].信息安全与技术. 2011,2(09):125-127.
[4]杨晋等.下一代木马的关键技术方向探究[J].信息网络安全. 2012,(12):36-38.
[5]陈友,沈华伟,李洋,等.一种高效的面向轻量级入侵检测系统的特征选择算法[J].计算机学报,2007,30(8):1398-1408.
[6] Luo Z,Zhang W,Li Y,et al. SVM parameters tuning with quantum particles swarm optimization[C]. Cybernetics and Intelligent Systems,2008 IEEE Conference on.IEEE,2008:324-329.
[7]王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943.
[8]张玉芳,陈小莉,熊忠阳.基于信息增益的特征词权重调整算法研究[J].计算机工程与应用,2007,43(35):159-161.
[9]刘松,张德贤.基于权重差异和类别关联的互信息改进研究[J].计算机应用研究,2014,31(7):1998-2000.
[10]洪智勇,王天擎,刘灿涛.一种新的互信息特征子集评价函数[J].计算机工程与应用,2011,47(22):130-132.
[11] Joachims T. Transductive inference for text classification using support vector machines[C]. MACHINE LEARNING-INTERNATIONAL WORKSHOP THEN CONFERENCE-. MORGAN KAUFMANN PUBLISHERS,INC.,1999:200-209.
[2]江原. APT攻击的那些事[J].信息安全与通信保密.2011,33(11):22-23.
[3]张帅.对APT攻击的检测与防御[J].信息安全与技术. 2011,2(09):125-127.
[4]杨晋等.下一代木马的关键技术方向探究[J].信息网络安全. 2012,(12):36-38.
[5]陈友,沈华伟,李洋,等.一种高效的面向轻量级入侵检测系统的特征选择算法[J].计算机学报,2007,30(8):1398-1408.
[6] Luo Z,Zhang W,Li Y,et al. SVM parameters tuning with quantum particles swarm optimization[C]. Cybernetics and Intelligent Systems,2008 IEEE Conference on.IEEE,2008:324-329.
[7]王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943.
[8]张玉芳,陈小莉,熊忠阳.基于信息增益的特征词权重调整算法研究[J].计算机工程与应用,2007,43(35):159-161.
[9]刘松,张德贤.基于权重差异和类别关联的互信息改进研究[J].计算机应用研究,2014,31(7):1998-2000.
[10]洪智勇,王天擎,刘灿涛.一种新的互信息特征子集评价函数[J].计算机工程与应用,2011,47(22):130-132.
[11] Joachims T. Transductive inference for text classification using support vector machines[C]. MACHINE LEARNING-INTERNATIONAL WORKSHOP THEN CONFERENCE-. MORGAN KAUFMANN PUBLISHERS,INC.,1999:200-209.