基于危险理论的APT攻击实时响应模型  被引量:9

Danger Theory Based Real-time Response Model for APT Attacks

在线阅读下载全文

作  者:张瑜[1,2] LIU Qingzhong 李涛[3] 曹均阔[1] 吴丽华[1] 

机构地区:[1]海南师范大学计算机系,海南海口571158 [2]Dept.of Computer Sei.,Sam Houston State Univ.,Houston 77340,USA [3]四川大学计算机学院,四川成都610065

出  处:《四川大学学报(工程科学版)》2015年第4期83-90,共8页Journal of Sichuan University (Engineering Science Edition)

基  金:国家自然科学基金资助项目(61462025;61262077;61173159;61363032);海南省自然科学基金资助项目(613161);国家级大学生创新创业训练计划基金资助项目(201211658036)

摘  要:针对当前破坏性极大的APT(advanced persistent threat,高级持续性威胁)攻击威胁,提出一种基于免疫危险理论的APT攻击实时响应模型。定义了网络活动中的自体、非自体、危险抗原、危险信号、抗原提呈细胞(特征提取器)、免疫细胞(特征识别器),使用危险信号浓度来实时定量计算抗原危险性,并在此基础上建立了抗原提呈细胞、免疫细胞和抗原基因库动态演化方程。理论分析与实验结果表明,提出的模型有效克服了抗原危险性难以实时定量计算的问题,且对于APT攻击抗原的检测较传统方法有更好的适应性。An advanced persistent threat( APT) is a network attack during which an unauthorized person obtains access to a network and stays there undetected for a long period of time. APT attacks are difficult to identify because of their completely invisibility. Inspired by the danger theory in the biology immune system,a danger theory based real-time response model for APT attacks was presented. Some important definitions such as self,nonself,danger signal,danger antigen,antigen presenting cell and immune cell in the network activities were defined. The dynamic evolution equations of antigen presenting cells,immune cells,and antigen gene library were established. The danger signal concentration was also used to calculate the antigen danger. The theoretical analysis and experimental results showed that the presented model effectively overcomes the quantitative real-time calculation problem of antigen danger,and has much more adaptability than traditional methods for APT attacks detection.

关 键 词:危险理论 APT攻击 人工免疫系统 危险信号 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象