面向APT攻击的关联分析检测模型研究  被引量:1

Research on an APT attack-oriented detection model with association analysis

在线阅读下载全文

作  者:李杰[1] 楼芳[1] 金渝筌[1] 董智馨[1] 

机构地区:[1]中国工程物理研究院计算机应用研究所,四川绵阳621900

出  处:《计算机工程与科学》2015年第8期1458-1464,共7页Computer Engineering & Science

摘  要:近年来随着Flame、Duqu以及Stuxnet等病毒攻击的曝光,高级持续性威胁(APT)攻击已引起社会各界的广泛重视。APT攻击相比传统攻击具有目标性、持续性、隐蔽性以及复杂性,具有很强的破坏性,造成的攻击后果十分严重。然而,由于APT攻击方式多样化,具有很强的隐蔽性,传统的防护机制,包括防火墙、杀毒软件、入侵检测等很难发现APT攻击,或者发现时可能已经完成了攻击目的。在研究APT攻击特性的基础上建立APT攻击检测模型;同时设定时间窗,对多种攻击检测方法得到的攻击事件进行关联分析,并与APT攻击检测模型进行路径匹配,通过攻击路径的匹配度来判断系统受到的攻击中是否存在APT攻击。实验表明,在攻击检测模型相对完整的情况下,对APT攻击的检测能够达到较高的准确率。As Flame, Duqu, Stuxnet and other virus attacks have been reported in these years, the whole society has laid more emphasis on APT attacks. Compared with traditional attacks, APT attacks are more targeted, persistent, hidden and complexl they are also destructive and can cause serious con- sequences. However, because APT attacks can happen in lots of ways and are deeply hidden, and traditional detections, including firewall, antivirus, IDS and so on, can hardly discover APT attacks, or the attack goals have been reached long before the detection. To solve theses problems, we design an APT attack detection model based on the research of the features of APT attacks. Besides, with proper time threshold, we conduct association analysis of the attacks detected by various detection methods, and the attack paths can be matched with the attack detection model. Based on the matching degree of the intrusion paths, we can make a judgment about the existence of APT attacks. And experimental results show that with a relatively complete ATP attack detection model, the detection precision of APT attacks is higher.

关 键 词:APT攻击检测 关联分析 路径匹配 时间窗 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象