检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学,郑州450001
出 处:《计算机工程与应用》2017年第22期97-104,234,共9页Computer Engineering and Applications
基 金:国家自然科学基金(No.61303074;No.61309013);国家重点基础研究发展计划("973"计划)(No.2012CB315900)
摘 要:APT攻击行为的复杂多样性增加了攻击检测的难度,这也正是当前APT攻击研究的难点之一。基于现有研究,提出基于阶段特性的APT攻击行为分类与评估方法。通过学习理解APT攻击的概念,对APT攻击的阶段特征进行总结;以各攻击阶段的目的为依据,对APT攻击行为进行细粒度划分,形成APT攻击行为分类框架;基于各类攻击行为的特点,提取影响APT攻击性能的关键因素,设计相应的量化评估方法,为攻击行为的选取与检测提供指导。通过对实验结果进行分析,所提方法能够真实地反映攻击的实际情况,具有较好的有效性和准确性。The complexity and variety of APT attack increase the difficulty of detection, which is one of the most significant limitations in the research of APT. Based on the existing research, this paper proposes a phase-based classification and evaluation method of APT attack behaviors. By understanding the basic concept of APT, the phase-characteristic is analyzed and summarized. According to the target of each phase, the attack behaviors are fine-grained classified to build the classification framework of APT attack behavior. The primary impact factors which directly influence the performance of attack are extracted and quantified on the basis of each category's features. These factors are used for guiding the selection as well as the detection of attack-behaviors. The experimental result shows that the proposed method can truly reflect the actual situation of attack and performs well in validity and accuracy.
关 键 词:高级可持续性(APT)攻击 攻击检测 行为分类 行为量化
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28