检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王通 郭渊博[1,2] 祝松帅 严新成 WANG Tong;GUO Yuanbo;ZHU Songshuai;YAN Xincheng(Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
机构地区:[1]信息工程大学,河南郑州450001 [2]国家数学工程与先进计算重点实验室,河南郑州450001
出 处:《信息工程大学学报》2017年第6期719-725,共7页Journal of Information Engineering University
摘 要:在分析APT(advanced persistent threat)攻击特点及手段的基础上提出一种基于大数据关联技术的APT检测方法。该方法通过分布式采集数据,利用各攻击阶段特征选取元素实现整个攻击链的检测。关注攻击对设备及网络功能的影响,将检测的重心从对攻击的检测转换到对设备及网络各种属性是否正常运作的检测上。同时参考APT攻击在现有网络中发挥作用的步骤及实施方法,构建基于攻击链扩展的多面体检测模型。By analyzing the characteristics and means of attacking for APT (Advanced Persistent Threat) , we propose a method for APT detection based on big data correlation technology. Through distributed data collection, the whole attack chain can be detected by using the teature element se- lected in each attack phase. This paper focuses on the impact of attack on the device and network functions, and shifts the key point for detection from the attack itself to the normal operation of vari- ous properties of the equipment and network. At the same time, we also reier to the steps and imple- mentation methods of APT attack which play a role in the existing network, and build a polyhedron detection model based on the extension of attack chain.
分 类 号:TN918.1[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
