检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:朱元庆 李赛飞[1] 李洪赭 ZHU Yuan-Qing;LI Sai-Fei;LI Hong-Zhe(School of Information Science and Technology,Southwest Jiaotong University,Chengdu 611756,China)
机构地区:[1]西南交通大学信息科学与技术学院,成都611756
出 处:《计算机系统应用》2021年第12期147-154,共8页Computer Systems & Applications
基 金:四川省科技计划(2021YJ0372,2019ZDZX0007);中央高校基本科研业务费专项(2682019CX63)。
摘 要:在大规模网络环境下,主机面临的安全威胁也愈发多样.随着基于机器学习检测恶意文件的技术快速崛起,极大的提升了对恶意软件的检测能力,也迫使对手改变了攻击策略.其中"Living off the land"策略通过调用操作系统工具或者执行任务的自动化管理程序来实现恶意行为.威胁检测可以从父子进程的上下文中发现可疑行为,将父子进程链及其派生的相关事件看作无向图,应用监督学习XGBoost算法进行权重分配,生成无向加权图.最后使用社区发现算法从图中识别出更大的攻击序列,在MIRTE ATT&CK仿真攻击数据集上进行验证.In a large-scale network,the security threats faced by the host are becoming increasingly diverse.With the rapid rise of technology based on machine learning to detect malicious files,the ability to detect malware has been greatly improved,and it has also forced adversaries to change their attack strategies.Among them,the"Living off the land"strategy achieves malicious behavior by calling operating system tools or automated management programs that perform tasks.Threat detection can find suspicious behavior in the context of parent and child processes.The parent-child process chain and the related events derived from it are regarded as an undirected graph,and the supervised learning XGBoost algorithm is used for weight distribution to generate an undirected weighted graph.Finally,a community discovery algorithm is employed to identify larger attack sequences from the graph.The above algorithm is verified on the simulated attack dataset of MIRTE ATT&CK.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.148.180.219