基于LSTM的Linux系统下APT攻击检测研究  被引量:4

Research on APT Attack Detection Based on LSTM in Linux System

在线阅读下载全文

作  者:时林 时绍森 文伟平[1] Shi Lin;Shi Shaosen;Wen Weiping(School of Software and Microelectronics,Peking University,Beijing 102600)

机构地区:[1]北京大学软件与微电子学院,北京102600

出  处:《信息安全研究》2022年第8期736-750,共15页Journal of Information Security Research

基  金:国家自然科学基金项目(61872011)。

摘  要:随着人们的日常生活被网络所覆盖,网络空间的安全问题也逐渐被重视起来.网络中的攻击手段多种多样,高级持续威胁(advanced persistent threat,APT)攻击是其中较为复杂并且危害性较高的一种,具有攻击过程贯穿系统外部与系统内部且持续性强的特点,并且难以检测与彻底防御.提出一种基于LSTM(long short-term memory)的Linux系统下APT攻击检测方案,构建了一款基于内核插桩的分析恶意Linux ELF文件的沙箱LAnalysis来捕获APT攻击中的恶意行为;通过使用LAnalysis分析结果数据集结合网络攻击流量数据集NSL-KDD,依据攻击时序特征构建了APT攻击数据集,解决了当前业内Linux系统下APT攻击数据集较为缺乏的问题;最后将APT攻击中的时序性引入检测,基于LSTM进行APT攻击的检测.实验结果表明,构建的APT攻击检测模型具有良好的应用效果.As people’s daily life is covered by the network,the security of cyberspace has been paid more and more attention.There are many kinds of attack methods in the network.The APT attack is one of the more complex and harmful.It has the characteristics of strong sustainability and the attack process runs through the outside and inside of the system,and it is difficult to detect and thoroughly defend.This paper proposes a scheme of APT attack detection under a Linux system based on LSTM,constructs an analysis sandbox LAnalysis of malicious Linux ELF files based on kernel instrumentation to capture malicious behaviors in APT attacks,and constructs APT attack dataset by using LAnalysis analysis result dataset and network attack traffic dataset NSL-KDD according to attack timing characteristics,This paper solves the problem of lacking APT attack dataset under the current Linux system in the industry.Finally,the timing of APT attacks is introduced into the detection,and APT attacks are detected based on LSTM.The experimental results show that the APT attack detection model constructed in this paper has a good application effect.

关 键 词:APT攻击 Linux沙箱 长短期记忆网络 APT攻击数据集 ELF文件 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象