面向5G网络的APT攻击检测系统研究  

作　　者：王继刚[1] 王影新 周海生 宿晓萌 WANG Jigang;WANG Yingxin;ZHOU Haisheng;SU Xiaomeng(Department of Cyberspace Security,ZTE Corporation,Nanjing Jiangsu 210012,China;Tianyi Security Technology Co.,Ltd.,Beijing 100000,China)

机构地区：[1]中兴通讯股份有限公司网络安全产品部,江苏南京210012 [2]天翼安全科技有限公司,北京100000

出　　处：《信息安全与通信保密》2023年第2期46-55,共10页Information Security and Communications Privacy

基　　金：国家科技重大专项(No.2016YFB08002);国家高技术研究发展计划项目(863计划)(No.2013AA013904)。

摘　　要：5G网络在承载更多的社会资产、服务和责任的同时,必然会遭受更多的恶意攻击,尤其是高级持续性威胁(Advanced Persistent Threat,APT)攻击。如何保障5G资产安全及网络正常运作,是5G网络首要解决的问题。APT攻击极强的目标性和隐藏性使得传统检测技术无法有效识别。大数据、机器学习等新技术的日益成熟,为新型攻击检测技术的发展带来了机遇。在深入理解5G网络威胁的内涵与特征基础上,提出了面向5G网络的APT攻击检测系统。该系统首先对5G网络流量进行统计分析,建立流量常态模型,用以区分异常流量;然后结合机器学习技术从异常流量中识别出攻击行为。该攻击检测模型通过与传统网络安全设施共享联动,可以取得良好的攻击流量识别防御效果。With 5G networks carrying more and more social assets,services and responsibilities,it is bound to be subject to more malicious attacks,especially APT(Advanced Persistent Threat)attacks.How to ensure the security of 5G assets and the proper operation of the network is the primary problem to be solved in 5G networks.The extremely targeted and hidden characteristics of APT attacks make it impossible for conventional detection techniques to effectively identify them.The increasing maturity of new technologies such as big data and machine learning has brought opportunities for the development of new attack detection technologies.Based on a deep understanding of the connotation and characteristics of 5G network threats,an APT attack detection model for 5G network is proposed.First,the detection model makes statistical analysis of 5G network traffic and establishes a normal traffic model to distinguish abnormal traffic.Then,combined with machine learning techniques,attack behavior is identified from abnormal traffic.This attack detection model can achieve good attack traffic identification and defense effect by combining with conventional network security facilities.

关 键 词：5G网络威胁 APT攻击检测 大数据分析 机器学习 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]