基于ATT&CK的多目标恶意代码攻击行为动态识别方法  

A Dynamic Identification Method of Multi target Malicious Code Attacks Based on ATT&CK

在线阅读下载全文

作  者:张高猛 闫印强 任姣姣 孙俊虎 ZHANG Gaomeng;YAN Yinqiang;REN Jiaojiao;SUN Junhu(Xinhua Hydroelectric Power Co.,Ltd,Beijing 100071;Changyang Technology(Beijing)Co.,Ltd.Beijing 100080)

机构地区:[1]新华水力发电有限公司,北京100071 [2]长扬科技(北京)股份有限公司,北京100080

出  处:《长江信息通信》2024年第9期131-133,共3页Changjiang Information & Communications

摘  要:随着网络攻击者技术手段的发展,恶意代码的类型逐渐多样化。目前多目标恶意代码攻击行为检测存在检测准确度低、效率低等问题,为了解决方法中存在的问题,提出基于ATT&CK的多目标恶意代码攻击行为动态识别方法。首先基于ATT&CK模型构建恶意代码的语义规则;其次,通过Cuckoo沙箱获取API(Application Programming Interface,应用程序编程接口)调用序列,并对其实行预处理以获取网络行为特征;最后,以获取的恶意代码语义规则为标准,采用卷积神经网络和双向长短期记忆网络(CNN-BiLSTM)模型完成多目标恶意代码的攻击行为动态识别。实验结果表明,所提方法的多目标恶意代码攻击行为动态识别准确度更高、效率更快、效果更好。With the development of network attackers technical means,the types of malicious code are gradually diversified.At present,the detection of multi-target malicious code attacks has some problems,such as low detection accuracy and low efficiency.In order to solve the problems in the methods,a dynamic identification method of multi-target malicious code attacks based on ATT&CK is proposed.Firstly,semantic rules of malicious code are constructed based on ATT&CK model;Secondly,acquire the Application Programming Interface call sequcnce through Cuckoo sandbox,and preprocess it to obtain the network behavior characteristics;Finally,with the acquired semantic rules of malicious code as the standard,convolutional neural network and bidirectional short-and long-term memory network(CNN-BiLSTM)model are used to dynamically identify the attack behavior of multi-target malicious code.The experimental results show that the proposed method has higher accuracy,faster efficiency and better effect in the dynamic identification of multi-target malicious code attacks.

关 键 词:ATT&CK模型 多目标恶意代码攻击 恶意代码数据提取 映射算法 攻击行为提取 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象