本文選題：APT檢測 + 特征提取��； 參考：《計算機(jī)工程與應(yīng)用》2017年18期

【摘要】：高級持續(xù)性威脅(APT)已經(jīng)在全球范圍內(nèi)產(chǎn)生了嚴(yán)重的危害,APT攻擊檢測已經(jīng)成為網(wǎng)絡(luò)安全防護(hù)領(lǐng)域的重點。由于APT具有攻擊手段多樣,持續(xù)時間長等特點,傳統(tǒng)的檢測技術(shù)已經(jīng)起不到理想的效果。利用從國際安全公司報告中提取的APT通信特征,提出了一種基于通信特征的APT攻擊檢測方法。為了提高該方法的檢測效果,還提出了利用bloom filter對報文進(jìn)行快速篩選和精確匹配相結(jié)合的雙層通信特征匹配算法。實驗結(jié)果表明,該方法具有較高的檢測率和較低的誤報率。
[Abstract]:Advanced persistent threat (apt) has caused serious damage to apt attack detection around the world and has become the focus of network security protection field. Because APT has the characteristics of various attack methods and long duration, the traditional detection technology has not achieved ideal results. Based on the APT communication features extracted from the reports of international security companies, a APT attack detection method based on communication features is proposed. In order to improve the detection effect of this method, a two-layer communication feature matching algorithm combining fast filtering and accurate matching with bloom filter is proposed. The experimental results show that the method has higher detection rate and lower false alarm rate.
【作者單位】： 東南大學(xué)計算機(jī)科學(xué)與工程學(xué)院;東南大學(xué)計算機(jī)網(wǎng)絡(luò)和信息集成教育部重點實驗室;
【基金】：國家高技術(shù)研究發(fā)展計劃(863計劃)(No.2015AA015603) 國家自然科學(xué)基金(No.61602114) 無線通信技術(shù)協(xié)同創(chuàng)新 軟件新技術(shù)協(xié)同創(chuàng)新
【分類號】：TP393.08
，

本文編號：1875075