發(fā)布時(shí)間：2018-05-11 18:28

  本文選題：APT檢測(cè) + 特征提取�。� 參考：《計(jì)算機(jī)工程與應(yīng)用》2017年18期

【摘要】：高級(jí)持續(xù)性威脅(APT)已經(jīng)在全球范圍內(nèi)產(chǎn)生了嚴(yán)重的危害,APT攻擊檢測(cè)已經(jīng)成為網(wǎng)絡(luò)安全防護(hù)領(lǐng)域的重點(diǎn)。由于APT具有攻擊手段多樣,持續(xù)時(shí)間長(zhǎng)等特點(diǎn),傳統(tǒng)的檢測(cè)技術(shù)已經(jīng)起不到理想的效果。利用從國(guó)際安全公司報(bào)告中提取的APT通信特征,提出了一種基于通信特征的APT攻擊檢測(cè)方法。為了提高該方法的檢測(cè)效果,還提出了利用bloom filter對(duì)報(bào)文進(jìn)行快速篩選和精確匹配相結(jié)合的雙層通信特征匹配算法。實(shí)驗(yàn)結(jié)果表明,該方法具有較高的檢測(cè)率和較低的誤報(bào)率。
[Abstract]:Advanced persistent threat (apt) has caused serious damage to apt attack detection around the world and has become the focus of network security protection field. Because APT has the characteristics of various attack methods and long duration, the traditional detection technology has not achieved ideal results. Based on the APT communication features extracted from the reports of international security companies, a APT attack detection method based on communication features is proposed. In order to improve the detection effect of this method, a two-layer communication feature matching algorithm combining fast filtering and accurate matching with bloom filter is proposed. The experimental results show that the method has higher detection rate and lower false alarm rate.
【作者單位】： 東南大學(xué)計(jì)算機(jī)科學(xué)與工程學(xué)院;東南大學(xué)計(jì)算機(jī)網(wǎng)絡(luò)和信息集成教育部重點(diǎn)實(shí)驗(yàn)室;
【基金】：國(guó)家高技術(shù)研究發(fā)展計(jì)劃(863計(jì)劃)(No.2015AA015603) 國(guó)家自然科學(xué)基金(No.61602114) 無(wú)線(xiàn)通信技術(shù)協(xié)同創(chuàng)新 軟件新技術(shù)協(xié)同創(chuàng)新
【分類(lèi)號(hào)】：TP393.08
，

本文編號(hào)：1875075