摘要
APT攻击通常是由一些技术精湛且拥有丰富资源的攻击者,经过精心策划发起的针对一些公司或政府组织的特定的、长期的网络攻击,目的是窃取高价值的或是机密的信息,或蓄意破坏。攻击者通常会使用邮件作为目标组织初始渗透的攻击向量。针对这类鱼叉式钓鱼攻击中使用的恶意PDF文档,和在APT攻击场景下攻击者试图逃避检测而采用的模仿攻击。我们从PDF文档的样本中提取特征,用其训练用于检测的模型以检测出恶意的PDF文档,并且取得了理想的检测效果。
APTs are cyber attacks executed by some sophisticated and well-resourced adversaries, after an elaborate plan, targeting at some companies and government organizations, usually a specific and long-term cyber attack, and their aim is to steal high-value or confidential information or deliberately sabotage. APT attackers usually leverage email as an attack vector for initial penetration of the targeted organization. Aiming at these malicious PDF documents of spear-fishing attack and the adopted mimicry attack trying to avoid detection under the APT scene, a novel detection method is proposed. Extracts a set of features from PDF samples, trains the de- tection model to apart the malicious PDFs from the normal ones, and finally achieves ideal detection accuracy.
出处
《信息安全与通信保密》
2016年第1期131-136,共6页
Information Security and Communications Privacy
