期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于大数据的APT威胁检测方法 被引量:2

Big Data Based APT Detection Method
下载PDF
导出
摘要 在分析APT(advanced persistent threat)攻击特点及手段的基础上提出一种基于大数据关联技术的APT检测方法。该方法通过分布式采集数据,利用各攻击阶段特征选取元素实现整个攻击链的检测。关注攻击对设备及网络功能的影响,将检测的重心从对攻击的检测转换到对设备及网络各种属性是否正常运作的检测上。同时参考APT攻击在现有网络中发挥作用的步骤及实施方法,构建基于攻击链扩展的多面体检测模型。 By analyzing the characteristics and means of attacking for APT (Advanced Persistent Threat) , we propose a method for APT detection based on big data correlation technology. Through distributed data collection, the whole attack chain can be detected by using the teature element se- lected in each attack phase. This paper focuses on the impact of attack on the device and network functions, and shifts the key point for detection from the attack itself to the normal operation of vari- ous properties of the equipment and network. At the same time, we also reier to the steps and imple- mentation methods of APT attack which play a role in the existing network, and build a polyhedron detection model based on the extension of attack chain.
作者 王通 郭渊博 祝松帅 严新成 WANG Tong;GUO Yuanbo;ZHU Songshuai;YAN Xincheng(Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
机构地区 信息工程大学 国家数学工程与先进计算重点实验室
出处 《信息工程大学学报》 2017年第6期719-725,共7页 Journal of Information Engineering University
关键词 APT攻击 大数据 攻击链 元素 关联分析 advanced persistent threat big data kill chain element relevancy
分类号 TN918.1 [电子电信—通信与信息系统]
  • 相关文献

参考文献2

二级参考文献24

  • 1RSA. RSA security brief: Mobilizing intelligent security operations for advanced persistent threats [OL]. 2011 [2013- 07-11]. http=//www, eme. corn/utilities/search, esp. 被引量:1
  • 2Tankard C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011 (8): 16-19. 被引量:1
  • 3Li F, Lai A, Ddl D. Evidence of advanced persistent threat: A case study of malware for political espionage [C] //Proc of the 6th Int Conf on Malicious and Unwanted Software (MALWARE 2011). Piscataway, NJ: IEEE, 2011:102-109. 被引量:1
  • 4Kurtz G. Operation aurora hit Google, others [OL]. 2010- 01-14 [2013-07-11]. http://siblog, mcafee, eomleto/operation-% E2. 被引量:1
  • 5McAfee Labs and McAfee Foundstone Professional Services. Protecting your critical assets: Lessons learned from operation Aurora [OL]. 2011-08-03 [2013-07-11]. http:// bit. Iy/xSDUXE. 被引量:1
  • 6McMillan R. Siemens: Stuxnet worm hit industrial systems [OL]. (2010-09-14) [2013-07-11]. http://www, computervcorld. com/s/article/9185419[SiemensStuxnetworm hit industrial systems. 被引量:1
  • 7Falliere N, Murchu L O, Chien E. W32. Stuxnet Dossier [OL]. (2011-03-09)[2013-07-12]. http://www, h4ekr, us/ library/Documents/ICS _ Events/Smxnet% 20Dossier% 20 (Symantec) %20vl. 4. pdf. 被引量:1
  • 8Langner R. Stuxnet: Dissecting a cyberwarfare weapon [J]. Security & Privacy, 2011, 9(3): 49-51. 被引量:1
  • 9Farwell J P, Rohozinski R. Stuxnet and the future of cyber war[J]. Survival, 2011. 53(1): 23-40. 被引量:1
  • 10CyberattaeksG E. Night dragon[OL]. (2011-02-10) [2013- 07-12]. http://www, mcafee, com/tw/aboutlnight-dragon. aspx. 被引量:1

共引文献24

同被引文献37

引证文献2

二级引证文献2

信息工程大学学报
2017年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部