摘要
APT攻击者在攻击和数据获取过程中,往往会对数据进行压缩、加密等处理,使其没有明显的指纹特征。文章通过研究APT攻击检测特征选取的方法,研究APT攻击在网络流量、网络连接、网络数据访问、域名请求等多维度的行为特征,可以在一定程度上解决APT攻击的检测问题。
In the process of attack and data acquisition,apt attackers often compress and encrypt the data,so that it has no obvious fingerprint features.Therefore,by studying the method of APT attack detection feature selection,this paper studies the multi-dimensional behavior characteristics of APT attack in network traffic,network connection,network data access,domain name request and so on,which can solve the problem of APT attack detection to a certain extent.
作者
胡伟
洪熠
靳志成
HU Wei;HONG Yi;JIN Zhicheng(Xinjiang Branch of National Computer Network and Information Security Management Center,Urumqi 830000,China)
关键词
多特征检测
APT攻击
攻击检测
multi feature detection
APT attack
attack detection
