计算机工程与应用2018,Vol.54Issue(1):1-10,10.DOI:10.3778/j.issn.1002-8331.1710-0249
APT样本逻辑表达式生成算法
Algorithm for generating logical expressions of APT samples
摘要
Abstract
By studying the known Advanced Persistent Threat(APT)attack events deeply, this paper proposes an APT sample logic expression generation algorithm IOCG(Indicator of Compromise Generate), and the algorithm based on the threat information sharing theory. The algorithm can automatically generate machine readable IOCs(Indicators of Com-promise), to solve that the existing IOCs logical relationship is fixed, the number of logical items unchanged, large scale and cannot generate a sample of the limitations of the expression. At the same time, it can reduce the redundancy and useless APT sample processing time consumption, and improve the sharing rate of information analysis, and actively respond to complex and volatile APT attack situation. The samples are divided into experimental set and training set, and then the algorithm is used to generate the logical expression of the training set with the IOC_Aware plug-in. The contrast expression itself is different from the detection result. The experimental results show that the algorithm is effective and can improve the detection effect.关键词
高级持续性威胁(APT)/熵/攻击指示器(IOCs)/逻辑表达式Key words
Advanced Persistent Threat(APT)/entropy/Indicators of Compromise(IOCs)/logic expression分类
信息技术与安全科学引用本文复制引用
杜镇宇,李翼宏,张亮..APT样本逻辑表达式生成算法[J].计算机工程与应用,2018,54(1):1-10,10.基金项目
国家自然科学基金(No.U1636201). (No.U1636201)
