| 注册
首页|期刊导航|湖南大学学报(自然科学版)|面向零日攻击检测的APT攻击活动辨识研究

面向零日攻击检测的APT攻击活动辨识研究

成翔 匡苗苗 严莉萍 张佳乐 杨宏宇

湖南大学学报(自然科学版)2024,Vol.51Issue(12):153-164,12.
湖南大学学报(自然科学版)2024,Vol.51Issue(12):153-164,12.DOI:10.16339/j.cnki.hdxbzkb.2024292

面向零日攻击检测的APT攻击活动辨识研究

An APT Attack Activity Identification Research for Zero Day Attack Detection

成翔 1匡苗苗 2严莉萍 3张佳乐 2杨宏宇4

作者信息

  • 1. 扬州大学 信息工程学院,江苏 扬州 225127||中国民航大学 民航飞联网重点实验室,天津 300300
  • 2. 扬州大学 信息工程学院,江苏 扬州 225127
  • 3. 民航机场成都电子工程设计有限责任公司,四川 成都 610042
  • 4. 中国民航大学 安全科学与工程学院,天津 300300
  • 折叠

摘要

Abstract

The traditional attack detection methods struggle to identify advanced persistent threat(APT)attacks launched using zero-day vulnerabilities.To address this issue,this paper proposes an APT attack activity identification for zero-day attack method(APTIZDM),which consists of three key components.The first component is the cyber situation perception ontology construction(CSPOC)method,which provides a formal description of critical activity attributes and features in IoT systems.The second component is the malicious command&control(C&C)DNS response activity mining(MCCDRM)method,which identifies malicious C&C communication activities in APT attack scenarios while effectively controlling the scope and starting time of the identification process,thereby reducing computational overhead.The third component is the zero-day attack activity recognition method in APT attack(ZDAARA)scenarios,which utilizes Bayesian networks and security risk propagation theory to perform correlation analysis on system call information.It calculates the malicious probability of each system call instance and effectively identifies zero-day attack activities missed by intrusion detection systems.Simulation experiment results demonstrate that MCCDRM and ZDAARA,as the core components of the APTIZDM,achieve high accuracy and low false positive rates,effectively collaborating to identify APT attack activities.

关键词

零日攻击/边缘计算/贝叶斯网络/C&C

Key words

zero-day attack/edge computing/Bayesian networks/command and control

分类

信息技术与安全科学

引用本文复制引用

成翔,匡苗苗,严莉萍,张佳乐,杨宏宇..面向零日攻击检测的APT攻击活动辨识研究[J].湖南大学学报(自然科学版),2024,51(12):153-164,12.

基金项目

江苏省基础研究计划青年基金项目(BK20230558),Youth Foundation of Jiangsu Basic Research Program(BK20230558) (BK20230558)

新疆维吾尔自治区自然科学基金项目(2024D01A40),Natural Science Foundation of Xinjiang Uygur Autonomous Region(2024D01A40) (2024D01A40)

民航机场工程技术研究中心开放课题(ERCAOTP20230301),Open Project of Civil Aviation Airport Engineering Technology Research Center(ERCAOTP20230301) (ERCAOTP20230301)

中国民航大学民航飞联网重点实验室开放基金(MHFLW202304),Open Fund for the Key Laboratory of Flying In-ternet at Civil Aviation University of China(MHFLW202304) (MHFLW202304)

湖南大学学报(自然科学版)

OA北大核心CSTPCD

1674-2974

访问量0
|
下载量0
段落导航相关论文