湖南大学学报(自然科学版)2024,Vol.51Issue(12):153-164,12.DOI:10.16339/j.cnki.hdxbzkb.2024292
面向零日攻击检测的APT攻击活动辨识研究
An APT Attack Activity Identification Research for Zero Day Attack Detection
摘要
Abstract
The traditional attack detection methods struggle to identify advanced persistent threat(APT)attacks launched using zero-day vulnerabilities.To address this issue,this paper proposes an APT attack activity identification for zero-day attack method(APTIZDM),which consists of three key components.The first component is the cyber situation perception ontology construction(CSPOC)method,which provides a formal description of critical activity attributes and features in IoT systems.The second component is the malicious command&control(C&C)DNS response activity mining(MCCDRM)method,which identifies malicious C&C communication activities in APT attack scenarios while effectively controlling the scope and starting time of the identification process,thereby reducing computational overhead.The third component is the zero-day attack activity recognition method in APT attack(ZDAARA)scenarios,which utilizes Bayesian networks and security risk propagation theory to perform correlation analysis on system call information.It calculates the malicious probability of each system call instance and effectively identifies zero-day attack activities missed by intrusion detection systems.Simulation experiment results demonstrate that MCCDRM and ZDAARA,as the core components of the APTIZDM,achieve high accuracy and low false positive rates,effectively collaborating to identify APT attack activities.关键词
零日攻击/边缘计算/贝叶斯网络/C&CKey words
zero-day attack/edge computing/Bayesian networks/command and control分类
信息技术与安全科学引用本文复制引用
成翔,匡苗苗,严莉萍,张佳乐,杨宏宇..面向零日攻击检测的APT攻击活动辨识研究[J].湖南大学学报(自然科学版),2024,51(12):153-164,12.基金项目
江苏省基础研究计划青年基金项目(BK20230558),Youth Foundation of Jiangsu Basic Research Program(BK20230558) (BK20230558)
新疆维吾尔自治区自然科学基金项目(2024D01A40),Natural Science Foundation of Xinjiang Uygur Autonomous Region(2024D01A40) (2024D01A40)
民航机场工程技术研究中心开放课题(ERCAOTP20230301),Open Project of Civil Aviation Airport Engineering Technology Research Center(ERCAOTP20230301) (ERCAOTP20230301)
中国民航大学民航飞联网重点实验室开放基金(MHFLW202304),Open Fund for the Key Laboratory of Flying In-ternet at Civil Aviation University of China(MHFLW202304) (MHFLW202304)
