Attack path prediction of APT based on HMM

被引：0

作者：

Du Z. ^{[1
]}

Liu F. ^{[1
]}

Li Y. ^{[1
]}

机构：

[1] National University of Defense Technology, Hefei

来源：

Xi Tong Gong Cheng Yu Dian Zi Ji Shu/Systems Engineering and Electronics | 2019年 / 41卷 / 04期

关键词：

Advanced persistent threat (APT); Hidden Markov model (HMM); Modeling; Path prediction;

D O I：

10.3969/j.issn.1001-506X.2019.04.18

中图分类号：

学科分类号：

摘要：

Aiming at the issue that the current advanced persistent threat (APT) attack defense technology is mainly based on passive defense and taking the active defense as a starting point, a method of APT attack path prediction based on the hidden Markov model (HMM) is proposed. The method is divided into modeling and prediction. In the aspect of modeling, firstly, a general HMM model for APT attacks according to characteristics of APT attacks is established. Then, an algorithm to generate the HMM model for specific APT attacks based on the current information input is proposed. In another aspect of prediction, it first improves the parameter calculation method of the HMM model for the less APT samples and then proposes an algorithm of path prediction by adding alert information which can giving the start point of prediction. In the experiment, it establish an experimental environment by simulating the attack method of aurora attack and the results shows that the methods of modeling and prediction meet the APT attack method and situation and they can complete the aim of path prediction. © 2019, Editorial Office of Systems Engineering and Electronics. All right reserved.

引用

页码：826 / 834

页数：8

共 34 条

[1] Jian L., Rui S.P., Min Y., Et al., Software and cyber security-a survey, Journal of Software, 29, 1, pp. 1-20, (2018)
[2] Xiao L., Xu D., Xie C., Et al., Cloud storage defense against advanced persistent threats: a prospect theoretic study, IEEE Journal on Selected Areas in Communications, 35, 3, pp. 534-544, (2017)
[3] Albuquerque R.O., Orozco A.L.S., Kim T.H., Leveraging information security and computational trust for cybersecurity, Journal of Supercomputing, 72, 10, pp. 3729-3763, (2016)
[4] Singh S., Sharma P.K., Moon S.Y., Et al., A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions, Journal of Supercomputing, 72, pp. 1-32, (2016)
[5] Friedberg I., Skopik F., Settanni G., Et al., Combating advanced persistent threats: from network event correlation to incident detection, Computers & Security, 48, 7, pp. 35-57, (2015)
[6] Xenakis C., Ntantogian C., An advanced persistent threat in 3G networks: attacking the home network from roaming networks, Computers & Security, 40, 2, pp. 84-94, (2014)
[7] Lin W.C., Ke S.W., Tsai C.F., CANN: an intrusion detection system based on combining cluster centers and nearest neighbors, Knowledge-based Systems, 78, 1, pp. 13-21, (2015)
[8] Schindler T., Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats
[9] Moya J.R., Decastrogarcia N., Fernandezdiaz R., Et al., Expert knowledge and data analysis for detecting advanced persistent threats, Open Mathematics, 15, 1, pp. 45-49, (2017)
[10] Moon D., Im H., Kim I., Et al., DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks, Journal of Supercomputing, 73, 7, pp. 1-15, (2015)

← 1 2 3 4 →