大数据 ›› 2015, Vol. 1 ›› Issue (4): 38-47.doi: 10.11959/j.issn.2096-0271.2015039

• 专题:金融与安全大数据 • 上一篇    下一篇

基于统计学习的网络异常行为检测技术

周涛   

  1. 北京启明星辰信息安全技术有限公司 北京 100193
  • 出版日期:2015-11-20 发布日期:2020-09-28
  • 作者简介:周涛,男,博士,教授级高工,就职于北京启明星辰信息安全技术有限公司,主要研究方向为大数据安全分析、事件关联分析、入侵检测等。

Abnormal Network Behavior Detection Technology Based on Statistical Learning

Tao Zhou   

  1. Beijing Venus Information Security Technology Incorporated Company, Beijing 100193, China
  • Online:2015-11-20 Published:2020-09-28

摘要:

高级持续性威胁(APT)已经成为企业级安全用户的首要安全威胁。传统基于特征检测、边界防护的安全防范措施在应对APT攻击时存在不足。为此,介绍了网络异常行为检测方法的现状;分析了基于统计学习的检测方法的技术路线和体系架构,并以命令控制通道、获取行为等APT攻击中的典型环节为例,介绍了相关的参数提取和统计分析建模方法;总结了基于大数据的异常行为检测的特点,并指出了后续研究方向。

关键词: 大数据, 安全分析, 异常行为检测, 统计学习

Abstract:

In recent years, advanced persistent threat (APT) has become the chief threat to enterprise users.The traditional security protection methods, such as signature-based detection and perimeter protection, are insufficient in dealing with APT.Therefore, the status of network anomaly behavior detection method was described.The technology roadmap and system architecture of abnormal behavior detection based on statistical learning were introduced.The feature extract method and statistical modeling methods were proposed.The characteristic of abnormal behavior detection based on big data was concluded and the direction of future research was proposed.

Key words: big data, security analysis, abnormal behavior detection, statistical learning

中图分类号: 

No Suggested Reading articles found!