Journal on Communications ›› 2022, Vol. 43 ›› Issue (12): 66-76.doi: 10.11959/j.issn.1000-436x.2022238
• Papers • Previous Articles Next Articles
Lixia XIE1, Xueou LI1, Hongyu YANG1,2, Liang ZHANG1, Xiang CHENG4,5
Revised:
2022-11-01
Online:
2022-12-25
Published:
2022-12-01
Supported by:
CLC Number:
Lixia XIE, Xueou LI, Hongyu YANG, Liang ZHANG, Xiang CHENG. Multi-stage detection method for APT attack based on sample feature reinforcement[J]. Journal on Communications, 2022, 43(12): 66-76.
"
APT攻击阶段 | 发送流量数据包数量/个 | 接收流量数据包数量/个 | 目标端口号 | 传输时间/s | 发送流量数据量/个 |
侦察 | 306 | 509 | 9000 | 268 855 | 21 189 |
106 | 104 | 80 | 450 907 | 10 327 | |
288 | 514 | 9000 | 357 079 | 17 044 | |
建立立足点 | 17 | 17 | 9003 | 44 446 | 1 536 |
15 | 15 | 9003 | 44 103 | 1 310 | |
37 | 37 | 9003 | 110 140 | 3 706 | |
横向移动 | 10 | 12 | 4444 | 78 313 266 | 429 |
20 | 18 | 9002 | 10 524 518 | 2 222 | |
4 | 6 | 9000 | 8 148 840 | 441 | |
窃取信息或破坏系统 | 1 | 1 | 40310 | 3 494 | 0 |
1 | 1 | 46400 | 3 692 | 0 | |
1 | 1 | 47274 | 3 546 | 0 | |
继续攻击或清除攻击痕迹 | 1 | 1 | 59430 | 3 602 | 0 |
1 | 1 | 59622 | 3 377 | 0 | |
1 | 1 | 40310 | 3 494 | 0 |
"
APT攻击序列类型 | APT攻击序列 |
APT1 | [[49192, 443, 6, …, 0, 0],[46190, 9000, 268855, …, 269, 0],[68, 67, 17, 1…, -1, 0]] |
APT2 | [[443, 50064, 6, …, 0, 0],[57296, 80, 450907, …, 57, 0],…,[58822, 53, 17, …, -1, 0]] |
APT3 | [[45988, 9000, 357079, …, 269, 0],[443, 58188, 6, …, 0, 0],…,[48067, 53, 17, …, -1, 0]] |
APT4 | [[46190, 9000, 268855, …, 269, 0],[54036, 9003, 44103, &, 0, 0],…,[60709, 53, 17, …, -1, 0]] |
APT5 | [[57296, 80, 450907, …, 57, 0],[443, 39654, 6, …, 0, 0],…,[28643, 59622, 3377, …, 1, 1452]] |
[1] | ZHANG J , PAN L , HAN Q L ,et al. Deep learning based attack detection for cyber-physical system cybersecurity:a survey[J]. IEEE/CAA Journal of Automatica Sinica, 2022,9(3): 377-391. |
[2] | AHMAD A , WEBB J , DESOUZA K C ,et al. Strategically-motivated advanced persistent threat:definition,process,tactics and a disinformation model of counterattack[J]. Computers & Security, 2019,86: 402-418. |
[3] | 杨秀璋, 彭国军, 李子川 ,等. 基于 Bert 和 BiLSTM-CRF 的 APT攻击实体识别及对齐研究[J]. 通信学报, 2022,43(6): 58-70. |
YANG X Z , PENG G J , LI Z C ,et al. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF[J]. Journal on Communications, 2022,43(6): 58-70. | |
[4] | MILAJERDI S M , GJOMEMO R , ESHETE B ,et al. HOLMES:real-time APT detection through correlation of suspicious information flows[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1137-1152. |
[5] | NIU W N , ZHANG X S , YANG G W ,et al. Modeling attack process of advanced persistent threat using network evolution[J]. IEICE Transactions on Information and Systems, 2017,100(10): 2275-2286. |
[6] | LIN G J , WEN S , HAN Q L ,et al. Software vulnerability detection using deep neural networks:a survey[J]. Proceedings of the IEEE, 2020,108(10): 1825-1848. |
[7] | YANG H Y , ZHANG Z X , XIE L X ,et al. Network security situation assessment with network attack behavior classification[J]. International Journal of Intelligent Systems, 2022,37(10): 6909-6927. |
[8] | ALREHAILI M , ALSHAMRANI A , ESHMAWI A . A hybrid deep learning approach for advanced persistent threat attack detection[C]// Proceedings of the 5th International Conference on Future Networks & Distributed Systems. New York:ACM Press, 2021: 78-86. |
[9] | 刘海波, 武天博, 沈晶 ,等. 基于GAN-LSTM的APT攻击检测[J]. 计算机科学, 2020,47(1): 281-286. |
LIU H B , WU T B , SHEN J ,et al. Advanced persistent threat detection based on generative adversarial networks and long short-term memory[J]. Computer Science, 2020,47(1): 281-286. | |
[10] | 董济源 . 基于GAN的APT攻击序列的生成与检测方法研究[D]. 哈尔滨:哈尔滨工程大学, 2020. |
DONG J Y . Research on generation and detection of APT attack sequence based on GAN[D]. Harbin:Harbin Engineering University, 2020. | |
[11] | JOHNSON R , ZHANG T . Deep pyramid convolutional neural networks for text categorization[C]// Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics. Stroudsburg:Association for Computational Linguistics, 2017: 562-570. |
[12] | AKBAR K A , WANG Y G , ISLAM M S ,et al. Identifying tactics of advanced persistent threats with limited attack traces[C]// Information Systems Security. Berlin:Springer, 2021: 3-25. |
[13] | LAI S W , XU L H , LIU K ,et al. Recurrent convolutional neural networks for text classification[C]// Proceedings of the Twenty-ninth AAAI Conference on Artificial Intelligence. Palo Alto:AAAI Press, 2015: 2267-2273. |
[14] | ALSHAMRANI A , MYNENI S , CHOWDHARY A ,et al. A survey on advanced persistent threats:techniques,solutions,challenges,and research opportunities[J]. IEEE Communications Surveys & Tutorials, 2019,21(2): 1851-1877. |
[15] | QUINTERO-BONILLA S , MARTíN D R A . A new proposal on the advanced persistent threat:a survey[J]. Applied Sciences, 2020,10(11): 3874-3896. |
[16] | SHANG L K . Discovering unknown advanced persistent threat using shared features mined by neural networks[J]. Computer Networks, 2021,189:107937. |
[17] | YU L T , ZHANG W N , WANG J ,et al. SeqGAN:sequence generative adversarial nets with policy gradient[C]// Proceedings of the AAAI Conference on Artificial Intelligence. Palo Alto:AAAI Press, 2017: 1-7. |
[18] | VASWANI A , SHAZEER N , PARMAR N ,et al. Attention is all you need[J]. Advances in neural information processing systems, 2017,30(1): 5998-6008. |
[19] | SHARAFALDIN I , HABIBI L A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy. Southampton:Science and Technology Publications, 2018: 108-116. |
[20] | MYNENI S , CHOWDHARY A , SABUR A ,et al. DAPT 2020 - constructing a benchmark dataset for advanced persistent threats[C]// Deployable Machine Learning for Security Defense. Berlin:Springer, 2020: 138-163. |
[1] | Jingbo LI, Li MA, Yang LI, Yingxun FU, Dongchao MA. Optimized design of sensing transmission and computing collaborative industrial Internet [J]. Journal on Communications, 2023, 44(6): 12-22. |
[2] | Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56. |
[3] | Zhen CHEN, Wenhui CHEN, Xiaowei LIU, Dianlong YOU, Linlin LIU, Limin SHEN. Functional complementarity relationship enhanced cloud API recommendation method [J]. Journal on Communications, 2023, 44(6): 125-137. |
[4] | Debin WEI, Chengsheng PAN, Li YANG, Zuoren YAN. Adaptive random early detection algorithm based on network traffic level grade prediction [J]. Journal on Communications, 2023, 44(6): 154-166. |
[5] | Yuancheng LI, Yongtai QIN. Deep reinforcement learning based algorithm for real-time QoS optimization of software-defined security middle platform [J]. Journal on Communications, 2023, 44(5): 181-192. |
[6] | Yingjie XIA, Siyu ZHU, Xuejiao LIU. Research on efficient cross trust-domain group authentication with conditional privacy of vehicle platoon under blockchian architecture [J]. Journal on Communications, 2023, 44(4): 111-123. |
[7] | Renchao XIE, Wen WEN, Qinqin TANG, Yunlong LIU, Gaochang XIE, Tao HUANG. Survey on rail transit mobile edge computing network security [J]. Journal on Communications, 2023, 44(4): 201-215. |
[8] | Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225. |
[9] | Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11. |
[10] | Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44. |
[11] | Pujie JING, Liangmin WANG, Xuewen DONG, Yushu ZHANG, Qian WANG, Sohail Muhammad. CHA: cross-chain based hierarchical architecture for practicable blockchain regulatory [J]. Journal on Communications, 2023, 44(3): 93-104. |
[12] | Jian SHU, Jiawei SHI, Linlan LIU, Al-Kali Manar. Topology prediction for opportunistic network based on spatiotemporal convolution [J]. Journal on Communications, 2023, 44(3): 145-156. |
[13] | Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11. |
[14] | Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135. |
[15] | Yuntao ZHANG, Binxing FANG, Chunlai DU, Zhongru WANG, Zhijian CUI, Shouyou SONG. Container escape detection method based on heterogeneous observation chain [J]. Journal on Communications, 2023, 44(1): 49-63. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|