摘要
针对当前网络APT隐蔽目标攻击识别方法准确率低、攻击识别耗时长的问题,提出面向APT攻击的网络安全威胁隐蔽目标识别方法.引入关联规则算法构建隐蔽目标识别模型,据此构建APT攻击隐蔽目标识别的总体框架,根据APT目标档案属性相关性计算网络安全威胁之间的关联规则,根据关联规则提取APT目标档案数据,通过可信度计算实现APT攻击下的网络安全威胁隐蔽目标识别.仿真实验表明,所提方法具有较高的攻击识别准确率,且攻击识别耗时短,能够高效、准确地实现APT攻击下网络安全威胁隐蔽目标识别.
Aiming at the problems of low accuracy and long recognition time of current hidden target identification methods focused on network APT attacks,a hidden target recognition method for network security focused on APT attacks was proposed.Through introducing an association rule algorithm,a hidden target recognition model was constructed,with which an overall framework of hidden target recognition focused on APT attacks was established.According to the attribute correlation of APT target files,the association rules among network security threats were calculated.The APT target file data were extracted according to the association rules,and the hidden target identification under network security threats was realized through the credibility calculation.Simulation experiments show that the proposed method has a higher accuracy and a lower time-consumption for attack identification,and can realize the hidden target identification under network security threats with APT attacks efficiently and accurately.
作者
王小英
刘庆杰
郭娜
庞国莉
WANG Xiao-ying;LIU Qing-jie;GUO Na;PANG Guo-li(Information Engineering School, Institute of Disaster Prevention, Sanhe 065201, China)
出处
《沈阳工业大学学报》
EI
CAS
北大核心
2020年第3期303-307,共5页
Journal of Shenyang University of Technology
基金
中央高校基本科研业务费专项(ZY20180123,ZY20160106)
河北省科技计划项目(16210705)
上海市信息安全综合管理技术研究重点实验室基金项目(AGK201704).
关键词
隐蔽目标
识别模型
APT攻击
网络安全威胁
网络入侵
关联规则
可信度
数据挖掘
hidden target
recognition model
APT attack
network security threat
network intrusion
association rule
credibility
data mining
