基于树型结构的APT攻击预测方法

Method for APT Prediction Based on Tree Structure

  • 摘要: 近年来,高级持续性威胁已成为威胁网络安全的重要因素之一。然而APT攻击手段复杂多变,且具有极强的隐蔽能力,使得目前常用的基于特征匹配的边界防护技术显得力不从心。面对APT攻击检测防御难题,提出了一种基于树型结构的APT攻击预测方法。首先结合杀伤链模型构建原理,分析APT攻击阶段性特征,针对攻击目标构建窃密型APT攻击模型;然后,对海量日志记录进行关联分析形成攻击上下文,通过引入可信度和DS证据组合规则确定攻击事件,计算所有可能的攻击路径。实验结果表明,利用该方法设计的预测模型能够有效地对攻击目标进行预警,具有较好的扩展性和实用性。

     

    Abstract: In recent years, advanced persistent threat (APT) has become one of the most important factors threatening cyber security. However, due to the complicated attacking method and strong conceal ability of APT, it is very hard to predict APT using the common boundary protection technique based on feature matching. To solve the problem of APT attack detection and defense, we propose an APT attacks prediction method based on tree structure. An APT exfiltration model of an attack target combing the kill chain model with stage characteristics is first constructed. And then the correlation analysis of massive logs is conducted to formulate attack events context, and the credibility ratio and DS evidence theory are introduced to determine true attack events. Finally, all possible attack paths are calculated. Experimental results show that our proposed method can predict APT attacks, and it can obtain good scalability and practicability.

     

/

返回文章
返回