Multi-step attack detection method based on network communication anomaly recognition
In view of the characteristics of internal fixed business logic,inbound and outbound network access behavior,two classes and four kinds of abnormal behaviors were defined firstly,and then a multi-step attack detection method was proposed based on network communication anomaly recognition.For abnorma...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2019-07-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019142/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539347437846528 |
|---|---|
| author | Ankang JU Yuanbo GUO Tao LI Ziwei YE |
| author_facet | Ankang JU Yuanbo GUO Tao LI Ziwei YE |
| author_sort | Ankang JU |
| collection | DOAJ |
| description | In view of the characteristics of internal fixed business logic,inbound and outbound network access behavior,two classes and four kinds of abnormal behaviors were defined firstly,and then a multi-step attack detection method was proposed based on network communication anomaly recognition.For abnormal sub-graphs and abnormal communication edges detection,graph-based anomaly analysis and wavelet analysis method were respectively proposed to identify abnormal behaviors in network communication,and detect multi-step attacks through anomaly correlation analysis.Experiments are carried out on the DARPA 2000 data set and LANL data set to verify the results.The experimental results show that the proposed method can effectively detect and reconstruct multi-step attack scenarios.The proposed method can effectively monitor multi-step attacks including unknown feature types.It provides a feasible idea for detecting complex multi-step attack patterns such as APT.And the network communication graph greatly reduces the data size,it is suitable for large-scale enterprise network environments. |
| format | Article |
| id | doaj-art-589a38f9e33d438f87c88d61695a5588 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2019-07-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-589a38f9e33d438f87c88d61695a55882025-01-14T07:17:17ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2019-07-0140576659728274Multi-step attack detection method based on network communication anomaly recognitionAnkang JUYuanbo GUOTao LIZiwei YEIn view of the characteristics of internal fixed business logic,inbound and outbound network access behavior,two classes and four kinds of abnormal behaviors were defined firstly,and then a multi-step attack detection method was proposed based on network communication anomaly recognition.For abnormal sub-graphs and abnormal communication edges detection,graph-based anomaly analysis and wavelet analysis method were respectively proposed to identify abnormal behaviors in network communication,and detect multi-step attacks through anomaly correlation analysis.Experiments are carried out on the DARPA 2000 data set and LANL data set to verify the results.The experimental results show that the proposed method can effectively detect and reconstruct multi-step attack scenarios.The proposed method can effectively monitor multi-step attacks including unknown feature types.It provides a feasible idea for detecting complex multi-step attack patterns such as APT.And the network communication graph greatly reduces the data size,it is suitable for large-scale enterprise network environments.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019142/multi-step attacknetwork anomalycommunication graphwavelet analysis |
| spellingShingle | Ankang JU Yuanbo GUO Tao LI Ziwei YE Multi-step attack detection method based on network communication anomaly recognition Tongxin xuebao multi-step attack network anomaly communication graph wavelet analysis |
| title | Multi-step attack detection method based on network communication anomaly recognition |
| title_full | Multi-step attack detection method based on network communication anomaly recognition |
| title_fullStr | Multi-step attack detection method based on network communication anomaly recognition |
| title_full_unstemmed | Multi-step attack detection method based on network communication anomaly recognition |
| title_short | Multi-step attack detection method based on network communication anomaly recognition |
| title_sort | multi step attack detection method based on network communication anomaly recognition |
| topic | multi-step attack network anomaly communication graph wavelet analysis |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2019142/ |
| work_keys_str_mv | AT ankangju multistepattackdetectionmethodbasedonnetworkcommunicationanomalyrecognition AT yuanboguo multistepattackdetectionmethodbasedonnetworkcommunicationanomalyrecognition AT taoli multistepattackdetectionmethodbasedonnetworkcommunicationanomalyrecognition AT ziweiye multistepattackdetectionmethodbasedonnetworkcommunicationanomalyrecognition |