A discovery strategy for APT anomaly based on homologous behavior analysis
As APT(advanced persistent threat)attacks are increasingly frequently,higher requirements for the detection of APT attacks were proposed.It was an effective method to early discover the attack behavior of APT based on homologous behavior analysis.Aiming at the problem of low efficiency of data authe...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2016-01-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2016012/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529821087137792 |
|---|---|
| author | Yihan YU Yu FU Xiaoping WU Hongcheng LI |
| author_facet | Yihan YU Yu FU Xiaoping WU Hongcheng LI |
| author_sort | Yihan YU |
| collection | DOAJ |
| description | As APT(advanced persistent threat)attacks are increasingly frequently,higher requirements for the detection of APT attacks were proposed.It was an effective method to early discover the attack behavior of APT based on homologous behavior analysis.Aiming at the problem of low efficiency of data authentication caused by excessive data,the historical behavior database with data label technology was established and the database was stored in the cloud.Relying on the Hadoop platform and the aggregate computing ability of MapReduce and the pseudorandom permutation technique,the whole traffic parallel detection of the network was realized.In order to determine whether there was a APT attack behavior,the detection of APT attacks was implemented by comparing the data labels in the database.Test results show that the proposed method can detect the abnormal behavior of APT from the network as soon as possibleand improve the efficiency of the whole data flow detection. |
| format | Article |
| id | doaj-art-bd061969ec384546b8df372b22a401f9 |
| institution | Kabale University |
| issn | 1000-0801 |
| language | zho |
| publishDate | 2016-01-01 |
| publisher | Beijing Xintong Media Co., Ltd |
| record_format | Article |
| series | Dianxin kexue |
| spelling | doaj-art-bd061969ec384546b8df372b22a401f92025-01-15T03:15:33ZzhoBeijing Xintong Media Co., LtdDianxin kexue1000-08012016-01-0132828759610828A discovery strategy for APT anomaly based on homologous behavior analysisYihan YUYu FUXiaoping WUHongcheng LIAs APT(advanced persistent threat)attacks are increasingly frequently,higher requirements for the detection of APT attacks were proposed.It was an effective method to early discover the attack behavior of APT based on homologous behavior analysis.Aiming at the problem of low efficiency of data authentication caused by excessive data,the historical behavior database with data label technology was established and the database was stored in the cloud.Relying on the Hadoop platform and the aggregate computing ability of MapReduce and the pseudorandom permutation technique,the whole traffic parallel detection of the network was realized.In order to determine whether there was a APT attack behavior,the detection of APT attacks was implemented by comparing the data labels in the database.Test results show that the proposed method can detect the abnormal behavior of APT from the network as soon as possibleand improve the efficiency of the whole data flow detection.http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2016012/APT defensehomologous strategyreal-time detectiondata labelpseudorandom permutation |
| spellingShingle | Yihan YU Yu FU Xiaoping WU Hongcheng LI A discovery strategy for APT anomaly based on homologous behavior analysis Dianxin kexue APT defense homologous strategy real-time detection data label pseudorandom permutation |
| title | A discovery strategy for APT anomaly based on homologous behavior analysis |
| title_full | A discovery strategy for APT anomaly based on homologous behavior analysis |
| title_fullStr | A discovery strategy for APT anomaly based on homologous behavior analysis |
| title_full_unstemmed | A discovery strategy for APT anomaly based on homologous behavior analysis |
| title_short | A discovery strategy for APT anomaly based on homologous behavior analysis |
| title_sort | discovery strategy for apt anomaly based on homologous behavior analysis |
| topic | APT defense homologous strategy real-time detection data label pseudorandom permutation |
| url | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2016012/ |
| work_keys_str_mv | AT yihanyu adiscoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT yufu adiscoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT xiaopingwu adiscoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT hongchengli adiscoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT yihanyu discoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT yufu discoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT xiaopingwu discoverystrategyforaptanomalybasedonhomologousbehavioranalysis AT hongchengli discoverystrategyforaptanomalybasedonhomologousbehavioranalysis |