APT attack detection method

An attack detection and algorithm technology, applied in the field of network security, can solve the problems of too little artificially marked data and difficult selection of traffic characteristics, so as to improve the generalization ability, reduce the influence of redundancy and noise characteristics, and ensure the detection accuracy.

Active Publication Date: 2017-06-09
XIDIAN UNIV
View PDF4 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a method for APT attack detection, aiming to solve the problems of too little artificially marked data for training and detection models in the current machine learning-based APT attack detection, and difficult selection of traffic characteristics of unknown attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT attack detection method
  • APT attack detection method
  • APT attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0036] The application principle of the present invention will be described in detail below with reference to the accompanying drawings.

[0037] Such as figure 1 As shown, an APT attack detection method provided by an embodiment of the present invention includes the following steps:

[0038] S101: A method based on semi-supervised learning uses a small amount of labeled data to generate a large-scale training data set;

[0039] S102: Use the information gain rate to perform feature extraction on each sub-data set divided in the detection model, so as to realize accurate identification of unknown attacks.

[0040] The applic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an advanced persistent threat APT attack detection method. A semi-supervised learning algorithm is used to mark data having similar characteristics, and a small quantity of marked data are used to generate a large-scale training data set, and then an information gain ratio is introduced to determine the degrees of the influences of the different characteristics on detection. The information gate ratio is used for characteristic extraction of every sub-data set in a detection model, and accurate identification of unknown attacks is realized. An improved k-means algorithm is used to mark the data having the similar characteristics, and on the basis of the small quantity of marked data, the accurate marking of a lot of training data sets is realized, and therefore the detection accuracy of the model is guaranteed; and by introducing the information gain ratio in the model, the degrees of the influences of the different characteristics on the detection are determined, and influences of redundancy and noise characteristics in the data are reduced, and therefore important flow characteristics are selected, the generalization capability of the detection model is improved to detect the unknown attacks.

Description

Technical field [0001] The invention belongs to the field of network security, and particularly relates to an APT attack detection method. Background technique [0002] Advanced persistent threats are a new type of organized, targeted, and extremely long-lasting attack. With the exposure of Stuxnet, Duqu, Flame and Killdisk attacks against Ukrainian power plants in 2015, it can be seen that APT attacks pose a huge threat to the security of various industrial control networks and critical information infrastructure. The main goal of APT attacks is to steal confidential information such as military agencies, government agencies, national infrastructure, and high-tech enterprises or cause designated damage. Its characteristics mainly have the following two points: (1) Advanced attack methods. Attackers often use unknown attacks such as 0day vulnerabilities to invade, such as the attack on Iran's nuclear power plant. Attackers have used Flame virus, Stuxnet virus, Duqu virus and ot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/145H04L63/1416
Inventor 李兴华许勐璠苗美霞刘海马建峰李晖
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap