Method for classifying APT attack malicious software traffic based on improved LSTM

A malware and traffic technology, applied in the field of network security, can solve the problems of classification, difficult APT attack malware traffic, difficult to identify APT attack malware traffic, etc., to achieve the effect of strengthening pertinence

Active Publication Date: 2020-08-11
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF8 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For the problems of the above research, the object of the present invention is to provide a method and storage medium for classifying APT attack malware traffic based on improved LSTM, so as to solve the problem that the prior art is difficult to identify APT attack malware traffic, and it is difficult to detect malicious APT attacks. The problem of classifying software traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for classifying APT attack malicious software traffic based on improved LSTM
  • Method for classifying APT attack malicious software traffic based on improved LSTM
  • Method for classifying APT attack malicious software traffic based on improved LSTM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0070] The collection of abnormal traffic is partly collected by the network, and partly by the collected malware, that is, build a sandbox environment to run the malware, and then collect the malicious traffic information during the corresponding malware process;

[0071] Normal traffic is by visiting the top 10,000 websites ranked by Alexa, and then collecting data on visits to these websites.

[0072] Extract the current static feature information of each protocol in the common malware flow data or / and normal flow data of APT attacks, including the static feature information of the IP protocol, the static feature information of the ICMP protocol, the static feature information of the UDP protocol, and the static feature information of the TCP protocol , Static feature information of the DNS protocol.

[0073] The extracted static feature information of each protocol is shown in the following table:

[0074]

[0075]

[0076] While extracting the static characteristic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for classifying APT attack malicious software traffic based on improved LSTM, belongs to the field of network security, and solves the problem that the APT attack malicious software traffic is difficult to classify in the prior art. The method comprises the following steps: collecting flow data and normal flow data of malicious software commonly used for APT attacks; extracting static characteristic information of each protocol in the flow data and the normal flow data of the APT attack common malicious software; standardizing the static feature information toobtain static feature information of each protocol after unifying dimensions; through an improved LSTM network structure, carrying out time sequence feature extraction on the static feature information of each protocol after the unified dimension; performing classification processing on the extracted sequential information by adopting a deep learning mode, and training a classifier after classification processing to obtain a model M; and based on the model M, carrying out detection classification on the to-be-detected flow data. The method is used for detecting and classifying APT attack malicious software traffic in computer communication and mobile networks.

Description

technical field [0001] A method and a storage medium for classifying APT attack malware traffic based on an improved LSTM are used for detection and classification of APT attack malware traffic in computer communications and mobile networks, and belong to the field of network security. Background technique [0002] In recent years, with the rapid popularization and development of computer communications and mobile networks, malware-based network attacks have gradually become a new attack mode in the field of information security technology. In particular, Advanced Persistent Threat (APT) cyber-attacks are causing us major economic and social security problems. The malicious software / load in the APT attack process often conducts malicious communication behaviors in order to steal data and download new malware. And in the process of analyzing APT attacks, it is very important to find the organization and region to which the malicious information belongs. [0003] Malware tra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08H04L29/06
CPCG06N3/08H04L63/1416H04L63/1425H04L63/1441G06N3/045G06N3/044G06F18/24
Inventor 张小松牛伟纳赵艺宾赵成洋谢娇曹荣
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap