Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Modified LSTM-Based Approach to Classifying APT Attack Malware Traffic

A malware and traffic technology, applied in the field of network security, can solve the problems of difficult APT attack malware traffic, classification, and difficult to identify APT attack malware traffic, etc., to achieve the effect of increasing detection effect, strengthening pertinence, and strong memory ability

Active Publication Date: 2022-04-29
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For the problems of the above research, the object of the present invention is to provide a method and storage medium for classifying APT attack malware traffic based on improved LSTM, so as to solve the problem that the prior art is difficult to identify APT attack malware traffic, and it is difficult to detect malicious APT attacks. The problem of classifying software traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Modified LSTM-Based Approach to Classifying APT Attack Malware Traffic
  • A Modified LSTM-Based Approach to Classifying APT Attack Malware Traffic
  • A Modified LSTM-Based Approach to Classifying APT Attack Malware Traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0070] The collection of abnormal traffic is partly collected by the network, and partly by the collected malware, that is, build a sandbox environment to run the malware, and then collect the malicious traffic information during the corresponding malware process;

[0071] Normal traffic is by visiting the top 10,000 websites ranked by Alexa, and then collecting data on visits to these websites.

[0072] Extract the current static feature information of each protocol in the common malware flow data or / and normal flow data of APT attacks, including the static feature information of the IP protocol, the static feature information of the ICMP protocol, the static feature information of the UDP protocol, and the static feature information of the TCP protocol , Static feature information of the DNS protocol.

[0073] The extracted static feature information of each protocol is shown in the following table:

[0074]

[0075]

[0076] While extracting the static characteristic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for classifying APT attack malicious software traffic based on an improved LSTM, belongs to the field of network security, and solves the problem that it is difficult to classify APT attack malicious software traffic in the prior art. The present invention collects the flow data of malicious software commonly used in APT attacks and the normal flow data; extracts the static characteristic information of each protocol in the flow data of malicious software commonly used in APT attacks and the normal flow data; standardizes the static characteristic information to obtain each The static feature information of the protocol; through the improved LSTM network structure, extract the time series features of the static feature information of each protocol after the unified dimension; use the deep learning method to classify the extracted time series information, and train after classification The classifier obtains the model M; based on the model M, the traffic data to be detected is detected and classified. The invention is used for detection and classification of APT attack malicious software flow in computer communication and mobile network.

Description

technical field [0001] A method and a storage medium for classifying APT attack malware traffic based on an improved LSTM are used for detection and classification of APT attack malware traffic in computer communications and mobile networks, and belong to the field of network security. Background technique [0002] In recent years, with the rapid popularization and development of computer communications and mobile networks, malware-based network attacks have gradually become a new attack mode in the field of information security technology. In particular, Advanced Persistent Threat (APT) cyber-attacks are causing us major economic and social security problems. The malicious software / load in the APT attack process often conducts malicious communication behaviors in order to steal data and download new malware. And in the process of analyzing APT attacks, it is very important to find the organization and region to which the malicious information belongs. [0003] Malware tra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08H04L9/40
CPCG06N3/08H04L63/1416H04L63/1425H04L63/1441G06N3/045G06N3/044G06F18/24
Inventor 张小松牛伟纳赵艺宾赵成洋谢娇曹荣
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products