【摘 要】
:
At present,APT attack detection has become the focus of the network security protection _eld.APT attacks are one of the most di_cult attacks in cyber attacks.The complexity and variability of AP-T att
【机 构】
:
School of Computer Science & Technology,Beijing Institute of Technology,China
【出 处】
:
第十二届中国可信计算与信息安全学术会议
论文部分内容阅读
At present,APT attack detection has become the focus of the network security protection _eld.APT attacks are one of the most di_cult attacks in cyber attacks.The complexity and variability of AP-T attack behavior greatly increases the di_culty of attack detection.In order to cope with APT attack,some well-known network security com-panies at home and abroad have developed a commercial APT intrusion detection system.This highly targeted attack can not be identi_ed by the traditional intrusion detection system.Therefore,in order to deal with this new type of cyber attack.The paper proposes a new method to detect APT attack from di_erent organizations.Data mining algorith-m is used to analyze every organizations APT network attack behavior and obtain association rules,so as to customize the design of the Snort rules and apply them to intrusion detection system.Experiments have shown that the evaluation index of the intrusion detection system us-ing the extended Snort rule is signi_cantly better than the traditional Snort intrusion detection system when detecting the same test data.The precision of the extended Snort intrusion detection system is as high as 98.3%,and the false alarm rate is almost 0,which ultimately achieves the purpose of APT detection.
其他文献
Trusted access to the Internet of Things sensing layer node is the precondition for the trusted operation of the Internet of Things.How to quickly and accurately implement identity authentication of a
Identity-Based Proxy Re-Encryption(IB-PRE)is a cryptographic primitive that permits a semi-trusted proxy to convert the ciphertext encrypted under Alices identity into Bobs ciphertext of the same mess
ElGamal cryptography is one of the most important Public Key Cryptography(PKC)since Diffie-hellman exchangs was proposed,however these PKCs which are based on the hard problems that dis-crete logarith
对未知协议消息序列进行聚类处理是分析协议格式的基础.从字符串匹配的角度出发,利用协议格式字段的连续性,在传统K-均值算法基础上提出一种基于连续特征的未知协议消息聚类算法.首先基于协议格式字段连续性对待测数据集进行粗聚类,提取出K-均值算法的初始聚类中心,再使用消息距离及收敛函数改进的迭代算法对数据进行迭代处理实现消息的进一步聚类.实验表明,提出的新方法与传统K-均值算法相比,在聚类准确度上提升了1
Based on the different representations of the finite field GF(256),there are different AES implementations,called dual ciphers.They have the same encryption process as AES,but with parameters modified
In order to deeply understand the security features of Windows and explore the flaws of Windows UAC mechanism,the origin of UAC mechanism is firstly introduced,and then its implementation principles a
Network functions such as intrusion detection systems(IDS)have been increasingly deployed as virtual network functions or outsourced to cloud service providers to achieve the scalability and agility a
CPS 系统架构逐渐成为工业互联网建构的重要途径,对于未来智联网建设也具有重要研究价值。由于区块链环境下,CPS系统呈现高度分布式、异构耦合等特点,如何对异构耦合的CPS 面临的级联失效等过程进行可靠性分析变得至关重要。迄今为止,该问题尚无有效而彻底的解决方案。本文首先对耦合异构CPS 系统进行了建模,并给出该系统模式下级联失效过程的理论分析;在此基础上,基于仿真实验对比分析,给出影响异构耦合CP
本文针对无人机组网过程中的密钥管理与认证问题,面向不同应用场景提出了有控制站支持的无人机网络认证方案(ASUSG)和无控制站支持的无人机网络认证方案(ASWGS),实现了无人机节点间的密钥管理和身份认证。其中,ASUSG 充分利用控制站计算资源充足、通信链路稳定的特点,将控制站作为密钥生成中心,控制站基于椭圆曲线密码体制对节点进行认证和分发密钥,节点间的认证借助控制站完成;ASWGS 基于身份密码
Nowadays,user preference data collected from e-commerce platforms have become broadly available,which makes the possibility of data mining and analyzing to improve the users experience of individual p