计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (22): 97-104.DOI: 10.3778/j.issn.1002-8331.1607-0168

• 网络、通信与安全 • 上一篇    下一篇

基于阶段特性的APT攻击行为分类与评估方法

杨豪璞,王  坤   

  1. 信息工程大学,郑州 450001
  • 出版日期:2017-11-15 发布日期:2017-11-29

Phase-based classification and evaluation of APT attack behaviors

YANG Haopu, WANG Kun   

  1. Information Engineering University, Zhengzhou 450001, China
  • Online:2017-11-15 Published:2017-11-29

摘要: APT攻击行为的复杂多样性增加了攻击检测的难度,这也正是当前APT攻击研究的难点之一。基于现有研究,提出基于阶段特性的APT攻击行为分类与评估方法。通过学习理解APT攻击的概念,对APT攻击的阶段特征进行总结;以各攻击阶段的目的为依据,对APT攻击行为进行细粒度划分,形成APT攻击行为分类框架;基于各类攻击行为的特点,提取影响APT攻击性能的关键因素,设计相应的量化评估方法,为攻击行为的选取与检测提供指导。通过对实验结果进行分析,所提方法能够真实地反映攻击的实际情况,具有较好的有效性和准确性。

关键词: 高级可持续性(APT)攻击, 攻击检测, 行为分类, 行为量化

Abstract: The complexity and variety of APT attack increase the difficulty of detection, which is one of the most significant limitations in the research of APT. Based on the existing research, this paper proposes a phase-based classification and evaluation method of APT attack behaviors. By understanding the basic concept of APT, the phase-characteristic is analyzed and summarized. According to the target of each phase, the attack behaviors are fine-grained classified to build the classification framework of APT attack behavior. The primary impact factors which directly influence the performance of attack are extracted and quantified on the basis of each category’s features. These factors are used for guiding the selection as well as the detection of attack-behaviors. The experimental result shows that the proposed method can truly reflect the actual situation of attack and performs well in validity and accuracy.

Key words: APT attack, attack detection, behavior classification, behavior quantification