首页 | 本学科首页   官方微博 | 高级检索  
     

基于HMM的APT攻击路径预测
引用本文:杜镇宇,刘方正,李翼宏. 基于HMM的APT攻击路径预测[J]. 系统工程与电子技术, 2019, 41(4): 826-834. DOI: 10.3969/j.issn.1001-506X.2019.04.18
作者姓名:杜镇宇  刘方正  李翼宏
作者单位:国防科技大学, 安徽 合肥 230037
摘    要:针对当前高级持续性威胁(advanced persistent threat,APT)攻击防御技术以被动防御为主的问题,以主动防御为出发点,研究提出基于隐马尔可夫模型(hidden Markov model,HMM)的APT攻击路径预测方法,该方法分为建模和预测两部分。在建模方面,首先针对APT攻击的特点建立了APT攻击的隐马尔可夫通用模型,然后提出能够针对某一具体APT攻击,生成该APT攻击的HMM的算法。在预测方面,针对APT攻击样本数量少的问题,改进了HMM的参数计算方法,并引入报警信息确定预测起点,提出一种路径预测算法。实验通过模拟极光行动的攻击方式及流程搭建实验环境,结果表明,该建模及预测算法符合APT攻击场景,并能达到路径预测的目的。


Attack path prediction of APT based on HMM
DU Zhenyu,LIU Fangzheng,LI Yihong. Attack path prediction of APT based on HMM[J]. System Engineering and Electronics, 2019, 41(4): 826-834. DOI: 10.3969/j.issn.1001-506X.2019.04.18
Authors:DU Zhenyu  LIU Fangzheng  LI Yihong
Affiliation:National University of Defense Technology, Hefei 230037, China
Abstract:Aiming at the issue that the current advanced persistent threat (APT) attack defense technology is mainly based on passive defense and taking the active defense as a starting point, a method of APT attack path prediction based on the hidden Markov model (HMM) is proposed. The method is divided into modeling and prediction. In the aspect of modeling, firstly, a general HMM model for APT attacks according to characteristics of APT attacks is established. Then, an algorithm to generate the HMM model for specific APT attacks based on the current information input is proposed. In another aspect of prediction, it first improves the parameter calculation method of the HMM model for the less APT samples and then proposes an algorithm of path prediction by adding alert information which can giving the start point of prediction. In the experiment, it establish an experimental environment by simulating the attack method of aurora attack and the results shows that the methods of modeling and prediction meet the APT attack method and situation and they can complete the aim of path prediction.
Keywords:
点击此处可从《系统工程与电子技术》浏览原始摘要信息
点击此处可从《系统工程与电子技术》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号