基于网络行为自学习的高级持续性威胁检测技术研究
    点此下载全文
引用本文:刘嘉,谢冰,杨传旭,万洪强,郑妍,杨晶.基于网络行为自学习的高级持续性威胁检测技术研究[J].计算技术与自动化,2019,(2):108-113
摘要点击次数: 97
全文下载次数: 0
作者单位
刘嘉,谢冰,杨传旭,万洪强,郑妍,杨晶 (云南电网有限责任公司 玉溪供电局云南 玉溪 653100) 
中文摘要:高级持续威胁(APT)对网络安全构成严重威胁,其独特的高度不可预测性、深度隐蔽性和严重危害性使得传统网络监控技术在大规模复杂网络流量背景下面临前所未有的挑战。针对APT检测的迫切需求,依托大数据分析和云计算技术的快速发展,基于机器学习理论,对网络应用语义丰富的行为特征模式进行描述,通过网络协议反向分析和数据流处理技术的有机结合,建立了一套支持建立入侵容忍网络生态环境的新的APT自学习检测框架。
中文关键词:高级持续性威胁  网络安全  数据流处理  入侵检测  网络行为模式
 
Research on Advanced Continuous Threat Detection Technology Based on Network Self-learning Behaviors
Abstract:A serious threat is posed by advanced persistent threat(APT) to network security. Its unique high unpredictability,deep hiding and serious harm make traditional network monitoring technologies face unprecedented challenges in the context of large-scale complex network traffic. The urgent need for APT detection is addressed in this paper,and relies on the rapid development of big data analysis and cloud computing technology. Based on the theory of machine learning,it describes the behavior pattern of semantic richness in network applications,through the reverse analysis of network protocols and the technology of data flow processing. In combination,a new APT self-learning detection framework was established to support the establishment of an intrusion-tolerant network ecosystem.
keywords:advanced persistent threats  network security  data stream processing  intrusion detection  network behavior patterns
查看全文   查看/发表评论   下载pdf阅读器