基于网络行为自学习的高级持续性威胁检测技术研究 |
点此下载全文 |
引用本文:刘嘉,谢冰,杨传旭,万洪强,郑妍,杨晶.基于网络行为自学习的高级持续性威胁检测技术研究[J].计算技术与自动化,2019,(2):108-113 |
摘要点击次数: 975 |
全文下载次数: 0 |
|
|
中文摘要:高级持续威胁(APT)对网络安全构成严重威胁,其独特的高度不可预测性、深度隐蔽性和严重危害性使得传统网络监控技术在大规模复杂网络流量背景下面临前所未有的挑战。针对APT检测的迫切需求,依托大数据分析和云计算技术的快速发展,基于机器学习理论,对网络应用语义丰富的行为特征模式进行描述,通过网络协议反向分析和数据流处理技术的有机结合,建立了一套支持建立入侵容忍网络生态环境的新的APT自学习检测框架。 |
中文关键词:高级持续性威胁 网络安全 数据流处理 入侵检测 网络行为模式 |
|
Research on Advanced Continuous Threat Detection Technology Based on Network Self-learning Behaviors |
|
|
Abstract:A serious threat is posed by advanced persistent threat(APT) to network security. Its unique high unpredictability,deep hiding and serious harm make traditional network monitoring technologies face unprecedented challenges in the context of large-scale complex network traffic. The urgent need for APT detection is addressed in this paper,and relies on the rapid development of big data analysis and cloud computing technology. Based on the theory of machine learning,it describes the behavior pattern of semantic richness in network applications,through the reverse analysis of network protocols and the technology of data flow processing. In combination,a new APT self-learning detection framework was established to support the establishment of an intrusion-tolerant network ecosystem. |
keywords:advanced persistent threats network security data stream processing intrusion detection network behavior patterns |
查看全文 查看/发表评论 下载pdf阅读器 |