[1]朱光明,卢梓杰,冯家伟,等.基于攻击上下文分析的多阶段攻击趋势预测[J].计算机技术与发展,2023,33(07):104-110.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 016]
 ZHU Guang-ming,LU Zi-jie,FENG Jia-wei,et al.Multi-stage Attack Prediction Based on Attack Context Analysis[J].,2023,33(07):104-110.[doi:10. 3969 / j. issn. 1673-629X. 2023. 07. 016]
点击复制

基于攻击上下文分析的多阶段攻击趋势预测()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年07期
页码:
104-110
栏目:
网络空间安全
出版日期:
2023-07-10

文章信息/Info

Title:
Multi-stage Attack Prediction Based on Attack Context Analysis
文章编号:
1673-629X(2023)07-0104-07
作者:
朱光明1 卢梓杰1 冯家伟2 张向东2 张锋军3 牛作元3 张 亮1
1. 西安电子科技大学 计算机科学与技术学院,陕西 西安 710071;
2. 西安电子科技大学 通信工程学院,陕西 西安 710071;
3. 中国电子科技集团公司第三十研究所,四川 成都 610041
Author(s):
ZHU Guang-ming1 LU Zi-jie1 FENG Jia-wei2 ZHANG Xiang-dong2 ZHANG Feng-jun3 NIU Zuo-yuan3 ZHANG Liang1
1. School of Computer Science and Technology,Xidian University,Xi’ an 710071,China;
2. School of Communication Engineering,Xidian University,Xi’ an 710071,China;
3. The 30th Research Institute of China Electronics Technology Group Corporation,Chengdu 610041,China
关键词:
网络安全因果图攻击预测自然语言处理Transformer
Keywords:
network securitycausal graphattack predictionnatural language processingTransformer
分类号:
TP391
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 07. 016
摘要:
高级可持续威胁(Advanced Persistent Threat,APT) 等多阶段攻击具有复杂多样性和隐蔽持续性的特点,给网络安全带来了极大的威胁。 研究攻击方的攻击策略并对其后续攻击步骤进行预测,是防御方的一个重要研究课题。 针对多阶段攻击趋势预测难的问题,该文提出了基于攻击上下文分析的多阶段攻击趋势预测算法,从系统日志中梳理攻击上下文并对后续的攻击趋势进行预测。 该算法先通过因果图构建、异常日志序列提取、抽象文本表示等步骤实现对已有攻击上下文的分析,然后基于已经检测到的攻击序列,利用 Transformer 模型对后续攻击趋势进行预测。 在开源的 ATLAS 数据集和 HDFS 数据集上对算法进行了验证。 在 ATLAS 数据集的超过 7 000 个序列中,该算法的单步预测准确率可达 90% 以上,五步预测准确率也能达到 74% 。 实验表明基于攻击上下文分析的攻击趋势预测是一种可行的方法,为网络攻击预测研究提供了一种新思路。
Abstract:
Multi-stage attacks,such as Advanced Persistent Threat ( APT) ,have the characteristics of complex diversity and concealmentpersistence,and pose a great threat to the network security. Therefore,to study the attack strategies of attackers and predict the subsequentattack steps is still an important research topic for defenders. In order to overcome the difficulty to predict the trend of multi - stageattacks,we propose a multi-stage attack trend prediction algorithm based on the attack context analysis,which analyzes the attack contextfrom the system logs and predicts the subsequent attack steps. The proposed algorithm firstly fulfills the attach context analysis throughthe construction of causal graphs, the extraction of abnormal log sequences and the abstract text representation. Then, the subsequentattack steps are predicted using the Transformer-based model based on the detected attack sequences. The proposed algorithm has been evaluated on the released ATLAS dataset and HDFS dataset,and it has achieved the accuracy of more than 90% on one-step predictionand the accuracy of 74% on five-step prediction,among the more than 7 000 sequences of ATLAS. The experiments demonstrate that itis practicable and reasonable to predict the trend of multi-stage attacks based on the attack context analysis. This also supplies a new ideafor researches on network attack prediction.

相似文献/References:

[1]严华 蔡瑞英.即时通信监控系统的设计与实现[J].计算机技术与发展,2009,(07):242.
 YAN Hua,CAI Rui-ying.Design and Implementation of Monitoring System of Instant Messaging[J].,2009,(07):242.
[2]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(07):132.
[3]潘晓君.基于缓存超时的ARP欺骗攻击协议的研究[J].计算机技术与发展,2009,(10):167.
 PAN Xiao-jun.Research of ARP Spoofing Attack Protocol Based on Cache Overtime[J].,2009,(07):167.
[4]彭云峰 沈明玉.入侵防御系统在应急平台网络中的应用研究[J].计算机技术与发展,2009,(02):162.
 PENG Yun-feng,SHEN Ming-yu.Research on Intrusion Prevention System for Emergency Response Network[J].,2009,(07):162.
[5]尚占锋 章登义.DDoS防御机制研究[J].计算机技术与发展,2008,(01):7.
 SHANG Zhan-feng,ZHANG Deng-yi.Research of DDoS Defense Mechanism[J].,2008,(07):7.
[6]涂溢彬 饶云波[] 廖云 周明天.蜜网系统在检测新型Rootkit中的应用[J].计算机技术与发展,2008,(01):181.
 TU Yi-bin,RAO Yun-bo,LIAO Yun,et al.Honeynet System Applied in New Pattern Rootkit[J].,2008,(07):181.
[7]邵晓宇 杨善林 褚伟.基于Linux入侵检测动态防火墙的设计与实现[J].计算机技术与发展,2008,(05):156.
 SHAO Xiao-yu,YANG Shan-lin,CHU Wei.Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux[J].,2008,(07):156.
[8]孙印杰 王敏 陈智芳.解析蜜罐技术在网络安全中的应用[J].计算机技术与发展,2008,(07):129.
 SUN Yin-jie,WANG Min,CHEN Zhi-fang.Analysis Honeypot Technology Application in Network Security[J].,2008,(07):129.
[9]曹莹莹 王绍棣 王汝传 张伟.恶意代码传播效果的控制技术研究[J].计算机技术与发展,2010,(08):128.
 CAO Ying-ying,WANG Shao-di,WANG Ru-chuan,et al.Research on Malware Code Propagation Effect Control Technology[J].,2010,(07):128.
[10]潘文婵 章韵.路由器访问控制列表在网络安全中的应用[J].计算机技术与发展,2010,(08):159.
 PAN Wen-chan,ZHANG Yun.Application of Access Control List on Router in Network Security[J].,2010,(07):159.
[11]朱光明,冯家伟,卢梓杰,等.因果图表征的网络攻击数据集构建[J].计算机技术与发展,2024,34(04):124.[doi:10. 3969 / j. issn. 1673-629X. 2024. 04. 019]
 ZHU Guang-ming,FENG Jia-wei,LU Zi-jie,et al.Network Attack Dataset Construction Using Causal Graph[J].,2024,34(07):124.[doi:10. 3969 / j. issn. 1673-629X. 2024. 04. 019]

更新日期/Last Update: 2023-07-10