{"title":"基于流量日志特征的APT攻击检测方法","authors":"Xingjie Huang, Beibei Su, Ru Zhang, Feiyu Chen, Jinmeng Zhao, Yating Gao","doi":"10.1109/ICCS56273.2022.9987983","DOIUrl":null,"url":null,"abstract":"APT (Advanced Persistent Threat) attack can generally hide the attack process by evading the detection of the IDS system. This paper proposes a detection model for C2 stage network behavior in APT attacks using anonymized datasets. For C2 domain name access records, a number of features based on DNS behavior rules are proposed, and these features are fused with traffic features. Experiments are carried out by combining the data collected in a large-scale organization with the simulation data. The experiments result shows that the method in this paper has the ability to detect APT attacks under large data, and can detect suspected infected hosts.","PeriodicalId":382726,"journal":{"name":"2022 IEEE 2nd International Conference on Computer Systems (ICCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"APT Attack Detection Method Based on Traffic Log Features\",\"authors\":\"Xingjie Huang, Beibei Su, Ru Zhang, Feiyu Chen, Jinmeng Zhao, Yating Gao\",\"doi\":\"10.1109/ICCS56273.2022.9987983\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"APT (Advanced Persistent Threat) attack can generally hide the attack process by evading the detection of the IDS system. This paper proposes a detection model for C2 stage network behavior in APT attacks using anonymized datasets. For C2 domain name access records, a number of features based on DNS behavior rules are proposed, and these features are fused with traffic features. Experiments are carried out by combining the data collected in a large-scale organization with the simulation data. The experiments result shows that the method in this paper has the ability to detect APT attacks under large data, and can detect suspected infected hosts.\",\"PeriodicalId\":382726,\"journal\":{\"name\":\"2022 IEEE 2nd International Conference on Computer Systems (ICCS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 2nd International Conference on Computer Systems (ICCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCS56273.2022.9987983\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 2nd International Conference on Computer Systems (ICCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCS56273.2022.9987983","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
APT Attack Detection Method Based on Traffic Log Features
APT (Advanced Persistent Threat) attack can generally hide the attack process by evading the detection of the IDS system. This paper proposes a detection model for C2 stage network behavior in APT attacks using anonymized datasets. For C2 domain name access records, a number of features based on DNS behavior rules are proposed, and these features are fused with traffic features. Experiments are carried out by combining the data collected in a large-scale organization with the simulation data. The experiments result shows that the method in this paper has the ability to detect APT attacks under large data, and can detect suspected infected hosts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
