基于HMM的APT攻击路径预测

TP309.2; 针对当前高级持续性威胁(advanced persistent threat,APT)攻击防御技术以被动防御为主的问题,以主动防御为出发点,研究提出基于隐马尔可夫模型(hidden Markov model,HMM)的APT攻击路径预测方法,该方法分为建模和预测两部分.在建模方面,首先针对APT攻击的特点建立了APT攻击的隐马尔可夫通用模型,然后提出能够针对某一具体APT攻击,生成该APT攻击的HMM的算法.在预测方面,针对APT攻击样本数量少的问题,改进了HMM的参数计算方法,并引入报警信息确定预测起点,提出一种路径预测算法.实验通过模拟极光行动的攻击方式及流程搭建实验环境...

Full description

Saved in:
Bibliographic Details
Published in系统工程与电子技术 Vol. 41; no. 4; pp. 826 - 834
Main Authors 杜镇宇, 刘方正, 李翼宏
Format Journal Article
LanguageChinese
Published 国防科技大学,安徽合肥,230037 01.04.2019
Subjects
路径预测
隐马尔可夫模型
建模
高级持续性威胁
Online AccessGet full text
ISSN1001-506X
DOI10.3969/j.issn.1001-506X.2019.04.18

Cover

Abstract TP309.2; 针对当前高级持续性威胁(advanced persistent threat,APT)攻击防御技术以被动防御为主的问题,以主动防御为出发点,研究提出基于隐马尔可夫模型(hidden Markov model,HMM)的APT攻击路径预测方法,该方法分为建模和预测两部分.在建模方面,首先针对APT攻击的特点建立了APT攻击的隐马尔可夫通用模型,然后提出能够针对某一具体APT攻击,生成该APT攻击的HMM的算法.在预测方面,针对APT攻击样本数量少的问题,改进了HMM的参数计算方法,并引入报警信息确定预测起点,提出一种路径预测算法.实验通过模拟极光行动的攻击方式及流程搭建实验环境,结果表明,该建模及预测算法符合APT攻击场景,并能达到路径预测的目的.
AbstractList TP309.2; 针对当前高级持续性威胁(advanced persistent threat,APT)攻击防御技术以被动防御为主的问题,以主动防御为出发点,研究提出基于隐马尔可夫模型(hidden Markov model,HMM)的APT攻击路径预测方法,该方法分为建模和预测两部分.在建模方面,首先针对APT攻击的特点建立了APT攻击的隐马尔可夫通用模型,然后提出能够针对某一具体APT攻击,生成该APT攻击的HMM的算法.在预测方面,针对APT攻击样本数量少的问题,改进了HMM的参数计算方法,并引入报警信息确定预测起点,提出一种路径预测算法.实验通过模拟极光行动的攻击方式及流程搭建实验环境,结果表明,该建模及预测算法符合APT攻击场景,并能达到路径预测的目的.
Author 刘方正
李翼宏
杜镇宇
AuthorAffiliation 国防科技大学,安徽合肥,230037
AuthorAffiliation_xml – name: 国防科技大学,安徽合肥,230037
Author_FL DU Zhenyu
LIU Fangzheng
LI Yihong
Author_FL_xml – sequence: 1
  fullname: DU Zhenyu
– sequence: 2
  fullname: LIU Fangzheng
– sequence: 3
  fullname: LI Yihong
Author_xml – sequence: 1
  fullname: 杜镇宇
– sequence: 2
  fullname: 刘方正
– sequence: 3
  fullname: 李翼宏
BookMark eNrjYmDJy89LZWBQNjTQM7Y0s9TP0sssLs7TMzQwMNQ1NTCL0DMyMLTUMzDRM7RgYeCEC3Mw8BYXZyYZmBoam5samJtwMig-nb_rya4-D1_f57NaHANCnk3Z_bR994vt65_ua3m5qOXZ1m4eBta0xJziVF4ozc0Q4uYa4uyh6-Pv7uns6KNbbGhgaqmbYm5oZpJqkmRgYWCSmmphlGpgaW5gkGpubGFpbpGSbJxsYmlgnpaSnGppbmZuaWxgamKcbGicamKUlJpsmGRuzM2gBTG2PDEvLTEvPT4rv7QoD2hhfEVJenJlSlVWMchPBiZAwhgAgTxOSw
ClassificationCodes TP309.2
ContentType Journal Article
Copyright Copyright © Wanfang Data Co. Ltd. All Rights Reserved.
Copyright_xml – notice: Copyright © Wanfang Data Co. Ltd. All Rights Reserved.
DBID 2B.
4A8
92I
93N
PSX
TCJ
DOI 10.3969/j.issn.1001-506X.2019.04.18
DatabaseName Wanfang Data Journals - Hong Kong
WANFANG Data Centre
Wanfang Data Journals
万方数据期刊 - 香港版
China Online Journals (COJ)
China Online Journals (COJ)
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
DocumentTitle_FL Attack path prediction of APT based on HMM
EndPage 834
ExternalDocumentID xtgcydzjs201904019
GrantInformation_xml – fundername: 国家自然科学基金资助课题
  funderid: (U1636201)资助课题
GroupedDBID -0Y
2B.
4A8
5XA
5XJ
92E
92I
93N
ABJNI
ACGFS
ALMA_UNASSIGNED_HOLDINGS
CCEZO
CUBFJ
CW9
PSX
TCJ
TGP
U1G
U5S
ID FETCH-LOGICAL-s1059-d7164e4b0804ee82e09700e738978dc3c4907fdce9767930543c13e42bec1b73
ISSN 1001-506X
IngestDate Thu May 29 04:00:30 EDT 2025
IsPeerReviewed false
IsScholarly true
Issue 4
Keywords 路径预测
隐马尔可夫模型
建模
高级持续性威胁
Language Chinese
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-s1059-d7164e4b0804ee82e09700e738978dc3c4907fdce9767930543c13e42bec1b73
PageCount 9
ParticipantIDs wanfang_journals_xtgcydzjs201904019
PublicationCentury 2000
PublicationDate 2019-04-01
PublicationDateYYYYMMDD 2019-04-01
PublicationDate_xml – month: 04
  year: 2019
  text: 2019-04-01
  day: 01
PublicationDecade 2010
PublicationTitle 系统工程与电子技术
PublicationTitle_FL Systems Engineering and Electronics
PublicationYear 2019
Publisher 国防科技大学,安徽合肥,230037
Publisher_xml – name: 国防科技大学,安徽合肥,230037
SSID ssib051375074
ssib002263377
ssib001102898
ssib057620160
ssib023168126
ssib023646287
ssj0042237
Score 2.2107644
Snippet TP309.2; 针对当前高级持续性威胁(advanced persistent threat,APT)攻击防御技术以被动防御为主的问题,以主动防御为出发点,研究提出基于隐马尔可夫模型(hidden Markov...
SourceID wanfang
SourceType Aggregation Database
StartPage 826
Title 基于HMM的APT攻击路径预测
URI https://d.wanfangdata.com.cn/periodical/xtgcydzjs201904019
Volume 41
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Pi9NAFB_WLogeRFfF_6ysc8yaTCaZmWPSphSxIlhhb0uTJiseKtguaM8FD4InT14Ev4AnEXbBT2NX_Rb-3iRt4iqyegnD65v33sybzPxeOvOGsTtCpjosTOjIUVo4hKCd4XDoOSpUbuGG2gQZnXfuPwh7j-W9nWBn7dRGY9fS_jTdzmZ_PFfyP14FDX6lU7L_4NmVUBBQhn_xhIfxPJGPeRJw0-VxxBNJT530-n2eKG5QltHDAU9CbvBTTJwI-6mgeax41CVKnICNJ4ZHwhZCHoMtbgJWkhb7tqKtbsqKkBAQJdLgt9pRSKxqSULAE3W4cUmmjmg7BVnSht6lhy2hQzToN9Y6qgSLVM0CsuZGW14YZ6gAuZF_TEqpOkZXtJdSus3vGZ5pbIOhEWh7LuZxx2pHlwjbGpjvNUyGJEnEsjVRiPG4FG-q_iMJATUUhqJrtaCOoXupKOVOY8anPWWBa69TXC0JZS6uaujLxvyuRdiECuV32OOrkG9CY1chUrC9UkD7CA3l1a0WnF_TfL-Y7mUvR7OnE-LCzEqpbNcFYh-3xdajTv_-oxrlEihsRMlA0L5fHycWdBeZV6NquiIgFDUKDzwfMLFG_Yg4BeUZXAIYCcRo7yRaGn6abVWtuvuXNtlTb-NiON5rALTBeXauiqw2o_I1ucDWZk822NlGvs2L7Pbi_cHXgzd4Sb69m-P1OHp7uHh1-P3zx8WX-Y8P86NPry-xQTcZtHtOdUeIM6HIwBlRvJ_LFIGPzHMtctco180VcLjSo8zPpHFVMcpywG4sRQhQ_Mzzcykwd3mp8i-z1vjZOL_CNnN7NYQYuVIVkv7slgDnfpgWntReroqrbKtq3241BUx2f3fatRNxXWdn6qF_g7Wmz_fzmwC30_RW5eyfxTJwzQ
linkProvider EBSCOhost
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=%E5%9F%BA%E4%BA%8EHMM%E7%9A%84APT%E6%94%BB%E5%87%BB%E8%B7%AF%E5%BE%84%E9%A2%84%E6%B5%8B&rft.jtitle=%E7%B3%BB%E7%BB%9F%E5%B7%A5%E7%A8%8B%E4%B8%8E%E7%94%B5%E5%AD%90%E6%8A%80%E6%9C%AF&rft.au=%E6%9D%9C%E9%95%87%E5%AE%87&rft.au=%E5%88%98%E6%96%B9%E6%AD%A3&rft.au=%E6%9D%8E%E7%BF%BC%E5%AE%8F&rft.date=2019-04-01&rft.pub=%E5%9B%BD%E9%98%B2%E7%A7%91%E6%8A%80%E5%A4%A7%E5%AD%A6%2C%E5%AE%89%E5%BE%BD%E5%90%88%E8%82%A5%2C230037&rft.issn=1001-506X&rft.volume=41&rft.issue=4&rft.spage=826&rft.epage=834&rft_id=info:doi/10.3969%2Fj.issn.1001-506X.2019.04.18&rft.externalDocID=xtgcydzjs201904019
thumbnail_s http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=http%3A%2F%2Fwww.wanfangdata.com.cn%2Fimages%2FPeriodicalImages%2Fxtgcydzjs%2Fxtgcydzjs.jpg