Affiliation of Author(s):计算机科学与技术学院/人工智能学院/软件学院
Journal:Lect. Notes Comput. Sci.
Abstract:Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal. © Springer Nature Switzerland AG 2018.
ISSN No.:0302-9743
Translation or Not:no
Date of Publication:2018-01-01
Co-author:Tan, Jiayu
Correspondence Author:wj