Detecting advanced persistent threats based on entropy and support vector machine
点击次数:
所属单位:计算机科学与技术学院/人工智能学院/软件学院
发表刊物:Lect. Notes Comput. Sci.
摘要:Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal. © Springer Nature Switzerland AG 2018.
ISSN号:0302-9743
是否译文:否
发表时间:2018-01-01
合写作者:Tan, Jiayu
通讯作者:王箭