• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2015, Vol. 37 ›› Issue (08): 1458-1464.

• 论文 • Previous Articles     Next Articles

Research on an APT attack-oriented detection
model with association analysis  

LI Jie,LOU Fang,JIN Yuquan,DONG Zhixin   

  1. (Institute of Computer Application,China Academy of Engineering Physics,Mianyang 621900,China)
  • Received:2014-08-15 Revised:2014-10-11 Online:2015-08-25 Published:2015-08-25

Abstract:

As Flame, Duqu, Stuxnet and other virus attacks have been reported in these years, the whole society has laid more emphasis on APT attacks. Compared with traditional attacks, APT attacks are more targeted, persistent, hidden and complex; they are also destructive and can cause serious consequences. However, because APT attacks can happen in lots of ways and are deeply hidden, and traditional detections, including firewall, antivirus, IDS and so on, can hardly discover APT attacks, or the attack goals have been reached long before the detection. To solve theses problems, we design an APT attack detection model based on the research of the features of APT attacks. Besides, with proper time threshold, we conduct association analysis of the attacks detected by various detection methods, and the attack paths can be matched with the attack detection model. Based on the matching degree of the intrusion paths, we can make a judgment about the existence of APT attacks. And experimental results show that with a relatively complete ATP attack detection model, the detection precision of APT attacks is higher.

Key words: APT attack detection;association analysis;path matching;time threshold