摘要
高级持续性威胁(APT)已经成为企业级安全用户的首要安全威胁。传统基于特征检测、边界防护的安全防范措施在应对APT攻击时存在不足。为此,介绍了网络异常行为检测方法的现状;分析了基于统计学习的检测方法的技术路线和体系架构,并以命令控制通道、获取行为等APT攻击中的典型环节为例,介绍了相关的参数提取和统计分析建模方法;总结了基于大数据的异常行为检测的特点,并指出了后续研究方向。
In recent years,advanced persistent threat(APT) has become the chief threat to enterprise users.The traditional security protection methods,such as signature-based detection and perimeter protection,are insufficient in dealing with APT.Therefore,the status of network anomaly behavior detection method was described.The technology roadmap and system architecture of abnormal behavior detection based on statistical learning were introduced.The feature extract method and statistical modeling methods were proposed.The characteristic of abnormal behavior detection based on big data was concluded and the direction of future research was proposed.
出处
《大数据》
2015年第4期38-47,共10页
Big Data Research
关键词
大数据
安全分析
异常行为检测
统计学习
big data
security analysis
abnormal behavior detection
statistical learning