摘要
近年来,复杂环境下的高级持续性威胁(APT)防御逐渐成为网络安全关注的重点。APT攻击隐蔽性强,早期发现则危害性较小。本文基于DNS日志深度挖掘,由DGA域名智能检测和APT隧道智能检测等功能入手,从DNS日志角度提出APT防御的新思路和方法。基于转换神经网络和门控循环神经网络融合算法,以及统计机器学习算法,实现了对恶意DGA域名和APT攻击DNS隧道的检测,弥补了网络安全措施对算法生成域名关注度的不足和DNS易被APT潜伏利用的漏洞。通过在实验网络环境中的深度测试,结果表明论文方法能够较好地应对日益严峻的互联网APT安全威胁。
In recent years,APT defense has gradually become the key focus of network security.APT attack has strong concealment,while its early detection is less harmful.The proposed method is based on DNS logs,starting from multiple functional dimensions such as DNS log in-depth resolution,DGA domain name AI detection and DNS tunnel detection,putting forward a new idea of apt defense from the perspective of DNS.Transformer and GRU neural network algorithm is used to detect malicious DGA domains and ML to detect the DNS tunnel of APT attack,which makes up for the lack of attention of the domain names generated by algorithms,and the vulnerability that DNS is easy to be latent exploited by APT.Through the in-depth test in the experimental environment,the results show that the proposed method can better deal with the increasingly severe Internet APT security threat.
作者
田毅
赵雪昆
赵亚锋
潘霞
TIAN Yi;ZHAO Xue-kun;ZHAO Ya-feng;PAN Xia(China Mobile Group Hebei Co.,Ltd.,Shijiazhuang 050021,China)
出处
《电信工程技术与标准化》
2021年第12期16-21,共6页
Telecom Engineering Technics and Standardization
