摘要
高级持续性威胁(APT)对网络安全构成了严重威胁。与种类多、变化快的攻击代码相比,APT攻击中的控制命令服务器(C&C服务器)间通信往往具有特定模式,黑客使用域名生成算法(DGA)生成C&C域名用来逃避域名黑名单检测。通过对APT攻击中使用的域名进行分析,利用大量C&C域名和高信誉域名作为黑白样本,训练LSTM算法模型,提出一种基于LSTM算法的APT攻击通信检测方法。实验结果表明,该方法对使用DGA算法生成C&C域名用来通信的APT攻击具有较好的检测效果。
The APT poses a serious threat to network security. Compared with various and fast changing attack codes, the traffic of C&C servers in the APT often has specific modes. Hackers use DGAs to generate C&C domains to avoid blacklist detection. Domain names used in APT attacks, many C&C domains as black samples, high reputation domains as whites, to train LSTM algorithm model, and proposes a communication detection method for APT attacks based on LSTM algorithm. The experimental results show that this method has a good detection effect on APT attacks using DGA algorithm to generate C&C domain names for communication.
作者
魏峰
张驯
WEI Feng;ZHANG Xun(Electric Power Research Institute of Gansu Electric Power Company,State Grid,Lanzhou 730070,China)
出处
《微型电脑应用》
2022年第3期134-137,共4页
Microcomputer Applications