摘要
网络实验室本身具有网络系统攻击测试、安全性检测以及安全应急响应训练等功能,但是仍无法检测出APT(高级可持续威胁)攻击的域名。为此提出一种网络实验室受APT攻击的域名检测方法。通过白名单过滤全部域名,根据网络特征和词汇属性提取网络实验室受APT攻击的域名特征。利用域名特征获取域名的二级域名长度分布阈值,通过阈值检测待检测的网络实验室受APT攻击的域名,最终得到准确的APT攻击域名检测结果。仿真结果表明,所提方法能够获取比较准确的域名检测结果,同时还能够提升测试时间。
The network laboratory inherently has the functions of network system attack test, security detection and emergency response training, but it is still unable to detect the domain name attacked by Advanced Persistent threat(APT). Therefore, a method to detect the domain name of network laboratory attacked by APT was proposed. All domain names were filtered through the white list at first. According to network characteristics and vocabulary attributes, the characteristics of the domain name of network laboratory attacked by APT were extracted. Then, domain name characteristics were used to obtain the threshold of subdomain length distribution. After that, the threshold was used to detect the domain name of network laboratory attacked by APT. Finally, the accurate detection result was obtained. Simulation results show that the proposed method can not only obtain more accurate results of domain name detection, but also reduce the test time.
作者
杨桂山
安庆
YANG Gui-shan;AN Qing(Hunan University of Information Technology,Experimenting and Practicing center,Changsha Hunan 410151,China;School of Artificial Intelligence,Wuhan University of Technology,Wuhan Hubei 430070,China)
出处
《计算机仿真》
北大核心
2022年第9期441-445,共5页
Computer Simulation
基金
湖南省教育厅科学研究基金项目(17C1127)。
关键词
网络实验室
攻击
域名检测
特征提取
Network laboratory
APT attack
Domain name detection
Feature extraction