基于蚁群算法的电力数据网络APT攻击预警模型
|
摘要
高级持续性威胁(Advanced Persistent Threat,APT)是通过预先对攻击对象的业务流程和目标系统进行多维度、多阶段、多对象的持续信息采集,隐匿地实现网络空间的数据窃取。电力网络具有天然的稳定性需求,其覆盖广、涉及面大、灾后损失大。当前APT攻击预警技术存在网络节点碎片化的有限安全域以及全域特征动态检测问题。本文提出基于蚁群算法的电力数据网络APT攻击预警模型。通过设计电力网络的全域可信系统模型,采用流形进行安全边界扩散,将碎片化节点进行柔性关联,确保全域安全控制。构建APT攻击的时效模型,实现攻击对可信系统的损害分析。将APT攻击特征等效为蚁群信息素,实现对APT攻击的自动跟踪和适应。通过实际测试表明,蚁群APT监测预警算法的预警精度有效提升12.6%。
Advanced Persistent Threat(ATP) continuously collects business processes and target systems of attack objects in advance by the way of multi-dimension,multi-stage and multi-object,and anonymously implements data theft of network space.The power network has the natural stability demand,it covers a wide range,involves large scale and has great loss after disaster.There exist the problems of the limited security domain of network node fragmentation and the dynamic detection of the whole domain feature in current APT attack predictions.In this paper,an ATP attack prediction model for power data network based on ant colony algorithm is proposed.By designing the global trusted system model of power network,we use manifold to spread the security boundary and link the fragmented nodes to ensure global security control.The time model of APT attack is built to realize the damage analysis of the attack to the trusted system.Attack prediction model is equivalent to ant colony pheromone,which realizes automatic tracking and adaptation of APT attack.The tests and simulations show that the new model improves prediction accuracy by 12.6%.
Advanced Persistent Threat(ATP) continuously collects business processes and target systems of attack objects in advance by the way of multi-dimension,multi-stage and multi-object,and anonymously implements data theft of network space.The power network has the natural stability demand,it covers a wide range,involves large scale and has great loss after disaster.There exist the problems of the limited security domain of network node fragmentation and the dynamic detection of the whole domain feature in current APT attack predictions.In this paper,an ATP attack prediction model for power data network based on ant colony algorithm is proposed.By designing the global trusted system model of power network,we use manifold to spread the security boundary and link the fragmented nodes to ensure global security control.The time model of APT attack is built to realize the damage analysis of the attack to the trusted system.Attack prediction model is equivalent to ant colony pheromone,which realizes automatic tracking and adaptation of APT attack.The tests and simulations show that the new model improves prediction accuracy by 12.6%.
引文
[1]张瑜,潘小明,LIU Q Z,等.APT攻击与防御[J].清华大学学报(自然科学版),2017,57(11):1127-1133.
[2]CHEN J,SU C,YEH K H,et al.Special issue on advanced persistent threat[J].Future Generation Computer Systems,2018,79:243-246.
[3]程三军,王宇.APT攻击原理及防护技术分析[J].信息网络安全,2016(9):118-123.
[4]付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[5]佟海奇.面向未知木马的APT攻击检测方法研究[D].北京:北京邮电大学,2015.
[6]张小松,牛伟纳,杨国武,等.基于树型结构的APT攻击预测方法[J].电子科技大学学报,2016,45(4):582-588.
[7]LI F,LAI A,DDL D.Evidence of advanced persistent threat:A case study of malware for political espionage[C]//2011 6th International Conference on Malicious and Unwanted Software.2011:102-109.
[8]张瑜,LIU Q Z,李涛,等.基于危险理论的APT攻击实时响应模型[J].四川大学学报(工程科学版),2015,47(4):83-90.
[9]刘东鑫,刘国荣,王帅,等.面向企业网的APT攻击特征分析及防御技术探讨[J].电信科学,2013,29(12):158-163.
[10]MARCHETTI M,PIERAZZI F,COLAJANNI M,et al.A-nalysis of high volumes of network traffic for advanced persistent threat detection[J].Computer Networks,2016,109(Part 2):127-141.
[11]张之硕.邮箱服务器APT攻击检测与防御工具的设计及实现[D].南京:南京大学,2013.
[12]AUTY M.Anatomy of an advanced persistent threat[J].Network Security,2015,2015(4):13-16.
[13]糜旗,朱杰,徐超,等.基于APT网络攻击的技术研究[J].计算机与现代化,2014(10):92-94,122.
[14]肖跃雷.可信网络连接关键技术研究及其应用[D].西安:西安电子科技大学,2013.
[15]马卓,马建峰,李兴华,等.可证明安全的可信网络连接协议模型[J].计算机学报,2011,34(9):1669-1678.
[16]曾梦凡,陈思洋,张文茜,等.利用蚁群算法生成覆盖表:探索与挖掘[J].软件学报,2016,27(4):855-878.
[17]吴华锋,陈信强,毛奇凰,等.基于自然选择策略的蚁群算法求解TSP问题[J].通信学报,2013,34(4):165-170.
[18]付永忠,潘云峰.基于改进蚁群算法的垂直旋转式贴片机贴装顺序优化[J].计算机与现代化,2017(8):17-21.
[19]王红凯,黄益彬,马志程.电网信息安全设备联动关键技术[J].计算机与现代化,2017(2):57-60.
[2]CHEN J,SU C,YEH K H,et al.Special issue on advanced persistent threat[J].Future Generation Computer Systems,2018,79:243-246.
[3]程三军,王宇.APT攻击原理及防护技术分析[J].信息网络安全,2016(9):118-123.
[4]付钰,李洪成,吴晓平,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[5]佟海奇.面向未知木马的APT攻击检测方法研究[D].北京:北京邮电大学,2015.
[6]张小松,牛伟纳,杨国武,等.基于树型结构的APT攻击预测方法[J].电子科技大学学报,2016,45(4):582-588.
[7]LI F,LAI A,DDL D.Evidence of advanced persistent threat:A case study of malware for political espionage[C]//2011 6th International Conference on Malicious and Unwanted Software.2011:102-109.
[8]张瑜,LIU Q Z,李涛,等.基于危险理论的APT攻击实时响应模型[J].四川大学学报(工程科学版),2015,47(4):83-90.
[9]刘东鑫,刘国荣,王帅,等.面向企业网的APT攻击特征分析及防御技术探讨[J].电信科学,2013,29(12):158-163.
[10]MARCHETTI M,PIERAZZI F,COLAJANNI M,et al.A-nalysis of high volumes of network traffic for advanced persistent threat detection[J].Computer Networks,2016,109(Part 2):127-141.
[11]张之硕.邮箱服务器APT攻击检测与防御工具的设计及实现[D].南京:南京大学,2013.
[12]AUTY M.Anatomy of an advanced persistent threat[J].Network Security,2015,2015(4):13-16.
[13]糜旗,朱杰,徐超,等.基于APT网络攻击的技术研究[J].计算机与现代化,2014(10):92-94,122.
[14]肖跃雷.可信网络连接关键技术研究及其应用[D].西安:西安电子科技大学,2013.
[15]马卓,马建峰,李兴华,等.可证明安全的可信网络连接协议模型[J].计算机学报,2011,34(9):1669-1678.
[16]曾梦凡,陈思洋,张文茜,等.利用蚁群算法生成覆盖表:探索与挖掘[J].软件学报,2016,27(4):855-878.
[17]吴华锋,陈信强,毛奇凰,等.基于自然选择策略的蚁群算法求解TSP问题[J].通信学报,2013,34(4):165-170.
[18]付永忠,潘云峰.基于改进蚁群算法的垂直旋转式贴片机贴装顺序优化[J].计算机与现代化,2017(8):17-21.
[19]王红凯,黄益彬,马志程.电网信息安全设备联动关键技术[J].计算机与现代化,2017(2):57-60.