[ "周涛,男,博士,教授级高工,就职于北京启明星辰信息安全技术有限公司,主要研究方向为大数据安全分析、事件关联分析、入侵检测等。" ]
网络首发:2015-11,
纸质出版:2015-11-20
移动端阅览
周涛. 基于统计学习的网络异常行为检测技术[J]. 大数据, 2015,1(4):30-39.
Tao Zhou. Abnormal Network Behavior Detection Technology Based on Statistical Learning[J]. BIG DATA RESEARCH, 2015, 1(4): 30-39.
周涛. 基于统计学习的网络异常行为检测技术[J]. 大数据, 2015,1(4):30-39. DOI: 10.11959/j.issn.2096-0271.2015039.
Tao Zhou. Abnormal Network Behavior Detection Technology Based on Statistical Learning[J]. BIG DATA RESEARCH, 2015, 1(4): 30-39. DOI: 10.11959/j.issn.2096-0271.2015039.
高级持续性威胁(APT)已经成为企业级安全用户的首要安全威胁。传统基于特征检测、边界防护的安全防范措施在应对APT攻击时存在不足。为此,介绍了网络异常行为检测方法的现状;分析了基于统计学习的检测方法的技术路线和体系架构,并以命令控制通道、获取行为等APT攻击中的典型环节为例,介绍了相关的参数提取和统计分析建模方法;总结了基于大数据的异常行为检测的特点,并指出了后续研究方向。
In recent years
advanced persistent threat (APT) has become the chief threat to enterprise users.The traditional security protection methods
such as signature-based detection and perimeter protection
are insufficient in dealing with APT.Therefore
the status of network anomaly behavior detection method was described.The technology roadmap and system architecture of abnormal behavior detection based on statistical learning were introduced.The feature extract method and statistical modeling methods were proposed.The characteristic of abnormal behavior detection based on big data was concluded and the direction of future research was proposed.
Yen T F , Oprea A , Onarlioglu K , et al . Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks . Proceedings of the 29th Annual Computer Security Applications Conference , New Orleans, Louisiana, USA , 2013 : 199 ~ 208
Kim A S , Kong H J , Hong S C , et al . A flow-based method for abnormal network traffic detection . Network Operations and Management Symposium , 2004 ( 1 ): 599 ~ 612
McCusker O , Brunza S , Dasgupta D . Deriving behavior primitives from aggregate network features using support vector machines . Proceedings of IEEE 5th International Conference on Cyber Conflict (CyCon) , Tallinn,Estonia , 2013 : 1 ~ 18
Bhatt P , Toshiro Y E , Gustavsson P M . Towards a framework to detect multi-stage advanced persistent threats attacks . Proceedings of the 8th International Symposium on Service-Oriented System Engineering , Oxford, UK , 2014 : 390 ~ 395
Garcia-Teodoro P , Diaz-Verdejo J , Maciá-Fernández G , et al . Anomaly-based network intrusion detection:techniques, systems and challenges . Computers & Security , 2009 , 28 ( 1 ): 18 ~ 28
Hutchins E M , Cloppert M J , Amin R M . Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains . Leading Issues in Information Warfare &Security Research , 2011 ( 1 ): 80 ~ 106
0
浏览量
690
下载量
0
CSCD
关联资源
相关文章
相关作者
相关机构
京公网安备11010802024621