| As interactive information exchange more rapidly, with the social informatization level continuously improve, the traditional network security technology has been unable to meet the demand of The Times. Especially for APT attack detection technology, also have no a perfect testing method. How to make the network more resilient to attacks, to ensure information security, network security has become today's information security experts most concerned.APT(Advanced persistent Threat) is a new hacking tool, mostly used in a large organization. It is important in the energy sector or government agencies. Therefore, this kind of behavior brought great harm to the internet information security. And the existing defense research means are backward, the current study focused largely on using a specific vulnerabilities and prevention, the existing defense systems the lack of more comprehensive studies exist deficiencies and existing APT defenses there are many disadvantages. Our Subject aimed in network information security, network attacks, network attack defense strategy technology theory as the guide, in-depth analysis of APT communication characteristic, find its communication pattern, and then found by taking advantage of large-scale data can construct a comprehensive and efficient detection model, which make up less than traditional methods and models APT attack on anomaly detection in the face. At the same time, the large data linked with APT attack detection is a new attempt for future research provides a new way of thinking.This paper adopted method is to use the internet, library and other different way to query the latest related literature and data about APT network attack, analyze of the APT communication logs out fourteen kinds of anomalies. In a small local area network(LAN) in the laboratory, by collecting vast amounts of network side and host side communication log files, using DBSCAN clustering algorithm will collect the log files compressed. Network address corresponding to the host IP address database solutions proposed to establish a log and host mapping difficult. On the log and anomaly detection in combination, we using LDA text mining model to build a new APT communication anomaly detection classification algorithm. LDA is a three-layer Bayesian model, which has a very good effect on the semantic analysis in the documents. Finally, we use APT communication logs with a week experiment, collate the results and the experimentally obtained information into the article, and then draw a new APT attack prevention theories and techniques into the real network, through continuous experiment, record and observation improve the existing theory; and that the teachings herein can be well applied to practical life and work. |
PDF Full Text Request