| With the development of Internet technology,network security incidents are becoming more frequent.In recent years,advanced persistent threat(APT)has caused serious damage to countries and groups around the world,APT protection has become the focus of cybersecurity.Due to the complexity of APT,the traditional detection technology can not perform well.In recent years,scholars put forward a series of detection methods on the basis of machine learning,cloud computing and big data.How to design the corresponding attack test platform,has become an urgent problem.At present,the research of APT attack test platform is still in a blank stage.In addition,the attack test system for traditional attack detection is difficult to meet the test requirements of APT attack detection.In this paper,we design and implement an APT attack test platform for command and control channel.The main contents and contributions of this paper are as follows:APT real communication traffic acquisition:Currently,the attack traffic is generated by using different attack tools or scripts.However,there is no server-side open source code for APT attack,this method becomes useless.In this paper,an APT real communication traffic acquisition method is proposed by analyzing the APT campaign reports.This method use the MD5 in the APT reports to get virus samples and information from VirusShare,VirusTotal and CVE.An operating environment for APT virus samples is designed and deployed,and a large number of APT traffic is captured.APT simulation communication traffic generation:The traditional attack flow simulation system is designed for the conventional attack.The communication characteristics of APT are different from conventional attack,the traditional attack flow simulation system is useless to APT.In this paper,the APT communication characteristics in the APT campaign reports are summarized and an APT simulation traffic flow generation method is proposed.Libnet and Libpcap are used to generate APT simulation traffic based on the communication charcteristics and fractal wavelet model.The experimental results show that the fit between simulation and real flow is very high.APT detection method evaluation:Due to the complexity of the APT detection method,the traditional attack test system has been unable to meet its test requirements.In this paper,an APT attack test platform for command and control channel is designed.The platform evaluate different APT detection methods using APT communication traffic and background traffic.The experimental results show that the platform can well meet the testing requirements of various APT detection methods. |
PDF Full Text Request