一种基于DBN-SVDD的APT攻击检测方法

Abstract

由于高级持续性威胁(Advanced Persistent Threat, APT)常用于窃取企业核心资料且带来极其恶劣的影响而引起高度关注。因为APT攻击的攻击方法是对特定的攻击目标长期进行持续性网络攻击，具有极高的隐蔽性、潜伏性等特点；所以传统检测技术无法进行有效识别。目前针对APT攻击的检测方案有沙箱方案、网络异常检测方案、全流量方案这三种检测方案，然而现有的APT攻击检测方法中存在检测准确性较低、需要大量经过标记的样本等缺点。本文提出一种基于深度学习的网络入侵检测模型(DBN-SVDD)，该方法利用DBN进行结构降维、提高检测效率，再利用SVDD对数据集进行识别检测。在NSL-KDD数据集的实验结果表明，该方法的检测率可以达到93.71%。该方法具有无人监督、无需大量标记样本、可以有效处理高维数据等特点，能够有效地应用于APT攻击检测中。 Advanced Persistent Threat (APT) causes high attention for it is frequently used to steal enter-prise core data and bring about extremely harsh effects. The APT attack adopts the attack mode of persistent network attack for a long time, and it has the characteristics of high concealment and latency; therefore, the traditional detection technology cannot be effectively identified. At present, the detection scheme for APT attack has three schemes: sandbox scheme, network anomaly detection scheme and full flow scheme. However, the existing APT attack detection method has low accuracy in the detection, a need for large numbers of marked samples and other shortcomings. In this paper, a network intrusion detection model (DBN-SVDD) based on depth learning is proposed by using the network intrusion detection scheme. This method uses DBN to reduce the structure dimension and improve the detection efficiency. Then, the SVDD is used to detect the data set. The experimental results of NSL-KDD dataset show that the detection rate of this method is high; the method has unmanned supervision; and it can effectively deal with high-dimensional data and so on. It can be effectively applied to APT attack detection.