当前位置:
X-MOL 学术
›
Concurr. Comput. Pract. Exp.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Cyber situation perception for Internet of Things systems based on zero-day attack activities recognition within advanced persistent threat
Concurrency and Computation: Practice and Experience ( IF 2 ) Pub Date : 2020-10-02 , DOI: 10.1002/cpe.6001 Xiang Cheng 1, 2 , Jiale Zhang 1, 2 , Yaofeng Tu 1, 3 , Bing Chen 1, 2
Concurrency and Computation: Practice and Experience ( IF 2 ) Pub Date : 2020-10-02 , DOI: 10.1002/cpe.6001 Xiang Cheng 1, 2 , Jiale Zhang 1, 2 , Yaofeng Tu 1, 3 , Bing Chen 1, 2
Affiliation
With the development of the Internet of Things (IoT) technology, various attacks and threats have emerged. The advanced persistent threat (APT) refers to a class of advanced multiple-steps attacks among diverse attack activities, which brings severe threats to the IoT systems ascribe to its pertinence, concealment, and permeability. However, the existing technologies and methods fail to timely recognize the APT attack activities (especially the zero-day exploits) in a comprehensive scope. To address this problem, we propose a novel method of cyber situation perception for IoT systems, which based on zero-day attack activity recognition within APT (CSPAPTM). Moreover, we also design an edge computing framework for applying CSPAPTM to the typical IoT systems. Specifically, we first provide a cyber situation perception ontology construction module for describing the APT attack activities. Then, a malicious C&C DNS mining method (MCCDRM) is proposed to control the APT malicious activity correlation analysis trigger, which can effectively decrease the computing overhead. Finally, we propose a zero-day attack activity recognition method within APT (ZDAARA), which acts on system call instances to recognize the malicious activities, which cannot be detected by IDS. A relatively mature access control mechanism PO-SAAC is also applied to our method. Through the coalescent of these methods, CSPAPTM can accomplish the cyber situation perception effectively by the zero-day attack activities recognition in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, that is, MCCDRM and ZDAARA in our CSPAPTM, can achieve both higher F1 score and acceptable false positive rate.
中文翻译:
基于高级持续威胁中零日攻击活动识别的物联网系统网络态势感知
随着物联网(IoT)技术的发展,各种攻击和威胁层出不穷。高级持续威胁(APT)是指在各种攻击活动中的一类高级多步攻击,由于其针对性、隐蔽性和渗透性,给物联网系统带来严重威胁。然而,现有的技术和方法未能及时全面地识别APT攻击活动(尤其是零日漏洞)。为了解决这个问题,我们提出了一种新的物联网系统网络态势感知方法,该方法基于 APT 内的零日攻击活动识别 (CSPAPTM)。此外,我们还设计了一个边缘计算框架,用于将 CSPAPTM 应用于典型的物联网系统。具体来说,我们首先提供了一个网络态势感知本体构建模块,用于描述 APT 攻击活动。然后,提出了一种恶意C&C DNS挖掘方法(MCCDRM)来控制APT恶意活动关联分析触发,可以有效降低计算开销。最后,我们提出了一种 APT (ZDAARA) 内的零日攻击活动识别方法,它作用于系统调用实例以识别 IDS 无法检测到的恶意活动。一种相对成熟的访问控制机制 PO-SAAC 也应用于我们的方法。通过这些方法的结合,CSAPTM可以通过物联网系统中的零日攻击活动识别,有效地完成网络态势感知。详尽的实验结果表明,这两个内核模块,即F 1分数和可接受的误报率。
更新日期:2020-10-02
中文翻译:
基于高级持续威胁中零日攻击活动识别的物联网系统网络态势感知
随着物联网(IoT)技术的发展,各种攻击和威胁层出不穷。高级持续威胁(APT)是指在各种攻击活动中的一类高级多步攻击,由于其针对性、隐蔽性和渗透性,给物联网系统带来严重威胁。然而,现有的技术和方法未能及时全面地识别APT攻击活动(尤其是零日漏洞)。为了解决这个问题,我们提出了一种新的物联网系统网络态势感知方法,该方法基于 APT 内的零日攻击活动识别 (CSPAPTM)。此外,我们还设计了一个边缘计算框架,用于将 CSPAPTM 应用于典型的物联网系统。具体来说,我们首先提供了一个网络态势感知本体构建模块,用于描述 APT 攻击活动。然后,提出了一种恶意C&C DNS挖掘方法(MCCDRM)来控制APT恶意活动关联分析触发,可以有效降低计算开销。最后,我们提出了一种 APT (ZDAARA) 内的零日攻击活动识别方法,它作用于系统调用实例以识别 IDS 无法检测到的恶意活动。一种相对成熟的访问控制机制 PO-SAAC 也应用于我们的方法。通过这些方法的结合,CSAPTM可以通过物联网系统中的零日攻击活动识别,有效地完成网络态势感知。详尽的实验结果表明,这两个内核模块,即F 1分数和可接受的误报率。
京公网安备 11010802027423号