计算机科学 ›› 2020, Vol. 47 ›› Issue (1): 281-286.doi: 10.11896/jsjkx.181102103
刘海波,武天博,沈晶,史长亭
LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting
摘要: 高级持续性威胁(Advanced Persistent Threat,APT)带来的危害日趋严重。传统的APT检测方法针对的攻击模式比较单一,处理的APT攻击的时间跨度相对较短,没有完全体现出APT攻击的时间序列性,因此当攻击数据样本较少、攻击持续时间较长时准确率很低。为了解决这个问题,文中提出了基于生成式对抗网络(Generative Adversarial Netwokrs,GAN)和长短期记忆网络(Long Short-term Memory,LSTM)的APT攻击检测方法。一方面,基于GAN模拟生成攻击数据,为判别模型生成大量攻击样本,从而提升模型的准确率;另一方面,基于LSTM模型的记忆单元和门结构保证了APT攻击序列中存在相关性且时间间距较大的序列片段之间的特征记忆。利用Keras开源框架进行模型的构建与训练,以准确率、误报率、ROC曲线等技术指标,对攻击数据生成和APT攻击序列检测分别进行对比实验分析。通过生成式模型生成模拟攻击数据进而优化判别式模型,使得原有判别模型的准确率提升了2.84%,与基于循环神经网络(Recurrent Neural Network,RNN)的APT攻击序列检测方法相比,文中方法在检测准确率上提高了0.99个百分点。实验结果充分说明了基于GAN-LSTM的APT攻击检测算法可以通过引入生成式模型来提升样本容量,从而提高判别模型的准确率并减少误报率;同时,相较于其他时序结构,利用LSTM模型检测APT攻击序列有更好的准确率和更低的误报率,从而验证了所提方法的可行性和有效性。
中图分类号:
[1]ZENG W L,LI G H,CHEN J W.A Model of Network Security Protection System Based on APT Intrusion and Its Key Technologies[J].Journal of Modern Electronics Technology,2013,36(17):78-80. [2]LIU X.APT Attack Detection and Defense in Data Context [J].Network and Information Engineering,2014,30(2):80-81. [3]LI F H.Research on Anti-APT Attack Scheme of High-level Security Network [J].Information Network Security,2014(9):109-114. [4]GOODFELLOW I J.Generative Adversarial Nets[C]∥Ad- vances in Neural Information Processing Systems.2014:2672-2680. [5]SALIMANS T,GOODFELLOW I.Improved Techniques for Training GANs[J].arXiv:1606.03498. [6]RADFORD A.Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks [J].ar-Xiv:1511.06434. [7]MIRZA M.Conditional Generative Adversarial Nets[J].arXiv:1411.1784v1. [8]GOODFELLOW I.NIPS 2016 Tutorial:Generative Adversarial Networks[J].arXiv:1701.00160. [9]ARORA S,GE R,LIANG Y Y,et al.Generalization and Equi-librium in Generative Adversarial Nets[J].arXiv:1703.00573. [10]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improved Training of Wasserstein GANs[J].arXiv:1704.00028v3. [11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Springer Berlin Heidelberg,2012,8(8):1735-1780. [12]SOCHER R,PERELYGIN A,WU J Y,et al.Recursive deep models for semantic composotionality over a sentiment treebank[C]∥Proc of the Conference on Empirical Methods in Natural Language Processing.Seattle,USA:ACL,2013:1631-1642. [13]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Na- ture,2015,521(7553):436-444. [14]CHO K,VAN MERRIENBOER B,BAHDANAU D,et al.On the properties of neural machine translation:encoderdecoder approaches[J].arXiv:1409.1259v2. [15]DONG C,CHEN C L,HE K,et al.Image super-resolution using deep convolutional networks[J].IEEE Transactions on Pattern Analysis & Machine Intelligence,2016,38(2):295-307. [16]MNIH V,HEESS N,GRAVES A.Recurrent models of visual attention[M]∥Advances in Neural Information Processing Systems.Massachusetts:MIT Press,2014:2204-2212. [17]BAHDANAU D,CHO K,BENGIO Y.Neural machine translation by jointly learning to align and translate[J].arXiv:1409.0473. [18]MIKOLOV T,CHEN K,CORRADO G,et al.Efficient estimation of word representations in vector space[J].arXiv:1301.3781. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 姜洋洋, 宋丽华, 邢长友, 张国敏, 曾庆伟. 蜜罐博弈中信念驱动的攻防策略优化机制 Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game 计算机科学, 2022, 49(9): 333-339. https://doi.org/10.11896/jsjkx.220400011 |
[3] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[4] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[5] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[6] | 康雁, 徐玉龙, 寇勇奇, 谢思宇, 杨学昆, 李浩. 基于Transformer和LSTM的药物相互作用预测 Drug-Drug Interaction Prediction Based on Transformer and LSTM 计算机科学, 2022, 49(6A): 17-21. https://doi.org/10.11896/jsjkx.210400150 |
[7] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[8] | 徐国宁, 陈奕芃, 陈一鸣, 陈晋音, 温浩. 基于约束优化生成式对抗网络的数据去偏方法 Data Debiasing Method Based on Constrained Optimized Generative Adversarial Networks 计算机科学, 2022, 49(6A): 184-190. https://doi.org/10.11896/jsjkx.210400234 |
[9] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[10] | 王飞, 黄涛, 杨晔. 基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究 Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion 计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030 |
[11] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[12] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[13] | 方韬, 杨旸, 陈佳馨. D2D辅助移动边缘计算下的卸载策略优化 Optimization of Offloading Decisions in D2D-assisted MEC Networks 计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114 |
[14] | 胥昊, 曹桂均, 闫璐, 李科, 王振宏. 面向铁路集装箱的高可靠低时延无线资源分配算法 Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container 计算机科学, 2022, 49(6): 39-43. https://doi.org/10.11896/jsjkx.211200143 |
[15] | 高堰泸, 徐圆, 朱群雄. 基于A-DLSTM夹层网络结构的电能消耗预测方法 Predicting Electric Energy Consumption Using Sandwich Structure of Attention in Double -LSTM 计算机科学, 2022, 49(3): 269-275. https://doi.org/10.11896/jsjkx.210100006 |
|