作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

所属专题: 机器学习

• 人工智能及识别技术 • 上一篇    下一篇

基于机器学习的移动终端高级持续性威胁检测技术研究

胡彬1a,王春东2,胡思琦1b,周景春1a   

  1. (1.北京邮电大学 a.软件学院; b.网络空间安全学院,北京 100876; 2.天津理工大学 计算机与通信工程学院,天津 300384)
  • 收稿日期:2016-01-15 出版日期:2017-01-15 发布日期:2017-01-13
  • 作者简介:胡彬(1990—),男,硕士研究生,主研方向为机器学习、移动安全;王春东,教授;胡思琦、周景春,硕士研究生。

Research on Advanced Persistent Threat Detection Technology for Mobile Terminal Based on Machine Learning

HU Bin 1a,WANG Chundong 2,HU Siqi 1b,ZHOU Jingchun 1a   

  1. (1a.School of Software; 1b.School of CyberSpace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.School of Computer and Communication Engineering,Tianjin University of Technology,Tianjin 300384,China)
  • Received:2016-01-15 Online:2017-01-15 Published:2017-01-13

摘要: 移动端高级持续性威胁(APT)攻击是近年来出现的一种极其危险的攻击方式,通过窃取信息对设备造成高风险且可持续性的危害。而针对移动端入侵检测的方案由于检测特征不够完善,检测模型准确率不高且存在过拟合问题,导致检测效果不理想。针对上述问题提出一种优化的检测模型,利用静态检测技术提取出终端应用的静态特征,优化模型对恶意应用的敏感程度,引用滑动窗口迭代算法提取出延迟攻击特征,以优化模型对延迟攻击的检测能力,同时使用Boost技术将决策树、逻辑回归、贝叶斯等分类算法进行融合,通过实验证明该模型提升了APT检测准确率并规避了过拟合问题。

关键词: 机器学习, 高级持续性威胁检测, 分类器, 模型融合, 静态检测, 关联分析

Abstract: Advanced Persistent Threat(APT) whose main goal is to steal information becomes a dangerous attack in recent years,which can bring high risk and persistent attack to the mobile devices.The detection features of mobile terminal intrusion detection are not readily available,so the accuracy of detection model is not high enough and there is the over-fitting problem,which lead to poor detection effect.For these problems,this paper proposes an optimized detection model using static detection technology to extract terminal devices’ static features which helps optimize the sensitivity of the model to the malicious application.It uses sliding window iterative algorithm to extract the delaying attack feature so as to optimize the model’s detection capability of delaying attack and uses Boost technology to fuse the classification algorithms including the decision tree,logistic regression and Bayesian classifier.Experimental results show that the model can increase the detection accuracy of APT effectively and avoid over-fitting problem.

Key words: machine learning, Advanced Persistent Threat(APT) detection, classifier, model integration, static detection, correlation analysis

中图分类号: