一种基于DBN-SVDD的APT攻击检测方法.pdfVIP

Computer Science and Application 计算机科学与应用, 2017, 7(11), 1146-1155 Published Online November 2017 in Hans. /journal/csa /10.12677/csa.2017.711129 A Method of APT Attack Detection Based on DBN-SVDD 1 1 2 3 Feifan Liu , Yuan Li , Fei Xia , Jing Zhou 1 Computer School of Wuhan University, Wuhan Hubei 2 National Network Jiangsu Power Company Information Communication Branch, Nanjing Jiangsu 3 Beijing Huitong Golden Finance Information Technology Ltd., Beijing th rd th Received: Nov. 12 , 2017; accepted: Nov. 23 , 2017; published: Nov. 30 , 2017 Abstract Advanced Persistent Threat (APT) causes high attention for it is frequently used to steal enter- prise core data and bring about extremely harsh effects. The APT attack adopts the attack mode of persistent network attack for a long time, and it has the characteristics of high concealment and latency; therefore, the traditional detection technology cannot be effectively identified. At present, the detection scheme for APT attack has three schemes: sandbox scheme, network anomaly detec- tion scheme and full flow scheme. However, the existing APT attack detection method has low ac- curacy in the detection, a need for large numbers of marked samples and other shortcomings. In this paper, a network intrusion detection model (DBN-SVDD) based on depth learning is proposed by using the network intrusion detection scheme. This method uses DBN to reduce the structure dimension and improve the detection efficiency. Then, the SVDD is used to detect the data set. The experimental results of NSL-KDD dataset show that the detection rate of this method is high; the method has unmanned supervis