Two statistical traffic features for certain APT group identification

被引：0

作者：

Liu, Jianyi ^{[1
]}

Liu, Ying ^{[2
]}

Li, Jingwen ^{[1
]}

Sun, Wenxin ^{[1
]}

Cheng, Jie ^{[3
]}

Zhang, Ru ^{[1
]}

Huang, Xingjie ^{[3
]}

Pang, Jin ^{[3
]}

机构：

[1] Beijing University of Posts and Telecommunications, Beijing,100876, China

[2] State Grid Corporation of China, Beijing,100031, China

[3] State Grid Information & Telecommunication Branch, Beijing,100761, China

来源：

Journal of Information Security and Applications | 2022年 / 67卷

关键词：

Advanced persistent threat attack - Advanced persistent threat group identification - Attack traffic - Bad packet rate - C2load_fluct - Command and control - Group identification - Packet rate - Protected networks - Traffic features;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Advanced Persistent Threat (APT) attack, which refers to the continuous and effective attack activities carried out by a group on a specific object, has become the major threats of highly protected networks. The attack traffics generated by a certain APT group, have a high similar distribution, especially in the command and control (C&C) stage. This paper analyzes the DNS and TCP traffic of a certain APT group's attack, and constructs two new features, C2Load_fluct (response packet load fluctuation) and Bad_rate (bad packet rate), which can be used to identify APT group. Experimental results show that the F1-score can reach above 0.98 and 0.94 respectively on the two datasets, which proves that the two new features are effective for APT group identification. © 2022 Elsevier Ltd

引用

共 50 条

[21] THOUGHT INTO SPEECH - STATISTICAL STUDIES OF DISTRIBUTION OF CERTAIN FEATURES IN SPONTANEOUS SPEECH
DEESE, J
BULLETIN OF THE PSYCHONOMIC SOCIETY, 1975, 6 (NB4) : 427 - 428
[22] Private Protocol Traffic Identification Based on Sequence Statistical Fingerprint
Li, Junchen
Cheng, Guang
Jing, Zekun
Wei, Haiyang
2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022), 2022, : 1356 - 1361
[23] Statistical Features for Emboli Identification Using Clustering Technique
Ghazali, Najah
Ramli, Dzati Athiar
ADVANCED COMPUTATIONAL METHODS FOR KNOWLEDGE ENGINEERING, 2015, 358 : 267 - 277
[24] Anomaly diagnosis based on regression and classification analysis of statistical traffic features
Liu, Lei
Jin, Xiaolong
Min, Geyong
Xu, Li
SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (09) : 1372 - 1383
[25] Identification and Selection of Flow Features for Accurate Traffic Classification in SDN
da Silva, Anderson Santos
Machado, Cristian Cleder
Bisol, Rodolfo Vebber
Granville, Lisandro Zambenedetti
Schaeffer-Filho, Alberto
2015 IEEE 14TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA), 2015, : 134 - 141
[26] Exactly solvable statistical model for two-way traffic
Popkov, V
Peschel, I
JOURNAL OF PHYSICS A-MATHEMATICAL AND GENERAL, 2000, 33 (22): : 3989 - 3995
[27] STATISTICAL FEATURES OF THE EVOLUTION OF TWO-DIMENSIONAL TURBULENCE
CARNEVALE, GF
JOURNAL OF FLUID MECHANICS, 1982, 122 (SEP) : 143 - 153
[28] A Heuristic Statistical Testing Based Approach for Encrypted Network Traffic Identification
Niu, Weina
Zhuo, Zhongliu
Zhang, Xiaosong
Du, Xiaojiang
Yang, Guowu
Guizani, Mohsen
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, 2019, 68 (04) : 3843 - 3853
[29] Traffic Statistical Upper Limit Prediction from Flow Features in Network Provisioning
Takeshita, Erina
Kosugi, Tomoya
Yoshida, Tomoaki
2021 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2021,
[30] Analysis of Statistical Distribution Changes of Input Features in Network Traffic Classification Domain
Jancicka, Lukas
Koumar, Josef
Soukup, Dominik
Cejka, Tomas
PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024, 2024,

← 1 2 3 4 5 →