Two statistical traffic features for certain APT group identification

被引：0

作者：

Liu, Jianyi ^{[1
]}

Liu, Ying ^{[2
]}

Li, Jingwen ^{[1
]}

Sun, Wenxin ^{[1
]}

Cheng, Jie ^{[3
]}

Zhang, Ru ^{[1
]}

Huang, Xingjie ^{[3
]}

Pang, Jin ^{[3
]}

机构：

[1] Beijing University of Posts and Telecommunications, Beijing,100876, China

[2] State Grid Corporation of China, Beijing,100031, China

[3] State Grid Information & Telecommunication Branch, Beijing,100761, China

来源：

Journal of Information Security and Applications | 2022年 / 67卷

关键词：

Advanced persistent threat attack - Advanced persistent threat group identification - Attack traffic - Bad packet rate - C2load_fluct - Command and control - Group identification - Packet rate - Protected networks - Traffic features;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Advanced Persistent Threat (APT) attack, which refers to the continuous and effective attack activities carried out by a group on a specific object, has become the major threats of highly protected networks. The attack traffics generated by a certain APT group, have a high similar distribution, especially in the command and control (C&C) stage. This paper analyzes the DNS and TCP traffic of a certain APT group's attack, and constructs two new features, C2Load_fluct (response packet load fluctuation) and Bad_rate (bad packet rate), which can be used to identify APT group. Experimental results show that the F1-score can reach above 0.98 and 0.94 respectively on the two datasets, which proves that the two new features are effective for APT group identification. © 2022 Elsevier Ltd

引用

共 50 条

[31] Towards Selecting Optimal Features for Flow Statistical Based Network Traffic Classification
Xu, Ming
Zhu, Wenbo
Xu, Jian
Zheng, Ning
2015 17TH ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM APNOMS, 2015, : 479 - 482
[32] Spatiotemporal statistical features of velocity responses to traffic congestions in a local motorway network
Wang, Shanshan
Schreckenberg, Michael
Guhr, Thomas
JOURNAL OF PHYSICS-COMPLEXITY, 2024, 5 (04):
[33] ANALYSIS OF THE USEFULNESS OF CERTAIN CRANIOMETRIC FEATURES IN GENETIC IDENTIFICATION OF LABORATORY RATS
PIETROWICZ, D
LINDNER, P
WOJDA, K
ZEITSCHRIFT FUR VERSUCHSTIERKUNDE, 1982, 24 (5-6): : 257 - 261
[34] Automatic identification of noise in ice images using statistical features
Bharathi, P. T.
Subashini, P.
FOURTH INTERNATIONAL CONFERENCE ON DIGITAL IMAGE PROCESSING (ICDIP 2012), 2012, 8334
[35] Multiclass tumor identification using combined texture and statistical features
Latif, Ghazanfar
Bashar, Abul
Iskandar, D. N. F. Awang
Mohammad, Nazeeruddin
Ben Brahim, Ghassen
Alghazo, Jaafar M.
MEDICAL & BIOLOGICAL ENGINEERING & COMPUTING, 2023, 61 (01) : 45 - 59
[36] Iris Recognition System using statistical features for Biometric Identification
Kyaw, Khin Sint Sint
ICECT: 2009 INTERNATIONAL CONFERENCE ON ELECTRONIC COMPUTER TECHNOLOGY, PROCEEDINGS, 2009, : 554 - 556
[37] Multiclass tumor identification using combined texture and statistical features
Ghazanfar Latif
Abul Bashar
D. N. F. Awang Iskandar
Nazeeruddin Mohammad
Ghassen Ben Brahim
Jaafar M. Alghazo
Medical & Biological Engineering & Computing, 2023, 61 : 45 - 59
[38] WRITER IDENTIFICATION OF ARABIC TEXT USING STATISTICAL AND STRUCTURAL FEATURES
Awaida, Sameh M.
Mahmoud, Sabri A.
CYBERNETICS AND SYSTEMS, 2013, 44 (01) : 57 - 76
[39] Identification of Skin Tumours using Statistical and Histogram Based Features
Thamizhvani, T. R.
Hemalatha, R. J.
Babu, Bincy
Dhivya, A. Josephin Arockia
Joseph, Josline Elsa
Chandrasekaran, R.
JOURNAL OF CLINICAL AND DIAGNOSTIC RESEARCH, 2018, 12 (09) : LC11 - LC15
[40] Group Testing Procedures with Quantitative Features and Incomplete Identification
Bar-Lev, Shaul K.
Boxma, Onno
Loepker, Andreas
Stadje, Wolfgang
Schouten, Frank A. Van der Duyn
NAVAL RESEARCH LOGISTICS, 2012, 59 (01) : 39 - 51

← 1 2 3 4 5 →