Two statistical traffic features for certain APT group identification

被引：0

作者：

Liu, Jianyi ^{[1
]}

Liu, Ying ^{[2
]}

Li, Jingwen ^{[1
]}

Sun, Wenxin ^{[1
]}

Cheng, Jie ^{[3
]}

Zhang, Ru ^{[1
]}

Huang, Xingjie ^{[3
]}

Pang, Jin ^{[3
]}

机构：

[1] Beijing University of Posts and Telecommunications, Beijing,100876, China

[2] State Grid Corporation of China, Beijing,100031, China

[3] State Grid Information & Telecommunication Branch, Beijing,100761, China

来源：

Journal of Information Security and Applications | 2022年 / 67卷

关键词：

Advanced persistent threat attack - Advanced persistent threat group identification - Attack traffic - Bad packet rate - C2load_fluct - Command and control - Group identification - Packet rate - Protected networks - Traffic features;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Advanced Persistent Threat (APT) attack, which refers to the continuous and effective attack activities carried out by a group on a specific object, has become the major threats of highly protected networks. The attack traffics generated by a certain APT group, have a high similar distribution, especially in the command and control (C&C) stage. This paper analyzes the DNS and TCP traffic of a certain APT group's attack, and constructs two new features, C2Load_fluct (response packet load fluctuation) and Bad_rate (bad packet rate), which can be used to identify APT group. Experimental results show that the F1-score can reach above 0.98 and 0.94 respectively on the two datasets, which proves that the two new features are effective for APT group identification. © 2022 Elsevier Ltd

引用

共 50 条

[41] Survey of approaches and features for the identification of HTTP-based botnet traffic
Acarali, Dilara
Rajarajan, Muttukrishnan
Komninos, Nikos
Herwono, Ian
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2016, 76 : 1 - 15
[42] User Identification in Dynamic Web Traffic via Deep Temporal Features
Kim, Jihye
Monaco, John, V
2021 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2021), 2021, : 282 - 290
[43] A statistical approach to detect disparity prone features in a group fairness setting
Guilherme Dean Pelegrina
Miguel Couceiro
Leonardo Tomazeli Duarte
AI and Ethics, 2025, 5 (1): : 439 - 452
[44] Certain features of the calculation of a two-phase flow in the droplet regime
Ivanov, P. P.
HIGH TEMPERATURE, 2014, 52 (02) : 312 - 314
[45] Certain features of the calculation of a two-phase flow in the droplet regime
P. P. Ivanov
High Temperature, 2014, 52 : 312 - 314
[46] Statistical Estimation in the Space of a Certain Sufficient Statistic of the Extremal Value Distribution, and Group Classification
R. A. Abusev
Journal of Mathematical Sciences, 2002, 112 (2) : 4104 - 4110
[47] GCN-TC: Combining Trace Graph with Statistical Features for Network Traffic Classification
Zheng, Jingwei
Li, Dagang
ICC 2019 - 2019 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2019,
[48] IoT Traffic Multi-Classification Using Network and Statistical Features in a Smart Environment
Hameed, Aroosa
Leivadeas, Aris
2020 IEEE 25TH INTERNATIONAL WORKSHOP ON COMPUTER AIDED MODELING AND DESIGN OF COMMUNICATION LINKS AND NETWORKS (CAMAD), 2020,
[49] Dynamic scope identification for urban intersections group with traffic coordination control
Yang, Jie
Guo, Xiu-Cheng
Liu, Ying
Liang, Hao
Jiaotong Yunshu Xitong Gongcheng Yu Xinxi/Journal of Transportation Systems Engineering and Information Technology, 2014, 14 (03): : 28 - 33
[50] Research on Vehicle Congestion Group Identification for Evaluation of Traffic Flow Parameters
Drliciak, Marek
Cingel, Michal
Celko, Jan
Panikova, Zuzana
SUSTAINABILITY, 2024, 16 (05)

← 1 2 3 4 5 →