Two statistical traffic features for certain APT group identification

被引:4
|
作者
Liu, Jianyi [1 ]
Liu, Ying [2 ]
Li, Jingwen [1 ]
Sun, Wenxin [1 ]
Cheng, Jie
Zhang, Ru [1 ]
Huang, Xingjie [3 ]
Pang, Jin [3 ]
机构
[1] Beijing Univ Posts & Telecommun, Beijing 100876, Peoples R China
[2] State Grid Corp China, Beijing 100031, Peoples R China
[3] State Grid Informat & Telecommun Branch, Beijing 100761, Peoples R China
来源
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS | 2022年 / 67卷
关键词
APT attack; Bad_rate; C2Load_fluct; APT group identification;
D O I
10.1016/j.jisa.2022.103207
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Advanced Persistent Threat (APT) attack, which refers to the continuous and effective attack activities carried out by a group on a specific object, has become the major threats of highly protected networks. The attack traffics generated by a certain APT group, have a high similar distribution, especially in the command and control (C&C) stage. This paper analyzes the DNS and TCP traffic of a certain APT group's attack, and constructs two new features, C2Load_fluct (response packet load fluctuation) and Bad_rate (bad packet rate), which can be used to identify APT group. Experimental results show that the F1-score can reach above 0.98 and 0.94 respectively on the two datasets, which proves that the two new features are effective for APT group identification.
引用
收藏
页数:11
相关论文
共 50 条
  • [1] Two statistical traffic features for certain APT group identification
    Liu, Jianyi
    Liu, Ying
    Li, Jingwen
    Sun, Wenxin
    Cheng, Jie
    Zhang, Ru
    Huang, Xingjie
    Pang, Jin
    Journal of Information Security and Applications, 2022, 67
  • [2] Effectiveness of Statistical Features for Early Stage Internet Traffic Identification
    Peng, Lizhi
    Yang, Bo
    Chen, Yuehui
    Chen, Zhenxiang
    INTERNATIONAL JOURNAL OF PARALLEL PROGRAMMING, 2016, 44 (01) : 181 - 197
  • [3] Effectiveness of Statistical Features for Early Stage Internet Traffic Identification
    Lizhi Peng
    Bo Yang
    Yuehui Chen
    Zhenxiang Chen
    International Journal of Parallel Programming, 2016, 44 : 181 - 197
  • [4] Mobile traffic classification through burst traffic statistical features
    Anamuro, Cesar Vargas
    Lagrange, Xavier
    2023 IEEE 97TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2023-SPRING, 2023,
  • [5] Encrypted Traffic Classification Using Statistical Features
    Mahdavi, Ehsan
    Fanian, Ali
    Hassannejad, Homa
    ISECURE-ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2018, 10 (01): : 29 - 43
  • [6] Statistical features of traffic flow on urban freeways
    Guan, Wei
    He, Shuyan
    PHYSICA A-STATISTICAL MECHANICS AND ITS APPLICATIONS, 2008, 387 (04) : 944 - 954
  • [7] Statistical properties of certain subspace identification methods
    Picci, G
    (SYSID'97): SYSTEM IDENTIFICATION, VOLS 1-3, 1998, : 1043 - 1049
  • [8] Statistical identification of encrypted web browsing traffic
    Sun, QX
    Simon, DR
    Wang, YM
    Russell, W
    Padmanabhan, VN
    Qiu, L
    2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2002, : 19 - 30
  • [9] Statistical analysis of local features in network traffic processes
    Giorgi, Giada
    Narduzzi, Claudio
    Pegoraro, Paolo Attilio
    2005 IEEE/SP 13TH WORKSHOP ON STATISTICAL SIGNAL PROCESSING (SSP), VOLS 1 AND 2, 2005, : 972 - 977
  • [10] Metric Learning With Statistical Features For Network Traffic Classification
    Zhang, Ziqing
    Kang, Cuicui
    Fu, Peipei
    Cao, Zigang
    Li, Zhen
    Xiong, Gang
    2017 IEEE 36TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC), 2017,
12345