摘要: | 進階持續性滲透攻擊(也稱為APT)是一種在不透露自己本身下,緩慢且安靜的偷偷的連接系統得到資訊的網路攻擊。APT經常使用各種攻擊方法來獲得未經授權的系統存取,然後在整個網路中逐漸蔓延。跟傳統攻擊不同的是,它們不用於中斷服務,主要是為了竊取知識財產,敏感的內部業務資訊和法律文件或其它資料。如果系統已被攻擊成功,及時發現以減輕其影響,並進一步禁止APT擴散是很重要的。
為提早發現APT威脅所在,本研究提出一偵測機制,運用大數據(Big Data)使用Splunk分析,再使用資料探勘技術,找出惡意的IP位置。經過實驗結果比較,決策樹是做為預測模型的最佳演算法,且在有預測模型下,偵測率提高至99%。最後本研究建立一警示機制,可達到即時偵測APT威脅的效果。
An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading.
For the early detection APT threat, this study proposes a detection mechanism, using Big Data and Splunk analysis, then using data mining techniques to find malicious IP position. Through the experimental results, decision tree algorithm is used as the best prediction model, and in the predictive model, the detection rate increased to 99%. Finally, This study established an alert system, can achieve real-time threat detection APT effect. |