面向城市轨道交通典型应用场景的高级持续性威胁检测技术
Advanced Persistent Threat(APT)Detection Technology for Typical Application Scenarios in Urban Rail Transit
张洪军 1吕默 1高阳1
作者信息
- 1. 中车长春轨道客车股份有限公司,长春 130062
- 折叠
摘要
为解决城市轨道交通场景下如何有效应对高级持续性威胁(advanced persistent threat,APT)这一难题,提出将攻击溯源图与深度流量学习相结合的方法,集成攻击重构与流量监控,实现对APT攻击的判断和检测.通过实验结果可知,该模型能够实现对APT攻击的有效溯源.与传统的基于机器学习的APT攻击检测模型比较,这种组合模型在检测准确率、精确度、召回率等指标方面具有明显的优势.
Abstract
To address the challenge of effectively managing APT in urban rail transit scenarios,this paper proposes a method that combines attack source graphs with deep traffic learning.This integrated approach merges attack reconstruction with traffic monitoring to facilitate identifying and detecting APT attacks.Experimental results demonstrate that this model can effectively trace the sources of APT attacks.Compared to traditional APT attack detection models based on sandboxes or abnormal characteristics,this combined model significantly improves detection accuracy,precision,recall rate,and other performance indicators.
关键词
轨道交通/网络安全/APT攻击/攻击溯源图/深度学习Key words
rail transit/cybersecurity/APT attack/attack source map/deep learning引用本文复制引用
基金项目
中国中车科技研究开发计划(2023CKA362-1)
出版年
2024
NETL
NSTL
万方数据