{"title":"网络追踪:归因追踪分析的概率相关模式识别方法","authors":"Jian Xu, Xiao-chun Yun, Yongzheng Zhang, Yafei Sang, Zhenyu Cheng","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.301","DOIUrl":null,"url":null,"abstract":"Network attack prevention is a critical research area of information security. Network attacks would become choked if attribution techniques are capable of tracing back to the attacker after the hacking event. Therefore, attributing these attacks to a person or organization turns into one of the important tasks when analysts attempt to profile the attacker behind attack traces. To facilitate this process, we research on the connections among attribution traces and propose methods based on probabilistic relevance. First, we present a two-layer NetworkTrace frame, then based on relevance patterns, we propose the existence probability of concerned subjects. At last, we quantify the connection relevance between subjects through a Ref algorithm. By means of analyzing the attribution traces extracted from APT1 report, we illustrate the effectiveness of the existence probability algorithm. Then, we demonstrate Ref's effectiveness in quantifying the relevancies between organization and its affinitive partners by analyzing the relevancies and draw relevance matrix between APT1 inodes. The results show the proposed NetworkTrace facilitates the evaluation of the plausibility relevance between different traceable subjects.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"NetworkTrace: Probabilistic Relevant Pattern Recognition Approach to Attribution Trace Analysis\",\"authors\":\"Jian Xu, Xiao-chun Yun, Yongzheng Zhang, Yafei Sang, Zhenyu Cheng\",\"doi\":\"10.1109/Trustcom/BigDataSE/ICESS.2017.301\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network attack prevention is a critical research area of information security. Network attacks would become choked if attribution techniques are capable of tracing back to the attacker after the hacking event. Therefore, attributing these attacks to a person or organization turns into one of the important tasks when analysts attempt to profile the attacker behind attack traces. To facilitate this process, we research on the connections among attribution traces and propose methods based on probabilistic relevance. First, we present a two-layer NetworkTrace frame, then based on relevance patterns, we propose the existence probability of concerned subjects. At last, we quantify the connection relevance between subjects through a Ref algorithm. By means of analyzing the attribution traces extracted from APT1 report, we illustrate the effectiveness of the existence probability algorithm. Then, we demonstrate Ref's effectiveness in quantifying the relevancies between organization and its affinitive partners by analyzing the relevancies and draw relevance matrix between APT1 inodes. The results show the proposed NetworkTrace facilitates the evaluation of the plausibility relevance between different traceable subjects.\",\"PeriodicalId\":170253,\"journal\":{\"name\":\"2017 IEEE Trustcom/BigDataSE/ICESS\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE Trustcom/BigDataSE/ICESS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.301\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Trustcom/BigDataSE/ICESS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.301","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
NetworkTrace: Probabilistic Relevant Pattern Recognition Approach to Attribution Trace Analysis
Network attack prevention is a critical research area of information security. Network attacks would become choked if attribution techniques are capable of tracing back to the attacker after the hacking event. Therefore, attributing these attacks to a person or organization turns into one of the important tasks when analysts attempt to profile the attacker behind attack traces. To facilitate this process, we research on the connections among attribution traces and propose methods based on probabilistic relevance. First, we present a two-layer NetworkTrace frame, then based on relevance patterns, we propose the existence probability of concerned subjects. At last, we quantify the connection relevance between subjects through a Ref algorithm. By means of analyzing the attribution traces extracted from APT1 report, we illustrate the effectiveness of the existence probability algorithm. Then, we demonstrate Ref's effectiveness in quantifying the relevancies between organization and its affinitive partners by analyzing the relevancies and draw relevance matrix between APT1 inodes. The results show the proposed NetworkTrace facilitates the evaluation of the plausibility relevance between different traceable subjects.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
