Intelligent APT detection method and its applications based on DNS logs

田毅; 赵雪昆; 赵亚锋; 潘霞

doi:10.13992/j.cnki.tetas.2021.12.004

Chinese

您当前的位置：

首页 >

文章列表页 >

Intelligent APT detection method and its applications based on DNS logs

更新时间：2026-04-20

- Intelligent APT detection method and its applications based on DNS logs
- Vol. 34, Issue 12, Pages: 16-21(2021)
- 作者机构：
  
  中国移动通信集团河北有限公司
- 作者简介：
- 基金信息：
- DOI：10.13992/j.cnki.tetas.2021.12.004
  CLC： TP393.08
- Published：2021
- 稿件说明：
移动端阅览
田毅, 赵雪昆, 赵亚锋, et al. Intelligent APT detection method and its applications based on DNS logs[J]. 2021, 34(12): 16-21.
DOI：

田毅, 赵雪昆, 赵亚锋, et al. Intelligent APT detection method and its applications based on DNS logs[J]. 2021, 34(12): 16-21. DOI： 10.13992/j.cnki.tetas.2021.12.004.

摘要

近年来

复杂环境下的高级持续性威胁(APT)防御逐渐成为网络安全关注的重点。APT攻击隐蔽性强

早期发现则危害性较小。本文基于DNS日志深度挖掘

由DGA域名智能检测和APT隧道智能检测等功能入手

从DNS日志角度提出APT防御的新思路和方法。基于转换神经网络和门控循环神经网络融合算法

以及统计机器学习算法

实现了对恶意DGA域名和APT攻击DNS隧道的检测

弥补了网络安全措施对算法生成域名关注度的不足和DNS易被APT潜伏利用的漏洞。通过在实验网络环境中的深度测试

结果表明论文方法能够较好地应对日益严峻的互联网APT安全威胁。

Abstract

In recent years

APT defense has gradually become the key focus of network security. APT attack has strong concealment

while its early detection is less harmful. The proposed method is based on DNS logs

starting from multiple functional dimensions such as DNS log in-depth resolution

DGA domain name AI detection and DNS tunnel detection

putting forward a new idea of apt defense from the perspective of DNS. Transformer and GRU neural network algorithm is used to detect malicious DGA domains and ML to detect the DNS tunnel of APT attack

which makes up for the lack of attention of the domain names generated by algorithms

and the vulnerability that DNS is easy to be latent exploited by APT. Through the in-depth test in the experimental environment

the results show that the proposed method can better deal with the increasingly severe Internet APT security threat.

关键词

Keywords

references

Views

110

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

No data

Related Author

No data

Related Institution

No data

AI问答

Postal code：100079
Tel：（010）53879206 Email：tmw@bjxintong.com.cn
Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09082226号-64 京公网安备11010602201714号
It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.

⁰