• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

基于 APT 警报和日志关联的物联网系统网络安全态势感知

Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation.

机构信息

College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China.

The Collaborative Innovation Center of Novel Software Technology and Industrialization, Nanjing 210023, China.

出版信息

Sensors (Basel). 2019 Sep 19;19(18):4045. doi: 10.3390/s19184045.

DOI:10.3390/s19184045
PMID:31546845
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC6767330/
Abstract

With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT system, where an edge computing architecture was used to achieve cyber situation comprehension without too much data transmission cost. Specifically, we firstly present a cyber situation ontology for modeling the concepts and properties to formalize APT attack activities in the IoT systems. Then, we introduce a cyber situation instance similarity measurement method based on the SimRank mechanism for APT alerts and logs Correlation. Combining with instance similarity, we further propose an APT alert instances correlation method to reconstruct APT attack scenarios and an APT log instances correlation method to detect log instance communities. Through the coalescence of these methods, APTALCM can accomplish the cyber situation comprehension effectively by recognizing the APT attack intentions in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, i.e., Alert Instance Correlation Module (AICM) and Log Instance Correlation Module (LICM) in our APTALCM, can achieve both high true-positive rate and low false-positive rate.

摘要

随着高级持续性威胁 (APT) 攻击的出现,许多物联网 (IoT) 系统面临着大量潜在威胁,这些威胁具有隐蔽性、渗透性和针对性的特点。然而,现有的方法和技术无法在物联网系统中全面、及时地识别潜在的 APT 攻击活动。为了解决这个问题,我们提出了一种 APT 警报和日志关联方法,命名为 APTALCM,并提出了在物联网系统上部署 APTALCM 的框架,其中使用边缘计算架构来实现网络态势感知,而不会产生太多的数据传输成本。具体来说,我们首先提出了一个网络态势本体,用于对物联网系统中的概念和属性进行建模,以形式化 APT 攻击活动。然后,我们引入了一种基于 SimRank 机制的网络态势实例相似性度量方法,用于 APT 警报和日志的关联。结合实例相似性,我们进一步提出了一种 APT 警报实例关联方法来重构 APT 攻击场景,以及一种 APT 日志实例关联方法来检测日志实例社区。通过这些方法的融合,APTALCM 可以通过识别物联网系统中的 APT 攻击意图,有效地实现网络态势感知。详尽的实验结果表明,我们的 APTALCM 中的两个核心模块,即警报实例关联模块 (AICM) 和日志实例关联模块 (LICM),可以实现高真阳性率和低假阳性率。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/031ec2bad18b/sensors-19-04045-g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/e04546a3e7bc/sensors-19-04045-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/591581c7035d/sensors-19-04045-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/477c19b42560/sensors-19-04045-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/ee1257851a1f/sensors-19-04045-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/c81f5e6617fd/sensors-19-04045-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/4d61db8bd896/sensors-19-04045-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/07368de047d2/sensors-19-04045-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/dc541579d861/sensors-19-04045-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/8427170a3ae1/sensors-19-04045-g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/38d6904ba80c/sensors-19-04045-g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/0904c34f88d9/sensors-19-04045-g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/c6a3c0bf64d9/sensors-19-04045-g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/031ec2bad18b/sensors-19-04045-g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/e04546a3e7bc/sensors-19-04045-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/591581c7035d/sensors-19-04045-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/477c19b42560/sensors-19-04045-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/ee1257851a1f/sensors-19-04045-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/c81f5e6617fd/sensors-19-04045-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/4d61db8bd896/sensors-19-04045-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/07368de047d2/sensors-19-04045-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/dc541579d861/sensors-19-04045-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/8427170a3ae1/sensors-19-04045-g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/38d6904ba80c/sensors-19-04045-g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/0904c34f88d9/sensors-19-04045-g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/c6a3c0bf64d9/sensors-19-04045-g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ad35/6767330/031ec2bad18b/sensors-19-04045-g013.jpg

相似文献

1
Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation.基于 APT 警报和日志关联的物联网系统网络安全态势感知
Sensors (Basel). 2019 Sep 19;19(18):4045. doi: 10.3390/s19184045.
2
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach.利用威胁建模方法识别和缓解物联网用例中的网络钓鱼攻击威胁。
Sensors (Basel). 2021 Jul 14;21(14):4816. doi: 10.3390/s21144816.
3
Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework.移动设备行为缓解高级持续性威胁(APT)的探索:系统文献综述与概念框架。
Sensors (Basel). 2022 Jun 21;22(13):4662. doi: 10.3390/s22134662.
4
A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model.关于高级持续性威胁(APT)检测与有效网络态势感知(ECSA)概念模型的系统文献综述。
Heliyon. 2023 Jun 16;9(7):e17156. doi: 10.1016/j.heliyon.2023.e17156. eCollection 2023 Jul.
5
Addressing the Security Gap in IoT: Towards an IoT Cyber Range.解决物联网安全漏洞:迈向物联网网络靶场。
Sensors (Basel). 2020 Sep 22;20(18):5439. doi: 10.3390/s20185439.
6
Development of an IoT Architecture Based on a Deep Neural Network against Cyber Attacks for Automated Guided Vehicles.基于深度神经网络的物联网架构开发,以应对自动化引导车辆的网络攻击。
Sensors (Basel). 2021 Dec 18;21(24):8467. doi: 10.3390/s21248467.
7
Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge.复杂物联网系统中不可控状态的动态实时风险分析:边缘网络风险
Environ Syst Decis. 2021;41(2):236-247. doi: 10.1007/s10669-020-09792-x. Epub 2020 Nov 22.
8
Learning Latent Representation for IoT Anomaly Detection.用于物联网异常检测的潜在表示学习
IEEE Trans Cybern. 2022 May;52(5):3769-3782. doi: 10.1109/TCYB.2020.3013416. Epub 2022 May 19.
9
Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things.用于分析复杂系统中不可控状态的认识论方程:量化物联网带来的网络风险。
Rev Socionetwork Strateg. 2021;15(2):381-411. doi: 10.1007/s12626-021-00086-5. Epub 2021 Jul 22.
10
Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey.基于网络入侵检测系统的网络攻击预测及告警关联技术研究综述。
Sensors (Basel). 2022 Feb 15;22(4):1494. doi: 10.3390/s22041494.

引用本文的文献

1
A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model.关于高级持续性威胁(APT)检测与有效网络态势感知(ECSA)概念模型的系统文献综述。
Heliyon. 2023 Jun 16;9(7):e17156. doi: 10.1016/j.heliyon.2023.e17156. eCollection 2023 Jul.
2
Multi-Source Knowledge Reasoning for Data-Driven IoT Security.用于数据驱动的物联网安全的多源知识推理
Sensors (Basel). 2021 Nov 15;21(22):7579. doi: 10.3390/s21227579.