Network Attack Detection based on Domain Attack Behavior Analysis
Title | Network Attack Detection based on Domain Attack Behavior Analysis |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Wang, W., Zhang, X., Dong, L., Fan, Y., Diao, X., Xu, T. |
Conference Name | 2020 13th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI) |
Date Published | Oct. 2020 |
Publisher | IEEE |
ISBN Number | 978-0-7381-0545-1 |
Keywords | active directory, antivirus software, APT attack chain, attack detection, Chained Attacks, common domain intrusion methods, Communication networks, Computer crime, Computer hacking, computer network security, Databases, domain attack detection rules, domain control, domain intrusion detection system, domain related attack behavior characteristics, effective market-oriented products, feature extraction, Forgery, log file, network attack detection method, Network security, network security threats, normal attack, pubcrawl, Real-time Systems, resilience, Resiliency, Scalability, security protection, Tools |
Abstract | Network security has become an important issue in our work and life. Hackers' attack mode has been upgraded from normal attack to APT( Advanced Persistent Threat, APT) attack. The key of APT attack chain is the penetration and intrusion of active directory, which can not be completely detected via the traditional IDS and antivirus software. Further more, lack of security protection of existing solutions for domain control aggravates this problem. Although researchers have proposed methods for domain attack detection, many of them have not yet been converted into effective market-oriented products. In this paper, we analyzes the common domain intrusion methods, various domain related attack behavior characteristics were extracted from ATT&CK matrix (Advanced tactics, techniques, and common knowledge) for analysis and simulation test. Based on analyzing the log file generated by the attack, the domain attack detection rules are established and input into the analysis engine. Finally, the available domain intrusion detection system is designed and implemented. Experimental results show that the network attack detection method based on the analysis of domain attack behavior can analyze the log file in real time and effectively detect the malicious intrusion behavior of hackers , which could facilitate managers find and eliminate network security threats immediately. |
URL | https://ieeexplore.ieee.org/document/9263663 |
DOI | 10.1109/CISP-BMEI51763.2020.9263663 |
Citation Key | wang_network_2020 |
- effective market-oriented products
- tools
- security protection
- Scalability
- Resiliency
- resilience
- real-time systems
- pubcrawl
- normal attack
- network security threats
- network security
- network attack detection method
- log file
- Forgery
- feature extraction
- active directory
- domain related attack behavior characteristics
- domain intrusion detection system
- domain control
- domain attack detection rules
- Databases
- computer network security
- Computer hacking
- Computer crime
- Communication networks
- common domain intrusion methods
- Chained Attacks
- Attack detection
- APT attack chain
- antivirus software