Visible to the public Biblio

Filters: Author is Yan, Hanbing  [Clear All Filters]
2019-04-05
Wen, Senhao, Rao, Yu, Yan, Hanbing.  2018.  Information Protecting Against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor. Proceedings of the 7th International Conference on Informatics, Environment, Energy and Applications. :231-235.

To avoid being discovered by the defenders of a target, APT attackers are using encrypted communication to hide communication features, using code obfuscation and file-less technology to avoid malicious code being easily reversed and leaking out its internal working mechanism, and using misleading content to conceal their identities. And it is clearly ineffective to detect APT attacks by relying on one single technology. All of these tough situation make information security and privacy protection face increasingly serious threats. In this paper, through a deep study of Cyber Kill Chain behaviors, combining with intelligence analysis technology, we transform APT detecting problem to be a measurable mathematical problem through weighted Bayesian classification with correction factor so as to detect APTs and perceive threats. In the solution, we adopted intelligence acquisition technology from massive data, and TFIDF algorithm for calculate attack behavior's weight. Also we designed a correction factor to improve the Markov Weighted Bayesian Model with multiple behaviors being detected by modifying the value of the probability of APT attack.

2018-05-01
Wen, Senhao, He, Nengqiang, Yan, Hanbing.  2017.  Detecting and Predicting APT Based on the Study of Cyber Kill Chain with Hierarchical Knowledge Reasoning. Proceedings of the 2017 VI International Conference on Network, Communication and Computing. :115–119.
It has been discovered that quite a few organizations have become the victims of APT, which is a deliberate and malicious espionage threat to military, political, infrastructure targets for the purpose of stealing the core data or thwarting the normal operation of the organizations. Thus, working out a solution for detecting and predicting APT is a major goal for scientific research. But APT has a characteristic feature of good concealment which prevent we capturing it just in time by existing solutions. In this paper, through a deep study of Cyber Kill Chain, we proposed a solution to detect and predict APTs with hierarchical Knowledge reasoning on the basis of cyber-security-monitoring, intelligence-gathering, etc. The solution seeks for connections between real-time alarms and the intelligence from Hacker Profile, Cyber Resources Profile, Social Engineering Database, Cyber Attack Tool Fingerprint Database, Vulnerability Database, Malicious Code Genome Map, etc. According to our experiments, it is effective and has high accuracy.