Visible to the public Network Attack Detection based on Domain Attack Behavior Analysis

TitleNetwork Attack Detection based on Domain Attack Behavior Analysis
Publication TypeConference Paper
Year of Publication2020
AuthorsWang, W., Zhang, X., Dong, L., Fan, Y., Diao, X., Xu, T.
Conference Name2020 13th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI)
Date PublishedOct. 2020
ISBN Number978-0-7381-0545-1
Keywordsactive directory, antivirus software, APT attack chain, attack detection, Chained Attacks, common domain intrusion methods, Communication networks, Computer crime, Computer hacking, computer network security, Databases, domain attack detection rules, domain control, domain intrusion detection system, domain related attack behavior characteristics, effective market-oriented products, feature extraction, Forgery, log file, network attack detection method, Network security, network security threats, normal attack, pubcrawl, Real-time Systems, resilience, Resiliency, Scalability, security protection, Tools

Network security has become an important issue in our work and life. Hackers' attack mode has been upgraded from normal attack to APT( Advanced Persistent Threat, APT) attack. The key of APT attack chain is the penetration and intrusion of active directory, which can not be completely detected via the traditional IDS and antivirus software. Further more, lack of security protection of existing solutions for domain control aggravates this problem. Although researchers have proposed methods for domain attack detection, many of them have not yet been converted into effective market-oriented products. In this paper, we analyzes the common domain intrusion methods, various domain related attack behavior characteristics were extracted from ATT&CK matrix (Advanced tactics, techniques, and common knowledge) for analysis and simulation test. Based on analyzing the log file generated by the attack, the domain attack detection rules are established and input into the analysis engine. Finally, the available domain intrusion detection system is designed and implemented. Experimental results show that the network attack detection method based on the analysis of domain attack behavior can analyze the log file in real time and effectively detect the malicious intrusion behavior of hackers , which could facilitate managers find and eliminate network security threats immediately.

Citation Keywang_network_2020