面向APT网络监测的网络基因基础理论与关键技术研究

项目名称： 面向APT网络监测的网络基因基础理论与关键技术研究

项目编号： No.61472439

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 王勇军

作者单位： 中国人民解放军国防科技大学

项目金额： 81万元

中文摘要： 当前高级持续威胁APT对国家网络空间安全构成严重危害，在互联网巨大而又复杂多样的网络流量背景中，其特有的强未知性、深隐蔽性和高危害性使传统网络监测技术面临空前严峻的挑战。本项目针对APT网络监测的迫切需求，依托快速发展的大数据和云计算技术，借鉴生物学机理，以表示网络应用的富语义网络行为模式的数字片断及组合序列为内涵，提出网络基因的新概念，通过有机结合网络协议逆向分析与网络数据流处理技术，建立一套网络基因构建与计算的基本理论及技术体系，支撑构建辨异容侵的网络生态环境；项目将在海量网络应用的网络基因自动分析提取、高速网络流背景下网络基因实时匹配等关键支撑技术上取得突破；通过深度异常行为检测评估技术的研究，从应用角度验证网络基因新理论方法对发现未知网络攻击的有效性。本课题研究成果将为破解APT网络监测难题提供新的理论和技术支撑，也可进一步推广应用于态势感知等网络空间安全其它领域。

中文关键词： 网络基因；高级持续威胁；异常检测；协议逆向分析；数据流处理

英文摘要： Currently, APT (Advanced Persistent Threat) poses a serious threat to the state's cyber security, in the background ofhuge and complicated network traffic, its unique high unpredictability, deep concealment and harmfulness make the traditional network monitoring technology facing unprecedented challenges. This project aimed for the urgent demand of APT network monitoring, relying on the rapid development of big data and cloud computing technology, draw lessons from biology gene concept, to depict the rich semantic behavior characteristics model of network application, putting forwardanew connotation of the networkgenes, through the organic combination of network protocol reverse analysis technology and the network data stream processing technology,establisheda set of network gene construction and calculation basic theories and technical achitecture, to support the network of distinguishing different capacity assault ecological environment regulation; Project will make breakthrough of key support technology such as network genes automated analysis extractionin the vast network applications, network genes real-time matching analysisunder the background ofhigh-speed network flow; Researchingdeep anomaly detection technologybased on the networkgenes, from the perspective of application to verify the effectiveness of the new theory offounding unknown network attacks. This project research results will provides new theoretical and technical support for APT network monitoring, can also be further used in situation awareness and other related fieldsofthe cyber security.

英文关键词： Network Gene;APT;Anomaly Detection;Protocol Reverse Analysis;Data Stream Processing