Netinfo Security ›› 2015, Vol. 15 ›› Issue (9): 15-19.doi: 10.3969/j.issn.1671-1122.2015.09.004

• Orginal Article • Previous Articles     Next Articles

Research on Abnormal Behavior Analysis of Modern Networking Security Architecture

Jin SHANG(), Jun XIE, Dong-yi JIANG, Huai-lin CHEN   

  1. Beijing Hillstone Networks Co., Ltd., Beijing 100084, China
  • Received:2015-07-15 Online:2015-09-01 Published:2015-11-13

Abstract:

Recently, due to the occurrence of a series of large scale of attack and data leaking affections, and the common of zero-day and APT attacks, the networking security architecture using cyber kill chain based on multi-stages emerges and is widely used in industry. The network abnormal behavior analysis is the key technology to detect the mass variants of malwares that intrude in the architecture. Most of existing abnormal behavior analysis models uses the simple algorithm without considering temporal association, indirect dimension, etc. This paper proposes an adaptive networking abnormal analysis model which applies into single and distribution dimensions, and considers time and periodic affections. This model has better usability and more accurate abnormal detection results, and can help a lot on overall analysis results by using cyber kill chain.

Key words: cyber kill chain, data analysis, abnormal behavior analysis, malware

CLC Number: