In order to display the attack scene in the description of the multistep process-oriented attack-advanced persistent threat, a specific model on advanced persistent threat behavior analysis-EPNAM is proposed, which is based on the Petri net and combined with the characteristics of APT. Firstly we carry out hierarchical analysis on the attack scene with AHP method to build the APT architecture and extract scene factors, then associate the attack scene with Petri net to construct extended Petri net, and finally, traverse the extended Petri net to generate the formal expression. The proposed model can achieve the combination of the attack scene, attack process, and state space, and its feasibility is proved by the application on actual case analysis of the RSA SecurID theft attack.
展开▼
