为实现高级持续性威胁(APT)的通信检测,提出一种对服务器端和主机端日志数据的检测方法.通过建立IP地址数据库,采用DBSCAN聚类算法对海量日志数据进行收集和处理得到异常通信日志.利用高级持续性威胁14种通信特征的隐含狄利克雷分布(LDA)建模对异常通信日志进行检测.实验结果表明,与潜在语义分析和概率潜在语义分析检测模型相比,LDA建模提高了APT通信检测的效率和准确度.%In order to realize the communication detection of the Advanced Persistent Threat(APT),this paper presents a detection method for server-side and host-side log data.It makes the establishment of IP address database and uses DBSCAN clustering algorithm to collect and deal with the massive log data to get abnormal communication log.The abnormal communication log is detected by using Latent Dirichlet Distribution(LDA) modeling of the 14 communication features of APT.Experimental results show that LDA modeling improves the efficiency and accuracy of APT communication detection compared with Latent Semantic Analysis (LSA) and Probabilistic Latent Semantic Analysis (PLSA) detection models.
展开▼
机译:The Impacts of Margin Trading on Rate of Return and Volatility in the Stock Market: A Study Using the SVAR Model and Panel Regressions =融资对股价收益与波动的影响特征研究——基于SVAR模型与面板模型的实证分析
