关键词: APT攻击, Linux沙箱, 长短期记忆网络, APT攻击数据集, ELF文件

Abstract: As people’s daily life is covered by the network, the security of cyberspace has been paid more and more attention. There are many kinds of attack methods in the network. The APT attack is one of the more complex and harmful. It has the characteristics of strong sustainability and the attack process runs through the outside and inside of the system, and it is difficult to detect and thoroughly defend. This paper proposes a scheme of APT attack detection under a Linux system based on LSTM, constructs an analysis sandbox LAnalysis of malicious Linux ELF files based on kernel instrumentation to capture malicious behaviors in APT attacks, and constructs APT attack dataset by using LAnalysis analysis result dataset and network attack traffic dataset NSLKDD according to attack timing characteristics, This paper solves the problem of lacking APT attack dataset under the current Linux system in the industry. Finally, the timing of APT attacks is introduced into the detection, and APT attacks are detected based on LSTM. The experimental results show that the APT attack detection model constructed in this paper has a good application effect.

Key words: APT attack, Linux sandbox, long shortterm memory, APT attack dataset, ELF file