| 基于场景和PN机的入侵检测研究 |
| |
| 引用本文: | 张 巍,罗辉云,滕少华,刘冬宁,梁 路.基于场景和PN机的入侵检测研究[J].计算机科学,2015,42(5):188-193. |
| |
| 作者姓名: | 张 巍 罗辉云 滕少华 刘冬宁 梁 路 |
| |
| 作者单位: | 广东工业大学计算机学院 广州510006 |
| |
| 基金项目: | 本文受国家自然科学基金(61402118,61272067,61104156,61370229),教育部重点实验室基金(110411),广东省科技计划项目(2012B091000173),广东省教育厅项目(粤教高函〔2013〕113号),广州市科技计划项目(2012J5100054,2013J4500028),韶关市科技计划项目(2010CXY/C05)资助 |
| |
| 摘 要: | 攻击者通过从一个攻击序列衍生出大量变种攻击序列来逃避基于规则及其它误用检测技术的检测.基于此,针对可序列化的入侵,从攻击机理入手,提取攻击的关键操作序列,构造入侵行为表达式,再对攻击序列进行拓扑排序和同构变换,以扩展形成一个入侵场景或一类入侵.进而提出了面向场景和检测一类入侵行为的方法,通过构建基于场景和检测一类入侵行为的PN(Petri Net)机来实现检测已知攻击及其未知变种攻击的目标.未知变种攻击也是一些新的攻击形态,因而从这种意义上说,该方法能检测到新的攻击行为.
|
| 关 键 词: | 入侵检测 场景 攻击序列 同构变换 拓扑排序 入侵行为表达式 PN机 |
Intrusion Detection Based on Scenario and PN Machine |
| |
| ZHANG Wei,LUO Hui-yun,TENG Shao-hu,LIU Dong-ning and LIANG Lu.Intrusion Detection Based on Scenario and PN Machine[J].Computer Science,2015,42(5):188-193. |
| |
| Authors: | ZHANG Wei LUO Hui-yun TENG Shao-hu LIU Dong-ning and LIANG Lu |
| |
| Affiliation: | School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China,School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China,School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China,School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China and School of Computer Science and Technology,Guangdong University of Technology,Guangzhou 510006,China |
| |
| Abstract: | To evade detection of rule-based or other misuse detection methods,the attacker can create a large number of variant attack sequences from one attack sequence.Therefore,aiming at the serializable intrusion,we started to study the attack mechanism,extracted key operation sequence of the attacks,constructed intrusion behavior expressions,sorted topologically attack sequence,and did isomorphic transformation for attack operations.Then one attack can be expanded to one intrusion scenario or one class of attacks.A new intrusion detection method was proposed in the paper,which is called the scenario-oriented intrusion detection.A PN machine for scenario was designed and implemented.The PN machine based on scenario can detect one class of attacks.Then,the goal of detecting the known attack and its unknown variant attacks will be achieved.So,some new derived attacks can be detected by the method in the paper. |
| |
| Keywords: | Intrusion detection Scenario Attack sequence Homogeneous transformation Topological sorting Intrusion behavior expression PN machine |
| 本文献已被 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
