分布式异构网络恶意攻击取证及预警方法研究

传统的网络恶意攻击取证方法对恶意攻击行为的检查不全面、恶意攻击行为相似度分辨准确性低。为此,提出了一种分布式异构网络恶意攻击取证及预警方法。利用CVSS计算器对网络恶意攻击行为的严重等级进行评估,结合灰关联分析法建立灰关联模型,对评估要素进行量化处理;在此基础上,获取并处理日志、事件、警告和证据信息,建立证据库。根据取证结果,结合TOP-K预警策略实现分布式异构网络恶意攻击的预警和预警信息储存。实验结果表明,所提方法对恶意攻击行为的查全率和恶意攻击行为相似度分辨的准确性较高,且预警反应耗时较短,不仅能够准确检测恶意攻击行为,还能够及时发出警报,有效维持分布式异构网络的安全性。

Research on Forensics and Forewarning Methods of Distributed Heterogeneous Network Malicious Attacks

The traditional network malicious attack forensics method for malicious attack behavior inspection is not comprehensive, malicious attack behavior similarity discrimination accuracy is low. Therefore, this study proposes a distributed heterogeneous network malicious attack forensics and warning method. CVSS calculator was used to evaluate the severity of malicious network attacks, and gray correlation analysis method was used to establish a gray correlation model to quantify the evaluation factors. On this basis, obtain and process log, event, warning and evidence information, establish evidence base. According to the forensics results, TOP-K warning strategy is combined to realize the warning and warning information storage of distributed heterogeneous network malicious attack. The experimental results show that the proposed method is more accurate in detecting the malicious attack and distinguishing the similarity degree of the malicious attack, and the early-warning response time is shorter. It can not only accurately detect the malicious attack, but also send out the alarm in time, effectively maintaining the security of distributed heterogeneous network.