| 基于攻击图的复合入侵关联及预测方法 |
| |
| 引用本文: | 肖琳琳,王晓辉,李杰.基于攻击图的复合入侵关联及预测方法[J].网络安全技术与应用,2010(7):11-13. |
| |
| 作者姓名: | 肖琳琳 王晓辉 李杰 |
| |
| 作者单位: | 中南大学信息科学与工程学院,湖南410083 |
| |
| 摘 要: | 当前的大多数漏洞扫描器和入侵检测系统只能检测汇报孤立的漏洞和攻击。但网络中真正的威胁来自那些技术精湛的黑客,他们综合利用各种攻击手段绕开安全策略,逐步获得权限。这种复合攻击能渗透进看似防御严密的网络。攻击图是一种重要的网络安全漏洞分析工具,能用来关联警报,假设漏报,预测下一步的警报,对系统管理员理解威胁的本质从而采取适当对策是关键的。本文提出一种基于攻击图来关联并预测复合网络入侵的方法,该方法在实际网络环境中有良好的表现。
|
| 关 键 词: | 复合攻击 入侵检测 攻击图 警报关联 |
An attack graph-based approach to correlating and predicting multi-step network attacks |
| |
| Xiao Linlin,Wang Xiaohui,Li Jie.An attack graph-based approach to correlating and predicting multi-step network attacks[J].Net Security Technologies and Application,2010(7):11-13. |
| |
| Authors: | Xiao Linlin Wang Xiaohui Li Jie |
| |
| Affiliation: | (Central South University Institute of Information Science and Engineering,Hunan,410083,China ) |
| |
| Abstract: | Most existing vulnerability scanners and intrusion detection systems can only report isolated vulnerabilities and attacks.But real threats to a network usually come from skilled attackers who employ multiple attacks to evade security measures and to gradually gain privileges.Such multi-step network intrusions can often infiltrate a seemingly well guarded network.Attack graphs are important tools for analyzing security vulnerabilities in networks,and can be used to correlate received alerts,hypothesize missing alerts,and predict future alerts.So attack graphs are crucial for system administrators to understand the nature of the threats and decide upon appropriate countermeasures.In this paper,we describe an attack graph-based approach to correlating and predicting multi-step network intrusions,which perform well in a real network. |
| |
| Keywords: | multi-step attack intrusion detection attack graph alert correlation |
| 本文献已被 维普 万方数据 等数据库收录! |
|
