共查询到20条相似文献,搜索用时 31 毫秒
1.
Aiming at analyzing the influence of multi-step attack,as well as reflecting the system’s security situation accurately and comprehensively,a network security situation evaluation method for multi-step attack was proposed.This method firstly clustered security events into several attack scenes,which was used to identify the attacker.Then the attack path and the attack phase were identified by causal correlation of every scene.Finally,combined with the attack phase as well as the threat index,the quantitative standard was established to evaluate the network security situation.The proposed method is assessed by two network attack-defense experiments,and the results illustrate accuracy and effectiveness of the method. 相似文献
2.
现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络(software defined network, SDN)安全威胁,但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置,安全评估不准确。针对以上问题,根据设备漏洞利用概率和设备关键度结合PageRank算法,设计了一种计算SDN中各设备重要性的算法;根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法,预测攻击者的攻击路径。实验结果显示,该方法能够准确预测攻击者的攻击路径,为安全防御提供更准确的依据。 相似文献
3.
The existing attack path prediction methods can not accurately reflect the variation of the following attack path caused by the capability of the attacker.Accordingly an attack path prediction method based on causal knowledge net was presented.The proposed method detected the current attack actions by mapping the alarm sets to the causal knowledge net.By analyzing the attack actions,the capability grade of the attacker was inferred,according to which adjust the probability knowledge distribution dynamically.With the improved Dijkstra algorithm,the most possible attack path was computed.The experiments results indicate that the proposed method is suitable for a real network confrontation environment.Besides,the method can enhance the accuracy of attack path prediction. 相似文献
4.
5.
传统电力网络攻击范围预测技术的预测范围不够广,导致电力网络安全性提升效果不明显。为此,提出基于细胞自动机模型的电力网络攻击预测技术。搭建电力细胞自动机模型,将细胞自动机中的细胞看作电力细胞,建立细胞活力值转换规则,将其与攻击者执行攻击概率相结合,预测电力细胞的发展变化。根据中心电力细胞及邻域电力细胞的变化趋势预测电力网络攻击。实验结果表明:在时间因素影响下,提出的基于细胞自动机模型电力网络攻击预测技术的预测攻击节点位置与原始节点基本一致,预测后负荷切除量始终在100 MW以下,本文所提技术的有效性更好。 相似文献
6.
Heshuai Li Junhu Zhu Han Qiu Qingxian Wang Tianyang Zhou Hang Li 《International Journal of Communication Systems》2015,28(6):1126-1139
Distributed network paralyzing (DNP) attack, a kind of distributed denial‐of‐service attack that utilize botnet to congest and paralyze autonomous system level network, is a serious threat to network security. In this article, it is indicated that the most difficulty of DNP attack is strategizing DNP attacking flows automatically from the perspective of the attacker. For this outstanding issue, we introduce the DNP attacking flows strategizing technology, which can help an attacker to launch DNP attack efficiently through a series of attacking resources division–target links and attacking paths orientation–flux planning process. Through simulation, we demonstrate that the feasibility of attacking flows strategizing technology and prove that an attacker who controls a large‐scale botnet can utilize DNP attack to seriously threat the network security. At last, from the perspective of the defender, it is indicated that the network security researcher should strengthen the relevant research to defend the DNP attack. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
7.
An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target,especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment. 相似文献
8.
9.
10.
一种基于攻击图模型的网络安全评估方法 总被引:1,自引:0,他引:1
随着网络的深入和快速发展,网络安全问题日益严峻,研究网络安全的评估方法,具有重要的现实意义。安全漏洞的大量存在是安全问题的总体形势趋于严峻的重要原因之一。详细介绍了攻击图建模方法,给出了攻击图自动生成算法,提出了一种利用数学模型分析攻击图,并对网络系统进行安全评估的方法,最后通过一个虚拟网络环境对网络安全评估方法进行了验证。该方法对攻击图的研究具有现实意义。 相似文献
11.
针对网络攻击出现的大规模、协同、多阶段的特点,提出一种基于攻击图模型的网络安全态势评估方法.首先,结合攻击事件的时空特征融合多源告警数据构建网络攻击行为特征;其次,基于告警信息映射攻击节点,关联多步攻击的路径;再次,在构建攻击图的基础上,结合转移序列构建攻击节点转移概率表,将转移概率引入攻击图中,推断攻击者的攻击意图;... 相似文献
12.
为了使计算机网络更好地为人类服务,必须很好地解决网络的信息安全问题。数字水印是实现版权保护的有效办法,但目前尚没有一个算法能够真正经得住攻击者所有种类的攻击。笔者通过对攻击原理进行分析,提出解决的对策,重点介绍了利用双水印技术对抗解释攻击的方法。了解这些攻击以及可能还会有的新的攻击方法将助于我们设计出更好的水印方案。 相似文献
13.
有组织的网络攻击行为结果的建模 总被引:4,自引:0,他引:4
用数学的方法分析了有组织的网络攻击行为对网络信息系统造成的影响,首先对攻击者、被攻击对象、攻击行为和攻击结果进行定义,提出三条模型假设,然后分别针对个人攻击结果和有组织的攻击结果进行建模,对模型结果进行了讨论,最后提出几点安全建议并说明了进一步研究的思路。 相似文献
14.
传统的应对网络威胁的手段是根据所发生的攻击针对性的提供补救措施,但是这种方式具有较强的滞后性,已难以满足现在快节奏的网络运行环境。如何提供一种对网络安全状况的量化指标,根据对网络安全的走势进行预测已经成为了如今的研究热点。文中针对网络安全的量化评估与预测问题,首先,提出了一种基于层次化评估模型的方法,实现了对网络安全态势的量化手段,将其从定性分析上升到了定量分析;其次,提出了一种基于相关向量机的网络安全态势预测模型,并通过蝙蝠算法提升了该模型的运行效率;最后,通过数据集的样本学习,验证了预测方法的有效性,该方法具有较高的精度和可靠性。 相似文献
15.
Attack graph technology was a measure to predict the pattern and process used by attacker to compromise the target network,so as to guide defender to take defensive measures and improve network security.The basic component,types of attack graphs and respective advantages and disadvantages of each type were reviewed.The application status of attack graph technology in risk assessment and network hardening,intrusion detection and alarm correlation,and other aspects were introduced.Several kinds of existing attack graph generation and analysis tools were also presented.At last a survey of some challenges and research trends in future research work was provided. 相似文献
16.
17.
Aiming at the problem of ignoring the impact of attack cost and intrusion intention on network security in the current network risk assessment model,in order to accurately assess the target network risk,a method of network intrusion intention analysis based on Bayesian attack graph was proposed.Based on the atomic attack probability calculated by vulnerability value,attack cost and attack benefit,the static risk assessment model was established in combination with the quantitative attack graph of Bayesian belief network,and the dynamic update model of intrusion intention was used to realize the dynamic assessment of network risk,which provided the basis for the dynamic defense measures of attack surface.Experiments show that the model is not only effective in evaluating the overall security of the network,but also feasible in predicting attack paths. 相似文献
18.
19.
Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network. 相似文献