首页 | 本学科首页   官方微博 | 高级检索  
     

基于攻击模式识别的网络安全态势评估方法
引用本文:王坤,邱辉,杨豪璞. 基于攻击模式识别的网络安全态势评估方法[J]. 计算机应用, 2016, 36(1): 194-198. DOI: 10.11772/j.issn.1001-9081.2016.01.0194
作者姓名:王坤  邱辉  杨豪璞
作者单位:信息工程大学, 郑州 450001
基金项目:国家自然科学基金资助项目(61309013)。
摘    要:通过对已有网络安全态势评估方法的分析与比较,发现其无法准确反映网络攻击行为逐渐呈现出的大规模、协同、多阶段等特点,因此提出了一种基于攻击模式识别的网络安全态势评估方法。首先,对网络中的报警数据进行因果分析,识别出攻击意图与当前的攻击阶段;然后,以攻击阶段为要素进行态势评估;最后,构建攻击阶段状态转移图(STG),结合主机的漏洞与配置信息,实现对网络安全态势的预测。通过网络实例对所提出的网络安全态势评估模型验证表明,随着攻击阶段的不断深入,其网络安全态势值也随之增大,能够更加准确地反映攻击实情;且在态势预测中无需对历史序列进行训练,具有更高的预测效率。

关 键 词:因果分析  状态转移图  态势评估  模式识别  多阶段攻击  
收稿时间:2015-08-05
修稿时间:2015-09-15

Network security situation evaluation method based on attack pattern recognition
WANG Kun,QIU Hui,YANG Haopu. Network security situation evaluation method based on attack pattern recognition[J]. Journal of Computer Applications, 2016, 36(1): 194-198. DOI: 10.11772/j.issn.1001-9081.2016.01.0194
Authors:WANG Kun  QIU Hui  YANG Haopu
Affiliation:Information Engineering University, Zhengzhou Henan 450001, China
Abstract:By analyzing and comparing the existing network security situation evaluation methods, it is found that they can not accurately reflect the features of large-scale, coordination, multi-stage gradually shown by network attack behaviors. Therefore, a network security situation evaluation method based on attack pattern recognition was proposed. Firstly, the causal analysis of alarm data in the network was made, and the attack intention and the current attack phase were recognized. Secondly, the situation evaluation based on the attack phase was realized. Lastly the State Transition Diagram (STG) of attack phase was created to realize the forecast of network security situation by combining with vulnerability and configuration information of host. A simulation experiment for the proposed network security situation evaluation model was performed by network examples. With the deepening of the attack phase, the value of network security situation would increase. The experimental results show that the proposed method is more accurate in reflecting the truth of attack, and the method does not need training on the historical sequence, so the method is more effective in situation forecasting.
Keywords:causal analysis   state transition diagram   situation evaluation   pattern recognition   multi-stage attack
本文献已被 万方数据 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号