| 一种基于动态建链推理的网络攻击过程分析方法 |
| |
| 引用本文: | 刘晶,伏飞,戴江山,肖军模.一种基于动态建链推理的网络攻击过程分析方法[J].电子科技大学学报(自然科学版),2006,35(5):819-822. |
| |
| 作者姓名: | 刘晶 伏飞 戴江山 肖军模 |
| |
| 作者单位: | 1.解放军理工大学通信工程学院 南京 210007 |
| |
| 摘 要: | 提出一种动态漏洞链构造推理网络攻击过程的分析方法。以漏洞间推理关系为前提,从受害主机入手,构造有色加权有向图,在多日志中查找漏洞被利用的解释信息,并由查找结果对漏洞链动态剪枝,得到主机漏洞攻击链和攻击该受害主机的嫌疑主机,对嫌疑主机迭代分析,推理出网络漏洞攻击链。实例表明该方法能够快速有效地实现网络攻击过程分析,并且具有良好的可扩展性。
|
| 关 键 词: | 网络取证 攻击分析 漏洞链 安全 |
| 收稿时间: | 2005-01-06 |
| 修稿时间: | 2005-01-06 |
A Method of the Network Attack Process Analysis Based on Dynamic Linking Inference |
| |
| LIU Jing,FU Fei,DAI Jiang-shan,XIAO Jun-mo.A Method of the Network Attack Process Analysis Based on Dynamic Linking Inference[J].Journal of University of Electronic Science and Technology of China,2006,35(5):819-822. |
| |
| Authors: | LIU Jing FU Fei DAI Jiang-shan XIAO Jun-mo |
| |
| Affiliation: | 1.Institute of Communications Engineering,PLA Univ. of Sci. & Tech. Nanjing 210007 |
| |
| Abstract: | Based on response after the attack incidents, a method of network attack process analysis by dynamic vulnerability linking is designed. The corresponding color weighted diagraph is setup in dependence on the inference relation of the security holes in the intruded machine. With the vulnerability-log relation matrix, we searched different forensic information sources are searched. The corresponding support value and the remote suspicious host are obtaind. Then the suspicious host in the same way is analyzed. The illustration indicates that this method can get the network attack process rapidly and effectively. |
| |
| Keywords: | network forensic attack analysis vulnerability security |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
