面向无线入侵检测系统的复杂多步攻击识别方法

随着移动互联网的快速普及,无线网络的安全问题也接踵而至。现有的入侵防御体系大多针对有线网络,而无线网络存在较大的差异性,很多无线通信协议本身也存在缺陷。提出一种面向无线入侵检测系统的复杂攻击识别方法,包含告警精简、逻辑攻击图生成器、攻击流量拓扑图生成器、攻击路径解析器、复杂攻击评估等模块,层层挖掘出攻击者的最终意图。实验结果表明,该识别方法能够应对无线入侵领域的复杂攻击场景,对无线多步攻击意图的识别具有一定的意义。

A COMPLEX MULTI-STEP ATTACK RECOGNITION METHOD FOR WIRELESS INTRUSION DETECTION SYSTEM

With the rapid popularization of mobile Internet, the security problems of wireless network come one after another. Most of the existing intrusion prevention systems are aimed at wired networks, while wireless networks have great differences, and many wireless communication protocols have their own shortcomings. This paper presented a complex multi-step attack recognition method for wireless intrusion detection systems. It integrated alarm reduction, logical attack graph generator, attack flow topological graph generator, attack path resolver and complex attack assessment module to mine the attacker s final intention. The experimental results show that the method can deal with the complex attack scenarios in the field of wireless intrusion, and has certain significance for the identification of the intent of wireless multi-step attack.