| 基于贝叶斯攻击图的网络入侵意图识别方法 |
| |
| 引用本文: | 王洋,吴建英,黄金垒,胡浩,刘玉岭.基于贝叶斯攻击图的网络入侵意图识别方法[J].计算机工程与应用,2019,55(22):73-79. |
| |
| 作者姓名: | 王洋 吴建英 黄金垒 胡浩 刘玉岭 |
| |
| 作者单位: | 信息工程大学 三院,郑州,450001;北京市公安局 网络安全保卫总队,北京,100010;中国科学院 软件研究所 可信计算与信息保障实验室,北京 100190;中国科学院大学 网络空间安全学院,北京 101408 |
| |
| 基金项目: | 国家自然科学基金;国家高技术研究发展计划(863计划);国家重点研发计划;郑州市科技领军人才培育计划;装备预研项目 |
| |
| 摘 要: | 现有入侵意图识别方法对报警证据的有效性缺乏考虑,影响了入侵意图识别的准确性。为此提出基于贝叶斯攻击图的入侵意图识别方法。首先建立贝叶斯攻击图模型,然后通过定义报警的置信度及报警间的关联强度,去除低置信水平的孤立报警;根据提取到的有效报警证据进行贝叶斯后验推理,动态更新攻击图中各状态节点遭受攻击的概率,识别网络中已发生和潜在的攻击行为。实验结果表明,该方法能有效提取报警证据,提高网络入侵预测的准确性。
|
| 关 键 词: | 意图识别 贝叶斯攻击图 漏洞利用 报警置信度 报警关联强度 |
Network Intrusion Intention Recognition Method Based on Bayesian Attack Graph |
| |
| WANG Yang,WU Jianying,HUANG Jinlei,HU Hao,LIU Yuling.Network Intrusion Intention Recognition Method Based on Bayesian Attack Graph[J].Computer Engineering and Applications,2019,55(22):73-79. |
| |
| Authors: | WANG Yang WU Jianying HUANG Jinlei HU Hao LIU Yuling |
| |
| Affiliation: | 1.The Third Institute, Information Engineering University, Zhengzhou 450001, China
2.Cyber Security Guard, Beijing Public Security Bureau, Beijing 100010, China
3.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
4.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 101408, China |
| |
| Abstract: | The existing intrusion intention recognition methods lack the validity consideration of alert evidence, which affects the recognition accuracy. Therefore, the intrusion intention recognition method based on Bayesian attack graph is proposed. Firstly, the model of Bayesian attack graph is constructed, and then the isolated alerts with low confidence are removed by setting the alert confidence and correlation strength. Secondly, the Bayesian posteriori reasoning is performed based on the extracted effective alert evidence. Furthermore, the probability of each state node being attacked is dynamically updated in the attack graph, which aims to identify the previous and potential attack behaviors in the network. Finally, the experimental results show that the proposed method can effectively extract the alert evidence and improve the prediction accuracy of the network intrusion. |
| |
| Keywords: | intention recognition Bayesian attack graph vulnerability exploitation alert confidence level alert correlation strength |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
