基于多步攻击场景的攻击预测方法

计算机科学 ›› 2019, Vol. 46 ›› Issue (6A): 365-369.

基于多步攻击场景的攻击预测方法

胡倩

信息工程大学研究生院郑州450002

出版日期:2019-06-14 发布日期:2019-07-02
通讯作者: 胡倩(1988-),女,硕士生,主要研究方向为网络信息安全,E-mail:huqian_07@qq.com(通信作者)。

Attack Prediction Method Based on Multi-step Attack Scenario

HU Qian

Graduate School,Information Engineering University,Zhengzhou 450002,China

Online:2019-06-14 Published:2019-07-02

摘要/Abstract

摘要： 多步攻击预测是入侵检测的补充,能在一定程度上预防、减少或阻断安全威胁。文中提出了一种基于多步攻击场景的攻击预测方法。该方法采用贝叶斯网络模型来描述攻击场景图,通过挖掘多步攻击间存在的因果关联规则构建因果贝叶斯攻击场景图,在此网络结构的基础上通过攻击证据来推理计算未知攻击发生的概率,对下一步的攻击行为以及攻击者的攻击意图进行预测。最后,通过实验验证了所提方法能够准确地预测下一步的攻击以及攻击者的攻击意图。

关键词: 多步攻击, 攻击场景, 攻击预测

Abstract: Multi-step attack is a complement to intrusion detection,which can prevent,reduce or interrupt security threats to a certain extent.In order to prevent,reduce or interrupt security threats,this paper proposed an attack prediction method based on multi-step attack scenario.This method uses the bayesian network model to describe attack scene graph,builds the causal bayesian attack scene graphby data-mining the multi-step attack between the causal association rule.Based on the network structure,through attacking evidence,it calculates the probability of unknown attack,and predicts the next attack and attacker’s next attack intention.Finally,the experiment verifies that the proposed method can accurately predict the next attack and attacker’s attack intention.

Key words: Attack prediction, Attack scenario, Multi-step attack

中图分类号:

TP393

胡倩. 基于多步攻击场景的攻击预测方法[J]. 计算机科学, 2019, 46(6A): 365-369. https://doi.org/

HU Qian. Attack Prediction Method Based on Multi-step Attack Scenario[J]. Computer Science, 2019, 46(6A): 365-369. https://doi.org/

参考文献

[1]吴琨,白中英.集对分析的可信网络安全态势评估与预测[J].哈尔滨工业大学学报,2012,44(3):113-118.
[2]杨程.基于贝叶斯网络的过程报警事件预测方法[D].北京:北京化工大学,2014.
[3]HENDRY G R,YANG S J.Intrusion signature creation via clustering anomalies[C]∥Proceedings of SPIE-The International Society for Optical Engineering.2008:69-730.
[4]HOLSOPPLE J,YANG S J.FuSIA:Future Situation and Im-pact Awareness[C]∥2008 11th International Conference on Information Fusion.2008:1-8.
[5]张松红,王亚弟,韩继红.基于隐马尔可夫模型的复合攻击预测方法[J].计算机工程,2008,34(6):131-133.
[6]FAOUR A,LERAY P,ETER B.A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems[C]∥Information and Communication Technologies,2006(ICTTA ’06).2006:3175-3180.
[7]高倩.基于贝叶斯网络预测的故障诊断的应用与研究[D].北京:华北电力大学,2011.
[8]陈固胜.基于动态贝叶斯网络的战场信息预测与评估[D].南京:南京理工大学,2013.
[9]王辉,王云峰,王坤福.基于贝叶斯推理的攻击路径预测研究[J].计算机应用研究,2015,32(1):226-231.
[10]张少俊,李建华,宋珊珊,等.贝叶斯推理在攻击图节点置信度计算中的应用[J].软件学报,2010,21(9):2376-2386.
[11]贾卓然,李波,张明.基于 MapReduce 的贝叶斯网络参数学习方法[J].计算机测量与控制,2015,23(9):3207-3208.
[12]PEI J,HAN J,MORTAZAVI-ASL B,et al.Prefixspan:Mining sequential patterns efficiently by prefix-projected pattern growth[C]∥icccn.IEEE,2001:0215.
[13]GUO H,HSU W.A survey of algorithms for real-time Bayesian network inference[C]∥AAAI/KDD/UAI02 Joint Workshop on Real-Time Decision Support and Diagnosis Systems.Edmonton,Canada,2002.

相关文章 7

[1]	王文娟, 杜学绘, 任志宇, 单棣斌. 基于因果知识和时空关联的云平台攻击场景重构 Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation 计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172
[2]	刘静, 黄菊, 赖英旭, 秦华, 曾伟. 基于区块链的日志安全存储方法研究 Study on Secure Log Storage Method Based on Blockchain 计算机科学, 2020, 47(11A): 388-395. https://doi.org/10.11896/jsjkx.200400024
[3]	张恒巍,张健,韩继红. 基于非合作博弈攻击预测的防御策略选取方法 Defense Strategies Selection Method Based on Non-cooperative Game Attack Forecast 计算机科学, 2016, 43(1): 195-201. https://doi.org/10.11896/j.issn.1002-137X.2016.01.044
[4]	王前,冯亚军,杨兆民,姚磊. 基于本体的网络攻击模型及其应用 Network Attack Model Based on Ontology and its Application 计算机科学, 2010, 37(6): 114-117.
[5]	伏晓,谢立. 安全报警关联技术研究 Security Alert Correlation: A Survey 计算机科学, 2010, 37(5): 9-14.
[6]	. 基于可信报警事件的在线攻击场景重构算法计算机科学, 2006, 33(8): 100-105.
[7]	. 基于攻击意图的报警信息关联研究计算机科学, 2005, 32(9): 61-65.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed