Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (2): 317-323.doi: 10.11896/jsjkx.191200172

• Information Security • Previous Articles     Next Articles

Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation

WANG Wen-juan, DU Xue-hui, REN Zhi-yu, SHAN Di-bin   

  1. PLA Strategic Support Force Information Engineering University,Zhengzhou 450001,China
  • Received:2019-12-30 Revised:2020-04-23 Online:2021-02-15 Published:2021-02-04
  • About author:WANG Wen-juan,born in 1981,postgraduate,associate professor.Her main research interests include information security and cloud computing.
  • Supported by:
    The National Natural Science Foundation of China(61802436) and Natural National Key Basic Research Program of China(2016YFB050190104).

PDF (PC)

942

Abstract: Attack behavior in cloud computing environment gradually shows characteristics of strong concealment and complex multi-step,that is,a complete attack needs to execute some different attack steps to achieve the final goal.However,the existing intrusion detection system usually does not have the necessary ability of correlation,and can only detect single-step attack or attack fragment,so it is difficult to find and identify multi-step attack,and unable to restore attackers' attack process completely.To solve this problem,this paper proposes an attack scenario reconstruction technique based on causal knowledge and space-time correlation.Firstly,the bayesian network is used to model the causal knowledge,and the causal attack patterns are extracted from the alerts with IP address correlation,so as to provide template basis for the subsequent correlation analysis.Then,on the basis of causal knowledge network,alert correlation is conducted from the perspectives of causal,temporal and spatial dimensions to discover potential hidden relationships,and high-level attack scenarios are reconstructed to provide basis and reference for building a cloud environment that can be monitored and accountable.

Key words: Alert correlation, Attack scenario, Causal knowledge network, Cloud computing, Temporal-spatial correlation

CLC Number: 

  • TP309
[1] PETER M M,TIMOTHY G.The NIST Definition of Cloud Computing[M].National Institute of Standard & Technology,2011.
[2] The Notorious Nine:Cloud Computing Top Threats in 2013[EB/OL].http://www.cloudsecurityalliance.org/group/top-threats.
[3] CHEN X J,FANG B X,TAN Q F.Inferring attack intent ofmalicious insider based on probabilistic attack graph model[J].Chinese Journal of Computer,2014,34(1):62-72.
[4] WANG L.Study on Method of network multi-stage attack plan recognition[D].Wuhan:Huazhong University of Science and Technology,2007.
[5] PENG N,YUN C,DOUGLAS S.R Constructing attack scena-rios through correlation of intrusion alerts[C]//ACM Symposium on Computer and Communications Security.Washington,DC,United States,2002:245-254.
[6] WANG L,GHORBANI A A,LI Y.Automatic multi-step attack pattern discovering[J].International Journal of Network Security,2010,10(2):142-152.
[7] MEI H B,GONG J,ZHANG M H.Research on discoveringmulti-step attack patterns based on clustering IDS alert sequences[J].Journal on Communications,2011,32(5):63-69.
[8] GE L,JI X S,JIANG T.Association rules and its implementation in Map-Reduce[J].Journal of Electronics & Information Technology,2014,36(08):1831-1837.
[9] LU X G,DU X H,WANG W J.Alert correlation algorithmbased on improved FP growth[J].Computer Science,2019,46(8):64-70.
[10] STEVEN J T,KARL L.A requires/provides model for compu-ter attacks[C]//Proc.of the 2000 Workshop on New Security Paradigms.New York:ACM,2000:256-263.
[11] NING P.TIAA:A visual toolkit for intrusion alert analysis[M].North Carolina State University at Raleigh,2003.
[12] ZHANG J,LI X P,WANG H J.Real-time alert correlation approach based on attack planning graph[J].Journal of Computer Applications,2016(6):1538-1543.
[13] WANG S,TANG G,KOU G.An attack graph generation me-thod based on heuristic searching strategy[C]//IEEE International Conference on Computer & Communications.IEEE,2017.
[14] KAYNAR K,SIVRIKAYA F.Distributed attack graph generation[J].IEEE Transactions on Dependable and Secure Computing,2016,13(5):519-532.
[15] FENG X W,WANG D X,HUANG M H.A Mining Approach for Causal Knowledge in Alert Correlating Based on the Markov Property[J].Journal of Computer Research and Development,2014,51(11):2493-2504.
[16] LIU W X,ZENG K F,WU B.Alert processing based on attack graph and multi-source analyzing[J].Journal on Communications,2015,36(9):135-144.
[17] LYU H Y,PENG W,WANG R M.A Real-time NetworkThreat Recognition and Assessment Method based on Association Analysis of Time and Space[J].Journal of Computer Research and Development,2014,51(5):1039-1049.
[18] XIE P,LI J H,OU X,et al.Using bayesian networks for cyber security analysis[C]//Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks.Chicago,IL,USA,IEEE,2010.
[19] CUI J S,GUO C,CHEN L.Establishing process-level defense-in-depth framework for software defined networks[J].Journal of Software,2014,25(10):2251-2265.
[1] GAO Shi-yao, CHEN Yan-li, XU Yu-lan. Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing [J]. Computer Science, 2022, 49(3): 313-321.
[2] WANG Zheng, JIANG Chun-mao. Cloud Task Scheduling Algorithm Based on Three-way Decisions [J]. Computer Science, 2021, 48(6A): 420-426.
[3] PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi. Attribute Access Control Based on Dynamic User Trust in Cloud Computing [J]. Computer Science, 2021, 48(5): 313-319.
[4] CHEN Yu-ping, LIU Bo, LIN Wei-wei, CHENG Hui-wen. Survey of Cloud-edge Collaboration [J]. Computer Science, 2021, 48(3): 259-268.
[5] JIANG Hui-min, JIANG Zhe-yuan. Reference Model and Development Methodology for Enterprise Cloud Service Architecture [J]. Computer Science, 2021, 48(2): 13-22.
[6] MAO Han-yu, NIE Tie-zheng, SHEN De-rong, YU Ge, XU Shi-cheng, HE Guang-yu. Survey on Key Techniques and Development of Blockchain as a Service Platform [J]. Computer Science, 2021, 48(11): 4-11.
[7] WANG Qin, WEI Li-fei, LIU Ji-hai, ZHANG Lei. Private Set Intersection Protocols Among Multi-party with Cloud Server Aided [J]. Computer Science, 2021, 48(10): 301-307.
[8] LEI Yang, JIANG Ying. Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment [J]. Computer Science, 2021, 48(1): 295-300.
[9] XU Yun-qi, HUANG He, JIN Zhong. Application Research on Container Technology in Scientific Computing [J]. Computer Science, 2021, 48(1): 319-325.
[10] ZHNAG Kai-qi, TU Zhi-ying, CHU Dian-hui, LI Chun-shan. Survey on Service Resource Availability Forecast Based on Queuing Theory [J]. Computer Science, 2021, 48(1): 26-33.
[11] LI Yan, SHEN De-rong, NIE Tie-zheng, KOU Yue. Multi-keyword Semantic Search Scheme for Encrypted Cloud Data [J]. Computer Science, 2020, 47(9): 318-323.
[12] MA Xiao-xiao and HUANG Yan. Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe [J]. Computer Science, 2020, 47(6A): 420-423.
[13] LIANG Jun-bin, ZHANG Min, JIANG Chan. Research Progress of Social Sensor Cloud Security [J]. Computer Science, 2020, 47(6): 276-283.
[14] JIN Xiao-min, HUA Wen-qiang. Energy Optimization Oriented Resource Management in Mobile Cloud Computing [J]. Computer Science, 2020, 47(6): 247-251.
[15] SUN Min, CHEN Zhong-xiong, YE Qiao-nan. Workflow Scheduling Strategy Based on HEDSM Under Cloud Environment [J]. Computer Science, 2020, 47(6): 252-259.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.