计算机科学 ›› 2021, Vol. 48 ›› Issue (2): 317-323.doi: 10.11896/jsjkx.191200172
王文娟, 杜学绘, 任志宇, 单棣斌
WANG Wen-juan, DU Xue-hui, REN Zhi-yu, SHAN Di-bin
摘要: 云计算环境下的攻击行为逐步表现出隐蔽性强、攻击路径复杂多步等特点,即一次完整的攻击需要通过执行多个不同的攻击步骤来实现最终目的。而现有的入侵检测系统往往不具有必要的关联能力,仅能检测单步攻击或攻击片段,难以发现和识别多步攻击模式,无法还原攻击者完整的攻击渗透过程。针对这一问题,提出了基于因果知识和时空关联的攻击场景重构技术。首先,利用贝叶斯网络对因果知识进行建模,从具有IP地址相关性的告警序列中发掘出具有因果关系的攻击模式,为后续关联分析提供模板依据。然后,借助因果知识网络,从因果、时间和空间多维度上对告警进行关联分析,以发现潜在的隐藏关系,重构出高层次的攻击场景,为构建可监管、可追责的云环境提供依据和参考。
中图分类号:
[1] PETER M M,TIMOTHY G.The NIST Definition of Cloud Computing[M].National Institute of Standard & Technology,2011. [2] The Notorious Nine:Cloud Computing Top Threats in 2013[EB/OL].http://www.cloudsecurityalliance.org/group/top-threats. [3] CHEN X J,FANG B X,TAN Q F.Inferring attack intent ofmalicious insider based on probabilistic attack graph model[J].Chinese Journal of Computer,2014,34(1):62-72. [4] WANG L.Study on Method of network multi-stage attack plan recognition[D].Wuhan:Huazhong University of Science and Technology,2007. [5] PENG N,YUN C,DOUGLAS S.R Constructing attack scena-rios through correlation of intrusion alerts[C]//ACM Symposium on Computer and Communications Security.Washington,DC,United States,2002:245-254. [6] WANG L,GHORBANI A A,LI Y.Automatic multi-step attack pattern discovering[J].International Journal of Network Security,2010,10(2):142-152. [7] MEI H B,GONG J,ZHANG M H.Research on discoveringmulti-step attack patterns based on clustering IDS alert sequences[J].Journal on Communications,2011,32(5):63-69. [8] GE L,JI X S,JIANG T.Association rules and its implementation in Map-Reduce[J].Journal of Electronics & Information Technology,2014,36(08):1831-1837. [9] LU X G,DU X H,WANG W J.Alert correlation algorithmbased on improved FP growth[J].Computer Science,2019,46(8):64-70. [10] STEVEN J T,KARL L.A requires/provides model for compu-ter attacks[C]//Proc.of the 2000 Workshop on New Security Paradigms.New York:ACM,2000:256-263. [11] NING P.TIAA:A visual toolkit for intrusion alert analysis[M].North Carolina State University at Raleigh,2003. [12] ZHANG J,LI X P,WANG H J.Real-time alert correlation approach based on attack planning graph[J].Journal of Computer Applications,2016(6):1538-1543. [13] WANG S,TANG G,KOU G.An attack graph generation me-thod based on heuristic searching strategy[C]//IEEE International Conference on Computer & Communications.IEEE,2017. [14] KAYNAR K,SIVRIKAYA F.Distributed attack graph generation[J].IEEE Transactions on Dependable and Secure Computing,2016,13(5):519-532. [15] FENG X W,WANG D X,HUANG M H.A Mining Approach for Causal Knowledge in Alert Correlating Based on the Markov Property[J].Journal of Computer Research and Development,2014,51(11):2493-2504. [16] LIU W X,ZENG K F,WU B.Alert processing based on attack graph and multi-source analyzing[J].Journal on Communications,2015,36(9):135-144. [17] LYU H Y,PENG W,WANG R M.A Real-time NetworkThreat Recognition and Assessment Method based on Association Analysis of Time and Space[J].Journal of Computer Research and Development,2014,51(5):1039-1049. [18] XIE P,LI J H,OU X,et al.Using bayesian networks for cyber security analysis[C]//Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks.Chicago,IL,USA,IEEE,2010. [19] CUI J S,GUO C,CHEN L.Establishing process-level defense-in-depth framework for software defined networks[J].Journal of Software,2014,25(10):2251-2265. |
[1] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[2] | 王政, 姜春茂. 一种基于三支决策的云任务调度优化算法 Cloud Task Scheduling Algorithm Based on Three-way Decisions 计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023 |
[3] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[4] | 陈玉平, 刘波, 林伟伟, 程慧雯. 云边协同综述 Survey of Cloud-edge Collaboration 计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109 |
[5] | 蒋慧敏, 蒋哲远. 企业云服务体系结构的参考模型与开发方法 Reference Model and Development Methodology for Enterprise Cloud Service Architecture 计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044 |
[6] | 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇. 区块链即服务平台关键技术及发展综述 Survey on Key Techniques and Development of Blockchain as a Service Platform 计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159 |
[7] | 王勤, 魏立斐, 刘纪海, 张蕾. 基于云服务器辅助的多方隐私交集计算协议 Private Set Intersection Protocols Among Multi-party with Cloud Server Aided 计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308 |
[8] | 张恺琪, 涂志莹, 初佃辉, 李春山. 基于排队论的服务资源可用性相关研究综述 Survey on Service Resource Availability Forecast Based on Queuing Theory 计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211 |
[9] | 雷阳, 姜瑛. 云计算环境下关联节点的异常判断 Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment 计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186 |
[10] | 徐蕴琪, 黄荷, 金钟. 容器技术在科学计算中的应用研究 Application Research on Container Technology in Scientific Computing 计算机科学, 2021, 48(1): 319-325. https://doi.org/10.11896/jsjkx.191100111 |
[11] | 李彦, 申德荣, 聂铁铮, 寇月. 面向加密云数据的多关键字语义搜索方法 Multi-keyword Semantic Search Scheme for Encrypted Cloud Data 计算机科学, 2020, 47(9): 318-323. https://doi.org/10.11896/jsjkx.190800139 |
[12] | 马潇潇, 黄艳. 大属性可公开追踪的密文策略属性基加密方案 Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe 计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131 |
[13] | 梁俊斌, 张敏, 蒋婵. 社交传感云安全研究进展 Research Progress of Social Sensor Cloud Security 计算机科学, 2020, 47(6): 276-283. https://doi.org/10.11896/jsjkx.190400116 |
[14] | 金小敏, 滑文强. 移动云计算中面向能耗优化的资源管理 Energy Optimization Oriented Resource Management in Mobile Cloud Computing 计算机科学, 2020, 47(6): 247-251. https://doi.org/10.11896/jsjkx.190400020 |
[15] | 孙敏, 陈中雄, 叶侨楠. 云环境下基于HEDSM的工作流调度策略 Workflow Scheduling Strategy Based on HEDSM Under Cloud Environment 计算机科学, 2020, 47(6): 252-259. https://doi.org/10.11896/jsjkx.190400047 |
|