计算机科学 ›› 2015, Vol. 42 ›› Issue (5): 188-193.doi: 10.11896/j.issn.1002-137X.2015.05.038
张 巍,罗辉云,滕少华,刘冬宁,梁 路
ZHANG Wei, LUO Hui-yun, TENG Shao-hua, LIU Dong-ning and LIANG Lu
摘要: 攻击者通过从一个攻击序列衍生出大量变种攻击序列来逃避基于规则及其它误用检测技术的检测。基于此,针对可序列化的入侵,从攻击机理入手,提取攻击的关键操作序列,构造入侵行为表达式,再对攻击序列进行拓扑排序和同构变换,以扩展形成一个入侵场景或一类入侵。进而提出了面向场景和检测一类入侵行为的方法,通过构建基于场景和检测一类入侵行为的PN(Petri Net)机来实现检测已知攻击及其未知变种攻击的目标。未知变种攻击也是一些新的攻击形态,因而从这种意义上说,该方法能检测到新的攻击行为。
[1] Modi C,Patel D,Borisaniya B,et al.A survey of intrusion detection techniques in cloud [J].Journal of Network and Computer Applications,2013,36(1):42-57 [2] Pradhan M,Pradhan S K,Sahu S K.A Survey on Detection Methods in Intrusion Detection System [J].International Journal of Computer Application,2012,3(2):81-90 [3] Teng Shao-hua,Du Hong-le,Wu Nai-qi,et al.A cooperative network intrusion detection based on fuzzy SVMs [J].Journal of Networks,2010,5(4):475-483 [4] Teng Shao-hua,Zhang Wei,Fu Xiu-fen,et al.Cooperative intrusion detection model based on state transition analysis[J].Lecture Notes in Computer Science,2008,5236:419-431 [5] Dolgikh A,Nykodym T,Skormin V,et al.Colored Petri nets as the enabling technology in intrusion detection systems [C]∥Proc.of the 2011 Military Communications Conference.IEEE,2011:1297-1301 [6] Kumar S.Classification and detection of computer intrusions[D].The degree of Doctor of Philosophy,Purdue University,1995 [7] Slagell M.The Design and Implementation of MAIDS (Mobile Agents for Intrusion Detection System) [D].The degree of Doctor of Philosophy,Iowa State University,2001 [8] Helmer G,Wong J,Slagell M,et al.Software fault tree and coloured petri net-based specification,design and implementation of agent-based intrusion detection systems [J].International Journal of Information and Computer Security,2007,1(1):109-142 [9] El Bouchti A,Haqiq A.Malicious Insider Attacks Based Colored Petri Nets Approach [J].International Journal of Engineering & Technology,2013,1(4):177-191 [10] Zhao W,Wang P,Zhang F.Extended Petri Net-Based Advanced Persistent Threat Analysis Model [C]∥Proc.of the 2013 3rd International Conference on Computer Engineering and Network.2013:429-434 [11] Saad S,Traore I.Extracting attack scenarios using intrusion semantics [C]∥Proc.of the 5th International Conference on Foundations and Practice of Security.2013:278-292 [12] Bishop M,Peisert S.Your security Policy is what? [R].The University of California,Davis,2006 [13] 庄克深,张宏,张棍,等.无线传感器网络中的病毒传播动力学研究 [J].计算机科学,2013,0(3):187-191 [14] Ilgun K.USTAT:A Real-time Intrusion Detection System for UNIX [C]∥Proc.of the IEEE Symposium on Research in Security and Privacy.1993:16-28 [15] 蒋昌俊.离散事件动态系统的 PN 机理论 [M].北京:科学出版社,2000 [16] 刘培顺.判决PN机理论及其在入侵检测中的应用 [D].成都:西南交通大学,2005 [17] 袁崇义.Petri网的应用[M].北京:科学出版社,2011 [18] Ben-Porat U,Bremler-Barr A,Levy H.Vulnerability of network mechanisms to sophisticated DDoS attacks [J].IEEE Transactions on Computers,2013,62(5):1031-1043 [19] Guitton C,Korzak E.The Sophistication Criterion for Attribution:Identifying the Perpetrators of Cyber-Attacks [J].Journal of Royal United Services Institute,2013,158(4):62-68 [20] 沙静,杜玉越.基于标号随机Petri网的GSM性能分析[J].计算机科学,2012,39(7):29-31 [21] 李凤英,古天龙,常亮,等.一种基于赋时Petri网和ZBDD的装配序列规划方法[J].计算机科学,2012,39(2):175-178 [22] 吴希.基于Petri网的层次型入侵检测系统[D].南京:东南大学,2005 |
No related articles found! |
|