计算机科学 ›› 2018, Vol. 45 ›› Issue (2): 209-214.doi: 10.11896/j.issn.1002-137X.2018.02.036
聂凯,周清雷,朱维军,张朝阳
NIE Kai, ZHOU Qing-lei, ZHU Wei-jun and ZHANG Chao-yang
摘要: 与其他检测方法相比,基于时序逻辑的入侵检测方法可以有效地检测许多复杂的网络攻击。然而,由于缺少网络攻击的时序逻辑公式, 该方法不能检测 出常见的back,ProcessTable以及Saint 3种攻击。因此,使用命题区间时序逻辑(ITL)和实时攻击签名逻辑(RASL)分别对这3种攻击建立时序逻辑公式。首先,分析这3种攻击的攻击原理;然后,将攻击的关键步骤分解为原子动作,并定义了原子命题;最后,根据原子命题之间的逻辑关系分别建立针对这3种攻击的时序逻辑公式。根据模型检测原理,所建立的时序逻辑公式可以作为模型检测器(即入侵检测器)的一个输入,用自动机为日志库建模,并将其作为模型检测器的另一个输入,模型检测的结果即为入侵检测的结果,从而给出了针对这3种攻击的入侵检测方法。
[1] RPGER M,GOUBAULT-LARRECQ J.Log Auditing through Model-Checking [C]∥IEEE Workshop on Computer Security Foundations.2001:220-234. [2] SUN Y,WU T Y,MA X Q,et al.Modeling and verifying EPC network intrusion system based on timed automata[J].Pervasive and Mobile Computing,2016,24(C):61-67. [3] CHAKIR E M,KHAMLICHI Y I, MOUGHIT M.Handling alerts for intrusion detection system using stateful pattern matching[C]∥IEEE 4th International Colloquium on Information Science and Technology.2017:139-144. [4] CLARKE E M,GRUNBERG O,PELED D A.Model Checking [M].MIT Press Cambridge,MA,USA,1997:54-56. [5] RAMPURE V,TIWARI A.A rough set based feature selection on KDD CUP 99 data set[J].International Journal of Database Theory and Application,2015,8(1):149-156. [6] CHEN X Y.Research on Network Attack Model Based onTemporal Logic [D].Zhengzhou:Zhengzhou University,2014.(in Chinese) 陈茜月.基于时序逻辑的网络攻击建模研究[D].郑州:郑州大学,2014. [7] HU W.Modeling and Detection of Network Attack Based onTemporal Logic [D].Zhengzhou:Zhengzhou University,2015.(in Chinese) 胡伟.基于时序逻辑的网络攻击建模与检测[D].郑州:郑州大学,2015. [8] XU P T.Intrusion Detection Based On Model Checking Benchmark Test Platform For Research [D].Zhengzhou:Zhengzhou University,2016.(in Chinese) 许鹏涛.基于模型检测的入侵检测基准测试平台研究[D].郑州:郑州大学,2016. [9] ZHU W J,WANG Z Y,ZHANG H B.A novel algorithm for Intrusion Detection based on Model Checking Interval Temporal Logic [J].China Communications,2011,8(3):66-72.(in Chinese) 朱维军,王忠勇,张海滨.一种基于区间时序逻辑模型检测的入侵检测算法[J].中国通信,2011,8(3):66-72. [10] DUAN Z H,TIAN C,ZHANG L.A decision procedure forpropositional projection temporal logic with infinite models [J].Acta Informatica,2008,45(1):43-78. [11] TIAN C,DUAN Z H.Complexity of propositional projectiontemporal logic with star [J].Mathematical Structures in Computer Science,2009,9(1):73-100. [12] ZHU W J.Model Checking Timed Interval Temporal Logic:Theory,Algorithms and Application[D].Xi’an:Xidian University,2011.(in Chinese) 朱维军.时间区间时序逻辑模型检测:理论、算法及应用[D].西安:西安电子科技大学,2011. [13] ZHU W J,ZHOU Q L,YANG W D,et al.A Novel Algorithm for Intrusion Detection Based on RASL Model Checking [J].Mathematical Problems in Engineering,2013,2013(3):1-10.(in Chinese) 朱维军,周清雷,杨卫东,等.一种基于实时攻击签名逻辑模型检测的入侵检测算法[J].工程中的数学问题,2013,2013(3):1-10. [14] ZHU W J,ZHANG H B,ZHOU Q L.On the Decidability of Satisfiability of Discrete TITL formulae[J].Acta Electronica Sinica,2010,38(5):1039-1045.(in Chinese) 朱维军,张海滨,周清雷.离散时间区间时序逻辑可满足性的判定[J].电子学报,2010,38(5):1039-1045. [15] SOLANKAR P,PINGALE S.International Journal of Computer Science and Information Technologies[J].International Journal of Computer Science and Information Technologies(IJCSIT),2015,6(2):1096-1099. |
No related articles found! |
|