计算机科学 ›› 2016, Vol. 43 ›› Issue (10): 19-26.doi: 10.11896/j.issn.1002-137X.2016.10.003
张俭鸽,郭渊博,马骏,陈越
ZHANG Jian-ge, GUO Yuan-bo, MA Jun and CHEN Yue
摘要: 恶意的不法分子采用直接或间接的方法攻击个人、机构、国家,从而使其遭受不同程度的威胁。此类信息的形式多种多样,数据量巨大,而且需要被高速地处理。因此,首先对5种典型的协作式检测模型Esper,Hadoop,Agilis,Storm和Spark进行分析、比较,阐述不同模型所适用的网络环境;然后对网络环境中常用的攻击手段DDoS,MITM,APT进行分析,说明检测这些攻击适合采用的模型;最后给出威胁的协作式检测架构模型部署方案,该方案包括发送和接收处理两个组件,并指出可根据实际需要进行不同模型的架构部署;特别地,给出了对等 网络、分等级的安全域网络、分层结构网络中架构模型的部署方案。
| [1] Global Fraud Report-Annual Edition 2011-2012,Kroll [EB/OL].http://www.krollconsulting.com/fraud-report/2011-12/press-only [2] In the Crossfire:Critical Infrastructure in the Age of Cyber War [J/OL].http://www.mcafee.com/us/resources/reports/rp-in-crossfire-critical-infrastructure-cyber-war.pdf [3] Giuseppe Antonio Di Luna.A Collaborative Processing System for Cyber Attacks Detection and Crime Monitoring [D].Rome:Sapienza University,2010 [4] EsperTech:Event Series Intelligence [EB/OL].http://www.espertech.com [5] Apache Software Foundation.Welcome to ApacheTM Hadoop? [EB/OL].http://hadoop.apache.org [6] Aniello L,Baldoni R,Chockler G,et al.Agilis:An Internet-Scale Distributed Event Processing System for Collaborative Detection of Cyber Attacks [R].MIDLAB Technical Report,2011 [7] Storm.Distributed and fault-tolerant realtime computation [EB/OL].http://storm-project.net [8] Spark.Lightning-fast cluster computing [EB/OL].http://spark.apache.org [9] Beyer K,Ercegovac V,Gemulla R,et al.JAQL:A scripting language for large scale semistructured data analysis [J].Procee-dings of the VLDB Endowment,2011,4(12):1272-1283 [10] Hunt P,Konar M,Junqueira F P,et al.Zookeeper:Wait-free co-ordination for internet-scale systems [C]∥Usenix Annual Technical Conference.Berkeley,CA:Usenix,2010 [11] Dittrich D.The DoS Project’s “trinoo” distributed denial ofservice attack tool [EB/OL].https://staff.washington.edu/dittrich/misc/trinoo.analysis [12] Dietrich S,Long N,Dittrich D.Analyzing Distributed Denial of Service tools:the Shaft Case [C]∥Proceedings of the 14th Systems Administration Conference(LISA 2000).New Orleans,LA,USA,2000:329-339 [13] Dittrich D.The Tribe Flood Network Distributed Denial ofService attack tool [EB/OL].https://staff.washington.edu/dittrich/misc/tfn.analysis [14] Barlow J.TFN2K-an analysis [EB/OL].http://packetstormsecurity.com/distributed/TFN2k_Analysis-1.3.txt [15] Dittrich D,Weaver G,Dietrich S,et al.The _mstream_ Distributed Denial of Service attack tool [EB/OL].ttps://staff.washington.edu/dittrich/misc/mstream.analysis.txt [16] WANem-Wide Area Network Emulator [EB/OL].http://sou-rceforge.net/projects/wanem/files/WANem/ [17] ITOC research:CDX datasets.http://www.itoc.usma.edu/research/dataset/index.html [18] LBNL/ICSI enterprise tracing project.http://www.icir.org/enterprise-tracing/download.html [19] 2000 DARPA intrusion detection scenario specific data sets.http://www.ll.mit.edu/ideval/data/2000data.html [20] Aniello L,Luna G A D,Lodi G,et al.Collaborative Inter-domain Stealthy Port Scan Detection Using Esper Complex Event Processing [C]∥Roberto Baldoni,Gregory Chockler.Collaborative Financial Infrastructure Protection.Springer,2012:139-156 [21] Aniello L,Baldoni R,Chockler G,et al.Distributed Attack Detection Using Agilis [C]∥Roberto Baldoni,Gregory Chockler.Collaborative Financial Infrastructure Protection.Springer,2012:157-174 [22] Lodi G,Aniello L,Luna G A D,et al.An event-based platform for collaborative threats detection and monitoring [J].Information Systems,2014,39:175-195 |
| No related articles found! |
|
||
首页