基于多步攻击场景的攻击预测方法
|
摘要
多步攻击预测是入侵检测的补充,能在一定程度上预防、减少或阻断安全威胁。文中提出了一种基于多步攻击场景的攻击预测方法。该方法采用贝叶斯网络模型来描述攻击场景图,通过挖掘多步攻击间存在的因果关联规则构建因果贝叶斯攻击场景图,在此网络结构的基础上通过攻击证据来推理计算未知攻击发生的概率,对下一步的攻击行为以及攻击者的攻击意图进行预测。最后,通过实验验证了所提方法能够准确地预测下一步的攻击以及攻击者的攻击意图。
Multi-step attack is a complement to intrusion detection,which can prevent,reduce or interrupt security threats to a certain extent.In order to prevent,reduce or interrupt security threats,this paper proposed an attack prediction method based on multi-step attack scenario.This method uses the bayesian network model to describe attack scene graph,builds the causal bayesian attack scene graph by data-mining the multi-step attack between the causal association rule.Based on the network structure,through attacking evidence,it calculates the probability of unknown attack,and predicts the next attack and attacker's next attack intention.Finally,the experiment verifies that the proposed method can accurately predict the next attack and attacker's attack intention.
Multi-step attack is a complement to intrusion detection,which can prevent,reduce or interrupt security threats to a certain extent.In order to prevent,reduce or interrupt security threats,this paper proposed an attack prediction method based on multi-step attack scenario.This method uses the bayesian network model to describe attack scene graph,builds the causal bayesian attack scene graph by data-mining the multi-step attack between the causal association rule.Based on the network structure,through attacking evidence,it calculates the probability of unknown attack,and predicts the next attack and attacker's next attack intention.Finally,the experiment verifies that the proposed method can accurately predict the next attack and attacker's attack intention.
引文
[1] 吴琨,白中英.集对分析的可信网络安全态势评估与预测[J].哈尔滨工业大学学报,2012,44(3):113-118.
[2] 杨程.基于贝叶斯网络的过程报警事件预测方法[D].北京:北京化工大学,2014.
[3] HENDRY G R,YANG S J.Intrusion signature creation via clustering anomalies[C]//Proceedings of SPIE-The International Society for Optical Engineering.2008:69-730.
[4] HOLSOPPLE J,YANG S J.FuSIA:Future Situation and Im- pact Awareness[C]//2008 11th International Conference on Information Fusion.2008:1-8.
[5] 张松红,王亚弟,韩继红.基于隐马尔可夫模型的复合攻击预测方法[J].计算机工程,2008,34(6):131-133.
[6] FAOUR A,LERAY P,ETER B.A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems[C]//Information and Communication Technologies,2006(ICTTA ’06).2006:3175-3180.
[7] 高倩.基于贝叶斯网络预测的故障诊断的应用与研究[D].北京:华北电力大学,2011.
[8] 陈固胜.基于动态贝叶斯网络的战场信息预测与评估[D].南京:南京理工大学,2013.
[9] 王辉,王云峰,王坤福.基于贝叶斯推理的攻击路径预测研究[J].计算机应用研究,2015,32(1):226-231.
[10] 张少俊,李建华,宋珊珊,等.贝叶斯推理在攻击图节点置信度计算中的应用[J].软件学报,2010,21(9):2376-2386.
[11] 贾卓然,李波,张明.基于 MapReduce 的贝叶斯网络参数学习方法[J].计算机测量与控制,2015,23(9):3207-3208.
[12] PEI J,HAN J,MORTAZAVI-ASL B,et al.Prefixspan:Mining sequential patterns efficiently by prefix-projected pattern growth[C]//icccn.IEEE,2001:0215.
[13] GUO H,HSU W.A survey of algorithms for real-time Bayesian network inference[C]//AAAI/KDD/UAI02 Joint Workshop on Real-Time Decision Support and Diagnosis Systems.Edmonton,Canada,2002.
[2] 杨程.基于贝叶斯网络的过程报警事件预测方法[D].北京:北京化工大学,2014.
[3] HENDRY G R,YANG S J.Intrusion signature creation via clustering anomalies[C]//Proceedings of SPIE-The International Society for Optical Engineering.2008:69-730.
[4] HOLSOPPLE J,YANG S J.FuSIA:Future Situation and Im- pact Awareness[C]//2008 11th International Conference on Information Fusion.2008:1-8.
[5] 张松红,王亚弟,韩继红.基于隐马尔可夫模型的复合攻击预测方法[J].计算机工程,2008,34(6):131-133.
[6] FAOUR A,LERAY P,ETER B.A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems[C]//Information and Communication Technologies,2006(ICTTA ’06).2006:3175-3180.
[7] 高倩.基于贝叶斯网络预测的故障诊断的应用与研究[D].北京:华北电力大学,2011.
[8] 陈固胜.基于动态贝叶斯网络的战场信息预测与评估[D].南京:南京理工大学,2013.
[9] 王辉,王云峰,王坤福.基于贝叶斯推理的攻击路径预测研究[J].计算机应用研究,2015,32(1):226-231.
[10] 张少俊,李建华,宋珊珊,等.贝叶斯推理在攻击图节点置信度计算中的应用[J].软件学报,2010,21(9):2376-2386.
[11] 贾卓然,李波,张明.基于 MapReduce 的贝叶斯网络参数学习方法[J].计算机测量与控制,2015,23(9):3207-3208.
[12] PEI J,HAN J,MORTAZAVI-ASL B,et al.Prefixspan:Mining sequential patterns efficiently by prefix-projected pattern growth[C]//icccn.IEEE,2001:0215.
[13] GUO H,HSU W.A survey of algorithms for real-time Bayesian network inference[C]//AAAI/KDD/UAI02 Joint Workshop on Real-Time Decision Support and Diagnosis Systems.Edmonton,Canada,2002.