基于因果知识网络的攻击场景构建方法

王硕; 汤光明; 王建华; 孙怡峰; 寇广

doi:10.7544/issn1000-1239.2018.20160940

基于因果知识网络的攻击场景构建方法

(解放军信息工程大学郑州 450001) (WaltShuo@163.com)

基金项目: 国家自然科学基金项目(61303074)

详细信息

中图分类号: TP393.8
计量
- 文章访问数: 1381
- HTML全文浏览量: 4
- PDF下载量: 588
出版历程
- 发布日期: 2018-11-30

Attack Scenario Construction Method Based on Causal Knowledge Net

(PLA Information Engineering University, Zhengzhou 450001)

摘要

摘要: 针对现有因告警缺失及冗余造成的攻击场景构建不准确的问题，提出了基于因果知识网络的攻击场景构建方法.首先依据专家知识定义因果关系，利用真实告警数据挖掘出能够定量刻画因果关系的因果知识，并对其进行显著性检验，以保证因果关系与因果知识的一致性和准确度，进而构成因果知识网络；然后借助因果知识网络，将攻击场景的构建分为初建与重构2步：1)通过告警映射与聚类定性得到初步的攻击场景；2)利用最大后验估计原理对其进行定量推理重构，得到完整的攻击场景.实验结果表明：该方法能利用专家知识和数据挖掘相结合的优势能够提高攻击场景构建的准确度.
- 攻击场景构建 /
- 因果知识网络 /
- 数据挖掘 /
- 告警 /
- 最大后验估计
Abstract: In view of the problem that the existing attack scenario construction methods are not accurate due to the lack of consideration of alarm missing and alarm redundancy, a new attack scenario construction method based on causal knowledge net is put forward. The causal knowledge net is composed of causal relationship and causal knowledge. Firstly, the causal relationship of single-step attacks is defined according to the expert knowledge, and then the real alarms are utilized to mine the causal knowledge, which can be used to quantitatively describe the causal relationship. In particular, the significance testing mean is designed to guarantee the consistency and accuracy of the causal relationship as well as causal knowledge among the mining causal knowledge. Additionally, the attack scenario construction method can be divided into two different steps with the help of causal knowledge net: the initiatory attack scenario can be obtained by means of alarm mapping and clustering in the first step, and in the second step, the initiatory attack scenario is reconstructed and the intact attack scenario is achieved by taking advantage of the theory named maximum a posteriori estimation. Experimental results show that the proposed method can improve the accuracy of attack scenario construction by combining the advantages of expert knowledge and data mining.
- attack scenario construction /
- causal knowledge network /
- data mining /
- alarm /
- maximum a posteriori estimation

HTML全文

参考文献(0)

施引文献(22)

期刊类型引用(10)

1.	杨秀璋，彭国军，刘思德，田杨，李晨光，傅建明. 面向APT攻击的溯源和推理研究综述. 软件学报. 2025(01): 203-252 . 百度学术
2.	申国霞，常鑫. 基于可信密码模块的网络信道潜在攻击挖掘. 信息技术. 2023(10): 152-156+162 . 百度学术
3.	谢峥，路广平，付安民. 一种可扩展的实时多步攻击场景重构方法. 信息安全研究. 2023(12): 1173-1179 . 百度学术
4.	黄维贵，孙怡峰，欧旺，王玉宾. 基于不确定攻击图的违规外联风险分析. 信息工程大学学报. 2022(05): 570-577 . 百度学术
5.	王文娟，杜学绘，单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法. 通信学报. 2021(01): 1-17 . 百度学术
6.	潘亚峰，朱俊虎，周天阳. APT攻击场景重构方法综述. 信息工程大学学报. 2021(01): 55-60+80 . 百度学术
7.	罗智勇，杨旭，刘嘉辉，许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型. 通信学报. 2020(09): 160-169 . 百度学术
8.	王硕，王建华，汤光明，裴庆祺，张玉臣，刘小虎. 一种智能高效的最优渗透路径生成方法. 计算机研究与发展. 2019(05): 929-941 . 本站查看
9.	吴东，郭春，申国伟. 一种基于多因素的告警关联方法. 计算机与现代化. 2019(06): 30-37 . 百度学术
10.	韩宜轩，秦元庆. 基于因果关联的电力工控系统攻击场景还原. 信息技术. 2019(08): 41-44+48 . 百度学术