高级检索

    基于时间自动机的入侵意图动态识别方法

    A Dynamic Intrusive Intention Recognition Method Based on Timed Automata

    • 摘要: 入侵意图识别是在具体的网络环境下,根据攻击者的攻击行为和系统防护措施来推理和判断攻击者想要达到的最终目标.针对网络安全领域中的攻防对抗和动态特性,提出一种入侵意图的动态识别方法.该方法利用DS证据理论融合入侵检测系统的报警信息来提炼攻击者的行为及其可信度,并结合系统响应信息应用时间自动机来实时描述脆弱性的状态变迁过程.然后在层次化的攻击路径图中,根据节点的状态和节点间的依赖关系计算攻击者真实入侵意图的概率.实验结果验证了此方法的有效性.

       

      Abstract: Intrusive intention recognition is to reason and determine the ultimate purpose which an attacker wants to achieve according to his attack actions and protection measures in a specific network. In order to deal with the dynamical character of offensedefense confrontation in the network security field, an intrusive intention recognition method based on timed automata is proposed in this paper. At first a hierarchical attack path graph generation method is presented to recognize intrusive intention in order to reduce complexity of understanding and analysis. Then DS evidence theory is applied to fuse alerts of intrusion detection system to abstract the attacker’s actions and compute their confidence. How to describe state transition process of vulnerability under attack actions and system responses is presented with time automata carefully. Next in the hierarchical attack path graph, the algorithm to infer intrusive intention based on the state and dependency relationship of nodes is given. Probabilities of attack intentions are fluctuated with the ongoing intrusive actions and responses using our algorithms. According to these consequences, some recommendations can be proposed to improve the network security situation. Finally several experiments are done in a local network, and the results of the experiments prove the feasibility and validity of this method.

       

    /

    返回文章
    返回