摘要
为了评价系统的安全状况,对可能发生的攻击行为进行预警,提出了一种基于系统状态集合的攻击模型,使用系统状态的集合对系统的安全威胁进行抽象,并将攻击过程描述为系统状态集合的改变。同时还描述了一种利用此攻击模型进行攻击检测和预警的方法。基于该模型,实现了一个安全预警的原型系统。实验结果表明该系统能够有效检测攻击过程,并预测出系统可能达到的危险等级。
In order to evaluate a system's security and predict the attack actions, an attack model based on system states' aggregation was presented. In the model, the threat was Abstracted as the aggregation of the system's states, and the attack process was depicted as the change of the system states' aggregation. A method of detecting network attacks and early warning using the model was also described. Based on the model, an early warning prototype was implemented. Our experiment shows that the prototype is able to detect attack processes effectively and predict the possible risk level the system will reach.
出处
《计算机应用》
CSCD
北大核心
2005年第7期1535-1539,共5页
journal of Computer Applications
基金
国家863计划项目(2003AA142010)
关键词
攻击模型
攻击行为
攻击过程
攻击过程检测
安全预警
attack model
attack action
attack process
attack process detection
early warning
