基于WOWA-FCM的复合攻击检测模型

A Detection Model for Multi-stage Attacks Based on WOWA-FCM

下载PDF

导出

摘要为有效处理复合攻击检测中的诸多不确定性及复杂性因素,提出了基于WOWA-FCM的复合攻击检测模型。WOWA-FCM检测模型从攻击意图分析的角度,利用模糊认知图(Fuzzy Cognitive Maps,FCM)对初级入侵警报进行因果关联;并结合脆弱性知识与系统配置信息,利用WOWA(Weighted Ordered Weighted Averaging)算子融合关联数据。WOWA-FCM检测模型不仅能识别复合攻击各个阶段、构建完整的攻击视图,并且能动态地评判攻击进度和目标系统的安全状态。WOWA-FCM模型简化了传统的复合攻击检测过程,并具有较强的适应性。MstreamDDoS攻击检测实验证明了方法的有效性。 In order to handle the uncertainties and complexities of multi-stage attack detection effectively, a novel detection model for multi-stage attacks based on Weighted Ordered Weighted Averaging （WOWA） and Fuzzy Cognitive Maps （FCM） was proposed. Based on Attack Intention Analysis, the WOWA-FCM detection model implemented the Cause-Effect correlation of the primary intrusion alerts along with the vulnerability and configuration information of the target system utilizing Fuzzy Cognitive Maps, and implemented the effects fusion via WOWA aggregation operators. The WOWA-FCM approach was not only able to recognize the individual stages of a multi-stage attack, construct the whole attack scenario, but also able to evaluate the global attack process and the security states of the target system dynamically. The WOWA-FCM model simplified the conventional multi-stage attack detection process, and provided with a better adaptability. The effectiveness of this approach was verified by the Mstream DDoS detection experimental results.

作者吕镇邦周利华

机构地区西安电子科技大学计算机网络与信息安全教育部重点实验室

出处《四川大学学报（工程科学版）》 EI CAS CSCD 北大核心 2008年第1期122-126,共5页 Journal of Sichuan University (Engineering Science Edition)

基金国家自然科学基金资助项目(60573036) 航空基础科学基金资助项目(03F31007)

关键词复合攻击模糊认知图入侵检测 WOWA算子警报关联 multi-stage attack Fuzzy Cognitive Maps（FCM） intrusion detection Weighted Ordered Weighted Averaging operator（WOWA） alert correlation

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献10

1Huang M Y,Wicks T M.A large-scale distributed intrusion detection framework based on attack strategy analysis[J].Computer Networks,1999,31(23-24):2465-2475.
2Cuppens F,Miege A.Alert correlation in a cooperative intrusion detection framework[C]//IEEE Symposium on Research in Security and Privacy.Oakland,USA:IEEE Computer Society,2002:187-200.
3Ning P,Cui Y,Reeves D S.Constructing attack scenarios through correlation of intrusion alerts[C]//Proceedings of the 9th ACM Conference on Computer & Communications Security.Washington,USA:ACM Press,2002:245-254.
4Kosko B.Fuzzy engineering[M].New Jersey,USA:Prentice-Hall,1997.
5Aguilar J.A survey about fuzzy cognitive maps papers[J].International Journal of Computational Cognition,2005,3(2):27-33.
6Carver C A,Hill J M D,Pooch U W.Limiting uncertainty in intrusion response[C]//Proceedings of the 2nd IEEE Workshop on Information Assurance and Security.New York,USA:IEEE Computer Society,2001:142-147.
7Kruegel C,Valeur F,Vigna G.Intrusion detection and correlation:challenges and solutions[M].New York,USA:Springer-Verlag,2005.
8Torra V.The weighted OWA operator[J].International Journal of Intelligent Systems,1997,2(12):153-166.
9Calvo T,Mesiar R,Yager R R.Quantitative weights and aggregation[J].IEEE Transactions on Fuzzy Systems,2004,12(1):62-69.
10MIT Lincoln Laboratory.2000 DARPA intrusion detection scenario specific data sets[EB/OL].http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html.

1吕镇邦.模糊数学：基于WOWA集结的模糊认知图[J].中国学术期刊文摘,2008,14(13):22-22.
2吕镇邦,周利华.基于WOWA集结的模糊认知图(英文)[J].四川大学学报（自然科学版）,2008,45(1):43-47. 被引量：1
3蔡丽娜,陈树伟,周威,黄海滨,梁玉.区间值犹豫模糊WOWA算子及其在决策中的应用[J].郑州大学学报（工学版）,2014,35(5):49-53. 被引量：4
4吕镇邦,周利华.混合模糊认知图[J].西安电子科技大学学报,2007,34(5):779-783.
5吕镇邦,周波.基于WOWA-FAHP的网络安全态势评估[J].计算机科学,2009,36(7):63-67. 被引量：14
6李飞,高济,刘柏嵩,周明健.知识管理中语义与关键字相结合的检索方法[J].计算机辅助设计与图形学学报,2004,16(12):1696-1702. 被引量：5
7吕镇邦,周利华.基于攻击意图分析的模糊入侵关联方法[J].网络安全技术与应用,2007(10):26-28.
8杨兴春,王刚,张安妮.改进的GA-FCM算法及其在交通事故挖掘中的应用[J].计算机系统应用,2010,19(9):159-162. 被引量：1
9SG Systems公司发布最新入侵报警无线可视验证系统[J].中国安防,2012(4):106-106.
10夏靖波,罗赟骞.IP网络运行质量模糊综合评估方法研究[J].电子科技大学学报,2011,40(2):267-272. 被引量：10

四川大学学报（工程科学版）

2008年第1期

浏览历史

内容加载中请稍等...

基于WOWA-FCM的复合攻击检测模型

参考文献10

相关作者

相关机构

相关主题

浏览历史