期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于有色Petri网的攻击场景构造 被引量:1

Constructing Attack Scenarios Based on Coloured Petri Nets
下载PDF
导出
摘要 传统的入侵检测系统只提供大量独立的、原始的攻击报警信息,不利于用户和入侵响应系统对攻击及时作出响应,迫切需要根据低层的报警信息,建立高层的攻击场景。本文提出一种利用有色Petri网理论实时、动态构造攻击场景的方法。该方法首先用有色Petri网描述攻击场景,然后用扩展关联矩阵的比值快速匹配、构造攻击对应的攻击场景;并根据已构造的子攻击场景网,验证和检查漏报的攻击,预测下一步可能的攻击;同时,利用子攻击场景合并的方法构造新的攻击场景模式。 Traditional intrusion detection systems only provide a great amount of indefendent and original attack alarming information,which does not help the users and IDSs to respond to the attacks in time. So the lower level alarming information is needed to build a higher level attack scenario. The paper proposes a method of dinamically buiding a real-time attack scenario using the colored Petri nets principle. The method firstly uses the colored Petri nets to describe the attack scenario, matches and builds the corresponding attack scenario with the ratio of the expanded association matrix, and verifies and checks the omitted attacks, predicts the next possible attack according to the built sub-attack scenario network; and meanwhile builds a new attack scenario mode by using a method of sub-attack scenario merge.
作者 王彤彤 吕志军 王航
机构地区 解放军信息工程大学 南京大学计算机科学与技术系
出处 《计算机工程与科学》 CSCD 2008年第2期28-33,共6页 Computer Engineering & Science
基金 国家自然科学基金重大研究计划资助项目(90104035)
关键词 入侵检测 场景 关联 有色PETRI网 :intrusion detection scenario association colored Petri net
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1McHugh J. Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory[J]. ACM Trans on Information and System Security, 2000,3 (4) : 262-294.
  • 2Staniford S, Hoagland J, McAlerney J. Practical Automated Detection of Stealthy Portscans[J]. Journal of Computer Security,2002,10(1-2) : 105-136.
  • 3Valdes A, Skinner K. Probabilistic Alert Correlation[C]// Proe of the 4th Int'l Symp on Recent Advances in Intrusion Detection, 2001 : 54-68.
  • 4Dain O, Cunningham R. Fusing a Heterogeneous Alert Stream into Seenarios[C]ffProc of the 2001 ACM Workshop on Data Mining for Security Applications, 2001 : 54-68.
  • 5Debar H, Wespi A. Aggregation and Correlation of Intrusion-Detection Alerts[C]//Proc of Recent Advances in Intrusion Detection, 2001 : 85-103.
  • 6Cuppens F, Miege A. Alert Correlation in a Cooperative Intrusion Detection Framework[C]// Proc of the 2002 IEEE Symp on Security and Privacy, 2002.
  • 7Ning P, Cui Y, Reeves D S. Constructing Attack Scenarios Through Correlation of Intrusion Alerts[C]//Proc of the 9th ACM Conf on Computer and Communications Security, 2002: 245-254.
  • 8Kurt J. An Introduction to Theoretical Aspects of Coloured Petri Nets for an Access Control System [Z]. Department of Computer Science, University of Aarhus, 1993.
  • 9Petri C A. Kommunikation mit Automaten: [Ph D Thesis][D]. Bonn: Insfitut for Instrumentelle Mathe-matik, 1962.
  • 10Curry D, Debar H. Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML)Document Type Definition[EB/OL]. [2003-05-09]. http ://www. ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-10. txt.

二级参考文献11

  • 1S Forrest, AS Perelson, L Allen et al. Self-nonsdf discrimination in a computer. In: Proc of the 1994 IEEE Symp on Research in Security and Privacy. Los Alamitos, CA- IEEE Computer Society Press, 1994.
  • 2R Maxion, K M C Tan. Benchmarking anomaly-based detection systems. The 1st Int'l Conf on Dependable Systems & Networks,New York, USA, 2000.
  • 3Samuel Patton, William Yurcik, David Doss. An Achilles' heel in signature-based IDS: Squealing false positives in SNORT. The 4th Int'l Symp on Recent Advances in Intrusion Detection (RAID),University of California--Davis, USA, 2001.
  • 4Stephanle Forrest, Steven, A Hofmeyr et al. A sense of self for Unix processes. In: IEEE Symp on Security and Privacy.Oakland, California: IEEE Computer Society Press, 1996. 120--128.
  • 5Christina Warrender, Stephanie Forrest, Barak Pearlmutt.Detecting intrusions using system calls: Alternative data model.In: IEEE Symp on Security and Privacy. Oakland, California:IEEE Computer Society Press, 1999. 133--145.
  • 6Yah Qiao, Xie Weixin et al. An anomaly intrusion detection method based on HMM. Electronics Letters, 2002, 38(13) : 663~664.
  • 7H S Javitz, A Valdes. The SRI IDES statistical anomaly detector.In: Proc of the IEEE Symp on Research in Security and Privacy,Oakland, CA: IEEE Computer Society Press, 1991.
  • 8Steven A Hofmeyr. An immunological model of distributed detection and its application to ctmaputer security [Ph D dissertation]. Department of Computer Sciences, University of New Mexico, Albuquerque, NM, 1999.
  • 9Yan Qiao, Xie Weixin. A network IDS with low false positive rate. In: Proc of the Congress on Evolutionary Computation 2002. Honolulu, HI: IEEE Computer Society Press, 2002.
  • 10Stefan Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Trans on Information and System Security, 2000, 3(3): 186--205.

共引文献20

同被引文献19

引证文献1

计算机工程与科学
2008年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部