期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于主机攻击图的攻击识别 被引量:1

Host-Based Attack Graph for Attack Recognition
下载PDF
导出
摘要 研究了一种基于主机攻击图的网络攻击识别方法,其核心是定义一种SAGML语言,并利用该语言中的状态、行为和关系来描述攻击.详细讨论了攻击图的状态结构和行为链结构,以及基于XML语言的攻击图构建和解析过程.此外,为了提高攻击图的匹配效率,研究了攻击图的索引建立和匹配过程.最后,结合SYNFlood和Peacomm攻击示例,介绍了该方法的应用过程. This paper establishes a system of network attack recognition based on attack graph by defining a SAGML language,which uses three elements:state,behavior and relationship to describe an attack.State and behavior chain structure of the attack graph,and the construction and analysis of attack graph based on XML are discussed in detail.To improve efficiency of attack graph retrieval,the attack graph indexing and matching strategy are studied.Two typical attacks,SYNFlood and Peacomm,are used to show applications of the proposed method.
作者 钱权 朱伟 赖岩岩 张瑞
机构地区 上海大学计算机工程与科学学院 中国科学院信息安全国家重点实验室
出处 《上海大学学报(自然科学版)》 CAS CSCD 北大核心 2013年第3期271-279,共9页 Journal of Shanghai University:Natural Science Edition
基金 上海市重点学科建设资助项目(J50103)
关键词 攻击图 攻击图索引 攻击图匹配 attack graph attack graph indexing attack graph matching
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1PHILLIPS C,SWILER L P.A graph-based system for network-vulnerability analysis[C]// Proceeding of the Workshop on New Security Paradigms.1998:71-79.
  • 2SHEYNER O M.Scenario graphs and attack graphs[D].Pittsburgh:Carnegie Mellon University,2004.
  • 3RITCHEY R W,AMMANN P.Using model checking to analyze network vulnerabilities[C]// Proceedings of the 2000 IEEE Symposium on Security and Privacy.2000:156-165.
  • 4ROSCHKE S,CHENG F,MEINEL C.A new alert correlation algorithm based on attack graph[C]//Proceedings of the 4th International Conference on Computational Intelligence in Security for Information Systems (CISIS'11).2011:58-67.
  • 5ECKMANN S T,VIGNA G,KEMMERER R A.STATL:an attack language for state-based intrusion detection[J].Journal of Computer Security,2002,10(1/2):71-103.
  • 6徐立.基于攻击图模型的网络安全分析方法研究[D].上海:上海交通大学,2010.
  • 7ROSCHKE S,CHENG F,MEINEL C.Using vulnerability information and attack graphs for intrusion detection[C]//2010 6th International Conference on Information Assurance and Security.2010:68-73.
  • 8姚兰,王新梅,何金勇.基于攻击描述语言的IDS基准测试技术研究[J].计算机工程与应用,2005,41(33):1-4. 被引量:2
  • 9YILMAZ E.Survey of intrusion detection and attack description languages based on monitoring program behavior[EB/OL].[2013-03-01].http://ww2.cs.fsu.edu/ ~ yilmaz/AreaExam/AreaExam.ppt.
  • 10ECKMANN S T,VIGNA G,KEMMERER R A.STATL definition[D].Santa Barbara:University of California Santa Barbara,2001.

二级参考文献9

  • 1MIT Lincoln Laboratory.DARPA Intrusion Detection Evaluation.http: //www.ll.mit .edu/IST/ideval/.
  • 2Richard P Lippmann,David J Fried,Isaac Graf et al.Evaluating Intrusion Detection Systems:the 1995 DARPA Off-Line Intrusion Detection Evaluation[C].In:Proceedings of the 2000 DARPA Information Survivability Conference and Exposition(DISCEX),Vol.2,IEEE Press, 2000-01.
  • 3Terrence G Champion ,Robert S Durst.Air Force Intrusion Detection System Evaluation Environment.http ://www.raid-symposium.org/ raid99/ papers.
  • 4DENMAC SYSTEM,INC.Network Based Intrusion Detection.http:// www.denmac.com.
  • 5D Song,G Shaffer,M Undy.Nidsbench-A Network Intrusion Detection System Test Suite,Second International Workshop on Recent Advances in Intrusion Detection ( RAID ).http ://www.anzen.com/research/nid- sbench/nidsbenchslides/nidsbench-slides.html, 1999-09.
  • 6BLADE Software.Discover IDS Informer.http://www.blade-software. com/IDS Informer.htm.
  • 7Peter Mell,Vincent Hu,Richard et al.An Overview of Issues in Testing Intrusion Detection Systems.http ://csrc.nist.gov/publications/ nistir/ nistir-7007.pdf.
  • 8Benchmarking network IDS..Joh2.http://www.robertgraham.com/op-ed/ jolt2/.
  • 9Thomas H Ptacek,Timothy N Newsham.Insertion,Evasion,and Denial of Service :Eluding Network Intrusion Detection.Secure Networks,Inc. 1998-01.

共引文献1

同被引文献11

引证文献1

二级引证文献10

上海大学学报(自然科学版)
2013年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部