摘要
当前的网络攻击检测都没有充分考虑攻击的直接联系性,对攻击内在的直接关联缺少关注,导致攻击分类和网络威胁分区的准确性不高。为了解决这一问题,提出一种基于通信痕迹的网络威胁分区方法。通过提取网络威胁内在特有的主成份特征,构建出上一次攻击留下的通信痕迹,根据通信痕迹的反馈对本次攻击进行分区,保证同区域内的攻击特征类似,为后期的攻击图谱构建打下基础。计算机仿真实验证明,该方法可以很好的解决网络威胁检测缺少关联性的弊端,提高了入侵检测的准确度。
The current network attack detection, are not fully considered directly attack item that the lack of direct attack the intrinsic connection between attention, lead to the classification of network attacks and threats partition accuracy is not high. In order to solve this problem, this paper puts forward a trace based on communication network threat partition method. Through the extraction network threat intrinsic characteristic of principal component characteristics, constructing the last attack left traces of communication, according to the communication traces of this feedback attack partitions, guarantee in the areas with similar attack characteristics, for later attack map construction to lay the foundation. The computer simulation proved that change method can well solve the network to threat the disadvantages of lack of correla-tion detection and improve the intrusion detection accuracy.
出处
《科技通报》
北大核心
2014年第2期127-129,共3页
Bulletin of Science and Technology
关键词
通信痕迹
网络危险
分区
communication mark
network danger
partition
