网络入侵后攻击路径标志技术研究与仿真

Simulation of Path Mark Technology After Network Intrusion Attack

对网络攻击后入侵路径的标记,是后期对攻击有效防范的关键。网络遭受到入侵后,攻击路径和合法路径分布交错,对正常信息传播途径进行破坏。传统的攻击路径挖掘方法,以预防式为主,对攻击后攻击路径的标志问题研究很少,主要难点在于无法解决攻击随机性特征下,主动攻击与被动攻击的识别问题,不能准确识别网络入侵路径。提出依据IPPID的多阶段网络入侵攻击路径标识方法,根据历史路由IP地址和Pi值数据库对网络入侵路径进行标识,获取完整的路径,动态插入标识,最大程度地利用标识域的空间,对路径进行动态标识,确保路径标识方法可动态自适应不同网络数据特征,通过学习过程的受害主机判断标识的数据包是合法包还是攻击包。实验结果说明,上述方法在收敛时间、误报率方面都优于其它方法,同其它路径标识方案对比,接受率差值提高了15%-20%,显著提高了网络攻击路径标记的准确率。

Network suffered after the invasion, attack path and the legal path distribution, damage to normal infor- mation transmission. Traditional attack path mining method,is given priority to with YuFangShi, signs of attack after attack path is very little study, main difficulty is that cannot be solved, cannot solve attack under the random charac- teristics, active attack and passive attack recognition problem, cannot accurately identify network intrusion path. An attack path identification method is put forward on the basis of IPPID multi - stage network intrusion. Based on his- torical routing IP address and the value of Pi database of network intrusion path for identification, the method accesses to the full path and dynamic insert logo, maximizes the use of identifier domain space, and carries on the dynamic i- dentification. The path identification method can be dynamically adaptive to different network data features, through the learning process of host judge, it can identify that the packet is lawful bales or attack. Experimental result shows that the proposed method is superior to other methods in convergence time and the rate of false positives. Compared with other path identification scheme comparison, the difference of acceptance rate of the proposed method improves 15% -20% ,which significantly increases the accuracy of the network attack path markers.