期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

现代网络安全架构异常行为分析模型研究 被引量:6

Research on Abnormal Behavior Analysis of Modern Networking Security Architecture
下载PDF
导出
摘要 近年来国内外发生多起大规模网络攻击和泄露事件,同时零日攻击、高级持续威胁(APT)等攻击方式的出现和日益普遍,促使基于全面多阶段的网络杀伤链的网络安全防护架构产生并迅速被众多厂商采用和推广,该架构中对主机网络异常行为的分析成为对恶意软件的大量变种入侵后及时检测的关键技术。以往的异常行为分析模型算法单一,缺乏对间接维度、时序关联的考虑。文章提出一种自适应网络异常的数据分析模型,可分析具有单一特性和分布特性的网络维度,并考虑了时间和时域多周期对网络维度的影响。应用该模型的产品易于管理,异常和攻击行为识别准确,可较好地提升网络杀伤链的分析准确性。 Recently, due to the occurrence of a series of large scale of attack and data leaking affections, and the common of zero-day and APT attacks, the networking security architecture using cyber kill chain based on multi-stages emerges and is widely used in industry. The network abnormal behavior analysis is the key technology to detect the mass variants of malwares that intrude in the architecture. Most of existing abnormal behavior analysis models uses the simple algorithm without considering temporal association, indirect dimension, etc. This paper proposes an adaptive networking abnormal analysis model which applies into single and distribution dimensions, and considers time and periodic affections. This model has better usability and more accurate abnormal detection results, and can help a lot on overall analysis results by using cyber kill chain.
作者 尚进 谢军 蒋东毅 陈怀临
机构地区 北京山石网科信息技术有限公司
出处 《信息网络安全》 2015年第9期15-19,共5页 Netinfo Security
关键词 网络杀伤链 数据分析 异常行为分析 网络维度 恶意软件 cyber kill chain data analysis abnormal behavior analysis malware
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1Ioan-Cosmin MIHAI,Stefan bkUN,,lonult-Danicl BARBU. Cyber Kill Chain Analysisl[EB/OL].http://ijisc.com/articles/2014-02-04. pdf,2015-02-14.
  • 2赵洋,胡龙,熊虎,秦志光.基于沙盒的Android恶意软件动态分析方案[J].信息网络安全,2014(12):21-26. 被引量:10
  • 3Schwartz, Matthew. Beyond Firewalls and IPS: Monitoring Network Behavior[EB/OL].http://esj.conl/articles/2006/o2/O7/beyond-firewalls- and-ips-monitoring-network-behavior.aspx,2015-02-14.
  • 4Ahmed Youssef, Ahmed Emam.network intrusion detection using data mining and network hehaviour analysis[EB/OL].http://airccse.org/ joumal/jcsit/121 lcsitO7, pdf,, 2015-112-14.
  • 5姬炳帅,李虎,韩伟红,贾焰.面向电子商务的用户异常行为检测研究[J].信息网络安全,2014(9):80-85. 被引量:4
  • 6Conry-Murray.Anomaly Detection On the Rise[EB/OL]. http:// business.llighbeam.conW787/article- I G I - 132t)211452/anomaly- detection-rise-network-behavior-anomaly-detection, 2015-02-14.
  • 7王景中,徐友强.基于RBF神经网络的HTTP异常行为自动识别方法[J].信息网络安全,2014(12):16-20. 被引量:5

二级参考文献42

共引文献15

同被引文献38

  • 1刘京杰,秦华.基于异常检测的网络预警系统结构研究[J].网络安全技术与应用,2005(11):28-30. 被引量:3
  • 2王希忠,王向辉,张国印.论网络诱骗技术[J].信息技术,2006,30(3):55-56. 被引量:2
  • 3CHARU C. AGGARWAL. Outlier Analysis[M].Berlin Heidelberg : Springer, 2013.
  • 4CHANDOLA V, BANERJEE A, KUMER V. Anomaly Detection for Discrete Sequences: A Survey [J]. IEEE Transactions on Knowledge and Data Engineering, 2009, 24(11):823-839.
  • 5NOBLE C C, COOK D J. Graph-based Anomaly Detection[C]//ACM, KDD '03.9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. August 24-27,2003. Washington,DC,USA. New York:ACM, 2003:631-636.
  • 6TONG Hanghang, LIN Chingyung . Non-Negative Residual Matrix Factorization with Application to Graph Anomaly Detection[C]//SIAM, Eleventh SIAM International Conference on Data Mining, SDM 2011, April 28-30, 2011, Mesa, Arizona, USA. Philadelphia, PA : SIAM, 2011:143-153.
  • 7LEE D D. Algorithms for Non-negative Matrix Factorization[J]. Advances in Neural Information Processing Systems, 2015, 13(6):556--562.
  • 8YAO S Z. Spectral Partitioning: The More Eigenvectors, The Better[C]// IEEE, 32nd Design Automation Conference : proceedings 1995, June 12-16, 1995, San Francisco, USA. New Jersey:IEEE, 1995, 90(3): 195 -200.
  • 9FAN R K C. Spectral Graph Theory[M] .Washington, DC : AMS, 1997.
  • 10LIN H, ZHU Q. A Spectral Clustering-Based Dataset Structure Analysis and Outlier Detection Progress[J]. Journal of Computational Information Systems, 2012, 8(1):115-124.

引证文献6

二级引证文献18

信息网络安全
2015年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部