摘要
在对潜在网络威胁进行检测的过程中,由于入侵主体特征大都比较类似,以及网络威胁目标分散,导致传统的网络威胁检测方法,采集的入侵特征存在较强的相似性,造成无法有效检测入侵事件的状态,漏检率过高等问题。提出采用过往入侵特征分析的潜在网络威胁检测方法,通过有限自动机模型对潜在网络威胁过程进行仿真。将潜在网络威胁事件导致的安全问题看作是一个扩展的有限状态自动机,给出潜在网络威胁模型及状态转移图。通过计算机树逻辑获取潜在网络威胁目标集合。通过网络操作人员与操作行为之间的关系得到层次映射关系模型,对其进行融合处理,求出过往入侵操作行为特征及网络操作行为的威胁特征。将过往入侵特征参数作为潜在网络威胁检测模型的输入数据,设置潜在威胁阈值,可以有效实现对潜在网络威胁的检测。仿真结果表明,所提方法具有很高的检测精度。
In testing,in the process of potential threats due to the invasion of the body characteristics were similar,as well as the network threat target dispersion,lead to the traditional network threat detection method,collecting the characteristics of the existing strong similarity,produce a state cannot be effective intrusion detection,leak rate is too high. Based on past invasion characteristics analysis of potential threat detection network,through the finite automaton model to simulate the process of potential threats. Threat events lead to potential network security issues as an extension of finite state automaton,potential network threat model and state transition diagram is given. Tree logic for potential by computer network threat target set. Through the network operators and operating behavior level mapping relation model of relationship between fusion processing,to take the past invasion operation behavior characteristics and the threat of network operation behavior characteristics. Passing invasion characteristic parameters as input data to potential network threat detection model,set up the potential threat threshold,can effectively realize the detection of potential threats. The simulation results show that the proposed method is of high precision.
出处
《计算机仿真》
CSCD
北大核心
2016年第2期322-325,共4页
Computer Simulation
基金
2014年度河南省重点科技攻关项目(142102210225)
关键词
过往
入侵特征
潜在
网络威胁
Past
Invasion characteristic
Potential
Network threat