期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于攻击规划图的实时报警关联方法 被引量:6

Real-time alert correlation approach based on attack planning graph
下载PDF
导出
摘要 针对报警因果关联分析方法存在无法及时处理大规模报警且攻击场景图分裂的不足,提出一种基于攻击规划图(APG)的实时报警关联方法。该方法首先给出APG和攻击规划树(APT)的定义;其次,根据先验知识构建APG模型,并提出基于APG的实时报警关联方法,重建攻击场景;最后,结合报警推断完善攻击场景和预测攻击。实验结果表明,该方法能够有效地处理大规模报警和重建攻击场景,具有较好的实时性,可应用于分析入侵攻击意图和指导入侵响应。 The alert correlation approach based causal relationship has the problems that it cannot be able to process massive alerts in time and the attack scenario graphs split. In order to solve the problem,a novel real-time alert correlation approach based on Attack Planning Graph( APG) was proposed. Firstly,the definition of APG and Attack Planning Tree(APT) were presented. The real-time alert correlation algorithm based on APG was proposed by creating APG model on basis of priori knowledge to reconstruct attack scenario. And then,the attack scenario was completed and the attack was predicted by applying alert inference mechanism. The experimental results show that,the proposed approach is effective in processing massive alerts and rebuilding attack scenarios with better performance in terms of real-time. The proposed approach can be applied to analyze intrusion attack intention and guide intrusion responses.
作者 张靖 李小鹏 王衡军 李俊全 郁滨
机构地区 信息工程大学密码工程学院
出处 《计算机应用》 CSCD 北大核心 2016年第6期1538-1543,共6页 journal of Computer Applications
基金 信息保障技术重点实验室开放基金资助项目(20151014)~~
关键词 报警关联 因果关系 攻击规划图 攻击场景 报警推断 实时性 alert correlation casual relationship Attack Planning Graph(APG) attack scenario alert inference real-time
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:232
  • 2诸葛建伟,韩心慧,叶志远,邹维.基于扩展目标规划图的网络攻击规划识别算法[J].计算机学报,2006,29(8):1356-1366. 被引量:17
  • 3MIRHEIDARI S A, ARSHAD S, JALILI R. Alert correlation algo- rithms: a survey and taxonomy [ C]//CSS 2013: Proceedings of the 5th International Symposium on Cyberspace Safety and Security, LNCS 8300. [ S. 1. ] : Springer International Publishing, 2013:183 - 197.
  • 4SHITI'U R, HEALING, GHANEAL-HERCOCK R, et al. Intrusion alert prioritisation and attack detection using post-correlation analysis [J]. Computers & Security, 2015, 50:1-15.
  • 5GHASEMIGOL M, GHAEMI-BAFGHI A. A new alert correlation framework based on entropy [ C]//ICCKE 2013: Proceedings of the 2013 3th International Conference of Computer and Knowledge Engi- neering. Piseataway, NJ: IEEE, 2013:184-189.
  • 6殷其雷,吴平平.基于Apriori算法的攻击行为时序关联规则检测方法[J].计算机安全,2014(9):2-7. 被引量:4
  • 7ELSHOUSH H T, OSMAN I M. An improved framework for intru- sion alert correlation [ C/OL]// WCE 2012: Proceedings of the World Congress on Engineering 2012. London: [ s. n. ], 2012 [2015- 11- 23 ]. http://www, iaeng, org/publication/WCE2012/ WCE2012 pp518-523, pdf.
  • 8ELSHOUSH H T, OSMAN I M. Alert correlation in collaborative in- telligent intrusion detection systems -- a survey [ J]. Applied Soft Computing, 2011, 11(7): 4349 -4365.
  • 9NING P, XU D. Adapting query optimization techniques for effi- cient intrusion alert correlation [ M]//Data and Applications Secu- rity XVII. [ S. 1. ] : Springer US, 2004:75 - 88.
  • 10BATENI M, BAKAANI A. Time window ment for alert correla- tion using context information and classification [ J]. International Journal of Computer Network & Information Security, 2013, 5(11): 9 -16.

二级参考文献82

  • 1鲍旭华,戴英侠,冯萍慧,朱鹏飞,魏军.基于入侵意图的复合攻击检测和预测算法[J].软件学报,2005,16(12):2132-2138. 被引量:40
  • 2Swiler LP,Phillips C,Gaylor T.A graph-based network-vulnerability analysis system.Technical Report,SANDIA Report No.SAND 97-3010/1,1998.
  • 3Swiler LP,Phillips C,Ellis D,Chakerian S.Computer-Attack graph generation tool.In:Proc.of the 2nd DARPA Information Survivability Conf.& Exposition.Los Alamitos:IEEE Computer Society Press,2001.307-321.
  • 4Lippmann RP,Ingols KW.An annotated review of past papers on attack graphs.Technical Report,ESC-TR-2005-054,MIT Lincoln Laboratory,2005.
  • 5Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities.In:Proc.of the 2000 IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2000.156-165.
  • 6Sheyner O,Jha S,Wing JM,Lippmann RP,Haines J.Automated generation and analysis of attack graphs.In:Hinton H,Blakley B,Abadi M,Bellovin S,eds.Proc.of the IEEE Symp.on Security and Privacy.Oakland:IEEE Computer Society Press,2002.273-284.
  • 7Jha S,Sheyner O,Wing J.Two formal analyses of attack graphs.In:Proc.of the 15th IEEE Computer Security Foundations Workshop.Cape Breton:IEEE Computer Society,2002.49-63.
  • 8Ou XM,Boyer WF,McQueen MA.A scalable approach to attack graph generation.In:Proc.of the 13th ACM Conf.on Computer and Communications Security.Alexandria:ACM Press,2006.336-345.
  • 9Ou XM.A logic-programming approach to network security analysis[Ph.D.Thesis].Princeton:Princeton University,2005.
  • 10Ammann P,Wijesekera D,Kaushik S.Scalable,graph-based network vulnerability analysis.In:Proc.of the 9th ACM Conf.on Computer and Communications Security.New York:ACM Press,2002.217-224.

共引文献297

同被引文献42

引证文献6

二级引证文献41

计算机应用
2016年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部