摘要
为解决现有方法无法在线监测协议逻辑进行的低交互型攻击的问题,提出一种密码协议在线监测方法CPOMA。首先构建面向密码协议的特征项本体框架,以统一描述不同类型的特征项,并基于该框架首次利用模糊子空间聚类方法进行特征加权,建立个体化的密码协议特征库;在此基础上给出自学习的密码协议识别与会话实例重构方法,进而在线监测协议异常会话。实验结果表明,CPOMA不仅能够较好地识别已知协议、学习未知协议、重构会话,而且能够有效在线监测协议异常会话,提高密码协议在线运行的安全性。
Previous methods can not detect the low-interaction attacks of protocol logic. A cryptographic protocol online monitoring approach named CPOMA was presented. An ontology framework of cryptographic protocol features was constructed for the unified description of cryptographic protocol features with different types. Based on the framework, a feature weighting method was proposed by fuzzy subspace clustering first, and the individualized feature database of cryptographic protocols was built. On this basis, a self-learning method was presented for protocol identification and session rebuilding, and then abnormal protocol sessions were detected online. Experimental results show that CPOMA can identify protocols, rebuild sessions, detect abnormal sessions efficiently, and can improve the online security of cryptographic protocols.
出处
《通信学报》
EI
CSCD
北大核心
2016年第6期75-85,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.61309018)~~
关键词
密码协议识别
会话重构
在线安全性
本体
子空间聚类
cryptographic protocol identification
session rebuilding
online security
ontology
subspace clustering
