摘要
在过去几年中,许多技术用于检测异常、误用、网络攻击和其他网络安全缺陷。文中讨论一种基于模型的技术方案。该技术并不是全新的,其已经成功用于校验通信协议的标准模式。然而在很多情况下,网络系统会忽略这些标准和提议。为了解决这个问题,可以在通信协议中结合使用基于模型技术和异常检测技术。发现类似网络攻击的信号或恶意行为时,就对这些异常加以研究,可以显著提高防御成功率。首先使用网络协议中的理论和方法原理作为状态机,然后在网络安全领域检测应用情况,最后提出一些实验研究中应遵循的核心方向,尽可能实现一些突破性成果。
Over the past few years,many technologies have been used to detect anomalies,misuse,cyber-attacks and other network security flaws. And now the model-based technique will be discussed. This view is not entirely new,and model-based technique has been applied to validate the standard models of communication protocols. Nevertheless,in many circumstances,the network system will ignore standards and proposals. To solve this problems,it will be a useful solution to combine model-based technique with abnormal detection in communication protocol. When a signal,which is similar to network attacker,or malicious behavior is found,the further research will begin,and this method could obviously improve the success rate of defense. Firstly,we use the method principle of communication protocol as state-machine,and then inspect the application in the field of network security,lastly,put forward some core directions that experimental research should follow to obtain some significant achievements as far as possible.
作者
宫美
Gong Mei(College of Telecommunications and Information Engineering, Nanjing University of Posts and Telecommunications, Nanjing 210000, China)
出处
《微型机与应用》
2017年第21期8-10,共3页
Microcomputer & Its Applications
关键词
网络协议
基于模型的校验
异常检测
状态机
网络安全
communication protocol
model-based validation
abnormal detection
state-machine
cyber security
