摘要
身份盗用攻击是指攻击者通过盗取可伪造用户的合法证书,在网络中进行修改权限、篡改配置信息、盗取重要数据等攻击行为。由于此类攻击行为不会在网络中产生明显痕迹,传统入侵检测方难以进行有效检测和预警。提出一种基于LSTM的检测方法,该方法通过分析行为间的序列关系,定义了行为模式的基本形式,并挖掘攻击者与正常用户在行为模式中的差异。在此基础上,将原始数据处理为一种既可以表现行为差异,又可以描述行为模式序列性的特征数据,然后使用LSTM网络对特征数据进行学习,对下一行为进行预测,最终通过概率差检测异常操作行为。实验证明该检测方法优于前人方法。
Identity theft attack refers to an attacker attacking the falsified user’s legal certificate to modifily the privilege,tamper with configuration information and steal important data in the network.Since such attacks do not produce obvious traces in the network,it is difficult for traditional intrusion detectors to effectively detect and warn.This paper proposes an LSTM-based detection method.By analyzing the sequence relationship between behaviors,this method defines the basic form of behavior patterns and mines the differences between attackers and normal users in behavior patterns.On this basis,the raw data is processed into a feature data that can express behavioral differences and describe the sequence of behavior patterns.Then,the LSTM network is used to learn the feature data,predict the next behavior,and finally detect abnormal operation behavior by the probability difference.Experiments show that the detection method is superior to the previous methods.
作者
成双
郭渊博
CHENG Shuang;GUO Yuanbo(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2019年第1期122-128,共7页
Journal of Information Engineering University
