摘要
在攻击建模领域,基于逻辑的建模方法具有独特的优势和研究价值,能够有效检测复杂的网络攻击。以往研究[1]在建模和逻辑描述方面存在一定局限性,许多攻击无法检测。因此,使用扩展命题间隔时间逻辑(Extended Propositional Interval Temporal Logic,EPITL)来描述攻击。首先分析各类攻击的原理;其次,将每次攻击的具体细节转化为原子操作,给出原子命题集合;最后,对每个攻击行为使用EPITL描述,构建该攻击的EPITL公式,作为人工免疫攻击检测模型的输入,用于检测是否发生攻击行为。
In the area of attack modeling,the logic-based modeling method has its advantages:it can effectively detect complex network attacks.However,the previous works have limitations on the capability of modeling and logical description.Many attacks cannot be detected.Therefore,based on the existing works[1],Extending Propositional Interval Temporal Logic(EPITL)is used to describe the U2R type attacks with logic formulae.First,principles of attacks are given.Second,the specific details of each attack are transformed into atomic actions,then the atomic proposition set is given.Finally,each attack is described as an EPITL formula,which can be used as an input to the model detector SPIN to detect attacks.
作者
陈茜月
庞建民
CHEN Xiyue;PANG Jianmin(Key Laboratory of Mathematics Engineering and Advanced Computing of China, Zhengzhou 450000, China;Zhengzhou University, Zhengzhou 450000, China)
出处
《信息工程大学学报》
2020年第1期43-48,共6页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61472447)。
关键词
网入侵检测
模型检测
扩展命题区间时序逻辑
intrusion detection
model-checking
extending propositional interval temporal logic