摘要
为了在海量、多源、异构的网络威胁入侵日志中快速、准确地甄别真实的攻击事件及发现攻击者,并构建其特征画像,提出一种基于大数据流式解析技术和Louvain社群发现算法(big data stream analysis and Louvain,BDSAL)的构建攻击者画像的方法。根据攻击模式枚举与分类(common attack pattern enumeration and classification,CAPEC)标准定义了安全事件的范式模型,并结合大数据流式消息队列实现将多源异构日志快速范化成为范式化安全事件。通过提取和扩展安全事件的特征生成事件特征图,并按照时空和攻击模式特征,使用社群发现算法对特征图进行聚类,以发现攻击者。最后,结合实验室真实的攻防数据,验证了该方法的可行性和有效性。
In order to quickly and accurately identify real attack events in massive,multi-source and heterogeneous network threat intrusion logs,and discover attackers,and construct their characteristic portraits,this paper proposed a method to construct attacker portraits based on BDSAL.It defined a paradigm model of security events according to CAPEC,and rapidly normalized the multi-source heterogeneous log into a paradigm-based security event combined with the implementation of large data flow message queue.By extracting and expanding the features of security events,it generated event feature maps.According to the characteristics of space-time and attack patterns,it used the community discovery algorithm to cluster the feature maps and find the attackers.Finally,it verifies the feasibility and validity of the proposed method by the real attack and defense data of the laboratory.
作者
黄志宏
张波
Huang Zhihong;Zhang Bo(Modern Education&Technology Center,South China Agricultural University,Guangzhou 510642,China;Network Security Emergency Response Center,South China Agricultural University,Guangzhou 510642,China)
出处
《计算机应用研究》
CSCD
北大核心
2021年第1期232-236,共5页
Application Research of Computers
基金
2018年教育部产学合作协同育人项目(201802076025)。
关键词
大数据
网络威胁
特征图聚类
社区发现
攻击者发现
攻击者画像
big data
network threats
feature graph clustering
community discovery
attacker discovery
attacker portrait
